From patchwork Mon May 31 09:06:58 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Brendan Doyle <brendan.doyle@oracle.com>
X-Patchwork-Id: 1485607
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org
 (client-ip=140.211.166.133; helo=smtp2.osuosl.org;
 envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=oracle.com header.i=@oracle.com header.a=rsa-sha256
 header.s=corp-2020-01-29 header.b=heLLIOFT;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=oracle.onmicrosoft.com header.i=@oracle.onmicrosoft.com
 header.a=rsa-sha256 header.s=selector2-oracle-onmicrosoft-com
 header.b=jnXhhzfA;
	dkim-atps=neutral
Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4FtqDk2Y0Fz9sVm
	for <incoming@patchwork.ozlabs.org>; Mon, 31 May 2021 19:07:16 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by smtp2.osuosl.org (Postfix) with ESMTP id 79B8940375;
	Mon, 31 May 2021 09:07:14 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from smtp2.osuosl.org ([127.0.0.1])
	by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 41WrQmduY-hc; Mon, 31 May 2021 09:07:13 +0000 (UTC)
Received: from lists.linuxfoundation.org (lf-lists.osuosl.org
 [IPv6:2605:bc80:3010:104::8cd3:938])
	by smtp2.osuosl.org (Postfix) with ESMTP id 59D764015C;
	Mon, 31 May 2021 09:07:12 +0000 (UTC)
Received: from lf-lists.osuosl.org (localhost [127.0.0.1])
	by lists.linuxfoundation.org (Postfix) with ESMTP id 3AC7DC000E;
	Mon, 31 May 2021 09:07:12 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@lists.linuxfoundation.org
Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 032CFC0001
 for <dev@openvswitch.org>; Mon, 31 May 2021 09:07:11 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp1.osuosl.org (Postfix) with ESMTP id D939083B5C
 for <dev@openvswitch.org>; Mon, 31 May 2021 09:07:10 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Authentication-Results: smtp1.osuosl.org (amavisd-new);
 dkim=pass (2048-bit key) header.d=oracle.com header.b="heLLIOFT";
 dkim=pass (1024-bit key) header.d=oracle.onmicrosoft.com
 header.b="jnXhhzfA"
Received: from smtp1.osuosl.org ([127.0.0.1])
 by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 2IUPMtGAMqQL for <dev@openvswitch.org>;
 Mon, 31 May 2021 09:07:09 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
Received: from aserp2130.oracle.com (aserp2130.oracle.com [141.146.126.79])
 by smtp1.osuosl.org (Postfix) with ESMTPS id 57BD183B56
 for <dev@openvswitch.org>; Mon, 31 May 2021 09:07:09 +0000 (UTC)
Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1])
 by aserp2130.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 14V94sJj163681
 for <dev@openvswitch.org>; Mon, 31 May 2021 09:07:08 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
 h=to : from : subject :
 message-id : date : content-type : content-transfer-encoding :
 mime-version; s=corp-2020-01-29;
 bh=UzseIKbfihFN6YUBAwqkUMJ0jphNqXCM1pnNHURUWCA=;
 b=heLLIOFT2xKwRDhFzgtpEn0zX3thQFa+78PX3q1XjEUV2/MZHvKcvAudFuFbyCNPXVwB
 TxjPhwWwaGMlIdX9H3pdwhOKGEd04r9hvw0/50xMICNl5EzLiVipwi03XM2Vd4qhXG6a
