|
Home > Archive > CCNP > July 2001 > Proxy my ARP
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| creamy_stew 2001-07-18, 7:39 am |
| Hi all!
I'm having some trouble understanding Proxy ARP. My initial and intuitive understanding was that, with Proxy ARP, a router sniffs for ARP requests for IP addresses that that are not on the same subnet as the interface they are received on. The router will then return its own MAC to the host that sent the ARP request, effectively making the host think it's actually talking directly to a host on the local subnet.
(This, as far as I can tell, would make PA transparent to the hosts and I can't see how it would introduce much additional latency compared to HSRP?)
Anyway, what confuses me is this description of Proxy ARP (from exam cram Switching):
quote:
Some end stations use Proxy ARP to discover the IP address of the default gateway ...<snip>... Sometimes a client, after a lengthy period of time, will perform the Proxy ARP again to verify the default gateway's existence, which at this point it will have discovered that the default gateway has failed and then choose another candidate. However, in most implementations of Proxy ARP, the end-station will continue to use the same default gateway unless it was rebooted.
This (which sounds just like DHCP) indicates that Proxy ARP is also implemented at the client and that the client will actually set a default gw. Is this so?
Comments please, both on my understanding of the topic and ec's description of it 
/creamy | |
|
| quote:
Originally posted by creamy_stew
Hi all!
I'm having some trouble understanding Proxy ARP. My initial and intuitive understanding was that, with Proxy ARP, a router sniffs for ARP requests for IP addresses that that are not on the same subnet as the interface they are received on. The router will then return its own MAC to the host that sent the ARP request, effectively making the host think it's actually talking directly to a host on the local subnet.
That's my understanding too.
quote:
(This, as far as I can tell, would make PA transparent to the hosts and I can't see how it would introduce much additional latency compared to HSRP?)
Remember that the hosts cache the MAC address. If the gateway fails they will continue to use the same MAC for the same destination for a while. The nice thing about HSRP is that the replacement router will immediately start to respond to the MAC address that has been used all the time.
quote:
Anyway, what confuses me is this description of Proxy ARP (from exam cram Switching):
I did not like that description to well. Probably has something to do with the scandinavian way of interpreting English
There is one point that is important for proxy ARP to work. The client has to use ARP for addresses outside its own subnet (normally the client would ARP the default gateway if the destination address is outside its own subnet). I think a windows computer will ARP every address if you configure it with its own address as the gateway address.
quote:
This (which sounds just like DHCP) indicates that Proxy ARP is also implemented at the client and that the client will actually set a default gw. Is this so?
It is the first time that I have read anything about Proxy ARP beeing used for discovering the IP address of the default gateway. In a way the client discovers the MAC address of the default gateway, but does not care to much about this being a default gateway. The client would handle this IP to MAC address mapping just like it does for addresses on its own subnet.
Maybe there is some important lack of my understanding of Proxy ARP here. I would be glad to be enlightened.
Terje | |
| richard21 2001-07-18, 4:40 pm |
| Few months ago, I had to change a 2501 for a 2610 in my enterprise network. I was a new comer and indeed not familiar with the network. I just copied and pasted the config of the 2501 to the 2610, except for the syntax of the interfaces, and made the change.
To my surprise, the branch office attached to the router lost connectivity with some application servers and I was not able to explain it until I realised that the 2501 was acting as a proxy ARP .
There was a 4000 Cisco router on the network that was still caching the 2501 mac address.
I just had to clear the arp cache of this router and everything went to normality.
Just an anecdote, but I had headaches while troubleshooting the issue.
Since then I think that proxy ARP is not a good tool to use. Just think about the next admin that'll come when you leave your current job . 
Regards. | |
| depamo 2001-07-19, 2:08 pm |
| The router uses proxy ARP, as defined in rfc 1027, to help hosts with no knowledge of routing determine the hardware addresses of hosts on other networks or subnets. Under proxy ARP, if the router receives an ARP Request for a host that is not on the same network as the ARP Request sender, and if the router has the best route to that host, then the router sends an ARP Reply packet giving its own local data link address. The host that sent the ARP Request then sends its packets to the router, which forwards them to the intended host.
You have to get down and dirty to understand what is going on here, a computer is asking for a hardware address using an IP Address (in TCP/IP Protocol). Microsoft computers are very ARP'y, they try to get things done faster by first using ARP to find someone on the local network. This deals with the bindings, usually NetBIOS first, which lives on ARP's.
Also another cute fact on Proxy ARP, it is active by default on all 2500/2600 routers.
Here is an interesting cut from Cisco
quote:
Address Resolution Using ARP
To send an Internet data packet to a local host with which it has not previously communicated, the router first broadcasts an ARP Request packet. The ARP Request packet requests the MAC local data link address corresponding to an Internet address. All hosts on the network receive this request, but only the host with the specified Internet address will respond.
If present and functioning, the host with the specified Internet address responds with an ARP Reply packet containing its local data link address. The router receives the ARP Reply packet, stores the local data link address in the ARP cache for future use, and begins exchanging packets with the host.
The EXEC command show arp may be used to examine the contents of the ARP cache. The show ip arp command will show IP entries.
Remeber, this is a router, not a switch, but the operation seems to be about the same?!?
This takes memory and CPU cycles to execute, also puts extra traffic on your network that shouldn't be there in the first place so I recommend that you turn it off.
Hope that clears things up -
As for what this has to do with HSRP? HSRP takes over this function when Primary router fails. Remeber that two routers using HSRP use one IP address and one MAC address - now that is funky, goes against standard use of network adapters (almost promicuous) so there is no need for convergence or an additional ARP to find the new router when the first one goes down.
A router doesn't do DHCP though, it won't answer RARP commands. It will however leak out to RIP enabled systems its gateway address for dynamic resolution. Also under IPX you can use a GNS (for routing services) to get the segment ID and node for the router port. If you really want to see something freaky, if you have a router on a network and it won't hurt anything, turn on two computers, change the router port, ARP the IP Address and you will see that both computer have the new MAC Address. Windows listens to the ARP's on the network so they don't have to do them again. Hence, I ARP 192.168.1.1 (gateway) and it returns a MAC address, all the hosts both heard that and stored it on their local system for a certain period of time. You can check this table on a regular computer with ARP -a command(shows the ARP table for Unix and Windows). Also a good way to mess everything up, return the wrong MAC Address for a specific IP Address, everyone will attemtp to access the wrong system (I tried it, it works).
This is a freaky process add-on to solve some issues with network traffic, cost to your network is more to obtain a MAC address that it cannot use?? Or is this just a traffic reduction by telling the computer to shut up and give it the information that it is asking for.
Wow, that was a mouthfull!!
 | |
|
| Yeah, I agree that was quite a mouthfull. Perhaps it is me, but I can not see that this sheds any more light on that peculiar quote Creamy_stew brought us from exam cram.
quote:
Originally posted by depamo
Microsoft computers are very ARP'y, they try to get things done faster by first using ARP to find someone on the local network. This deals with the bindings, usually NetBIOS first, which lives on ARP's.
In what way is Mircrosoft computers "ARP'y"? More than others? Any LAN implementation of IP will need to use ARP or static IP to MAC mapping. The latter is so inconvenient that you wouldn't seriously consider it as long as we have good old ARP.
ARP does not speed up things. We use it for convenience, not speed. Actually, static IP to MAC mapping would be slightly quicker (for the computers, not for the administrator).
But I don't understand what this has to do with bindings, or NetBIOS for that matter. ARP is a support protocol for IP and as far as I know has nothing to do with NetBIOS except the indirect relationship that NetBIOS can run on IP.
quote:
Remeber, this is a router, not a switch, but the operation seems to be about the same?!?
?
quote:
This takes memory and CPU cycles to execute, also puts extra traffic on your network that shouldn't be there in the first place so I recommend that you turn it off.
ARP or Proxy ARP? ARP is such a usefull thing that I gladly accept its minor overhead. Proxy ARP has no overhead as long as it is not used. Remember, the clients has to activly use ARP for a non-subnet IP address before Proxy ARP is activated.
There are other (non-related) reasons that people sometimes suggest to disable Proxy ARP.
quote:
A router doesn't do DHCP though,
It can be configured to, but I do not think that was what Creamy_stew meant. I think he was refering to the quote from exam cram that almost suggests that clients obtain their default gateway by the use of Proxy ARP. This didn't make sense to him and doesn't make sense to me. I am inclined to believe exam cram is confusing at best here. But I would be happy to get a better explanation.
quote:
turn on two computers, change the router port, ARP the IP Address and you will see that both computer have the new MAC Address. Windows listens to the ARP's on the network so they don't have to do them again. Hence, I ARP 192.168.1.1 (gateway) and it returns a MAC address, all the hosts both heard that and stored it on their local system for a certain period of time.
