[j-nsp] proxy-arp on EVPN irb
Peter E. Fry
pfry-lists at redsword.com
Wed Dec 13 13:43:17 EST 2023
Help me out a bit...
I've used a lot of proxy-arp and bridging (never at the same time...!)
in the past on bridged consumer services... simple stuff. To evaluate
a proxy-arp config, I'd want the IPs of a sample host and your offnet
host, and routing and ARP tables in addition to the interface config.
Is your offnet host not on in the bridge domain? Am I missing
something obvious?
On Wednesday 13/12/2023 at 9:58 am, "Jackson, William via juniper-nsp"
wrote:
> Hi
>
> This is what I have done, but it doesn’t appear to work.
>
> We have had to send to the clients via DHCP a set of /32 host routes
> to circumvent this problem.
>
> I will open a TAC case and raise with my SE to see whats what.
>
> Thanks for the feedback.
>
> From: Roger Wiklund <roger.wiklund at gmail.com>
> Sent: Friday, December 8, 2023 2:25 PM
> To: Aaron1 <aaron1 at gvtc.com>
> Cc: Jackson, William <william.jackson at gibtele.com>;
> juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] proxy-arp on EVPN irb
>
> ** WARNING: This email originates from outside of the organisation **
>
> Hi
>
> It seems that proxy arp is disabled by default:
> proxy-arp | Junos OS | Juniper
> Networks<https://www.juniper.net/documentation/us/en/software/junos/multicast-l2/topics/ref/statement/proxy-arp-edit-interfaces.html>
>
> Regarding proxy-arp for EVPN (arp suppression) it only works for the
> same subnet, not between subnets.
>
> So that seems to match what you're seeing that you must enable
> proxy-arp on the IRB in order to reach the other subnets.
>
> Regards
> Roger
>
>
> On Wed, Dec 6, 2023 at 5:04 PM Aaron1 via juniper-nsp
> <juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>>
> wrote:
> As I recall, proxy-arp behavior is proven by looking in the local host
> arp cache and finding entries for foreign ip’s mapped to the default
> gateway’s mac address. If that is still occurring, then it would
> seem that proxy arp functionality is still working and you can move on
> to tshooting something beyond that… like what is the upstream def
> gw/evpn pe doing with those packets
>
> Aaron
>
>>
>> On Dec 6, 2023, at 6:16 AM, Jackson, William via juniper-nsp
>> <juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>>
>> wrote:
>>
>> Hi
>>
>> Maybe somebody knows the answer to this one:
>>
>> We migrated some customers to an EVPN domain away from a legacy node
>> that used proxy-arp on its L3 interface.
>>
>> The downstream clients have some funky routing and they are relying on
>> proxy-arp to resolve an offnet address (don't ask me why for our
>> sanities sake)!
>>
>> We have a implemented EVPN bridge domain with the following config on
>> MX PE nodes running 21.1 code.
>>
>> instance-type virtual-switch;
>> protocols {
>> evpn {
>> encapsulation mpls;
>> default-gateway do-not-advertise;
>> extended-vlan-list [ 250 ];
>> }
>> }
>> bridge-domains {
>> 250 {
>> domain-type bridge;
>> vlan-id 250;
>> interface ae68.250;
>> routing-interface irb.25068;
>> }
>> }
>>
>> interfaces irb.25068 {
>> proxy-arp;
>> family inet {
>> address 172.23.248.1/22<http://172.23.248.1/22>;
>> }
>> mac 00:aa:dd:00:00:68;
>> }
>>
>> This irb is in a L3VPN instance.
>>
>> Now the documentation states that proxy-arp and arp-suppression is on
>> by default yet these clients cant reach the offnet host with or
>> without the "proxy-arp" command on the irb.
>>
>> Any ideas?
>>
>> thanks
>> _______________________________________________
>> juniper-nsp mailing list
>> juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list
> juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list