Proxy arp was a function used back whenever hosts didn't have a default gateway setting. As such, the router would actually assist in the forwarding process of frames. Instead of "ARPing" for the default gateway and going from there, the router would forward the ARP request across to the other network it attached.
Here are some links about this :
LIke dmcneil said, the router would assist or can still assist in the forwarding process.
The idea is when you arp to a network not directly connected, one you have to use the router to get to. The router can respond with the interface MAC address that connets to the switch or PC/laptop and use it for the traffic to the destination. The router is basically saying "You can use me to get there".
To describe proxy-arp consisely, when a host does not know it's default gateway, it arps every time it wants to send IP packet to remote networks (provided it's arp cache does not contain corresponding entry). If proxy-arp is on on the router serving that segment, the router will every time answer to each arp request with it's own mac-address if it knows a route to destination included in arp-request. this may eventually drain the resources of a router, as well as bandwidth of an switched path from host to router.
explaining we learn
best regards, Eugene
Let's see if you can understand it this way.
First let's see what is ARP ?
Address Resolution Protocol (ARP) is used to map a known IP Address to a unkown data-link identifier (for example MAC Address). The ARP Request will contain:
- Source IPv4 Address;
- Source data-link identifier address (MAC Address for example);
- Destination IPv4 Address;
- Destination data-link identifier (MAC Address in our example) will be set to 00:00:00:00:00:00.
Just did an ARP capture :
Ethernet II, Src: 00:30:b8:83:cb:40, Dst: ff:ff:ff:ff:ff:ff
Destination: ff:ff:ff:ff:ff:ff (Broadcast)
Source: 00:30:b8:83:cb:40 (00:30:b8:83:cb:40 )
Type: ARP (0x0806)
Trailer: FFE000200020003035800000FFE000100030 Address Resolution Protocol (request)
Hardware type: Ethernet (0x0001)
Protocol type: IP (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (0x0001)
Sender MAC address: 00:30:b8:83:cb:40 (00:30:b8:83:cb:40)
Sender IP address: 220.127.116.11 (18.104.22.168)
Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)
Target IP address: 22.214.171.124 (126.96.36.199)
Now let's see Proxy-ARP.
A Proxy ARP enabled Router answers ARP requests intended for another machine, it does that by making the local host believe that the Router is the "owner" of that IP Address, local host will forward the traffic to the Router and the Router will be responsible to "route" the packets to the real destination.
For example, a Host in Subnet A wants to send traffic to Host in Subnet B. Host A will send an ARP Request with Host B IP Address, the Router connected to both subnets will answer to Host A request using it´s own MAC Address instead of Host B MAC Address.
Now when Host A wants to transmit traffic to Host B, it´ll send to the Router MAC Address and the Router will just forward the traffic to Host B. That´s why "Proxy ARP".
It´s used on networks where the hosts are not configured with a default-gateway.
And yes a little pointer as well. It is enabled by default on a Cisco Router and you can obviosly disable it manually, on a per interface basis with the no ip proxy-arp command. And still to get back to the default use the ip proxy-arp command.
Message was edited by: Nipun Singh Raghav - CCNA R&S
Nipun, your post contains a mistake.
Nipun Singh Raghav - CCNA R&S wrote:
For example, a Host in Subnet A wants to send traffic to Host in Subnet B, Host A and Host B are in the same subnet, but in different broadcast domains. Host A will send an ARP Request with Host B IP Address, the Router connected to both subnets will answer to Host A request using it´s own MAC Address instead of Host B MAC Address.
So, are they in subnets A and B or are they in the same subnet???
these 2 opints need to be take care of in proxy arp:
1. Proxy ARP must be used on the network where IP hosts are not configured with a default gateway or do not have any routing intelligence.
2. Hosts have no idea of the physical details of their network and assume it to be a flat network in which they can reach any destination simply by sending an ARP request.
see the example over here, its very well explained. pay a little attention on addressing in example. it will really clear the doubts.
Thank you Chandan.. for sharing the link..it's excellent.
Now suppose if the host A(192.168.1.254) has a def gw 192.168.1.1 (router 1 e0/0) . Now if the host a wants to communicate with a public ip 188.8.131.52 Then the host A will send ARP req with src ip 192.168.1.254 source mac address aa.aaa.aa.aa , dest ip 184.108.40.206 dst mac will be router 1 e0/0 Mac ?.
proxy arp is also useful, if lets say you have a requirement of configuring a static route pointing to a multiaccess interface. For example
R1, R2 and R3 are connected to each other via a switch. Suppose R1 needs to connect to the loopback interface of R2 lets say 220.127.116.11/24...If you have put a static route of ip route 18.104.22.168 255.255.255.0 f0/0 , then R2 must have proxy arp enabled on its f0/0 interface to direct the packet to its loopback interface.
If its not enabled, then on R1 you will need to add a global config command
arp 22.214.171.124 (mac-address of f0/0 of R2) for layer three to layer two resolution. for example
arp 126.96.36.199 0022.2222.2222 arpa
hope this helps
Other people nailed the technical aspects. Here's a use case or two.
If you make use of IPv4 stateless auto-config (meaning those 169.x.x.x addresses windows sometimes pops up), you can use proxy arp to be able to discover a next hop MAC for forwarding packets outside of the subnet. This is a dumb solution, DHCP is obviously better.
In the data center, if you're using DFA (I think that's the acronym), all hosts will be members of /32 subnets so they can be migrated from one data center to another. Proxy ARP is used for resolving next hop for every host. It's a "graceful" solution for large scale layer-3 mobility without having to extend the layer-2 domain across multiple sites. You still need LISP like tech to manage return traffic.
Absolutely, they "shouldn't be", but so far as I know, neither Windows or Linux puts a hard limit on them and I don't see any reason you couldn't simply ignore the shouldn't fact on a Cisco router. Last I checked, there's nothing on a Cisco which even suggests that it would treat them any different than RFC1918 addresses. It's up to us as administrators to be well behaved.