ARP

ARP (Address Resolution Protocol) configuration manages IP-to-MAC address resolution behavior on NX-OS devices, including global timeout, cache size limits, per-interface cache limits, and syslog rate controls for cache events. It supports advanced features such as adjacency route distance tuning, EVPN timeout settings for overlay environments, ARP suppression timeout, static ARP entries outside subnets, and RARP fabric forwarding for VXLAN deployments. ARP also provides vPC domain-level ARP synchronization to ensure consistent address resolution across vPC peer switches, along with CoS marking and off-list timeout configuration for fine-grained operational control. Dynamic ARP Inspection (DAI) can be configured to validate ARP packets for source, destination, and IP address checks with configurable log buffer sizes.

Diagram

Classes

configuration (nxos.devices)

Name	Type	Constraint	Mandatory	Default Value
arp	Class	`[arp]`	No

arp (nxos.devices.configuration)

Name	Type	Constraint	Mandatory
inspection	Class	`[inspection]`	No
timeout	Integer	min: `0`, max: `28800`	No
cache_limit	Integer	min: `1`, max: `614400`	No
cache_syslog_rate	Integer	min: `1`, max: `1000`	No
cache_interface_limit	Integer	min: `0`, max: `128000`	No
adjacency_route_distance	Integer	min: `2`, max: `250`	No
cos	Integer	min: `0`, max: `7`	No
off_list_timeout	Integer	min: `180`, max: `1800`	No
evpn_timeout	Integer	min: `2000`, max: `30000`	No
suppression_timeout	Integer	min: `0`, max: `28800`	No
allow_static_arp_outside_subnet	Boolean	`true`, `false`	No
unnumbered_svi_software_replication	Boolean	`true`, `false`	No
rarp_fabric_forwarding	Boolean	`true`, `false`	No
rarp_fabric_forwarding_rate	Integer	min: `200`, max: `400`	No
resolve_outside_subnet	Boolean	`true`, `false`	No
inspection	Class	`[inspection]`	No
vpc_domains	List	`[vpc_domains]`	No

inspection (nxos.devices.configuration.arp)

Name	Type	Constraint	Mandatory
log_buffer_entries	Integer	min: `1`, max: `1024`	No
validate_destination	Boolean	`true`, `false`	No
validate_ip	Boolean	`true`, `false`	No
validate_source	Boolean	`true`, `false`	No
log_buffer_entries	Integer	min: `1`, max: `1024`	No
validate_destination	Boolean	`true`, `false`	No
validate_ip	Boolean	`true`, `false`	No
validate_source	Boolean	`true`, `false`	No

vpc_domains (nxos.devices.configuration.arp)

Name	Type	Constraint	Mandatory	Default Value
domain_id	Integer	min: `1`, max: `1000`	Yes
arp_synchronize	Boolean	`true`, `false`	No

Examples

Example 1: Basic ARP tuning for a leaf switch with increased cache and timeout

nxos:
  devices:
    - name: LEAF1
      configuration:
        arp:
          timeout: 1500
          cache_limit: 131072
          cache_syslog_rate: 100

Example 2: ARP optimized for VXLAN/EVPN fabric with suppression and vPC sync

nxos:
  devices:
    - name: LEAF1
      configuration:
        arp:
          timeout: 1500
          cache_limit: 131072
          cache_interface_limit: 32000
          evpn_timeout: 10000
          suppression_timeout: 300
          rarp_fabric_forwarding: true
          rarp_fabric_forwarding_rate: 300
          vpc_domains:
            - domain_id: 1
              arp_synchronize: true

Example 3: Advanced ARP configuration with adjacency tuning and off-list controls

nxos:
  devices:
    - name: BORDER-LEAF1
      configuration:
        arp:
          timeout: 1200
          cache_limit: 262144
          cache_interface_limit: 64000
          cache_syslog_rate: 50
          adjacency_route_distance: 200
          cos: 6
          off_list_timeout: 600
          evpn_timeout: 15000
          allow_static_arp_outside_subnet: true
          resolve_outside_subnet: true
          vpc_domains:
            - domain_id: 1
              arp_synchronize: true

Example 4: Dynamic ARP Inspection (DAI) with validation and logging

nxos:
  devices:
    - name: ACCESS-LEAF1
      configuration:
        arp:
          inspection:
            log_buffer_entries: 64
            validate_destination: true
            validate_ip: true
            validate_source: true