Administrator Guide
Working of Proxy ARP for VLT Peer Nodes
Proxy ARP is enabled only when peer routing is enabled on both the VLT peers. If peer routing is disabled on one of the VLT peers,
proxy ARP is not performed when the ICL link goes down. Proxy ARP is performed only when the VLT peer's MAC address is
installed in the database. Proxy ARP is stopped when the VLT peer's MAC address is removed from the ARP database because of
the peer routing timer expiry. The source hardware address in the ARP response contains the VLT peer MAC address. Proxy ARP is
supported for both unicast and broadcast ARP requests. Control packets, other than ARP requests destined for the VLT peers that
reach the undesired and incorrect VLT node, are dropped if the ICL link is down. Further processing is not done on these control
packets. The VLT node does not perform any action if it receives gratuitous ARP requests for the VLT peer IP address. Proxy ARP is
also supported on secondary VLANs. When the ICL link or peer is down, and the ARP request for a private VLAN IP address reaches
the wrong peer, then the wrong peer responds to the ARP request with the peer MAC address.
The IP address of the VLT node VLAN interface is synchronized with the VLT peer over ICL when the VLT peers are up. Whenever
an IP address is added or deleted, this updated information is synchronized with the VLT peer. IP address synchronization occurs
regardless of the VLAN administrative state. IP address addition and deletion serve as the trigger events for synchronization. When a
VLAN state is down, the VLT peer might perform a proxy ARP operation for the IP addresses of that VLAN interface.
VLT nodes start performing Proxy ARP when the ICL link goes down. When the VLT peer comes up, proxy ARP will be stopped for
the peer VLT IP addresses. When the peer node is rebooted, the IP address synchronized with the peer is not ushed. Peer down
events cause the proxy ARP to commence.
When a VLT node detects peer up, it will not perform proxy ARP for the peer IP addresses. IP address synchronization occurs again
between the VLT peers.
Proxy ARP is enabled only if peer routing is enabled on both the VLT peers. If you disable peer routing by using the no peer-
routing
command in VLT DOMAIN node, a notication is sent to the VLT peer to disable the proxy ARP. If peer routing is disabled
when ICL link is down, a notication is not sent to the VLT peer and in such a case, the VLT peer does not disable the proxy ARP
operation.
When the VLT domain is removed on one of the VLT nodes, the peer routing conguration removal will be notied to the peer. In this
case VLT peer node disables the proxy ARP. When the ICL link is removed on one of the VLT nodes by using the no peer-link
command, the ICL down event is triggered on the other VLT node, which in turn starts the proxy ARP application. The VLT node,
where the ICL link is deleted, ushes the peer IP addresses and does not perform proxy ARP for the additional LAG hashed ARP
requests.
Conguring VLAN-Stack over VLT
To congure VLAN-stack over VLT, follow these steps.
1. Congure the VLT LAG as VLAN-stack access or trunk mode on both the peers.
INTERFACE PORT-CHANNEL mode
vlan-stack {access | trunk}
2. Congure VLAN as VLAN-stack compatible on both the peers.
INTERFACE VLAN mode
vlan-stack compatible
3. Add the VLT LAG as a member to the VLAN-stack on both the peers.
INTERFACE VLAN mode
member port-channel port—channel ID
4. Verify the VLAN-stack congurations.
864
Virtual Link Trunking (VLT)