We found that our VTEPs, QFX5120 (21.4R2-S1.4) configured for EVPN-VXLAN in service provider-style, send proxy ARP reply packets very slowly.
QFX5120 sometimes sends an ARP response packet after 7 seconds from a client sends the first ARP request packet.
This slow ARP reply causes packet drops on some host implementations that send ARP req a few seconds before the corresponding ARP entry expires.
tcpdump output below (anonymized) shows the 7-second gap.
14:04:00.337284 ARP, Request who-has 172.16.0.11 (00:11:22:33:44:55) tell 172.16.0.201, length 28 <- First ARP req
14:04:00.340897 ARP, Request who-has 172.16.0.11 (00:11:22:33:44:55) tell 172.16.0.201, length 28
14:04:00.507723 ARP, Request who-has 172.16.0.11 (00:11:22:33:44:55) tell 172.16.0.201, length 28
14:04:00.507864 ARP, Request who-has 172.16.0.11 tell 172.16.0.201, length 28
14:04:01.212313 ARP, Request who-has 172.16.0.11 tell 172.16.0.201, length 28
14:04:02.516677 ARP, Request who-has 172.16.0.11 tell 172.16.0.201, length 28
14:04:03.518068 ARP, Request who-has 172.16.0.11 tell 172.16.0.201, length 28
14:04:04.518999 ARP, Request who-has 172.16.0.11 tell 172.16.0.201, length 28
14:04:07.665620 ARP, Reply 172.16.0.11 is-at 00:11:22:33:44:55, length 46 <- First ARP reply
14:04:07.665622 ARP, Reply 172.16.0.11 is-at 00:11:22:33:44:55, length 46
14:04:07.833837 ARP, Reply 172.16.0.11 is-at 00:11:22:33:44:55, length 46
14:04:07.833838 ARP, Reply 172.16.0.11 is-at 00:11:22:33:44:55, length 46
14:04:08.509820 ARP, Reply 172.16.0.11 is-at 00:11:22:33:44:55, length 46
14:04:09.624496 ARP, Reply 172.16.0.11 is-at 00:11:22:33:44:55, length 46
14:04:10.590489 ARP, Reply 172.16.0.11 is-at 00:11:22:33:44:55, length 46
14:04:11.534836 ARP, Reply 172.16.0.11 is-at 00:11:22:33:44:55, length 46
During the period, 172.16.0.201 cannot send packets to 172.16.0.11 if this ARP entry expires.
Does anyone has insights on this issue? Proxy ARP on EVPN-VXLAN is enabled by default, but should we disable it.