 974kym8rtGPelJ/heyht3Z846ec8Tic69SmnVRo/WzdSAiB76JsV7gXYVc4BoqOF76BP
 xvmFf2ndUy9oSNoCrTNM7uDB4rgxwUP9M1j9GOkNsEbUeCXhe4QbJkMt3yugcwM9OEcS
 GOuzRmhtzDlOo1D9nU6ckyHQEsoOEpU+H/m628OjHhzLDLsidV5wN+csa9ur18UV4YlJ mw==
Received: from userp3030.oracle.com (userp3030.oracle.com [156.151.31.80])
 by aserp2130.oracle.com with ESMTP id 38ub4cjpy7-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
 for <dev@openvswitch.org>; Mon, 31 May 2021 09:07:07 +0000
Received: from pps.filterd (userp3030.oracle.com [127.0.0.1])
 by userp3030.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 14V91nHH035114
 for <dev@openvswitch.org>; Mon, 31 May 2021 09:07:07 GMT
Received: from nam02-dm3-obe.outbound.protection.outlook.com
 (mail-dm3nam07lp2042.outbound.protection.outlook.com [104.47.56.42])
 by userp3030.oracle.com with ESMTP id 38uaqv8nvt-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
 for <dev@openvswitch.org>; Mon, 31 May 2021 09:07:06 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=Acv2zT42j14gS9frhfyJpw8YTLAfrDZB+ILv84zlUuR42RhP154HXQTCQR8rIPJRbWd6U+HwPXp6ikrBBk4jIlw3NiAuPKGqP12JPwWUDPgYQ7xMAcdFA7tdGo7YQ2cNEMQSKIxKYbVh35piItZMqKWXD2L3tHXrrcOQ9mI57PC7qzLPoXctaGERM0NrgUfvkuTFg2zp/wY07qHfaFi+Rx8RErHYPTONwIROrB+PBmMyzB1Sz6cy1XGuD/gA1ittYjtr/u4Q4qHofgYPxVLmvRYwRJKIgXdAYZyyr9OEbMVMbgXaGtCGZRrhlj/aMU3Vg/H8pYGsiTBaAJmUCWvTyQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=UzseIKbfihFN6YUBAwqkUMJ0jphNqXCM1pnNHURUWCA=;
 b=A584rOp+K1XbXOCulhohLJFnDR84q7HkMbsPnSSovtj8zqLmAJjZIQ08IlBexFXQkXDOfOhHBv40UQL1e0bo2g1Zx0H6tLDAhcVbDVTC6ebyGfSrwJuRoR6fWkxMFFlOOfb5fZHGEXYPpStOwJ4sQ0Xh/nxClYz9sB6Vyg/XtZZEN6wBd7UVpQsXnK5vXO1SRdwoRwkr9g/G8Xk6P+Tx12cUKHKR+Tb6B/+0hzraCBVuHUbMOfS3iSRl4rYK9L4lAxmIDoGte2KSv6X1k5j0yRRFNgvpXJ/+hhE5KF2ky7Zgnrtz1EkuFoYtO1sr9ZgfIBuoWbe4DtXbrLwuAJg6tA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com;
 dkim=pass header.d=oracle.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=UzseIKbfihFN6YUBAwqkUMJ0jphNqXCM1pnNHURUWCA=;
 b=jnXhhzfAi/SvIXzx5gI1dINvOxVELE0fnwCHm15vi3K9F6kFmWWd78fb+D8EtCTZn14UQanPM3J1aUebA3NJZW7H3YxAqipRRZ2ZaSzDs61exjKBHkpXXo1k7o/sJOx0xkp1lP0q3M0U6vTXkVoHaL2gv/Zgln+MB4+t40k1F6I=
Authentication-Results: openvswitch.org; dkim=none (message not signed)
 header.d=none; openvswitch.org;
 dmarc=none action=none header.from=oracle.com;
Received: from CO1PR10MB4723.namprd10.prod.outlook.com (2603:10b6:303:9c::20)
 by CO1PR10MB4804.namprd10.prod.outlook.com (2603:10b6:303:94::23)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.24; Mon, 31 May
 2021 09:07:05 +0000
Received: from CO1PR10MB4723.namprd10.prod.outlook.com
 ([fe80::c416:12b1:2617:fbe0]) by CO1PR10MB4723.namprd10.prod.outlook.com
 ([fe80::c416:12b1:2617:fbe0%6]) with mapi id 15.20.4173.030; Mon, 31 May 2021
 09:07:04 +0000
To: dev@openvswitch.org
From: Brendan Doyle <brendan.doyle@oracle.com>
Organization: Oracle Corporation
Message-ID: <fe4a6405-6a53-5d53-22fc-c5b922f9ab4a@oracle.com>
Date: Mon, 31 May 2021 10:06:58 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.10.2
