Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

crb-proxy-mac

Syntax

Hierarchy Level

Description

Enable this statement on Ethernet VPN (EVPN) leaf devices that act as Layer 2 (L2) gateways to manage learning and aging for IPv4 Address Resolution Protocol (ARP) and IPv6 Neighbor Discovery Protocol (NDP) entries.

After you enable the crb-proxy-mac option on an EVPN provider edge (PE) leaf device, the leaf device starts learning MAC-IP bindings based on transit traffic from the attached customer edge (CE) devices. The leaf device then uses EVPN Type 2 routes to advertise the MAC-IP information it learns to other PE devices. In an EVPN centrally-routed bridging (CRB) overlay fabric, as part of the L2 gateway role, leaf devices with crb-proxy-mac set are also responsible to refresh MAC-IP information toward the CE devices. To do that refresh operation, the leaf devices use the IPv4 or IPv6 proxy addresses you configure with the crb-proxy-mac option to send ARP request packets or NDP solicitation packets to the CE devices.

L2 gateway devices typically don’t use integrated routing and bridging (IRB) interfaces. L2 gateway devices also don’t re-send ARP requests or do ARP refresh operations. In EVPN bridged overlay (BO) topologies, all of the devices act as EVPN L2 gateways. In EVPN CRB overlay topologies, the leaf devices act as L2 gateways, so you don’t usually configure IRB interfaces for EVPN traffic on the leaf devices either. The L2 gateway devices advertise only MAC (EVPN type 2) routes for attached hosts and can’t resolve MAC-IP bindings for the hosts. As a result, the L3 gateway spine devices in the network need to use ARP and NDP to learn those bindings.

Because Junos OS and Junos OS Evolved spine devices in a CRB overlay network don't do ARP refresh operations by default, their MAC-IP binding information expires after a timeout interval. Upon receiving the next IPv4 or IPv6 packet after the MAC-IP entry expires, a spine device uses ARP or NDP to try to resolve the MAC-IP binding again. The spine device might drop traffic until it records the new MAC-IP binding.

Use the following guidelines to manage ARP and NDP learning and entry refresh operations in EVPN BO and CRB overlay topologies:

  • CRB overlay environments:

    • To enable ARP refresh operations on Junos OS CRB spine devices to remote hosts, set the proxy-macip-advertisement option at the [edit interfaces irb unit logical-unit-number] hierarchy level on the IRB interfaces. With this setting, the L3 gateway devices can use ARP and NDP for MAC-IP learning and aging.

      Note:

      The proxy-mac-ip-advertisement statement is available only on Junos OS devices.

    • If your CRB overlay network has only Junos OS Evolved spine devices or a mix of spine devices that are Junos OS and Junos OS Evolved devices:

      • Set the proxy-mac-ip-advertisement option on the Junos OS spine devices as described above to enable ARP refresh operations to remote hosts.

      • Also set the crb-proxy-mac option on all the leaf devices in the CRB overlay network, including any Junos OS and Junos OS Evolved leaf devices.

  • BO environments:

    • In BO EVPN networks, the EVPN leaf devices (as L2 gateways) don't participate in ARP and NDP operations by default. The ARP request packets or NDP solicitation packets are sent as broadcast traffic by the IP fabric.

      To avoid this ARP and NDP broadcast traffic, configure the crb-proxy-mac option on the leaf devices. With crb-proxy-mac set, the leaf devices learn MAC-IP information from the transit traffic, and use EVPN Type 2 routes to update other EVPN leaf devices. Then the leaf devices can reply to ARP request packets or NDP solicitation packets from their connected hosts. The ARP request packets and NDP packets don't need to be broadcast in the IP fabric.

Note:

Multihomed peers must share the same MAC address.

Options

inet IPv4-proxy-MAC-address Configure the IPv4 proxy MAC address. The device uses this address to send ARP requests toward attached CE devices. This address must be the same on all leaf nodes.
inet6 IPv6-proxy-MAC-address Configure the IPv6 proxy MAC address. The device uses this address to send NDP solicitation packets toward attached CE devices. This address must be the same on all leaf nodes.

Required Privilege Level

interface—To view this statement in the configuration

interface-control—To add this statement to the configuration

Release Information

Statement introduced in Junos OS Release and Junos OS Evolved Release 21.2R1.