|
| 1 | + |
| 2 | +# Introduction |
| 3 | + |
| 4 | +The scope of this document is to provide the requirements and a high-level design proposal for Proxy ARP support. |
| 5 | + |
| 6 | +# Requirements |
| 7 | + |
| 8 | +The following are the high level requirements when an interface is enabled with "proxy_arp" |
| 9 | + |
| 10 | +1. Proxy arp shall be set for the interface in kernel |
| 11 | +2. Hardware ARP packet action for that interface must be trap to CPU and not flooded/forwarded in hardware. |
| 12 | + |
| 13 | +When the interface is deleted, the corresponding configurations must be removed. A VS and sonic-mgmt test is required to validate the configuration |
| 14 | + |
| 15 | +# Design Proposal |
| 16 | + |
| 17 | +The design is intended to have a generic approach for proxy-arp feature. A user can set an attribute "proxy_arp" to the config_db entry for INTERFACE table entry. In addition, for "Vnet" interfaces, this is implicitely "enabled". The default value if not specified would be "disabled" |
| 18 | + |
| 19 | +The schema change for proxy-arp is as below: |
| 20 | + |
| 21 | +``` |
| 22 | +VLAN_INTERFACE|{{intf_name}} |
| 23 | + "vnet_name": {{vnet_name}} |
| 24 | + "proxy_arp": "enabled" |
| 25 | + |
| 26 | +VLAN_INTERFACE|{{intf_name}}|{{prefix}} |
| 27 | + { } |
| 28 | +``` |
| 29 | +``` |
| 30 | +; Defines Interface table schema |
| 31 | +
|
| 32 | +key = INTERFACE:name ; Same as existing |
| 33 | +; field |
| 34 | +vnet_name = vnet_name ; Same as existing |
| 35 | +proxy_arp = "enabled" / "disabled" ; Default "disabled" (Optional attribute) |
| 36 | +``` |
| 37 | + |
| 38 | +When proxy_arp is enabled for an interface, e.g |
| 39 | + |
| 40 | + "VLAN_INTERFACE": { |
| 41 | + "Vlan2000": { |
| 42 | + "vnet_name": "Vnet_3000" |
| 43 | + "proxy_arp": "enabled" |
| 44 | + } |
| 45 | + |
| 46 | +the following kernel param must be set to 1: |
| 47 | + |
| 48 | +``` |
| 49 | +/proc/sys/net/ipv4/conf/Vlan2000/proxy_arp_pvlan |
| 50 | +``` |
| 51 | + |
| 52 | +and SAI configuration for ```SAI_VLAN_ATTR_BROADCAST_FLOOD_CONTROL_TYPE``` must be set to ```SAI_VLAN_FLOOD_CONTROL_TYPE_NONE``` |
| 53 | + |
| 54 | +# Flows |
| 55 | + |
| 56 | +The following flow diagram captures two example, one for user configuration and another for vnet interfaces |
| 57 | + |
| 58 | +## Kernel config |
| 59 | + |
| 60 | + |
| 61 | + |
| 62 | +## SAI config |
| 63 | + |
| 64 | +For requirement #2, the proposal is to disable flooding for the specific Vlan so that ARP packets shall not get flooded in hardware. |
| 65 | +By default in Sonic, it is a copy action for ARP packets which means, packets gets flooded in hardware. In the event of enabling proxy-arp, flooding must be disabled. This enables the switch to respond to ARP requests within this subnet to be responded with its SVI mac. ```Intforch``` must invoke "Vlan flood" disable during the RIF creation based on "prxoy_arp" attribute. |
| 66 | + |
| 67 | + |
| 68 | + |
| 69 | +# Additional Notes |
| 70 | +1. The flooding is disabled only for those interfaces belonging to a Vnet or user-configured proxy_arp setting. The implementation shall not modify the existing behavior and shall be backward compatible. |
| 71 | +2. VS test can be added to existing ```test_vnet.py``` to verify the kernel/SAI configuration. |
| 72 | +3. Proxy ND is not planned as part of this feature but can be extended in future based on the same approach |
| 73 | +4. ```/proc/sys/net/ipv4/conf/Vlan2000/proxy_arp``` is not required to be set. |
| 74 | +5. Reference on Vnet/Vxlan design is [here](https://github.com/Azure/SONiC/blob/master/doc/vxlan/Vxlan_hld.md) |
| 75 | +6. Requires a sonic-mgmt test to verify the proxy-arp behaviour |
0 commit comments