Content-Language: en-US
X-Originating-IP: [138.3.204.10]
X-ClientProxiedBy: LO2P265CA0498.GBRP265.PROD.OUTLOOK.COM
 (2603:10a6:600:13a::23) To CO1PR10MB4723.namprd10.prod.outlook.com
 (2603:10b6:303:9c::20)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.175.80.138] (138.3.204.10) by
 LO2P265CA0498.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:13a::23) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4173.29 via Frontend Transport; Mon, 31 May 2021 09:07:04 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 5c7288f6-908b-4c60-5835-08d92413759c
X-MS-TrafficTypeDiagnostic: CO1PR10MB4804:
X-Microsoft-Antispam-PRVS: 
 <CO1PR10MB48045B9EBE0A023F3F30FF1E863F9@CO1PR10MB4804.namprd10.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:5236;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 WgNkBjrw7M3mFbxsTK3T0QYiXuZasAv4Ua92wKaj0ps5PsDDE25pxks+XatJ5CN9DgRDsfBuLvU60oH4GI8aVk+yy9ObUlG7rtmH7zqJKsb6UABRZnxP4vdnJF52N/KqbVyGCwK8diEgcQTO1CoelzUxjHRs34qE98US7B6QSvS5nHYXCoxiVauiuZSbpRGvbfEArAljJ6ta5rm5gT1uDrsf5W5HGtKmV5NNn4HiDONVoaFr/RKfoRoyEI8m03BT3tQRjg2Z70uBfrJ4+S1s3e8nXEAs4jCV25m12s9yzHG0RlS7qFVXYdifkjf7W3sJjIqUnocdzCNBjycVgQI8cKzhoglwbAJGbAwFfduTMVPvxdFnBSc0+bpTQ3JYdAjQAfWASWHHi/ClQK3D9uuydNwoS3it4A62XlfVniE2hdYnO9OfjqaAkRL2ysAZoy+FLsZrYbrHmQk3hExSBM1siLDRmlWxjJu3Qzb1GWADBeHcBEcD20qMS4bdE9TVPfwvYk9SZOBK0hN+PPzlmJOoF4vYCXe0NQi+1tiIBFN/WXp2IcOt0MIpZqq1ob/Pown3CRgStHF8ZaXzAlzhDwo7WgqpfP4G7tgFXhIaUB2YzPO869J47tf+Kc/0MbEE/OqotI2mla0203+6mBq79oAUM4WJndW7JODXDlWQIXuHIsTDFRek1bHUNpvkbGKTfxVQ
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:CO1PR10MB4723.namprd10.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(396003)(39860400002)(136003)(346002)(376002)(366004)(38100700002)(5660300002)(66556008)(66476007)(31686004)(36916002)(186003)(86362001)(53546011)(16576012)(316002)(26005)(36756003)(16526019)(83380400001)(8936002)(8676002)(6486002)(478600001)(6666004)(6916009)(31696002)(2906002)(2616005)(66574015)(44832011)(956004)(66946007)(43740500002)(45980500001);
 DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: =?utf-8?q?yiHgeAE4UQbGQTnPmJ9xMG9w26L1yf?=
	=?utf-8?q?v8sE633uetyTdNVEJ+aY7J+QjZZ+9BwCidBAX+ojVnmbwYK5GxtfwbCXKnxTE6LHM?=
	=?utf-8?q?pMzXFJd/hI2I9HpkxBgOljpq+W+fvcngnwSHcOUyqhIQ+D3D2Pf52QO4ru6OUF6cp?=
	=?utf-8?q?iw6Fk2edaDb4ikHm1jP9CPBGV/lNtLCOPu7+wTg9awavt8jM7v7BPrdbnabbzq7np?=
	=?utf-8?q?0o/yR9bx90pCohCKvqNDbmYYbZ9ZlRSVHjGBX/yFous9byuAzFR9ZVONgDG/rxGmB?=
	=?utf-8?q?EmPBQ3k+64ZenEW74M3wAWTyprAoFrSh5m3/+PtEDNIe2Et9+9+D5Of5e1Nzp7XFJ?=
	=?utf-8?q?xu1yCBGd1AVuVzzz7Lqty1BYYywPEUo0U6sUM3pAhUUAyMkLE1yAoOpBmEaQL2+cE?=
	=?utf-8?q?qG5yoOX9DTz6hVWkb1P0ZtH/wBRXaSHKBEcwefEKvn5f9uWUpIPpXjZ55apjY7vbw?=
	=?utf-8?q?huMXexZlosNtm9/4kh5+P63YEwepf+k7m8fNJ6PHJwUQY56kukHFkXBO+49K9ZTGh?=
	=?utf-8?q?rOLPe1SMkI3phTN/VNlgUDgR1V7+ATcmJHVGFXI3EvuJtNfJzjkjBQPULt62ftSVJ?=
	=?utf-8?q?Te1HZVpGy3mx15rs7WpdjVWOjQ2hf1sJ+InyBmIjbSFmq66Pd+2Jb0j6ExRWI1+yC?=
	=?utf-8?q?mwNO75aFq8owSqudQkpsA9Of91Fzqq5j/69yuzReLFLBNXPY3b+NYjTElY3aDw/L/?=
