In certain virtual private clouds, hybrid clouds, or data center fabrics, different Layer 2 (L2) networks/sites are connected using various overlay technologies, such as Virtual eXtensible Local Area Networking (VXLAN) or Dynamic Fabric Automation (DFA), with a control plane, such as Ethernet Virtual Private Networking (EVPN). These arrangements may use different packet “flooding” techniques in order to, for example, forward packets, obtain forwarding information, etc. Packet flooding may result from, for example, use of the Address Resolution Protocol (ARP), the Dynamic Host Configuration Protocol (DHCP), the Reverse ARP (RARP), unknown unicast, Neighbor Discovery (ND) for Internet Protocol version 6 (IPv6), etc. In a data center environment, flooding of network traffic throughout a network inhibits the scalability and performance of the network.
For example, network elements in a programmable Data Center (DC) may flood ARP/ND packets to enable a source host to learn a destination host's Media Access Control (MAC) address on the same subnetwork (subnet). Once the source host obtains the MAC address of the destination host, the source host can forward any Layer 2 traffic to the destination host. ARP/ND suppression resolves flooding of ARP/ND packets within a VXLAN EVPN DC fabric, but only after the destination host is discovered. Once a host has been discovered, the network elements distribute the host's IP-MAC binding (e.g., via Border Gateway Protocol (BGP)) among the other network elements within the fabric. The directly attached network element terminates any ARP/ND requests for this host, since the network element functions as an ARP/ND proxy on behalf of the destination host.
However, the DC fabric still floods ARP/ND packets in limited cases, such as to reach a silent host, to reach a host which is dead/not responding, when a rogue host sends a subnet scanning attack to a destination host that does not exist, or when Gratuitous ARP (GARP) packets are sent for hosts when they appear on the network (e.g., initially or after a migration of a virtual machine). Additionally, in multi-fabric deployments, disaggregated VXLAN EVPN domains are interconnected by a Layer 2 (e.g., Overlay Transport Virtualization (OTV), Virtual Private LAN Service (VPLS), etc.) and Layer 3 (e.g., Multiprotocol Label Switching (MPLS), Locator/Identifier Separation Protocol (LISP), etc.) Data Center Interconnect (DCI). Typically, these domains or fabrics are connected via External BGP (eBGP) with a Layer 3 VPN using either Inter-Autonomous System (Inter-AS) option A or option B. Since the directly attached network element terminates ARP/ND requests from a host, the host MAC-IP bindings for stretched subnets of a domain are not available on other domains, thereby flooding the bridged traffic from one fabric to another fabric between hosts in the same subnet may limit ARP/ND suppression across multi-fabric deployments.