1 2 Previous Next 16 Replies Latest reply: Oct 29, 2013 12:54 PM by Darren Starr (CCSI, 4xCCNP, 7xCCNA) RSS

    Proxy ARP

    Yugandhar

      Hi,

       

      Could you please explain what is Proxy-ARP ?

       

      Why and when we use the following commands ip proxy-arp and no ip proxy-arp

       

       

      Thank you,

      Yugandhar.

        • 1. Re: Proxy ARP
          Dmcneil

          Proxy arp was a function used back whenever hosts didn't have a default gateway setting. As such, the router would actually assist in the forwarding process of frames. Instead of "ARPing" for the default gateway and going from there, the router would forward the ARP request across to the other network it attached.

           

          Here are some links about this :

          http://en.wikipedia.org/wiki/Proxy_ARP

           

          https://learningnetwork.cisco.com/message/315303#315303

           

          https://learningnetwork.cisco.com/message/313971#313971

          • 2. Re: Proxy ARP
            Rob Riker CCNP R&S/CCNA Security

            LIke dmcneil said, the router would assist or can still assist in the forwarding process.

             

            The idea is when you arp to a network not directly connected, one you have to use the router to get to. The router can respond with the interface MAC address that connets to the switch or PC/laptop and use it for the traffic to the destination. The router is basically saying "You can use me to get there".

            • 3. Re: Proxy ARP
              Chandan Singh Takuli

              As Dmcneil already posted good links.

               

              if you still wana check more, check out this post & cisco doc link:

               

              https://learningnetwork.cisco.com/message/326330#326330

              • 4. Re: Proxy ARP
                Eugene

                Hello Yugandhar!

                To describe proxy-arp consisely, when a host does not know it's default gateway, it arps every time it wants to send IP packet to remote networks (provided it's arp cache does not contain corresponding entry). If proxy-arp is on on the router serving that segment, the router will every time answer to each arp request with it's own mac-address if it knows a route to destination included in arp-request. this may eventually drain the resources of a router, as well as bandwidth of an switched path from host to router.

                explaining we learn

                best regards, Eugene

                • 5. Re: Proxy ARP
                  Nipun Singh Raghav CCIE# 51612

                  Let's see if you can understand it this way.

                   

                  First let's see what is ARP ?

                   

                  Address Resolution Protocol (ARP) is used to map a known IP Address to a unkown data-link identifier (for example MAC Address). The ARP Request will contain:

                   

                  •      Source IPv4 Address;  
                  •      Source data-link identifier address (MAC Address for example);  
                  •      Destination IPv4 Address;  
                  •      Destination data-link identifier (MAC Address in our example) will be set to 00:00:00:00:00:00.  

                   

                  Just did an ARP capture :

                   

                  Ethernet II, Src: 00:30:b8:83:cb:40, Dst: ff:ff:ff:ff:ff:ff             
                      Destination: ff:ff:ff:ff:ff:ff (Broadcast)              
                      Source:
                  00:30:b8:83:cb:40  (00:30:b8:83:cb:40 )             
                      Type: ARP (0x0806)              
                      Trailer: FFE000200020003035800000FFE000100030               Address Resolution Protocol (request)              
                      Hardware type: Ethernet (0x0001)              
                      Protocol type: IP (0x0800)              
                      Hardware size: 6              
                      Protocol size: 4              
                      Opcode: request (0x0001)              
                      Sender MAC address:
                  00:30:b8:83:cb:40 (00:30:b8:83:cb:40)               
                      Sender IP address: 201.6.115.1 (201.6.115.1)              
                      Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)              
                      Target IP address: 201.6.115.254 (201.6.115.254)

                   

                   

                  Now let's see Proxy-ARP.

                   

                  A Proxy ARP enabled Router answers ARP requests intended for another machine, it does that by making the local host believe that the Router is the "owner" of that IP Address, local host will forward the traffic to the Router and the Router will be responsible to "route" the packets to the real destination.

                   

                  For example, a Host in Subnet A wants to send traffic to Host in Subnet B. Host A will send an ARP Request with Host B IP Address, the Router connected to both subnets will answer to Host A request using it´s own MAC Address instead of Host B MAC Address.

                   

                  Now when Host A wants to transmit traffic to Host B, it´ll send to the Router MAC Address and the Router will just forward the traffic to Host B. That´s why "Proxy ARP".

                   

                  It´s used on networks where the hosts are not configured with a default-gateway.

                  And yes a little pointer as well. It is enabled by default on a Cisco Router and you can obviosly disable it manually, on a per interface basis with the no ip proxy-arp command. And still to get back to the default use the ip proxy-arp command.

                   

                  HTH.

