SR OS Release 23.3.R1 and
later supports the ARP/ND extended community in EVPN MAC/IP advertisement routes
used to advertise and populate the layer 2 proxy ARP or proxy ND table in EVPN VPLS
services. The information and configuration in this chapter are based on SR OS Release 24.10.R3.
Overview
RFC 9047 specifies the ARP/ND extended community (type 0x06, sub-type 0x08) that
contains three different flags (R, I, O) that the router supports when
arp-nd-extended-community-advertisement is configured in the
service vpls <vpls id> bgp-evpn
context.
This allows IPv6/MAC entries for both routers and hosts to be distributed via the
EVPN control plane, when routers and hosts are concurrently attached to a single
EVPN network. The ARP/ND extended community may also be used to indicate whether
IPv4/MAC or IPv6/MAC entries are immutable. SR OS supports
arp-nd-extended-community-advertisement in the same EVPN
services that support proxy ARP or proxy ND. SR OS does not support
proxy ARP and proxy ND in routed VPLS (R-VPLS) services and in multi-instance VPLS
services.
Flags
Router (R) flag – bit 23 of the ARP/ND extended community (bit 7
of the flags field): the R flag indicates whether the EVPN
MAC/IP advertisement route conveys a Neighbor Discovery (ND)
IPv6/MAC entry that belongs to a router (R=1) or to a host
(R=0). When evpn-nd-advertise router-host is
configured in the service vpls <vpls id>
proxy-nd context, dynamic entries of type router
and of type host are both advertised in EVPN MAC/IP
advertisement routes with the corresponding value for the R
flag. An ingress PE learns dynamic proxy ND entries as router or
as host, based on the snooped Neighbor Advertisement (NA)
messages that it receives. The ingress PE installs the proxy ND
entry as a router or as a host entry depending on the value of
the R flag and uses this information in NA messages for the
associated IPv6 address. The R flag applies only to IPv6/MAC
pairs (proxy ND). When a PE receives an ARP/ND extended
community with an EVPN MAC/IP advertisement route for an
IPv4/MAC pair, the PE ignores the R flag.
Immutable (I) flag – bit 20 of the ARP/ND extended community
(bit 4 of the flags field): the I flag indicates whether the
IPv4/MAC or IPv6/MAC pair for the EVPN MAC/IP advertisement
route that an egress PE advertises is immutable (I=1) or not
(I=0). When immutable, the IP address in the EVPN MAC/IP
advertisement route can only be bound to the MAC address that is
specified in the same route, and not to any other MAC address
that is received in a different route with I=0. Static proxy ARP
entries, static proxy ND entries, and configured dynamic IPs
(associated to a MAC list) are always advertised as immutable.
The I flag applies to both IPv4/MAC pairs (proxy ARP) and
IPv6/MAC pairs (proxy ND). The I flag affects the selection of
proxy ARP or proxy ND entries in an ingress PE: when a PE
receives two EVPN MAC/IP advertisement routes for the same
IP/MAC pair, the PE always prioritises an immutable proxy ARP or
proxy ND EVPN MAC/IP advertisement route (I=1) over a
non-immutable one (I=0).
Override (O) flag – bit 22 of the ARP/ND extended community (bit
6 of the flags field): the O flag indicates whether the NA
message that an egress PE sends out for a proxy ND entry
overrides any other existing entry in the host. An egress PE
normally advertises IPv6/MAC pairs with O=1. An egress PE
advertises IPv6/MAC pairs with O=0 only when IPv6 anycast is
enabled, but SR OS
does not support anycast IPv6 addresses in the proxy ND table.
An ingress PE learns the O flag value from the snooped NA
messages, installs the ND entry with the received O flag value,
and always uses the installed O flag value when replying to a
Neighbor Solicitation (NS) message for the IPv6 address. The O
flag does not affect the selection of proxy ND entries in an
ingress PE; it only transfers the information between ND and
EVPN. The O flag only applies to IPv6/MAC pairs (proxy ND). When
a PE receives an ARP/ND extended community with an EVPN MAC/IP
advertisement route for an IPv4/MAC pair, the PE ignores the O
flag.
Advertisement and processing of the flags
R flag (only for proxy ND)
Static proxy ND entries
The PE where the static proxy ND entry is configured adds it
to its proxy ND table with the R flag value as configured
with static <IPv6 Address> <MAC Address>
router|host in the service vpls
<vpls id> proxy-nd context, and advertises
it in EVPN with the R flag value that corresponds with this
configuration.
The PE replies subsequent received NS messages for the proxy
ND entry with the configured R flag.
If the user changes the configuration for a specific static
proxy ND entry from host to router or from router to host,
the PE triggers an unsolicited NA message containing the new
value for the R flag. The unsolicited NA message is flooded
or not into EVPN, based on
host-unsolicited-na-flood-evpn or
router-unsolicited-na-flood-evpn.
Dynamic proxy ND entries
When dynamic-nd-populate is configured in
the service vpls <vpls id> proxy-nd
context, the ingress PE learns dynamic proxy ND entries and
their corresponding R flag value from NA messages and adds
them to its proxy ND table.
The PE replies subsequent received NS messages with the
corresponding R flag value that it stored for the proxy ND
entry.
The PE advertises the learned dynamic entries in EVPN, as
described in EVPN proxy ND entries.
EVPN proxy ND entries
A PE advertises the entries in EVPN, depending on the
configuration of evpn-nd-advertise in the
service vpls <vpls id> proxy-nd context:
evpn-nd-advertise router: only
advertises (in EVPN) dynamic entries learned with
R=1, or static entries configured as router. For
EVPN entries (out of routes) received without ARP/ND
extended community the entry's R flag value defaults
to R=1.
evpn-nd-advertise host: only
advertises (in EVPN) dynamic entries learned with
R=0, or static entries configured as host. For EVPN
entries (out of routes) received without ARP/ND
extended community the entry's R flag value defaults
to R=1.
evpn-nd-advertise router-host:
advertises (in EVPN) dynamic and static entries
irrespective of the router flag, and with the
correct R flag in each case. For EVPN entries (out
of routes) received without ARP/ND extended
community the entry's R flag value defaults to
R=1.
The evpn-nd-advertise
configuration must be consistent in all the nodes
for the same service.
I flag (for proxy ARP and proxy ND)
The I bit in the ARP/ND extended community is advertised as follows:
When
arp-nd-extended-community-advertisement
is set, any static proxy ARP or proxy ND entry is
advertised with I=1.
When
arp-nd-extended-community-advertisement
is set, any configured dynamic IP (associated to a MAC
list) proxy ARP or proxy ND entry is advertised with
I=1.
Duplicate entries with AS-MAC are advertised with I=1 (in
addition to O=1 and R=0 or R=1, based on the
configuration).
The configuration of the I bit is independent of the
configuration of the static bit associated to the FDB
entry, and it is only used with proxy ARP or proxy ND
advertisements.
The I bit in the ARP/ND extended community is processed on reception
as follows:
An ingress PE receiving an EVPN MAC/IP advertisement
route containing an IP/MAC pair and I=1, installs the
corresponding entry in its proxy ARP or proxy ND table
as an immutable binding.
An immutable binding entry overrides an existing
non-immutable binding entry for the same IP/MAC
pair.
The absence of the ARP/ND extended community in an EVPN
MAC/IP advertisement route indicates that the route is
not for an immutable binding.
MAC mobility does not consider the I bit.
The proxy ARP or proxy ND selection in case of multiple routes for
the same IP is changed. From the user’s perspective, this change in
the selection is only seen when
arp-nd-extended-community-advertisement is
set (otherwise the ARP/ND extended community and the local I bits
are ignored anyway):
Local immutable proxy ARP or proxy ND entries (static and
configured dynamic IP)
EVPN immutable proxy ARP or proxy ND entries
Regular existing proxy ARP or proxy ND selection
Receiving multiple EVPN MAC/IP advertisement routes with I=1 for the
same IP but a different MAC address, is considered a
misconfiguration or a transient error condition.
An ingress PE that receives multiple EVPN MAC/IP
advertisement routes (with I=1 for the same IP and a
different MAC address) selects one route, based on the
mentioned selection rules.
When a configured IP/MAC pair changes to point to a new
MAC address, the EVPN MAC/IP advertisement route for the
existing IP/MAC pair is withdrawn before the EVPN MAC/IP
advertisement route for the new IP/MAC pair is
advertised.
A PE originating an EVPN MAC/IP advertisement route for an IP/MAC
pair for which I=1 also originates the route with the "Sticky/static
flag" set (in the MAC Mobility extended community) when the MAC is
static.
The IP/MAC binding is then not only immutable but it
cannot move either.
Even so, when an update for the same immutable and static
IP/MAC pair is received from a different PE, the ingress
PE selects one of the two routes.
In case of IP duplication and configured dynamic IP entries:
When an ingress PE receives a dynamic ARP/ND message that
matches a dynamic IP immutable entry, it does not learn
the message and drops it on CPM.
An existing dynamic immutable entry is allowed to be
overwritten with a new dynamic immutable entry, when
their MACs do not match but are part of the same
configured MAC list.
When an ingress PE has a local configured dynamic IP, it
does not install a received EVPN immutable proxy ARP or
proxy ND entry.
When an ingress PE that has an EVPN immutable entry
receives a local dynamic (non-immutable) ARP/ND message,
it drops the ARP/ND message.
When an ingress PE that has a configured dynamic IP that
is installed with a current MAC (which generated an EVPN
MAC/IP advertisement route with I=1) receives a dynamic
ARP/ND message with a different MAC:
It flushes the entry and sends a resolve
message.
When the newly learned MAC is on the same MAC
list as the current MAC, the PE withdraws the
current IP/MAC pair and sends the new IP/MAC pair
with I=1.
There are no changes on the generation of confirmation messages
or GARP/unsolicited NA when a new entry is learned.
O flag (only for proxy ND)
The O flag is propagated in EVPN.
On transmission:
The egress PE learns the O flag value for dynamic entries and
adds them to its proxy ND table. When
arp-nd-extended-community-advertisement
is set, the O flag value is taken from the proxy ND
table.
For static and duplicate proxy ND entries O=1.
On reception:
The ingress PE learns proxy ND entries from received NA
messages with either O=0 or O=1.
The ingress PE stores the received O flag value in its proxy
ND table, and uses it when replying to a received NS
message.
For link-local neighbor advertisements (generated for
solicitations to the local chassis MAC) O=1.
When the ingress PE receives an EVPN MAC/IP advertisement
route without the ARP/ND extended community, it installs the
proxy ND entry with O=1 (default).
When sending solicited or unsolicited NA messages, the O flag value
is O=1 or O=0, depending on the O flag value in the proxy ND entry
that is learned.
Configuration
Initial example topology illustrates the initial example topology.
Figure 1. Initial example topology
The initial configuration includes:
cards, MDAs, ports
router interfaces
IS-IS on the router interfaces (OSPF or OSPF3 router interfaces are also
possible)
IBGP in the EVPN network for the EVPN address family
LDP
Router configuration
The router configuration (interfaces, IS-IS, and IBGP) on route reflector RR-1 is
as follows:
# On RR-1:
configure router
interface "int-RR-1-PE-2"
address 192.168.12.1/30
port 1/1/c2/1:10
no shutdown
exit
interface "system"
address 192.0.2.1/32
no shutdown
exit
autonomous-system 64500
isis 0
advertise-router-capability as
area-id 49.0001
interface "system"
no shutdown
exit
interface "int-RR-1-PE-2"
interface-type point-to-point
no shutdown
exit
no shutdown
exit
bgp
enable-peer-tracking
rapid-withdrawal
rapid-update evpn
group "IBGP"
type internal
family evpn
cluster 1.1.1.1
neighbor 192.0.2.2
exit
neighbor 192.0.2.3
exit
neighbor 192.0.2.4
exit
exit
no shutdown
exit
The router configuration (interfaces, IS-IS, IBGP, and LDP) on PE-2 is as
follows:
# On PE-2:
configure router
interface "int-PE-2-RR-1"
address 192.168.12.2/30
port 1/1/c1/1:10
no shutdown
exit
interface "int-PE-2-PE-3"
address 192.168.23.1/30
port 1/1/c3/1:10
no shutdown
exit
interface "int-PE-2-PE-4"
address 192.168.24.1/30
port 1/1/c4/1:10
no shutdown
exit
interface "system"
address 192.0.2.2/32
no shutdown
exit
autonomous-system 64500
isis 0
advertise-router-capability as
area-id 49.0001
interface "system"
no shutdown
exit
interface "int-PE-2-RR-1"
interface-type point-to-point
no shutdown
exit
interface "int-PE-2-PE-3"
interface-type point-to-point
no shutdown
exit
interface "int-PE-2-PE-4"
interface-type point-to-point
no shutdown
exit
no shutdown
exit
bgp
enable-peer-tracking
rapid-withdrawal
rapid-update evpn
group "IBGP"
type internal
family evpn
neighbor 192.0.2.1
exit
exit
no shutdown
info
exit
ldp
interface-parameters
interface "int-PE-2-PE-3"
no shutdown
exit
interface "int-PE-2-PE-4"
no shutdown
exit
exit
no shutdown
exit
The router configuration on PE-3 and PE-4 is similar, with different ports and
without the interface to RR-1.
Service configuration in the EVPN network
VPLS 1 is initially configured on PE-2, PE-3, and PE-4, as follows:
# On PE-2, PE-3, PE-4:
configure service vpls 1 name "VPLS 1" customer "1" create
description "testing-proxy-nd-arp-flags"
bgp
exit
bgp-evpn
evi 1
mpls bgp 1
auto-bind-tunnel
resolution any
exit
no shutdown
exit
exit
proxy-arp
no shutdown
exit
proxy-nd
no shutdown
exit
no shutdown
Command options
The command arp-nd-extended-community-advertisement in the service
vpls <vpls id> bgp-evpn context enables the advertisement of
the ARP/ND extended community for both proxy ARP entries (IPv4) and proxy ND
entries (IPv6). When configured, SR OS advertises the
ARP/ND extended community along with the EVPN MAC/IP advertisement routes
advertised for local static and dynamic proxy ARP or proxy ND entries. The
command also controls the processing of the ARP/ND extended community and the
selection of ARP/ND entries based on the Immutable flag.
The command evpn-nd-advertise router|host|router-host in the
service vpls <vpls id> proxy-nd context further
configures the selective advertisement of proxy ND entries for routers only
(default), hosts only, or routers and hosts, and determines the value of the R
flag (R=1 or R=0) when sending NA messages for existing EVPN entries in the
proxy ND table. SR OS
accepts the router-host option only when
arp-nd-extended-community-advertisement is set.
Otherwise, SR OS does
not apply the configuration and returns the message:
"MINOR: SVCMGR #8010 Cannot modify proxy nd
- router-host option supported only when arp-nd-extended-community is configured in bgp-evpn".
Similarly, SR OS does
not apply no arp-nd-extended-community-advertisement, when
evpn-nd-advertise router-host is configured in the
service vpls <vpls id> proxy-nd context. Instead, SR OS returns the
message:
"MINOR: SVCMGR #1003 Inconsistent value
- arp-nd-extended-community needs to be set when proxy-nd evpn advertise-type is router-host".
Use cases
The following use cases are described in the following sections:
The command mac <MAC Address> create sap <SAP ID> monitor
fwd-status in the service vpls <vpls id>
static-mac context configures a static MAC address. The
same static MAC address can be configured for a proxy ARP entry and for
a proxy ND entry.