	=?utf-8?q?CoGQ2SniRkANHx+pR5ZqxTt0rDH/YBwiSk8f3ahUvknf0lRQ0itvrcX23mrATeq7n?=
	=?utf-8?q?JLI8CJ3/ONGBxmwwDoQzPLL9rN5XDMoJJax5pABIBZw+nBE2i8S0klBla6u8DaftD?=
	=?utf-8?q?g+dTvcSGPeV1SSJZg45az0Ch7SlxHtvO4y6PDN1DdulJ2vsWey5qV8DF5OpeTRx+X?=
	=?utf-8?q?EXFgcAxC3jMC9aOfKFMOysGDrSIqj+kXNU2ypeIWdqjH7Kbszo4gFhvrgm66iP5GH?=
	=?utf-8?q?dX/+8zvzQ1+RT7nNl7awdgDx2g6Zo4gAsJHxACjGTNVJoAPR72/KDksam/eM+xmWU?=
	=?utf-8?q?ixxm4W4LVUiZL46dTXsxuh1NPe++D0VZ7kXd9NiL0kC1pOWYOXuG34ygZjWZc/MSF?=
	=?utf-8?q?55dErs66qmWi8ji3MJ66mIi+8wQywdFt3/5D2bTtQ4cHFEFL8+GZATx3ZMWG9LDHZ?=
	=?utf-8?q?lq5CPuCm6zg8QdH6BKYzNqY6LBN8e6uVwHjby5VeFYZkJu60nsbSSLB2MXB0TH5p4?=
	=?utf-8?q?nzMGBO7LGhukrUOHOvUQJ/a2Ito3y1lo9fnvxHiIB6KqX/AHdYq1e/HGCxO7c+A2/?=
	=?utf-8?q?fvYKIEhaUm9Vza?=
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 5c7288f6-908b-4c60-5835-08d92413759c
X-MS-Exchange-CrossTenant-AuthSource: CO1PR10MB4723.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 May 2021 09:07:04.8264 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 k1sSZauiMKT3KSg63ZnI1OTliRdVzud1PtrlV6ijEsmGuH7AWsrPUwLsq4xfrql2OqX5QKdlRpEXE5LfsC9s/rYDqov+xAWt0NgbuAq3XR4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR10MB4804
X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=10000
 signatures=668682
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999
 bulkscore=0
 suspectscore=0 spamscore=0 adultscore=0 mlxscore=0 phishscore=0
 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2104190000 definitions=main-2105310065
X-Proofpoint-GUID: UyGOuH5HBGGnufVu_BhmS1O7DDM26qgp
X-Proofpoint-ORIG-GUID: UyGOuH5HBGGnufVu_BhmS1O7DDM26qgp
X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=10000
 signatures=668682
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0
 priorityscore=1501 mlxscore=0
 mlxlogscore=999 malwarescore=0 bulkscore=0 phishscore=0 lowpriorityscore=0
 clxscore=1011 impostorscore=0 adultscore=0 suspectscore=0 spamscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000
 definitions=main-2105310065
Subject: [ovs-dev] [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
 <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

From a9d3140845175edb7644b2d0d82a95bd6cf94662 Mon Sep 17 00:00:00 2001
From: Brendan Doyle <brendan.doyle@oracle.com>
Date: Fri, 28 May 2021 10:01:17 -0700
Subject: [PATCH ovn] ovn-northd.c: Add proxy ARP support to OVN

This patch provides the ability to configure proxy ARP IPs on a Logical
Switch Router port. The IPs are added as Options for router ports. This
provides a useful feature where traffic for a service must be sent to an
address in a logical network address space, but the service is provided
in a different network. For example an NFS service is provide to Logical
networks at an address in their Logical network space, but the NFS
server resides in a physical network. A Logical switch Router port can
be configured to respond to ARP requests sent to the service "Logical
address", the Logical Router/Gateway can then be configured to forward
the traffic to the underlay/physical network.

