https://vyos.dev/T5559 (Selective proxy-arp/proxy-ndp when doing SNAT/DNAT) only resolves the case for when other devices politely asks "who-has x.x.x.x?" (or the equal in IPv6-world).
When dealing with active/passive failover a more active way of informing the rest of the network that "hey, send packets for x.x.x.x to my mac-address" (or the equal in IPv6-world) must be performed.
For virtual IP-addresses configured through VRRP or virtual-server this should be taken care of by keepalived (when the VyOS becomes active).
However if you have SNAT configured along with VRRP, something like this:
VRRP_VIP (eth0): 192.168.0.1/24
VRRP_R1 (eth0): 192.168.0.2/24
VRRP_R2 (eth0): 192.168.0.3/24
SNAT (eth0): 192.168.0.4
SNAT (eth0): 192.168.0.5
When the failover occurs and passive VyOS (VYOS2) becomes active VyOS then the other devices at 192.168.0.0/24 network will not understand that packets towards 192.168.0.4 and 192.168.0.5 should be sent to the mac-address of VYOS2 rather than VYOS1 which is currently in their arp/ndp cache (and might remain there until it gets timed out).
The other devices might even detect that an IP-collission exists on this network or detect it as an ongoing arp-spoofing.
To resolve this Gratuitous ARP (GARP) (and similar for IPv6) must be implemented in VyOS (to work in combination with selective proxy-arp/proxy-ndp).
Solution for IPv4:
arping -q -b -c 1 -I eth0 -U -s 192.168.0.4 192.168.0.4 arping -q -b -c 1 -I eth0 -U -s 192.168.0.5 192.168.0.5
arping do support an interval between packets:
-i <interval> set interval between packets (default: 1 second)
Which means it should be able to configure this as a systemd.service and let systemd watchdog over it (restart if it crashes).
When runned as a service the "-c 1" should be removed.
Solution for IPv6:
ndsend 2001:db8::1 eth0
ndsend doesnt seem to have an interval so if runned as systemd.service it needs to be scripted into a loop with a sleep statement.
ndsend is part of vzctl package in Debian.
Another option is ndptool part of package libndp-tools in Debian.
An abandoned source from 2006 named ndping (works similar to arping) exists at https://sourceforge.net/projects/ndping/files/latest/download
NOTE! For the above (IPv4 and IPv6) to work properly kernel setting ip_nonlocal_bind must be set to 1 (because whats being announced is an IP-address not currently configured on any interface):
sysctl -w net.ipv4.ip_nonlocal_bind=1 sysctl -w net.ipv6.ip_nonlocal_bind=1
The commands in VyOS should be similar for those proposed regarding proxy-arp/proxy-ndp.
That is something like:
set protocols static garp 192.0.2.1 interface eth0 interval 1 set protocols static garp 192.0.2.1 interface eth1 interval 1 set protocols static una 2001:db8::1 interface eth1 interval 1
Where "garp" = "IPv4 Gratuitous ARP" and "una" = "IPv6 Unsolicited Neighbor Advertisements".
I have no idea if the short name for "IPv6 Unsolicited Neighbor Advertisements" is "una" anywhere else but could be handy to not have to spell out the full name in the config (so Im open for suggestions if a better name can be used, gnd perhaps (Gratuitous Neighbour Discovery)?).
To match "how others do" the default interval should be 30 seconds: https://www.arista.com/en/um-eos/eos-varp#xx1152897 (ip virtual-router mac-address advertisement-interval <period>)
Ref:
https://datatracker.ietf.org/doc/html/rfc5227
https://datatracker.ietf.org/doc/html/rfc2461#section-7.2.6
https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
https://manpages.debian.org/bookworm/iputils-arping/arping.8.en.html
https://manpages.ubuntu.com/manpages/jammy/en/man8/ndsend.8.html
https://sourceforge.net/projects/ndping/files/latest/download
https://manpages.debian.org/testing/libndp-tools/ndptool.8.en.html