The command static <IPv4 Address> <MAC Address> in the service
vpls <vpls id> proxy-arp context further configures a
static proxy ARP entry, as
follows:
# On PE-2:
configure service vpls 1
static-mac
mac 00:00:5e:00:53:4a create sap 1/1/c5/1:1 monitor fwd-status
exit
proxy-arp
static 203.0.113.4 00:00:5e:00:53:4a
no shutdown
exit
no shutdown
Reconfigure the sender side PE-2 and
the receiver side PE-3 and PE-4, as
follows:
# On PE-2:
configure service vpls 1 bgp-evpn arp-nd-extended-community-advertisement
# On PE-3, PE-4:
configure service vpls 1 bgp-evpn no arp-nd-extended-community-advertisement
PE-2
does not advertise the Router flag and the Override flag for IPv4/MAC
pairs. PE-2 advertises the Immutable flag for IPv4/MAC pairs, to
indicate that the IPv4/MAC pair is for a static entry. PE-3 and PE-4 do
not process
it:
*A:PE-2# show router bgp routes evpn mac mac-address 00:00:5e:00:53:4a
detail | match "arp-nd"
Community : target:64500:1 arp-nd:R:0/O:0/I:1 bgp-tunnel-encap:MPLS
*A:PE-2# show service id 1 proxy-arp detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy Arp Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
203.0.113.4 00:00:5e:00:53:4a stat active I 04/17/2025 10:50:14
-------------------------------------------------------------------------------
Number of entries : 1
Legend : I=Immutable
===============================================================================
*A:PE-3# show router bgp routes evpn mac mac-address 00:00:5e:00:53:4a
detail | match "arp-nd"
Community : target:64500:1 arp-nd:R:0/O:0/I:1 bgp-tunnel-encap:MPLS
*A:PE-3# show service id 1 proxy-arp detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy Arp Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
203.0.113.4 00:00:5e:00:53:4a evpn active 04/17/2025 10:50:23
-------------------------------------------------------------------------------
Number of entries : 1
Legend : I=Immutable
===============================================================================
Similar
for PE-4.
Reconfigure the receiver side PE-3 and PE-4 as
follows:
# On PE-3, PE-4:
configure service vpls 1 bgp-evpn arp-nd-extended-community-advertisement
PE-3
and PE-4 process the Immutable flag that PE-2
advertises:
A:PE-3# show router bgp routes evpn mac mac-address 00:00:5e:00:53:4a
detail | match "arp-nd"
Community : target:64500:1 arp-nd:R:0/O:0/I:1 bgp-tunnel-encap:MPLS
*A:PE-3# show service id 1 proxy-arp detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy Arp Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
203.0.113.4 00:00:5e:00:53:4a evpn active I 04/17/2025 11:14:32
-------------------------------------------------------------------------------
Number of entries : 1
Legend : I=Immutable
===============================================================================
Similar
for PE-4.
Even if PE-2 advertises the Router flag and the Override flag, PE-3 and
PE-4 ignore them for an IPv4/MAC pair.
Reconfigure the sender side PE-2 as
follows:
# On PE-2:
configure service vpls 1
proxy-nd evpn-nd-advertise router
bgp-evpn no arp-nd-extended-community-advertisement
PE-2 does not advertise the Immutable flag, so PE-3 and PE-4 do not
process
it.
*A:PE-2# show router bgp routes evpn mac mac-address 00:00:5e:00:53:4a
detail | match "arp-nd"
---empty---
*A:PE-2# show service id 1 proxy-arp detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy Arp Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
203.0.113.4 00:00:5e:00:53:4a stat active I 04/17/2025 10:50:14
-------------------------------------------------------------------------------
Number of entries : 1
Legend : I=Immutable
===============================================================================
A:PE-3# show router bgp routes evpn mac mac-address 00:00:5e:00:53:4a
detail | match "arp-nd"
---empty---
*A:PE-3# show service id 1 proxy-arp detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy Arp Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
203.0.113.4 00:00:5e:00:53:4a evpn active 04/17/2025 11:20:30
-------------------------------------------------------------------------------
Number of entries : 1
Legend : I=Immutable
===============================================================================
Similar
for PE-4.
Reconfigure PE-2, PE-3, and PE-4, so that proxy ARP entries are
advertised and processed for all types, as
follows:
# On PE-2, PE-3, PE-4:
configure service vpls 1
bgp-evpn arp-nd-extended-community-advertisement
proxy-nd evpn-nd-advertise router-host
Dynamic proxy ARP entries
Proxy ARP entries can be learned dynamically from received ARP requests or ARP responses.
Enable dynamic learning of proxy ARP entries, as follows:
# On PE-2, PE-3, PE-4:
configure service vpls 1 proxy-arp dynamic-arp-populate no shutdown
PEs
that support proxy ARP advertise dynamically learned proxy ARP entries
without any flag.
Configure VPRN 2 on PE-2, PE-3 and PE-4, as
follows:
# On PE-2:
configure service vprn 2 name "VPRN 2" customer "1" create
description "VPRN 2 connected to VPLS 1 on PE-2"
interface "int-VPLS-1" create
mac 00:00:5e:00:53:02
address 172.16.4.2/24
ipv6
address 2001:db8::16:4:2/120
exit
sap 1/1/c10/1:1 create
exit
exit
shutdown
# On PE-3:
configure service vprn 2 name "VPRN 2" customer "1" create
description "VPRN 2 connected to VPLS 1 on PE-3"
interface "int-VPLS-1" create
mac 00:00:5e:00:53:03
address 172.16.4.3/24
ipv6
address 2001:db8::16:4:3/120
exit
sap 1/1/c10/1:1 create
exit
exit
shutdown
# On PE-4:
configure service vprn 2 name "VPRN 2" customer "1" create
description "VPRN 2 connected to VPLS 1 on PE-4"
interface "int-VPLS-1" create
mac 00:00:5e:00:53:04
address 172.16.4.4/24
ipv6
address 2001:db8::16:4:4/120
exit
sap 1/1/c10/1:1 create
exit
exit
shutdown
Enable VPRN 2 on PE-2, PE-3, and PE-4 successively as
follows:
# On PE-2, PE-3, PE-4:
configure service vprn 2 no shutdown
Each PE adds in its proxy ARP table the dynamic entry that corresponds
with the IPv4 address of its int-VPLS-1 interface and advertises it,
without the Immutable flag.
Each PE also adds in its proxy ARP table the EVPN entries that it
receives from the other
PEs.
*A:PE-2# show service id 1 proxy-arp detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy Arp Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
172.16.4.2 00:00:5e:00:53:02 dyn active 04/17/2025 11:32:28
172.16.4.3 00:00:5e:00:53:03 evpn active 04/17/2025 11:32:59
172.16.4.4 00:00:5e:00:53:04 evpn active 04/17/2025 11:33:28
-------------------------------------------------------------------------------
Number of entries : 3
Legend : I=Immutable
===============================================================================
*A:PE-3# show service id 1 proxy-arp detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy Arp Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
172.16.4.2 00:00:5e:00:53:02 evpn active 04/17/2025 11:32:25
172.16.4.3 00:00:5e:00:53:03 dyn active 04/17/2025 11:33:00
172.16.4.4 00:00:5e:00:53:04 evpn active 04/17/2025 11:33:27
-------------------------------------------------------------------------------
Number of entries : 3
Legend : I=Immutable
===============================================================================
*A:PE-4# show service id 1 proxy-arp detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy Arp Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
172.16.4.2 00:00:5e:00:53:02 evpn active 04/17/2025 11:32:26
172.16.4.3 00:00:5e:00:53:03 evpn active 04/17/2025 11:33:00
172.16.4.4 00:00:5e:00:53:04 dyn active 04/17/2025 11:33:31
-------------------------------------------------------------------------------
Number of entries : 3
Legend : I=Immutable
===============================================================================
As an example, a test center port connected to PE-4 with IPv4 address
172.16.4.14 and MAC 00:00:5e:00:53:14 launches a dynamic proxy ARP
entry.
PE-4 adds in its proxy ARP table the dynamic entry for 172.16.4.14 and
advertises
it.
*A:PE-4# show service id 1 proxy-arp detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy Arp Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
172.16.4.2 00:00:5e:00:53:02 evpn active 04/17/2025 11:34:30
172.16.4.3 00:00:5e:00:53:03 evpn active 04/17/2025 11:33:00
172.16.4.4 00:00:5e:00:53:04 dyn active 04/17/2025 11:33:31
172.16.4.14 00:00:5e:00:53:14 dyn active 04/17/2025 11:35:41
-------------------------------------------------------------------------------
Number of entries : 4
Legend : I=Immutable
===============================================================================
PE-3 adds in its proxy ARP table the EVPN entry for 172.16.4.14 that PE-4
advertises.
*A:PE-3# show service id 1 proxy-arp detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy Arp Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
172.16.4.2 00:00:5e:00:53:02 evpn active 04/17/2025 11:34:28
172.16.4.3 00:00:5e:00:53:03 dyn active 04/17/2025 11:33:00
172.16.4.4 00:00:5e:00:53:04 evpn active 04/17/2025 11:34:23
172.16.4.14 00:00:5e:00:53:14 evpn active 04/17/2025 11:35:39
-------------------------------------------------------------------------------
Number of entries : 4
Legend : I=Immutable
===============================================================================
PE-2 adds in its proxy ARP table the EVPN entry for 172.16.4.14 that PE-4
advertises.
*A:PE-2# show service id 1 proxy-arp detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy Arp Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
172.16.4.2 00:00:5e:00:53:02 dyn active 04/17/2025 11:32:28
172.16.4.3 00:00:5e:00:53:03 evpn active 04/17/2025 11:32:59
172.16.4.4 00:00:5e:00:53:04 evpn active 04/17/2025 11:34:24
172.16.4.14 00:00:5e:00:53:14 evpn active 04/17/2025 11:35:40
-------------------------------------------------------------------------------
Number of entries : 4
Legend : I=Immutable
===============================================================================
Dynamic proxy ARP entries with a duplicate IPv4 address for different MAC
addresses
When a proxy ARP entry is learned dynamically, a new IPv4 address may be
learned for a MAC address for which an old IPv4 address was already
known.
To illustrate this, configure two additional routers CE-5 and CE-7 that
are wired to PE-2 and PE-4 respectively, as
follows:
# On CE-5:
configure router
interface "system"
address 192.0.2.5/32
no shutdown
Similar on CE-7, with address 192.0.2.7/32.
Configure an anti spoof MAC address for proxy ARP duplicates, as
follows:
# On PE-2, PE-3, PE-4:
configure service vpls 1
proxy-arp
dup-detect window 3 num-moves 5 hold-down 9 anti-spoof-mac 00:00:5e:00:53:40
dynamic-arp-populate
no shutdown
Where:
window: the period (in minutes) during which a
counter counts detected IP/MAC combinations (IP0/MAC*) that
differ from the currently known IP/MAC combination (IP0/MAC0)
for an IP address (IP0)
num-moves: the count that the counter must reach
within the window period, before the IP address (IP0) is
considered as a duplicate (is associated with more than one
MAC)
hold-down: the period (in minutes) during which
the IP address is considered as a duplicate
Nokia recommends that the proxy ARP anti spoof MAC address is the same on
all PEs.
The applicable configuration for proxy ARP can be verified
with:
*A:PE-2# show service id 1 proxy-arp detail
-------------------------------------------------------------------------------
Proxy Arp
-------------------------------------------------------------------------------
Admin State : enabled
Dyn Populate : enabled
Age Time : disabled Send Refresh : disabled
Table Size : 250 Total : 0
Static Count : 0 EVPN Count : 0
Dynamic Count : 0 Duplicate Count : 0
Process Probes : enabled
Restrict Non Conf*: disabled
Sponge MAC : None
Dup Detect
-------------------------------------------------------------------------------
Detect Window : 3 mins Num Moves : 5
Hold down : 9 mins
Anti Spoof MAC : 00:00:5e:00:53:40
VPLS Flood Control
-------------------------------------------------------------------------------
Rcvd Garp Flood : enabled Rcvd Req Flood : enabled
EVPN
-------------------------------------------------------------------------------
Garp Flood : enabled Req Flood : enabled
Static Black Hole : disabled
EVPN Route Tag : 0
-------------------------------------------------------------------------------
* indicates that the corresponding row element may have been truncated.
Configure VPRN 2 on the two additional routers, as
follows:
# On CE-5:
configure service vprn 2 name "VPRN 2" customer "1" create
description "VPRN 2 connected to VPLS 1 on CE-5"
interface "int-VPLS-1" create
mac 00:00:5e:00:53:15
address 172.16.4.57/24 # dup with IPv4 of int-VPLS-1 on CE-7
ipv6
address 2001:db8::16:4:57/120 # dup with IPv6 of int-VPLS-1 on CE-7
dad-disable
exit
sap 1/1/c2/1:1 create
exit
exit
shutdown
Similar on CE-7 with the same IPv4 and IPv6 addresses, but a different
MAC address 00:00:5e:00:53:17 and sap 1/1/c4/1:1
Enable VPRN 2 on
CE-5:
# On CE-5:
configure service vprn 2 no shutdown
PE-2 adds in its proxy ARP table the dynamic entry for 172.16.4.57 that
it receives from CE-5 and advertises it, without the Immutable
flag.
*A:PE-2# show service id 1 proxy-arp detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy Arp Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
172.16.4.2 00:00:5e:00:53:02 dyn active 04/17/2025 12:20:35
172.16.4.3 00:00:5e:00:53:03 evpn active 04/17/2025 12:20:59
172.16.4.4 00:00:5e:00:53:04 evpn active 04/17/2025 12:21:26
172.16.4.57 00:00:5e:00:53:15 dyn active 04/17/2025 12:22:08
-------------------------------------------------------------------------------
Number of entries : 4
Legend : I=Immutable
===============================================================================
*A:PE-4# show service id 1 proxy-arp detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy Arp Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
172.16.4.2 00:00:5e:00:53:02 evpn active 04/17/2025 12:20:33
172.16.4.3 00:00:5e:00:53:03 evpn active 04/17/2025 12:20:59
172.16.4.4 00:00:5e:00:53:04 dyn active 04/17/2025 12:21:29
172.16.4.57 00:00:5e:00:53:15 evpn active 04/17/2025 12:22:05
-------------------------------------------------------------------------------
Number of entries : 4
Legend : I=Immutable
===============================================================================
*A:PE-3# show service id 1 proxy-arp detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy Arp Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
172.16.4.2 00:00:5e:00:53:02 evpn active 04/17/2025 12:20:31
172.16.4.3 00:00:5e:00:53:03 dyn active 04/17/2025 12:21:00
172.16.4.4 00:00:5e:00:53:04 evpn active 04/17/2025 12:21:24
172.16.4.57 00:00:5e:00:53:15 evpn active 04/17/2025 12:22:03
-------------------------------------------------------------------------------
Number of entries : 4
Legend : I=Immutable
===============================================================================
Enable
VPRN 2 also on CE-7:
# On CE-7:
configure service vprn 2 no shutdown
PE-4 learns from the ARP request that it receives from CE-7 that the IPv4
address 172.16.4.57 also appears for another MAC address than it already
knows. So, PE-4 considers the corresponding proxy ARP entry as a
duplicate, replaces its initial MAC address with the configured proxy
ARP anti spoof MAC address 00:00:5e:00:53:40, and advertises the updated
entry, with the Immutable
flag.
*A:PE-4# show service id 1 proxy-arp detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy Arp Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
172.16.4.2 00:00:5e:00:53:02 evpn active 04/17/2025 12:20:33
172.16.4.3 00:00:5e:00:53:03 evpn active 04/17/2025 12:20:59
172.16.4.4 00:00:5e:00:53:04 dyn active 04/17/2025 12:21:29
172.16.4.57 00:00:5e:00:53:40 dup active I 04/17/2025 12:22:42
-------------------------------------------------------------------------------
Number of entries : 4
Legend : I=Immutable
===============================================================================
PE-2 updates in its proxy ARP table the EVPN entry for 172.16.4.57 with
the Immutable flag and the proxy ARP anti spoof MAC address, that it
receives from
PE-4.
*A:PE-2# show service id 1 proxy-arp detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy Arp Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
172.16.4.2 00:00:5e:00:53:02 dyn active 04/17/2025 12:20:35
172.16.4.3 00:00:5e:00:53:03 evpn active 04/17/2025 12:20:59
172.16.4.4 00:00:5e:00:53:04 evpn active 04/17/2025 12:23:47
172.16.4.57 00:00:5e:00:53:40 evpn active I 04/17/2025 12:22:42
-------------------------------------------------------------------------------
Number of entries : 4
Legend : I=Immutable
===============================================================================
PE-3 adds in its proxy ARP table the EVPN entry for 172.16.4.57 with the
Immutable flag and the proxy ARP anti spoof MAC address, that it
receives from
PE-4.
