Floating IPs are configured on the rfp interface within the qrouter namespace, but are not directly reachable from the gateway of the external network, since the fip namespace sits between the qrouter namespace and the external network.

To allow for the routing of traffic through the fip namespace back to the qrouter namespace, Neutron relies on the use of proxy arp. By automatically enabling proxy arp on the fg interface, the fip namespace is able to respond to ARP requests for the floating IP, on behalf of the floating IP, from the upstream gateway device.

When traffic is routed from the gateway device to the fip namespace, the routing table is consulted and traffic is routed to the respective qrouter namespace:

The following diagram demonstrates how proxy arp works in this scenario:

The fg interface within the fip namespace responds on behalf of the qrouter namespace since qrouter is not directly connected to the external network. The use of a single fip namespace and proxy arp eliminates the need to provide each qrouter namespace with its own IP address from the external network, which reduces unnecessary IP address consumption and makes more floating IPs available for use by virtual machine instances and other network resources.