First: Only those computer that allready have an IP to MAC mapping for that IP address in the ARP cache will update their caches. The other computers will simply consider this ARP broadcast uninteresting and discard it.
Second: This is not windows specific. It's the way the rfc specifies it. Every ARP implementation should work this way.
Terje | |
| depamo 2001-07-20, 3:53 pm |
| Obviously there were some issues with my attempt to give people some informaiton on how to use routers in the real world.
Proxy ARP can be useful for small networks that don't go anywhere or are static and don't connect to the real world but most of us in the real world know that if you have routers that are in areas that traffic can burst, any memory that you can find is well worth the effort. As opposed to dropping packets in exchange for having Proxy ARP, I think that I will keep my memory. Proxy ARP will hold MAC Address in a local table and this takes memory. Memory in a router is finite and very expensive compared to other types of memory.
This also adds the issue of real world computer, they move form place to place. If you enable Proxy ARP in a real network and then move a computer and the table is returning a bad value?? Or even better, ever hear of DHCP and addresses changing every boot in most places for security? This also makes this a michevious process that will result in excessive traffic issues unlike a switch, there is no way for a router to determine connectivity of a system on a Multi-Access Medium such as Ethernet.
As for ARP'y, ever install Microsoft Windows? Take a look at what protocols are usually installed by default. NetBIOS is usually installed in most configurations as it is much more efficent on local LAN segments for doing grung work such as printing and local shares. In the binding tree it sits first in the list of protocols to use in attempting to create a connection to a remote host as it is faster with less overhead then TCP/IP. Hence there are many ARP's when a computer is doing anything on the network. As I say again, Microsoft computers are very ARP'y. Now remove NetBIOS and see how many ARP's are being propogated in relation to having NetBIOS installed as a top-bound protocol. I guarantee that there will be less ARP's in a network without NetBIOS. I know, I have tried it with a Protocol Analyzer, again a real world solution. Also noted in the CCNA - 500 TCP/IP clients per collision domain and only 200 NetBIOS, why do you think that this might be? Probably because of broadcast traffic, and ARP is a type of broadcast traffic? Think so.
A router holding MAC addresses is similar to operation of a switch. Hence I said that the operation was similar here, if you couldn't see that, I do feel for you.
If you had read the example you would see that the point that I was trying to make was that passing MAC Address to IP Addresses is not a good idea for a router to do, especially in the real world of dynamic networks. Here is a proof of how you can use it to your benefit. I migrated 500 users into a Supernet in a building, I changed the netmask on the core router and then had a Sun Server send out ARP responses for the MAC Address of the router port for all the old IP Addresses associated with the router. All the computers held the ARP in their tables and I only had to repeat the ARP once every 5 seconds. But that again is a real world solution combining Solaris (a version of Unix if you didn't know), some simple java and C programming. Yes I know that ARP also works on Unix, didn't I state that arp -a is also a Unix command?
Yes I do understand that this is a rfc covered protocol, I can goto the Cisco site or IANA and get the rfc also.
Don't be so critical, everything you say can be criticized. I do work in the real world where I do have to come up with real solutions and keep things acting predictably all the time. Judging from my MTBF, I think that I am doing it right.
Next time don't attack people in these groups, nobody cares to watch two people chew each other out. There are much better ways to address issues you don't feel are right. Simply picking out specific phrases out of postings just to try to show some degree of capability instead of helping the situation is not only childish but completly amature.
Next time why not point out issues in a more constructive manner and then you can send your more specific comments to me directly. | |
| dmaftei 2001-07-20, 4:45 pm |
| Heh... This becomes interesting... [grin] | |
|
| If I wrote anything that anyone felt insulting or impropper in any way, I sincerely regret it. My real aim was to discuss the quote that creamy_stew questioned as well as to clear up what i interpreted as misunderstandings in the way ARP as well as Proxy ARP work. I can see that I failed i both respects.
I will refrain from following up this discussion further. Enjoy the forums the following weeks while I am on holliday and will not disturb.
Terje
(former operating systems developer and Solaris application programmer among other things) |
|
|
|
|