*A:PE-3# show service id 1 proxy-arp detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy Arp Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
172.16.4.2 00:00:5e:00:53:02 evpn active 04/17/2025 12:20:31
172.16.4.3 00:00:5e:00:53:03 dyn active 04/17/2025 12:21:00
172.16.4.4 00:00:5e:00:53:04 evpn active 04/17/2025 12:23:45
172.16.4.57 00:00:5e:00:53:40 evpn active I 04/17/2025 12:22:40
-------------------------------------------------------------------------------
Number of entries : 4
Legend : I=Immutable
===============================================================================
When the duplicate entry's hold-down period expires, PE-4 does not
consider it as a duplicate any longer. If the duplicate proxy ARP entry
was on the PE that initially held the dynamic proxy ARP entry (PE-2),
that PE restores the initial dynamic proxy ARP entry and advertises the
updated entry with the initial MAC address, but without the Immutable
flag. If the duplicate proxy ARP entry was on another PE (PE-4), that PE
removes it from its proxy ARP table and advertises the
removal. PE-2 and PE-3 receive the removal advertisement from PE-4 and also remove
the corresponding EVPN entry from their proxy ARP
table.
The command mac <MAC Address> create sap <SAP ID>
monitor fwd-status in the service vpls <vpls
id> static-mac context configures a static MAC address.
The same static MAC address can be configured for a proxy ND entry and
for a proxy ARP entry.
The command static <IPv6
Address> <MAC Address> router|host in the
service vpls <vpls id> proxy-nd context
further configures a static proxy ND entry, either as originating from a
router or as originating from a host, as
follows:
# On PE-2:
configure service vpls 1
static-mac
mac 00:00:5e:00:53:6e create sap 1/1/c5/1:1 monitor fwd-status
mac 00:00:5e:00:53:6f create sap 1/1/c5/1:1 monitor fwd-status
exit
proxy-nd
static 2001:db8::113:6e 00:00:5e:00:53:6e router
static 2001:db8::113:6f 00:00:5e:00:53:6f host
no shutdown
exit
no shutdown
Reconfigure the sender side PE-2 and
the receiver side PE-3 and PE-4, as
follows:
# On PE-2:
configure service vpls 1
bgp-evpn arp-nd-extended-community-advertisement
proxy-nd evpn-nd-advertise router-host
# On PE-3:
configure service vpls 1
bgp-evpn no arp-nd-extended-community-advertisement
proxy-nd evpn-nd-advertise router
# On PE-4:
configure service vpls 1
bgp-evpn no arp-nd-extended-community-advertisement
proxy-nd evpn-nd-advertise host
PE-2
advertises both the router type proxy ND entry and
the host type proxy ND entry with:
the appropriate Router flag: R=1 for the
router type; R=0 for the
host type. When the type of a proxy ND
entry changes from router to
host, or from host to
router, PE-2 triggers an unsolicited NA
message with the new value for the Router flag. PE-2 replies to
NS messages with the configured value for the Router flag.
the Immutable flag, to indicate that the IPv6/MAC pair is for a
static entry.
the Override flag: O=1 for unicast; O=0 for anycast.
PE-3 and PE-4 do not process the received flags. PE-3 and PE-4
display the Router flag with the type as configured on PE-3 (R) and PE-4
(H) respectively, even if PE-2 advertises another type. PE-3 and PE-4
display the Override flag with the default value (O), even if PE-2
advertises another
value.
*A:PE-2# show router bgp routes evpn mac mac-address 00:00:5e:00:53:6e
detail | match "arp-nd"
Community : target:64500:1 arp-nd:R:1/O:1/I:1 bgp-tunnel-encap:MPLS
*A:PE-2# show router bgp routes evpn mac mac-address 00:00:5e:00:53:6f
detail | match "arp-nd"
Community : target:64500:1 arp-nd:R:0/O:1/I:1 bgp-tunnel-encap:MPLS
*A:PE-2# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::113:6e 00:00:5e:00:53:6e stat active R I O 04/17/2025 10:50:14
2001:db8::113:6f 00:00:5e:00:53:6f stat active H I O 04/17/2025 10:50:14
-------------------------------------------------------------------------------
Number of entries : 2
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
*A:PE-3# show router bgp routes evpn mac mac-address 00:00:5e:00:53:6e
detail | match "arp-nd"
Community : target:64500:1 arp-nd:R:1/O:1/I:1 bgp-tunnel-encap:MPLS
*A:PE-3# show router bgp routes evpn mac mac-address 00:00:5e:00:53:6f
detail | match "arp-nd"
Community : target:64500:1 arp-nd:R:0/O:1/I:1 bgp-tunnel-encap:MPLS
*A:PE-3# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::113:6e 00:00:5e:00:53:6e evpn active R O 04/17/2025 10:50:23
2001:db8::113:6f 00:00:5e:00:53:6f evpn active R O 04/17/2025 10:50:23
-------------------------------------------------------------------------------
Number of entries : 2
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
*A:PE-4# show router bgp routes evpn mac mac-address 00:00:5e:00:53:6e
detail | match "arp-nd"
Community : target:64500:1 arp-nd:R:1/O:1/I:1 bgp-tunnel-encap:MPLS
*A:PE-4# show router bgp routes evpn mac mac-address 00:00:5e:00:53:6f
detail | match "arp-nd"
Community : target:64500:1 arp-nd:R:0/O:1/I:1 bgp-tunnel-encap:MPLS
*A:PE-4# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::113:6e 00:00:5e:00:53:6e evpn active H O 04/17/2025 10:50:34
2001:db8::113:6f 00:00:5e:00:53:6f evpn active H O 04/17/2025 10:50:34
-------------------------------------------------------------------------------
Number of entries : 2
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
Reconfigure
the receiver side PE-3 and PE-4 as follows:
# On PE-3:
configure service vpls 1
bgp-evpn arp-nd-extended-community-advertisement
proxy-nd evpn-nd-advertise router
# On PE-4:
configure service vpls 1
bgp-evpn arp-nd-extended-community-advertisement
proxy-nd evpn-nd-advertise host
PE-3 and
PE-4 process the Router, Immutable, and Override flags that PE-2 advertises.
PE-3 and PE-4 display the received flags, as PE-2
advertises.
*A:PE-3# show router bgp routes evpn mac mac-address 00:00:5e:00:53:6e
detail | match "arp-nd"
Community : target:64500:1 arp-nd:R:1/O:1/I:1 bgp-tunnel-encap:MPLS
*A:PE-3# show router bgp routes evpn mac mac-address 00:00:5e:00:53:6f
detail | match "arp-nd"
Community : target:64500:1 arp-nd:R:0/O:1/I:1 bgp-tunnel-encap:MPLS
*A:PE-3# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::113:6e 00:00:5e:00:53:6e evpn active R I O 04/17/2025 11:15:46
2001:db8::113:6f 00:00:5e:00:53:6f evpn active H I O 04/17/2025 11:15:46
-------------------------------------------------------------------------------
Number of entries : 2
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
*A:PE-4# show router bgp routes evpn mac mac-address 00:00:5e:00:53:6e
detail | match "arp-nd"
Community : target:64500:1 arp-nd:R:1/O:1/I:1 bgp-tunnel-encap:MPLS
*A:PE-4# show router bgp routes evpn mac mac-address 00:00:5e:00:53:6f
detail | match "arp-nd"
Community : target:64500:1 arp-nd:R:0/O:1/I:1 bgp-tunnel-encap:MPLS
*A:PE-4# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::113:6e 00:00:5e:00:53:6e evpn active R I O 04/17/2025 11:15:57
2001:db8::113:6f 00:00:5e:00:53:6f evpn active H I O 04/17/2025 11:15:57
-------------------------------------------------------------------------------
Number of entries : 2
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
At the BGP level, only one EVPN ARP/ND Ext community is expected to be received along with an
EVPN MAC/IP advertisement route. If more than one EVPN ARP/ND Ext
community is received, the router considers only the first one on the
list for processing purposes on the
PE.
