Scribd
Upload
9 views

eos.arista.com-ARP replies in a VxLAN plus routing Data Center Inter-connect deployment

This document discusses ARP issues in a VxLAN and routing Data Center Interconnect (DCI) deployment, particularly when multiple data centers share the same VLAN and VARP MAC address. It outlines a workaround involving unique VARP MAC addresses for each data center to resolve ARP reply failures, while noting that this may lead to suboptimal traffic routing. Future enhancements to address these issues are anticipated with upcoming EOS versions.

Uploaded by

jarekscribd23
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views

eos.arista.com-ARP replies in a VxLAN plus routing Data Center Inter-connect deployment

This document discusses ARP issues in a VxLAN and routing Data Center Interconnect (DCI) deployment, particularly when multiple data centers share the same VLAN and VARP MAC address. It outlines a workaround involving unique VARP MAC addresses for each data center to resolve ARP reply failures, while noting that this may lead to suboptimal traffic routing. Future enhancements to address these issues are anticipated with upcoming EOS versions.

Uploaded by

jarekscribd23
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

ARP replies in a VxLAN plus routing Data Center Inter-

connect deployment
eos.arista.com/arp-replies-in-a-vxlan-plus-routing-data-center-inter-connect-deployment

Paul Bassett Bassett

Overview

VxLAN and routing with DCI inter-connect can cause ARP issues with VLAN segment
extensions between datacenters. The goal of this article is to outline the issue relating to
ARP replies with VxLAN routing and VARP. We will show the use of a workaround today
(recommended) and how the new ARP-Reply feature will resolve the problem. This feature
will be introduced in later version of EOS. The date will be announced in the future.

Issue:

VxLAN with the directing routing model for DCI will requires a unique VARP MAC address
per DC. This is needed when when there are two or more DCs sharing the same VLAN
and VARP MAC. The problem occurs due to ARP replies not getting completed for data
center (DC1) to data center DC-2 Inter-VLAN traffic based on packet handling on the DCI
edge node.

Consider two data centers – DC1 and DC2 each with three VTEPs, each running with its
own CVX as per the recommended design. (See Layout 1) The two DC’s are configured
with VxLAN direct routing model, so each leaf is configured with same set of VLANs and
the same VARP gateway/mac.

Setup:

DC1 (VTEP1, VTEP2, VTEP3, CVX1) –


DC2 (VTEP4, VTEP5, VTEP6, CVX2) –
DC1 and DC2 are connected over a DCI (DCI-1 and DCI-2) across service leaf
VTEPS – VTEP3 and VTEP6 respectively.
Assume all VTEPs in both DCs are configured with the same VARP-MAC.

The Arp Request:

Layout 1

1/4
The Request:

DC1 host (H1) attached to VTEP2 sends a packet from VLAN 100 to a host (H2)
attached to VTEP5 in DC2 in VLAN 200 over VxLAN plus routing.
VARP GW1(VTEP2) in DC1 receives the initial packet and forwards this packet to
destination vlan200.
VTEP2 ARPs for the destination mac in vlan200.
VTEP2 HER’s and encapsulates the ARP request to flood VTEP set in DC1 VTEP1,
VTEP3
VTEP3 decapsultes and forwards the request to DCI-1 in DC1
DCI-1 VxLAN encapsulates the request to DCI-2 in DC2
DCI-2 decapsulates and forwards the request to VTEP6 in DC2
VTEP6 HER the ARP request to flood VTEP set in DC2 – VTEP4 and VTEP5
Host H2 receives the packet and sends the ARP reply back to the GW (VTEP5)

The ARP Reply

Layout 2

2/4
The Reply

VTEP5 receives the ARP reply for destination VARP MAC.


VTEP5 HER’s the ARP reply to the VTEP6 in DC2 destined to DC1.
ARP reply gets consumed by VTEP6 in DC2 since its support the same VARP mac
and does not make it back to DC1. The ARP fails.

Resolution:

To resolve this issue, we have 1 option to consider, today.

In each data center set up a unique and VARP MAC. DC-1 configured with VARP-MAC:
VMAC-AA and DC-2 configured with VARP-MAC: VMAC-BB.

The send process is the same. Look at layout2 as a reference:

1. VTEP5 will see the reply destined to VARP-MAC AA.


2. VTEP 6 will decapsulate the packet (reply) and now will forward on the DCI-2 since
DC-2 used VARP-MAC VMAC:BB.
3. DCI-2 will encapsulate and send the packet to DCI-1 which will send via Vx

LAN to VTEP2 for sending to HOST 1.

NOTE: While this is an acceptable workaround, you will see some traffic trombone between
the two Data Centers; which is not optimized. This occurs based on North to South traffic
getting drawn to DC2 then being VxLAN bridged to DC1 instead of native direct routing to
proper DC.

Conclusion:
3/4
Today the option above will resolve the issue with LAN extensions with VARP and DCI
given the current DCI design being implemented. Look to the future for additional
enhancement to improve this solution.

Terms:

VARP-IP – Virtual-ARP for a common IP address in active/active configuration.

VTEP – VXLAN Tunnel Endpoint (VTEP): a host with at least one VXLAN Tunnel Interface
(VTI).

Trombone – The effect of traffic routing back and forth between data centers.

Virtual-MAC – The Virtual MAC address is only for inbound packets a

DC – Data Center

DCI – Data Center Interconnect

HER – Head end replication : https://eos.arista.com/eos-4-15-3f/vxlan-hw-her/

inShare

4/4

You might also like