sonic-net · prsunny · Apr 2, 2020 · Mar 19, 2020 · Mar 27, 2020
diff --git a/doc/arp/Proxy Arp.md b/doc/arp/Proxy Arp.md
@@ -0,0 +1,75 @@
+
+# Introduction
+
+The scope of this document is to provide the requirements and a high-level design proposal for Proxy ARP support. 
+
+# Requirements
+
+The following are the high level requirements when an interface is enabled with "proxy_arp"
+
+1. Proxy arp shall be set for the interface in kernel
+2. Hardware ARP packet action for that interface must be trap to CPU and not flooded/forwarded in hardware.
+
+When the interface is deleted, the corresponding configurations must be removed. A VS and sonic-mgmt test is required to validate the configuration
+
+# Design Proposal
+
+The design is intended to have a generic approach for proxy-arp feature. A user can set an attribute "proxy_arp" to the config_db entry for INTERFACE table entry. In addition, for "Vnet" interfaces, this is implicitely "enabled". The default value if not specified would be "disabled"
+
+The schema change for proxy-arp is as below:
+
+```   
+VLAN_INTERFACE|{{intf_name}} 
+    "vnet_name": {{vnet_name}}
+    "proxy_arp": "enabled"
+
+VLAN_INTERFACE|{{intf_name}}|{{prefix}}  
+    { }
+```
+```
+; Defines Interface table schema
+
+key             = INTERFACE:name         ; Same as existing
+; field
+vnet_name       = vnet_name              ; Same as existing
+proxy_arp       = "enabled" / "disabled" ; Default "disabled" (Optional attribute)
+```    
+
+When proxy_arp is enabled for an interface, e.g
+
+    "VLAN_INTERFACE": {
+        "Vlan2000": {
+             "vnet_name": "Vnet_3000"
+             "proxy_arp": "enabled"
+	 }
+
+the following kernel param must be set to 1:
+
+```
+/proc/sys/net/ipv4/conf/Vlan2000/proxy_arp_pvlan
+```
+
+and SAI configuration for ```SAI_VLAN_ATTR_BROADCAST_FLOOD_CONTROL_TYPE``` must be set to ```SAI_VLAN_FLOOD_CONTROL_TYPE_NONE```
+
+# Flows
+
+The following flow diagram captures two example, one for user configuration and another for vnet interfaces
+
+## Kernel config
+
+![](https://github.com/Azure/SONiC/blob/master/images/vxlan_hld/proxy_arp_kernel.png)
+
+## SAI config
+
+For requirement #2, the proposal is to disable flooding for the specific Vlan so that ARP packets shall not get flooded in hardware.
+By default in Sonic, it is a copy action for ARP packets which means, packets gets flooded in hardware. In the event of enabling proxy-arp, flooding must be disabled. This enables the switch to respond to ARP requests within this subnet to be responded with its SVI mac. ```Intforch``` must invoke "Vlan flood" disable during the RIF creation based on "prxoy_arp" attribute.
+
+![](https://github.com/Azure/SONiC/blob/master/images/vxlan_hld/proxy_arp_flood.png)
+
+# Additional Notes
+1. The flooding is disabled only for those interfaces belonging to a Vnet or user-configured proxy_arp setting. The implementation shall not modify the existing behavior and shall be backward compatible. 
+2. VS test can be added to existing ```test_vnet.py``` to verify the kernel/SAI configuration.
+3. Proxy ND is not planned as part of this feature but can be extended in future based on the same approach
+4. ```/proc/sys/net/ipv4/conf/Vlan2000/proxy_arp``` is not required to be set.
+5. Reference on Vnet/Vxlan design is [here](https://github.com/Azure/SONiC/blob/master/doc/vxlan/Vxlan_hld.md)
+6. Requires a sonic-mgmt test to verify the proxy-arp behaviour