*A:PE-4# show router bgp routes evpn mac mac-address 00:00:5e:00:53:6e detail
===============================================================================
BGP Router ID:192.0.2.4 AS:64500 Local AS:64500
===============================================================================
---snip---
===============================================================================
BGP EVPN MAC Routes
===============================================================================
---snip---
Network : n/a
Nexthop : 192.0.2.2
---snip---
Community : target:64500:1 arp-nd:R:1/O:1/I:1 bgp-tunnel-encap:MPLSmac-mobility:Seq:0/Static
Cluster : 1.1.1.1
Originator Id : 192.0.2.2 Peer Router Id : 192.0.2.1
Origin : IGP
Flags : Used Valid Best
Route Source : Internal
AS-Path : No As-Path
EVPN type : MAC
ESI : ESI-0
Tag : 0
IP Address : 2001:db8::113:6e
Route Dist. : 192.0.2.2:1
Mac Address : 00:00:5e:00:53:6e
---snip---
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
*A:PE-4# show router bgp routes evpn mac mac-address 00:00:5e:00:53:6f detail
===============================================================================
BGP Router ID:192.0.2.4 AS:64500 Local AS:64500
===============================================================================
---snip---
===============================================================================
BGP EVPN MAC Routes
===============================================================================
---snip---
Network : n/a
Nexthop : 192.0.2.2
---snip---
Community : target:64500:1 arp-nd:R:0/O:1/I:1 bgp-tunnel-encap:MPLSmac-mobility:Seq:0/Static
Cluster : 1.1.1.1
Originator Id : 192.0.2.2 Peer Router Id : 192.0.2.1
Origin : IGP
Flags : Used Valid Best
Route Source : Internal
AS-Path : No As-Path
EVPN type : MAC
ESI : ESI-0
Tag : 0
IP Address : 2001:db8::113:6f
Route Dist. : 192.0.2.2:1
Mac Address : 00:00:5e:00:53:6f
---snip---
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
Reconfigure
the sender side PE-2 as follows:
# On PE-2:
configure service vpls 1
proxy-nd evpn-nd-advertise router
bgp-evpn no arp-nd-extended-community-advertisement
PE-2 advertises only the router type proxy ND entry, but without the Router,
Immutable, and Override flags. PE-3 and PE-4 receive the
router type proxy ND entry without the flags.
PE-3 and PE-4 display the Router flag with the default type (R). PE-3
and PE-4 display the Override flag with the default value
(O).
*A:PE-2# show router bgp routes evpn mac mac-address 00:00:5e:00:53:6e
detail | match "arp-nd"
---empty---
*A:PE-2# show router bgp routes evpn mac mac-address 00:00:5e:00:53:6f
detail | match "arp-nd"
---empty---
*A:PE-2# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::113:6e 00:00:5e:00:53:6e stat active R I O 04/17/2025 10:50:14
2001:db8::113:6f 00:00:5e:00:53:6f stat active H I O 04/17/2025 10:50:14
-------------------------------------------------------------------------------
Number of entries : 2
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
*A:PE-3# show router bgp routes evpn mac mac-address 00:00:5e:00:53:6e
detail | match "arp-nd"
---empty---
*A:PE-3# show router bgp routes evpn mac mac-address 00:00:5e:00:53:6f
detail | match "arp-nd"
---empty---
*A:PE-3# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::113:6e 00:00:5e:00:53:6e evpn active R O 04/17/2025 11:20:54
-------------------------------------------------------------------------------
Number of entries : 1
Legend : I=Immutable
===============================================================================
Similar for
PE-4.
Reconfigure the sender side PE-2 as
follows:
# On PE-2:
configure service vpls 1
proxy-nd evpn-nd-advertise host
bgp-evpn no arp-nd-extended-community-advertisement
PE-2
advertises only the host type proxy ND entry, but
without the Router, Immutable, and Override flags. PE-3 and PE-4 receive
the host type proxy ND entry without the flags. PE-3
and PE-4 display the Router flag with the default type (R). PE-3 and
PE-4 display the Override flag with the default value
(O).
*A:PE-3# show router bgp routes evpn mac mac-address 00:00:5e:00:53:6e
detail | match "arp-nd"
---empty---
*A:PE-3# show router bgp routes evpn mac mac-address 00:00:5e:00:53:6f
detail | match "arp-nd"
---empty---
*A:PE-3# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::113:6f 00:00:5e:00:53:6f evpn active R O 04/17/2025 11:22:37
-------------------------------------------------------------------------------
Number of entries : 1
Legend : I=Immutable
===============================================================================
Similar for
PE-4.
Reconfigure PE-2, PE-3, and PE-4, so that proxy ND entries
are advertised and processes for all types, as
follows:
# On PE-2, PE-3, PE-4:
configure service vpls 1
bgp-evpn arp-nd-extended-community-advertisement
proxy-nd evpn-nd-advertise router-host
Dynamic proxy ND entries
Proxy ND entries can be learned dynamically from received ND requests or
ND responses.
Enable dynamic learning of proxy ND entries, as follows:
# On PE-2, PE-3, PE-4:
configure service vpls 1 proxy-nd dynamic-nd-populate no shutdown
PEs that support proxy ND advertise dynamically learned proxy ND entries,
depending on the configured type:
router type: the PE only advertises proxy ND entries for which
R=1
host type: the PE only advertises proxy ND entries for which
R=0
router-host type: the PE advertises proxy ND entries for which
R=0 or R=1
The PEs advertise dynamically learned proxy ND entries with the
appropriate Router flag, Immutable flag = 0, and the appropriate
Override flag.
Configure and enable VPRN 2 on PE-2, PE-3 and PE-4, in the same way as
for Dynamic proxy ARP entries.
A proxy ND entry that is learned dynamically can originate from a router
or from a host. The following use cases illustrate the behavior:
Router proxy ND entries
As an example, PE-2 launches a dynamic proxy ND entry for a router.
Execute an IPv6 ping to PE-4 from PE-2: ping router 2
2001:db8::16:4:4 source 2001:db8::16:4:2 count 12.
PE-2 adds in its proxy ND table the dynamic entry for
2001:db8::16:4:2 with type router (R) and
advertises it. PE-2 also adds in its proxy ND table the EVPN entry
for 2001:db8::16:4:4 with type router (R) that
PE-4
advertises.
*A:PE-2# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::16:4:2 00:00:5e:00:53:02 dyn active R O 04/17/2025 11:34:29
2001:db8::16:4:4 00:00:5e:00:53:04 evpn active R O 04/17/2025 11:34:24
-------------------------------------------------------------------------------
Number of entries : 2
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
PE-4
adds in its proxy ND table the EVPN entry for 2001:db8::16:4:2 with
type router (R) that PE-2 advertises. PE-4 also
adds in its proxy ND table the dynamic entry for 2001:db8::16:4:4
with type router (R) and advertises
it.
*A:PE-4# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::16:4:2 00:00:5e:00:53:02 evpn active R O 04/17/2025 11:34:30
2001:db8::16:4:4 00:00:5e:00:53:04 dyn active R O 04/17/2025 11:34:25
-------------------------------------------------------------------------------
Number of entries : 2
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
PE-3 adds in its proxy ND table the EVPN entry for 2001:db8::16:4:2
with type router (R) that PE-2 advertises and
the EVPN entry for 2001:db8::16:4:4 with type
router (R) that PE-4
advertises.
*A:PE-3# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::16:4:2 00:00:5e:00:53:02 evpn active R O 04/17/2025 11:34:28
2001:db8::16:4:4 00:00:5e:00:53:04 evpn active R O 04/17/2025 11:34:23
-------------------------------------------------------------------------------
Number of entries : 2
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
Host proxy ND entries
As an example, a test center port connected to PE-4 with IPv6 address
2001:db8::16:4:14 and MAC 00:00:5e:00:53:14 pings IPv6 address
2001:db8::16:4:3 on PE-3.
PE-4 adds in its proxy ND table the dynamic entry for
2001:db8::16:4:14 with type host (H) and
advertises it. PE-4 also adds in its proxy ND table the EVPN entry
for 2001:db8::16:4:3 with type router (R) that
PE-3
advertises.
