Routing

 View Only
last person joined: 20 hours ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  Slow Proxy ARP Resplonse from QFX5120 in EVPN-VXLAN environment

    Posted 09-25-2022 07:18
    Edited by spuluka 09-26-2022 06:24

    We found that our VTEPs, QFX5120 (21.4R2-S1.4) configured for EVPN-VXLAN in service provider-style, send proxy ARP reply packets very slowly.

    QFX5120 sometimes sends an ARP response packet after 7 seconds from a client sends the first ARP request packet.
    This slow ARP reply causes packet drops on some host implementations that send ARP req a few seconds before the corresponding ARP entry expires.
    tcpdump output below (anonymized) shows the 7-second gap.

    14:04:00.337284 ARP, Request who-has 172.16.0.11 (00:11:22:33:44:55) tell 172.16.0.201, length 28 <- First ARP req
    14:04:00.340897 ARP, Request who-has 172.16.0.11 (00:11:22:33:44:55) tell 172.16.0.201, length 28
    14:04:00.507723 ARP, Request who-has 172.16.0.11 (00:11:22:33:44:55) tell 172.16.0.201, length 28
    14:04:00.507864 ARP, Request who-has 172.16.0.11 tell 172.16.0.201, length 28
    14:04:01.212313 ARP, Request who-has 172.16.0.11 tell 172.16.0.201, length 28
    14:04:02.516677 ARP, Request who-has 172.16.0.11 tell 172.16.0.201, length 28
    14:04:03.518068 ARP, Request who-has 172.16.0.11 tell 172.16.0.201, length 28
    14:04:04.518999 ARP, Request who-has 172.16.0.11 tell 172.16.0.201, length 28
    14:04:07.665620 ARP, Reply 172.16.0.11 is-at 00:11:22:33:44:55, length 46 <- First ARP reply
    14:04:07.665622 ARP, Reply 172.16.0.11 is-at 00:11:22:33:44:55, length 46
    14:04:07.833837 ARP, Reply 172.16.0.11 is-at 00:11:22:33:44:55, length 46
    14:04:07.833838 ARP, Reply 172.16.0.11 is-at 00:11:22:33:44:55, length 46
    14:04:08.509820 ARP, Reply 172.16.0.11 is-at 00:11:22:33:44:55, length 46
    14:04:09.624496 ARP, Reply 172.16.0.11 is-at 00:11:22:33:44:55, length 46
    14:04:10.590489 ARP, Reply 172.16.0.11 is-at 00:11:22:33:44:55, length 46
    14:04:11.534836 ARP, Reply 172.16.0.11 is-at 00:11:22:33:44:55, length 46​


    During the period, 172.16.0.201 cannot send packets to 172.16.0.11 if this ARP entry expires.

    Does anyone has insights on this issue? Proxy ARP on EVPN-VXLAN is enabled by default, but should we disable it.



  • 2.  RE: Slow Proxy ARP Resplonse from QFX5120 in EVPN-VXLAN environment

    Posted 10-03-2022 06:43
    Edited by spuluka 10-04-2022 05:51
    HI all,

    We found two solutions for this issue.

    1. Set `no-arp-suppression` under edit routing-isntances INSTANCE vlans VLAN

    This hidden (and maybe unsupported) command disables Proxy ARP on EVPN.


    2. Increase bandwidth of `system ddos-protection protocols vxlan aggregate bandwidth`.

    `show ddos-protection protocols vxlan aggregate` may show that DDoS protection occurs and the max arrival rate. We guess many ARP requests consumes a queue from FPC to the routing engine that sends proxy ARP replies. Although ARP requests are not dropped (the VTEP sent the same number of ARP replies after 7 seconds), relieving the rate limit for `protocols vxlan aggregate` solves this issue of slow ARP Reply.


    I hope this helps someone who faces the same issue.