                   

                  Message was edited by: Nipun Singh Raghav - CCNA R&S

                  • 6. Re: Proxy ARP
                    Eugene

                    Nipun, your post contains a mistake.

                    Nipun Singh Raghav - CCNA R&S wrote:

                    For example, a Host in Subnet A wants to send traffic to Host in Subnet B, Host A and Host B are in the same subnet, but in different broadcast domains. Host A will send an ARP Request with Host B IP Address, the Router connected to both subnets will answer to Host A request using it´s own MAC Address instead of Host B MAC Address.

                    So, are they in subnets A and B or are they in the same subnet???

                    • 7. Re: Proxy ARP
                      Nipun Singh Raghav CCIE# 51612

                      Thanks Eugene. You got a great eye.

                      I need a new pair of glasses. I read it after i wrote it and still couldn't find the mistake.

                      For proxy ARP the machines are on different networks/subnets so yeah that was obvious but yea, i have corrected it.

                      • 8. Re: Proxy ARP
                        Chandan Singh Takuli

                        these 2 opints need to be take care of in proxy arp:

                         

                        1. Proxy ARP must be used on the network where IP hosts are not configured with a default gateway or do not have any routing intelligence.

                         

                        2. Hosts have no idea of the physical details of their network and assume it to be a flat network in which they can reach any destination simply by sending an ARP request.

                         

                        see the example over here, its very well explained. pay a little attention on addressing in example. it will really clear the doubts.

                         

                        http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094adb.shtml

                        • 9. Re: Proxy ARP
                          Yugandhar

                          Thank you Chandan.. for sharing the link..it's excellent.

                           

                          --------------------------------------------------------------------------------------------

                           

                          Now suppose if the host A(192.168.1.254)  has a def gw 192.168.1.1 (router 1  e0/0) . Now if the host a wants to communicate with a public ip 2.2.2.2  Then the host A will send ARP req with src ip 192.168.1.254 source mac address aa.aaa.aa.aa ,  dest ip 2.2.2.2  dst mac  will be router 1 e0/0 Mac ?.

                           

                          Regards

                          Yugandhar

                          • 10. Re: Proxy ARP
                            Ri0N

                            That would be the final frame that is sent on its way.  The ARP request would look slightly different.  The ARP request would ask for the MAC address of 192.168.1.1 (router 1 e0/0) and include a destination MAC of FFFF:FFFF:FFFF.

                            • 11. Re: Proxy ARP
                              smsnaqvi

                              proxy arp is also useful, if lets say you have a requirement of configuring a static route pointing to a multiaccess interface. For example

                               

                              R1, R2 and R3 are connected to each other via a switch. Suppose R1 needs to connect to the loopback interface of R2 lets say 2.2.2.2/24...If you have put a static route of ip route 2.2.2.0 255.255.255.0 f0/0 , then R2 must have proxy arp enabled on its f0/0 interface to direct the packet to its loopback interface.

                               

                              If its not enabled, then on R1 you will need to add a global config command

                               

                              arp 2.2.2.2 (mac-address of f0/0 of R2) for layer three to layer two resolution. for example

                              arp 2.2.2.2 0022.2222.2222 arpa

                               

                              hope this helps

                              • 12. Re: Proxy ARP
                                Darren Starr (CCSI, 4xCCNP, 7xCCNA)

                                Yugandhar,

                                 

                                Other people nailed the technical aspects. Here's a use case or two.

                                 

                                If you make use of IPv4 stateless auto-config (meaning those 169.x.x.x addresses windows sometimes pops up), you can use proxy arp to be able to discover a next hop MAC for forwarding packets outside of the subnet. This is a dumb solution, DHCP is obviously better.

                                 

                                In the data center, if you're using DFA (I think that's the acronym), all hosts will be members of /32 subnets so they can be migrated from one data center to another. Proxy ARP is used for resolving next hop for every host. It's a "graceful" solution for large scale layer-3 mobility without having to extend the layer-2 domain across multiple sites. You still need LISP like tech to manage return traffic.

                                • 13. Re: Proxy ARP
                                  cadetalain

                                  Hi Darren,

                                   

                                  These 169.254.x.x/16 addresses are link-local addresses so they shouldn't be routed ? ain't it the case ?

                                   

                                  Regards

                                   

                                  Alain

                                  • 14. Re: Proxy ARP
                                    Darren Starr (CCSI, 4xCCNP, 7xCCNA)

                                    Cadetalain,

                                     

                                    Absolutely, they "shouldn't be", but so far as I know, neither Windows or Linux puts a hard limit on them and I don't see any reason you couldn't simply ignore the shouldn't fact on a Cisco router. Last I checked, there's nothing on a Cisco which even suggests that it would treat them any different than RFC1918 addresses. It's up to us as administrators to be well behaved.

                                    1 2 Previous Next