*A:PE-4# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::16:4:2 00:00:5e:00:53:02 evpn active R O 04/17/2025 11:34:30
2001:db8::16:4:3 00:00:5e:00:53:03 evpn active R O 04/17/2025 11:37:51
2001:db8::16:4:4 00:00:5e:00:53:04 dyn active R O 04/17/2025 11:34:25
2001:db8::16:4:14 00:00:5e:00:53:14 dyn active H O 04/17/2025 11:37:41
---snip---
-------------------------------------------------------------------------------
Number of entries : 5
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
*A:PE-4# show service id 1 proxy-nd 2001:db8::16:4:14 detail |
match "IP Address" post-lines 3
IP Address : 2001:db8::16:4:14 MAC Address : 00:00:5e:00:53:14
Type : dyn Status : active
Rtr/Host : Host
Immutable : No EVPN Override : Yes
PE-3 adds in its proxy ND table the EVPN entry for 2001:db8::16:4:14
with type host (H) that PE-4 advertises. PE-3
also adds in its proxy ND table the dynamic entry for
2001:db8::16:4:3 with type router (R) and
advertises
it.
*A:PE-3# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::16:4:2 00:00:5e:00:53:02 evpn active R O 04/17/2025 11:34:28
2001:db8::16:4:3 00:00:5e:00:53:03 dyn active R O 04/17/2025 11:37:39
2001:db8::16:4:4 00:00:5e:00:53:04 evpn active R O 04/17/2025 11:34:23
2001:db8::16:4:14 00:00:5e:00:53:14 evpn active H O 04/17/2025 11:37:39
---snip---
-------------------------------------------------------------------------------
Number of entries : 5
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
*A:PE-3# show service id 1 proxy-nd 2001:db8::16:4:3 detail |
match "IP Address" post-lines 3
IP Address : 2001:db8::16:4:3 MAC Address : 00:00:5e:00:53:03
Type : dyn Status : active
Rtr/Host : Rtr
Immutable : No EVPN Override : Yes
PE-2 adds in its proxy ND table the EVPN entry for 2001:db8::16:4:14
with type host (H) that PE-4 advertises and the
EVPN entry for 2001:db8::16:4:3 with type
router (R) that PE-3
advertises.
*A:PE-2# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::16:4:2 00:00:5e:00:53:02 dyn active R O 04/17/2025 11:34:29
2001:db8::16:4:3 00:00:5e:00:53:03 evpn active R O 04/17/2025 11:37:50
2001:db8::16:4:4 00:00:5e:00:53:04 evpn active R O 04/17/2025 11:34:24
2001:db8::16:4:14 00:00:5e:00:53:14 evpn active H O 04/17/2025 11:37:40
---snip---
-------------------------------------------------------------------------------
Number of entries : 5
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
*A:PE-2# show service id 1 proxy-nd 2001:db8::16:4:3 detail |
match "IP Address" post-lines 3
IP Address : 2001:db8::16:4:3 MAC Address : 00:00:5e:00:53:03
Type : evpn Status : active
Rtr/Host : Rtr
Immutable : No EVPN Override : Yes
*A:PE-2# show service id 1 proxy-nd 2001:db8::16:4:14 detail |
match "IP Address" post-lines 3
IP Address : 2001:db8::16:4:14 MAC Address : 00:00:5e:00:53:14
Type : evpn Status : active
Rtr/Host : Host
Immutable : No EVPN Override : Yes
Dynamic proxy ND entries with a duplicate IPv6 address for different MAC
addresses
When a proxy ND entry is learned dynamically, a new IPv6 address may be learned for a MAC address
for which an old IPv6 address was already known.
Configure an anti spoof MAC for address proxy ND duplicates, as
follows:
# On PE-2, PE-3, PE-4:
configure service vpls 1
proxy-nd
dup-detect window 3 num-moves 5 hold-down 9 anti-spoof-mac 00:00:5e:00:53:60
dynamic-nd-populate
evpn-nd-advertise router-host
no shutdown
Nokia recommends that the proxy ND anti spoof MAC address is the same on
all PEs.
The applicable configuration for proxy ND can be verified
with:
*A:PE-2# show service id 1 proxy-nd detail
-------------------------------------------------------------------------------
Proxy ND
-------------------------------------------------------------------------------
Admin State : enabled
Dyn Populate : enabled
Age Time : disabled Send Refresh : disabled
Table Size : 250 Total : 0
Static Count : 0 EVPN Count : 0
Dynamic Count : 0 Duplicate Count : 0
Process DAD NS : enabled
Restrict Non Conf*: disabled
Sponge MAC : None
Dup Detect
-------------------------------------------------------------------------------
Detect Window : 3 mins Num Moves : 5
Hold down : 9 mins
Anti Spoof MAC : 00:00:5e:00:53:60
VPLS Flood Control
-------------------------------------------------------------------------------
Rcvd Unknown NS F*: enabled
Rcvd Rtr Unsol NA*: enabled Rcvd Host Unsol N*: enabled
EVPN
-------------------------------------------------------------------------------
Unknown NS Flood : enabled ND Advertise : Host
Rtr Unsol NA Flood: enabled Host Unsol NA Fld : enabled
EVPN Route Tag : 0
-------------------------------------------------------------------------------
* indicates that the corresponding row element may have been truncated.
Execute in the given order:
an IPv6 ping to PE-4 from CE-5: ping router 2 2001:db8::16:4:4
source 2001:db8::16:4:57 count 12
an IPv6 ping to PE-2 from CE-7: ping router 2 2001:db8::16:4:2
source 2001:db8::16:4:57 count 12
As a result of the first ping, PE-2 adds in its proxy ND table the
dynamic entry for 2001:db8::16:4:57 with type
router (R) that PE-2 receives from CE-5 and the
EVPN entry for 2001:db8::16:4:4 with type router
(R) that PE-4 advertises. PE-2 advertises the dynamic
entry.
*A:PE-2# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::16:4:4 00:00:5e:00:53:04 evpn active R O 04/17/2025 12:23:47
2001:db8::16:4:57 00:00:5e:00:53:15 dyn active R O 04/17/2025 12:23:52
-------------------------------------------------------------------------------
Number of entries : 2
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
PE-4
adds in its proxy ND table the EVPN entry for 2001:db8::16:4:57 with
type router (R) that PE-2 advertises and the
dynamic entry for 2001:db8::16:4:4 with type router
(R). PE-4 advertises the dynamic
entry.
*A:PE-4# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::16:4:4 00:00:5e:00:53:04 dyn active R O 04/17/2025 12:23:47
2001:db8::16:4:57 00:00:5e:00:53:15 evpn active R O 04/17/2025 12:23:52
-------------------------------------------------------------------------------
Number of entries : 2
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
*A:PE-4# show service id 1 proxy-nd 2001:db8::16:4:57 detail |
match "IP Address" post-lines 3
IP Address : 2001:db8::16:4:57 MAC Address : 00:00:5e:00:53:15Type : evpn Status : active
Rtr/Host : RtrImmutable : No EVPN Override : Yes
PE-3 adds in its proxy ND table the EVPN entry for 2001:db8::16:4:57 with
type router (R) that PE-2 advertises and the EVPN
entry for 2001:db8::16:4:4 with type router (R)
that PE-4
advertises.
*A:PE-3# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::16:4:4 00:00:5e:00:53:04 evpn active R O 04/17/2025 12:23:45
2001:db8::16:4:57 00:00:5e:00:53:15 evpn active R O 04/17/2025 12:23:50
-------------------------------------------------------------------------------
Number of entries : 2
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
As a result of the second ping, PE-4 adds in its proxy ND table the EVPN
entry for 2001:db8::16:4:2 with type router (R)
that PE-2 advertises. Because the entry for 2001:db8::16:4:57 was
already in its proxy ND table with a different MAC address, PE-4
recognizes the entry as a duplicate, replaces its initial MAC address
with the configured proxy ND anti spoof MAC address 00:00:5e:00:53:60,
and advertises it with the Router flag, the Immutable flag, and the
Override
flag.