Signed-off-by: Brendan Doyle <brendan.doyle@oracle.com>
---
  northd/ovn-northd.c |  38 +++++++++++++++++++
  ovn-nb.xml          |   9 +++++
  tests/ovn.at        | 103 
++++++++++++++++++++++++++++++++++++++++++++++++++++
  3 files changed, 150 insertions(+)

+echo $expected | ovstest test-ovn expr-to-packets > expected
+
+OVN_CHECK_PACKETS([pa-hv/vif1-tx.pcap], [expected])
+
+OVN_CLEANUP([pa-hv])
+AT_CLEANUP
+])
--
1.8.3.1

diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c
index 0e5092a..a377e83 100644
--- a/northd/ovn-northd.c
+++ b/northd/ovn-northd.c
@@ -6943,6 +6943,7 @@ build_lswitch_arp_nd_responder_known_ips(struct 
ovn_port *op,
                                           struct ds *match)
  {
      if (op->nbsp) {
+        const char *arp_proxy;
          if (!strcmp(op->nbsp->type, "virtual")) {
              /* Handle
               *  - GARPs for virtual ip which belongs to a logical port
@@ -7096,6 +7097,43 @@ build_lswitch_arp_nd_responder_known_ips(struct 
ovn_port *op,
                  }
              }
          }
+
+        /*
+         * Add responses for ARP proxies.
+         */
+        arp_proxy = smap_get(&op->nbsp->options,"arp_proxy");
+        if (arp_proxy && op->peer) {
+            char *ips, *ip, *rest;
+
+            ips = xstrdup(arp_proxy);
+            rest = ips;
+
+            while ((ip = strtok_r(rest,",", &rest))) {
+                ds_clear(match);
+                ds_put_format(match, "arp.tpa == %s && arp.op == 1", ip);
+
+                ds_clear(actions);
+                ds_put_format(actions,
+                    "eth.dst = eth.src; "
+                    "eth.src = %s; "
+                    "arp.op = 2; /* ARP reply */ "
+                    "arp.tha = arp.sha; "
+                    "arp.sha = %s; "
+                    "arp.tpa = arp.spa; "
+                    "arp.spa = %s; "
+                    "outport = inport; "
+                    "flags.loopback = 1; "
+                    "output;",
+                    op->peer->lrp_networks.ea_s,
+                    op->peer->lrp_networks.ea_s,
+                    ip);
+
+                ovn_lflow_add_with_hint(lflows, op->od, 
S_SWITCH_IN_ARP_ND_RSP,
+                    50, ds_cstr(match), ds_cstr(actions),
+                    &op->nbsp->header_);
+            }
+            free(ips);
+        }
      }
  }

diff --git a/ovn-nb.xml b/ovn-nb.xml
index 02fd216..4b6c183 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -848,6 +848,15 @@
              </dd>
            </dl>
          </column>
+
+        <column name="options" key="arp_proxy">
+          Optional. A comma separated list IPv4 addresses that this
+          logical switch <code>router</code> port will reply to ARP 
requests.
+          Example: <code>169.254.239.254,169.254.239.2</code>. The
+          <ref column="options" key="router-port"/>'s logical router should
+          have a route to forward packets sent to configured proxy ARP 
IPs to
+          an appropriate destination.
+        </column>
        </group>

        <group title="Options for localnet ports">
diff --git a/tests/ovn.at b/tests/ovn.at
index 2c3c36d..c675cc9 100644
--- a/tests/ovn.at
+++ b/tests/ovn.at
@@ -26527,3 +26527,106 @@ AT_CHECK([test $(ovn-appctl -t ovn-controller 
coverage/read-counter lflow_run) =
  OVN_CLEANUP([hv1])
  AT_CLEANUP
  ])
+
+OVN_FOR_EACH_NORTHD([
+AT_SETUP([ovn -- proxy-arp: 1 HVs, 1 LSs, 1 lport/LS, 1 LR])
+AT_KEYWORDS([proxy-arp])
+ovn_start
+
+# Logical network:
+# One LR - lr1 has switch ls1 (192.16.1.0/24) connected to it,
+# and and one HV with IP 192.16.1.6.
