Deployment Guide
• Amended by specifying the new secondary VLAN to be added to the list.
Proxy ARP Capability on VLT Peer Nodes
A proxy ARP-enabled device answers the ARP requests that are destined for another host or router. The local host forwards the trac to
the proxy ARP-enabled device, which in turn transmits the packets to the destination.
By default, proxy ARP is enabled. To disable proxy ARP, use the no proxy-arp command in the interface mode. To re-enable proxy ARP,
use the ip proxy-arp command in INTERFACE mode. To view if proxy ARP is enabled on the interface, use the show config
command in INTERFACE mode. If it is not listed in the show config command output, it is enabled. Only nondefault information is
displayed in the show config command output.
ARP proxy operation is performed on the VLT peer node IP address when the peer VLT node is down. The ARP proxy stops working either
when the peer routing timer expires or when the peer VLT node goes up. Layer 3 VLT provides a higher resiliency at the Layer 3 forwarding
level. VLT peer routing enables you to replace VRRP with routed VLT to route the trac from Layer 2 access nodes. With proxy ARP, hosts
can resolve the MAC address of the VLT node even when VLT node is down.
If the ICL link is down when a VLT node receives an ARP request for the IP address of the VLT peer, owing to LAG-level hashing algorithm
in the top-of-rack (TOR) switch, the incorrect VLT node responds to the ARP request with the peer MAC address. Proxy ARP is not
performed when the ICL link is up and the ARP request the wrong VLT peer. In this case, ARP requests are tunneled to the VLT peer.
Proxy ARP supported on both VLT interfaces and non-VLT interfaces. Proxy ARP supported on symmetric VLANs only. Proxy ARP is
enabled by default. Routing table must be symmetrically congured to support proxy ARP. For example, consider a sample topology in
which VLAN 100 is congured on two VLT nodes, node 1 and node 2. ICL link is not congured between the two VLT nodes. Assume that
the VLAN 100 IP address in node 1 is 10.1.1.1/24 and VLAN 100 IP address in node 2 is 20.1.1.2/24. In this case, if the ARP request for 20.1.1.1
reaches node 1, node 1 will not perform the ARP request for 20.1.1.2. Proxy ARP is supported only for the IP address belongs to the received
interface IP network. Proxy ARP is not supported if the ARP requested IP address is dierent from the received interface IP subnet. For
example, if VLAN 100 and 200 are congured on the VLT peers, and if the VLAN 100 IP address is congured as 10.1.1.0/24 and the VLAN
200 IP address is congured as 20.1.1.0/24, the proxy ARP is not performed if the VLT node receives an ARP request for 20.1.1.0/24 on
VLAN 100.
Working of Proxy ARP for VLT Peer Nodes
Proxy ARP is enabled only when peer routing is enabled on both the VLT peers. If peer routing is disabled on one of the VLT peers, proxy
ARP is not performed when the ICL link goes down. Proxy ARP is performed only when the VLT peer's MAC address is installed in the
database. Proxy ARP is stopped when the VLT peer's MAC address is removed from the ARP database because of the peer routing timer
expiry. The source hardware address in the ARP response contains the VLT peer MAC address. Proxy ARP is supported for both unicast
and broadcast ARP requests. Control packets, other than ARP requests destined for the VLT peers that reach the undesired and incorrect
VLT node, are dropped if the ICL link is down. Further processing is not done on these control packets. The VLT node does not perform any
action if it receives gratuitous ARP requests for the VLT peer IP address. Proxy ARP is also supported on secondary VLANs. When the ICL
link or peer is down, and the ARP request for a private VLAN IP address reaches the wrong peer, then the wrong peer responds to the ARP
request with the peer MAC address.
The IP address of the VLT node VLAN interface is synchronized with the VLT peer over ICL when the VLT peers are up. Whenever an IP
address is added or deleted, this updated information is synchronized with the VLT peer. IP address synchronization occurs regardless of
the VLAN administrative state. IP address addition and deletion serve as the trigger events for synchronization. When a VLAN state is
down, the VLT peer might perform a proxy ARP operation for the IP addresses of that VLAN interface.
VLT nodes start performing Proxy ARP when the ICL link goes down. When the VLT peer comes up, proxy ARP will be stopped for the
peer VLT IP addresses. When the peer node is rebooted, the IP address synchronized with the peer is not ushed. Peer down events cause
the proxy ARP to commence.
900
Virtual Link Trunking (VLT)