Date created: Wednesday, September 13, 2023 1:38:32 PM. Last modified: Monday, June 10, 2024 12:35:00 PM

EVPN ARP / NDP Proxy Suppression

Note: ARP / NDP proxy is something different to proxy ARP / NDP!

One can suppress the ARP / NDP Proxy feature on EOS. ARP / NDP proxy is enabled by default.

When enabled (default) the router responds to ARP or ND requests from locally connected devices, if it has the answer already in it's local MAC table, rather than forwarding the request over the EVPN. This is to reduce flooding in large deployments. The downside is that when running a packet capture or similar on the host which should respond to the request, no request is ever received but, the client receives a reply, meaning this can be a source of confusion.

This feature can be disabled by creating a prefix list which specifies the IP ranges for which the router will not respond to ARP / ND requests. In the example below the router is configured not to respond to requests for any IP.

Note that at the time of writing (EOS 4.30.2) this can only be configured globally and not per MAC-VRF.

ip prefix-list ARP_NO_SUPPRESS
seq 10 deny 0.0.0.0/0

ipv6 prefix-list ND_NO_SUPPRESS
seq 10 deny ::/0

router l2-vpn
arp proxy prefix-list ARP_NO_SUPPRESS
nd proxy prefix-list ND_NO_SUPPRESS