*A:PE-4# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::16:4:2 00:00:5e:00:53:02 evpn active R O 04/17/2025 12:24:22
2001:db8::16:4:4 00:00:5e:00:53:04 dyn active R O 04/17/2025 12:23:47
2001:db8::16:4:57 00:00:5e:00:53:60 dup active R I O 04/17/2025 12:24:27
-------------------------------------------------------------------------------
Number of entries : 3
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
*A:PE-4# show service id 1 proxy-nd 2001:db8::16:4:57 detail |
match "IP Address" post-lines 3
IP Address : 2001:db8::16:4:57 MAC Address : 00:00:5e:00:53:60Type : dup Status : active
Rtr/Host : RtrImmutable : Yes EVPN Override : Yes
PE-2 adds in its proxy ND table the dynamic entry for 2001:db8::16:4:2
with type router (R) and advertises it. PE-2 also
updates the EVPN entry for 2001:db8::16:4:57 with the flags and the
proxy ND anti spoof MAC address that PE-4
advertises.
*A:PE-2# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::16:4:2 00:00:5e:00:53:02 dyn active R O 04/17/2025 12:24:21
2001:db8::16:4:4 00:00:5e:00:53:04 evpn active R O 04/17/2025 12:23:47
2001:db8::16:4:57 00:00:5e:00:53:60 evpn active R I O 04/17/2025 12:24:27
-------------------------------------------------------------------------------
Number of entries : 3
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
PE-3 adds in its proxy ND table the EVPN entry for 2001:db8::16:4:2 with
type router (R) that PE-2 advertises and updates
the EVPN entry for 2001:db8::16:4:57 with the flags and the proxy ND
anti spoof MAC address that PE-4
advertises.
*A:PE-3# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::16:4:2 00:00:5e:00:53:02 evpn active R O 04/17/2025 12:24:20
2001:db8::16:4:4 00:00:5e:00:53:04 evpn active R O 04/17/2025 12:23:45
2001:db8::16:4:57 00:00:5e:00:53:60 evpn active R I O 04/17/2025 12:24:25
-------------------------------------------------------------------------------
Number of entries : 3
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
When
the duplicate entry's hold-down period expires, PE-4 does not consider
it as a duplicate any longer. If the duplicate proxy ND entry was on the
PE that initially held the dynamic proxy ND entry (PE-2), that PE
restores the initial dynamic proxy ND entry and advertises the updated
entry with the initial MAC address, but without the Immutable flag. If
the duplicate proxy ND entry was on another PE (PE-4), that PE removes
it from its proxy ND table and advertises the
removal.
*A:PE-4# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::16:4:2 00:00:5e:00:53:02 evpn active R O 04/17/2025 12:34:18
2001:db8::16:4:4 00:00:5e:00:53:04 dyn active R O 04/17/2025 12:33:19
---snip---
-------------------------------------------------------------------------------
Number of entries : 3
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
PE-2 and PE-3 receive the removal advertisement from PE-4 and also remove
the corresponding EVPN entry from their proxy ND
table:
*A:PE-2# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::16:4:2 00:00:5e:00:53:02 dyn active R O 04/17/2025 12:34:17
2001:db8::16:4:4 00:00:5e:00:53:04 evpn active R O 04/17/2025 12:33:19
---snip---
-------------------------------------------------------------------------------
Number of entries : 3
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
*A:PE-3# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::16:4:2 00:00:5e:00:53:02 evpn active R O 04/17/2025 12:34:16
2001:db8::16:4:4 00:00:5e:00:53:04 evpn active R O 04/17/2025 12:33:17
---snip---
-------------------------------------------------------------------------------
Number of entries : 3
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
SR OS behaves in
a similar way for duplicate host type proxy ND
entries.
As an example, two test center ports have the same IPv6 address
2001:db8::16:4:24, but different MAC addresses: a test center port
connected to PE-2 (MAC 00:00:5e:00:53:24) and a test center port
connected to PE-4 (00:00:5e:00:53:44). The test center port on PE-2
pings IPv6 address 2001:db8::16:4:4 on PE-4, and the test center port on
PE-4 pings IPv6 address 2001:db8::16:4:2 on PE-2.
As a result of the first ping, PE-2 adds in its proxy ND table the
dynamic entry for 2001:db8::16:4:24 with type host
(H) that PE-2 receives from the test center and the EVPN entry for
2001:db8::16:4:4 with type router (R) that PE-4
advertises. PE-2 advertises the dynamic entry.
*A:PE-2# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::16:4:2 00:00:5e:00:53:02 dyn active R O 04/17/2025 12:28:43
2001:db8::16:4:4 00:00:5e:00:53:04 evpn active R O 04/17/2025 12:23:47
2001:db8::16:4:24 00:00:5e:00:53:24 dyn pendng H O 04/17/2025 12:28:38
---snip---
-------------------------------------------------------------------------------
Number of entries : 4
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
*A:PE-2# show service id 1 proxy-nd 2001:db8::16:4:24 detail |
match "IP Address" post-lines 3
IP Address : 2001:db8::16:4:24 MAC Address : 00:00:5e:00:53:24Type : dyn Status : pendng
Rtr/Host : HostImmutable : No EVPN Override : Yes
As a result of the second ping, PE-4 adds in its proxy ND table the
dynamic entry for 2001:db8::16:4:24 with type host
(H) that PE-4 receives from the test center and the EVPN entry for
2001:db8::16:4:2 with type router (R) that PE-2
advertises.
*A:PE-4# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::16:4:2 00:00:5e:00:53:02 evpn active R O 04/17/2025 12:24:22
2001:db8::16:4:4 00:00:5e:00:53:04 dyn active R O 04/17/2025 12:27:58
2001:db8::16:4:24 00:00:5e:00:53:44 dyn pendng H O 04/17/2025 12:28:39
---snip---
-------------------------------------------------------------------------------
Number of entries : 4
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
*A:PE-4# show service id 1 proxy-nd 2001:db8::16:4:24 detail |
match "IP Address" post-lines 3
IP Address : 2001:db8::16:4:24 MAC Address : 00:00:5e:00:53:44Type : dyn Status : pendng
Rtr/Host : HostImmutable : No EVPN Override : Yes
Because the entry for 2001:db8::16:4:24 was already in its proxy ND table
with a different MAC address, PE-4 recognizes the entry as a duplicate,
as a result of the second ping. PE-4, replaces the entry's initial MAC
address with the configured proxy ND anti spoof MAC address
00:00:5e:00:53:60, and advertises the updated entry with the Router
flag, the Immutable flag, and the Override
flag.
*A:PE-4# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::16:4:2 00:00:5e:00:53:02 evpn active R O 04/17/2025 12:24:22
2001:db8::16:4:4 00:00:5e:00:53:04 dyn active R O 04/17/2025 12:27:58
2001:db8::16:4:24 00:00:5e:00:53:60 dup active R I O 04/17/2025 12:29:09
---snip---
-------------------------------------------------------------------------------
Number of entries : 4
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
*A:PE-4# show service id 1 proxy-nd 2001:db8::16:4:24 detail |
match "IP Address" post-lines 3
IP Address : 2001:db8::16:4:24 MAC Address : 00:00:5e:00:53:60Type : dup Status : active
Rtr/Host : RtrImmutable : Yes EVPN Override : Yes
PE-2 updates in its proxy ND table the EVPN entry for 2001:db8::16:4:24
with the flags and the proxy ND MAC address that PE-4
advertises.
*A:PE-2# show service id 1 proxy-nd detail | match "VPLS Proxy "
pre-lines 1 post-lines 20
===============================================================================
VPLS Proxy ND Entries
===============================================================================
IP Address Mac Address Type Status Flags Last Update
-------------------------------------------------------------------------------
2001:db8::16:4:2 00:00:5e:00:53:02 dyn active R O 04/17/2025 12:28:43
2001:db8::16:4:4 00:00:5e:00:53:04 evpn active R O 04/17/2025 12:23:47
2001:db8::16:4:24 00:00:5e:00:53:60 evpn active R I O 04/17/2025 12:29:09
---snip---
-------------------------------------------------------------------------------
Number of entries : 4
Legend : I=Immutable, O=Override, R=Router, H=Host
===============================================================================
*A:PE-2# show service id 1 proxy-nd 2001:db8::16:4:24 detail |
match "IP Address" post-lines 3
IP Address : 2001:db8::16:4:24 MAC Address : 00:00:5e:00:53:60Type : evpn Status : active
Rtr/Host : RtrImmutable : Yes EVPN Override : Yes
Conclusion
SR OS supports the ARP/ND
extended community in EVPN MAC/IP advertisement routes, in line with RFC 9047.
