SR OS supports the creation of host routes for IP addresses that are present in the ARP or neighbor tables of a routing context. These host routes are referred to as ARP-ND routes and can be advertised using EVPN or IP-VPN families. A typical use case where ARP-ND routes are needed is the extension of Layer 2 Data Centers (DCs). Figure 1 illustrates this use case.
Subnet 10.0.0.0/16 in Figure 1 is extended throughout two DCs. The DC gateways are connected to the users of subnet 20.0.0.0/24 on PE1 using IP-VPN (or EVPN). If the virtual machine VM 10.0.0.1 is connected to DC1, when PE1 needs to send traffic to host 10.0.0.1, it performs a Longest Prefix Match (LPM) lookup on the VPRN’s route table. If the only IP prefix advertised by the four DC GWs was 10.0.0.0/16, PE1 could send the packets to the DC where the VM is not present.
To provide efficient downstream routing to the DC where the VM is located, DGW1 and DGW2 must generate host routes for the VMs to which they connect. When the VM moves to the other DC, DGW3 and DGW4 must be able to learn the VM’s host route and advertise it to PE1. DGW1 and DGW2 must withdraw the route for 10.0.0.1, because the VM is no longer in the local DC.
In this case, the SR OS is able to learn the VM’s host route from the generated ARP or ND messages when the VM boots or when the VM moves.
A route owner type called ‟ARP-ND” is supported in the base or VPRN route table. The ARP-ND host routes have a preference of 1 in the route table and are automatically created out of the ARP or ND neighbor entries in the router instance.
The following commands enable ARP-ND host routes to be created in the applicable route tables:
configure service vprn/ies interface arp-host-route populate {evpn | dynamic | static}
configure service vprn/ies interface ipv6 nd-host-route populate {evpn | dynamic | static}
When the command is enabled, the EVPN, dynamic and static ARP entries of the routing context create ARP-ND host routes in the route table. Similarly, ARP-ND host routes are created in the IPv6 route table out of static, dynamic, and EVPN neighbor entries if the command is enabled.
The arp and nd-host-route populate commands are used with the following features:
adding ARP-ND hosts — A route tag can be added to ARP-ND hosts using the route-tag command. This tag can be matched on BGP VRF export and peer export policies.
keeping entries active — The ARP-ND host routes are kept in the route table as long as the corresponding ARP or neighbor entry is active. Even if there is no traffic destined for them, the arp-proactive-refresh and nd-proactive-refresh commands configure the node to keep the entries active by sending an ARP refresh message 30 seconds before the arp-timeout or starting NUD when the stale time expires.
speeding up learning — To speed up the learning of the ARP-ND host routes, the arp-learn-unsolicited and nd-learn-unsolicited commands can be configured. When arp-learn-unsolicited is enabled, received unsolicited ARP messages (typically GARPs) create an ARP entry, and consequently, an ARP-ND route if arp-populate-host-route is enabled. Similarly, unsolicited Neighbor Advertisement messages create a stale neighbor. If nd-populate-host-route is enabled, a confirmation message (NUD) is sent for all the neighbor entries created as stale, and if confirmed, the corresponding ARP-ND routes are added to the route table.
The ARP-ND host routes are created in the route table but not in the routing context FIB. This helps preserve the FIB scale in the router.
In Figure 1, enabling arp-host-route-populate on the DCGWs allows them to learn or advertise the ARP-ND host route 10.0.0.1/32 when the VM is locally connected and to remove or withdraw the host routes when the VM is no longer present in the local DC.
ARP-ND host routes installed in the route table can be exported to VPN IPv4, VPN IPv6, or EVPN routes. No other BGP families or routing protocols are supported.