Enabling ARP flood suppression
Use ARP flood suppression to reduce ARP request broadcasts.
The aging timer is fixed at 25 minutes for ARP flood suppression entries. If the suppression table is full, the VTEP stops learning new entries. For the VTEP to learn new entries, you must wait for old entries to age out, or use the reset arp suppression vsi command to clear the table.
If the flooding disable command is configured, set the MAC aging timer to a higher value than the aging timer for ARP flood suppression entries on all VTEPs. This setting prevents the traffic blackhole that occurs when a MAC address entry ages out before its ARP flood suppression entry ages out. To set the MAC aging timer, use the mac-address timer command.
When remote ARP learning is disabled for VXLANs, the device does not use ARP flood suppression entries to respond to ARP requests received on VXLAN tunnels.
If the VLAN access mode is used, do not configure the encapsulation s-vid vlan-id criterion to match the PVID of a site-facing interface. If the criterion matches the PVID and ARP requests match ARP flood suppression entries, the device removes the VLAN tags of the ARP responses sent to VMs. As a result, VMs that require ARP responses to be VLAN-tagged cannot learn ARP information.
When you configure ARP flood suppression on a multicast-mode VXLAN, follow these restrictions and guidelines:
Make sure ARP flood suppression is enabled or disabled across the VXLAN.
Do not enable ARP flood suppression if the VXLAN contains third-party VTEPs.
To enable ARP flood suppression:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter VSI view. | vsi vsi-name | N/A |
3. Enable ARP flood suppression. | arp suppression enable | By default, ARP flood suppression is disabled. |