+
+ovn-nbctl lr-add lr1
+ovn-nbctl ls-add ls1
+
+# Connect ls1 to lr1
+ovn-nbctl lrp-add lr1 ls1 00:00:00:01:02:f1 192.16.1.1/24
+ovn-nbctl lsp-add ls1 rp-ls1 -- set Logical_Switch_Port rp-ls1 \
+    type=router options:router-port=ls1 addresses=\"00:00:00:01:02:f1\"
+
+# Create logical port ls1-lp1 in ls1
+ovn-nbctl lsp-add ls1 ls1-lp1 \
+-- lsp-set-addresses ls1-lp1 "00:00:00:01:02:03 192.16.1.6"
+
+
+# Create one hypervisor and create OVS ports corresponding to logical 
ports.
+net_add n1
+
+sim_add pa-hv
+as pa-hv
+ovs-vsctl add-br br-phys
+ovn_attach n1 br-phys 192.16.0.1
+
+# Note: tx/rx are with respect to the LS port, so
+# tx on switch port is HV rx, etc.
+ovs-vsctl -- add-port br-int vif1 -- \
+    set interface vif1 external-ids:iface-id=ls1-lp1 \
+    options:tx_pcap=pa-hv/vif1-tx.pcap \
+    options:rxq_pcap=pa-hv/vif1-rx.pcap \
+    ofport-request=1
+
+# And proxy ARP flows for 69.254.239.254 and 169.254.239.2
+# and check that SB flows have been added.
+ovn-nbctl --wait=hv add Logical_Switch_Port rp-ls1 \
+options arp_proxy='"169.254.239.254,169.254.239.2"'
+ovn-sbctl dump-flows > sbflows
+AT_CAPTURE_FILE([sbflows])
+
+AT_CHECK([ovn-sbctl dump-flows | grep ls_in_arp_rsp | grep 
"169.254.239.2" | wc -l], [0], [dnl
+2
+])
+
+# Remove and check that the flows have been removed
+ovn-nbctl --wait=hv remove Logical_Switch_Port rp-ls1 options 
arp_proxy='"169.254.239.254,169.254.239.2"'
+
+AT_CHECK([ovn-sbctl dump-flows | grep ls_in_arp_rsp | grep 
"169.254.239.2" | wc -l], [0], [dnl
+0
+])
+
+# Add the flows back send arp request and check we see an ARP response
+ovn-nbctl --wait=hv add Logical_Switch_Port rp-ls1 \
+options arp_proxy='"169.254.239.254,169.254.239.2"'
+
+ls1_p1_mac=00:00:00:01:02:03
+ls1_p1_ip=192.16.1.6
+
+ls1_ro_mac=00:00:00:01:02:f1
+ls1_ro_ip=192.168.1.1
+
+proxy_ip1=169.254.239.254
+proxy_ip2=169.254.239.2
+
+bcast_mac=ff:ff:ff:ff:ff:ff
+
+# Send ARP request for 169.254.239.254
+packet="inport==\"ls1-lp1\" && eth.src==$ls1_p1_mac && 
eth.dst==$bcast_mac &&
+       arp.op==1 && arp.sha==$ls1_p1_mac && arp.spa==$ls1_p1_ip &&
+       arp.tha==$bcast_mac && arp.tpa==$proxy_ip1"
+
+as pa-hv ovs-appctl -t ovn-controller inject-pkt "$packet"
+
+ovs-ofctl dump-flows br-int| grep 169.254.239.254 | grep priority=50 > 
debug1
+AT_CAPTURE_FILE([debug1])
+
+
+# Check if packet hit the ARP reply ovs flow
+AT_CHECK([ovs-ofctl dump-flows br-int | \
+    grep "169.254.239.254" | \
+    grep "priority=50" | \
+    grep "arp_op=1" | \
+    grep "n_packets=1" | wc -l], [0], [dnl
+1
+])
+
+# Check that the HV gets an ARP reply
+expected="eth.src==$ls1_ro_mac && eth.dst==$ls1_p1_mac &&
+       arp.op==2 && arp.sha==$ls1_ro_mac && arp.spa==$proxy_ip1 &&
+       arp.tha==$ls1_p1_mac && arp.tpa==$ls1_p1_ip"