Disable proxy ARP within the Nutanix VLAN. What? How?

Question

Hi,“Disable proxy ARP within the Nutanix VLAN before configuring network segmentation” is mentioned in two documents.Security GuidePhysical Networking Best PracticesCould someone clarify what this means exactly?What is “the Nutanix VLAN”? Is it the “CVM/HOST management VLAN or all VLANs?	What is the command to disable proxy ARP?	Should this be done at the Nutanix level or the physical switch level?I couldn't find answers in the documentation. Any help would be greatly appreciated!Thanks in advance!

smkim · Accepted Answer

What is “the Nutanix VLAN”? Is it the “CVM/HOST management VLAN or all VLANs?

“Within the Nutanix VLAN, nodes use IPv6 neighbor discovery protocol and IPv6 UDP broadcast messages.” → AHV/CVM VLAN

What is the command to disable proxy ARP?

When configuring network segmentation, it checks whether the IP you set is in use beforehand, and if it is not, proxy-arp responds and thinks it is already in use.

Error message like,

"Failure in pre expand-cluster tests.

Errors: Failed to allocate service IPs for one or more nodes.
IPs d'x.x.x.x'] were found configured on some other hosts.
Please run arp-scan and resolve the conflicts manually."

Commands to verify that proxy-arp is responding for unused IP.

CVM$ sudo arp-scan -NI eth0 xxx.xxx.xxx.xxx

I believe the command to disable proxy-arp on the switch is “# no ip proxy-arp”, but I'm not sure.

Should this be done at the Nutanix level or the physical switch level?

You need to disable it on the physical switch.

Christophe Calvet · Answer

Thank you for the reply ​@smkim.I think it is something that could be clarified in the documentation.

Reply

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded