ARP vs Proxy ARP

jskfan
jskfan used Ask the Experts™
on
ARP vs Proxy ARP

Is ARP used when Host1  is trying to reach Host2 in the same subnet  and Proxy ARP used when Host1 and Host2 are separated by a router (Default Gateway) ? in other words, the Default gateway sends ARP request to Host2 and fetch that Host IP address to Host1 but with the MAC address of the Default Gateway.

Thank you
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
nociSoftware Engineer
Distinguished Expert 2018
Commented:
Arp is used to find a peer.... on the same subnet (for IPv4, IPv6 has no ARP).
Proxy arp is answering on behalf of another system.
A router may do this...., proxyarp hardly effectively used.  Any system may do this

When routing is involved this is known on the initiating system, which will lookup the GW mentioned in the routing table to run through ARP.
if the routing table doesn't provide a solution, you will mostly get: Net (or Host) not reachable errors.
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015
Commented:
Proxy ARP is only used if the remote target is supposed to be on the same subnet (connected by switches), but indeed has to cross a router. The client does not know a router is involved. Dial-in clients usually rely on this kind of technique, becasue the dialed-in client often gets an IP from the local subnet range.
If the target is in another subnet, normal routing rules apply, the client knows it has to reach out to the gateway, and no Proxy ARP is used.

Author

Commented:
A router may do this...., proxyarp hardly effectively used.  Any system may do this

What do you mean ?
I thought whenever there is a router in the middle or any Layer 3 device, it will do the Proxy ARP. it will send ARP requests to the next hop on behalf of the Host
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Distinguished Expert 2018
Commented:
Proxy ARP is the case when router is answering to ARP request on behalf on IP address that is not present on interface that received ARP request. Router will answer to ARP request only if route to remote target network is present in routing table (default route is good enough as it can be seen below). I configured my ISR router (switch's SVI proxy ARP is not disabled), on my host default gateway IP 8.8.8.8 (I obviously don't own this address :) ), and issued ping to www.asus.com. As it can be seen DNS resolution and ping are working OK.

In this case MAC address of IP for default gateway - 8.8.8.8 is resolved by proxy ARP. Router answered instead of 8.8.8.8.
Proxy ARP - gateway on different subnet
The rules how ARP is working are not so straight forward as many engineers tend to believe (devices need to be in the same subnet for ARP to be functional). Device also can ARP for devices in other subnets and ARP can be resolved if all needed configuration parts are present (of course, this is bad network design, but it is important detail to understand how ARP is working and also how networks generally function).
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
Predrag, this is a very strange misuse, and should not work. By definition, a gateway has to be on the same subnet as the NIC.
Also, having a route to another network does not enable Proxy ARP at all. You need special setups to do that. Routers won't do it by default.
Distinguished Expert 2018

Commented:
There is nothing special about this one regarding router configuration.
Few years back when I was preparing Windows Server 2012 certification exam I read that, according to Microsoft, default gateway can be few hops away. I tested that statement and result was that statement is true (it was strange at the time, but since it worked I had to revise my understanding how network is really functioning). That's why I wrote ARP is not working the way network engineers expect it is working. ARP is not strictly related to local subnet. :)

This is how it works, please test it yourself on some decent router.
nociSoftware Engineer
Distinguished Expert 2018

Commented:
hm. It isn't the first time that microsoft sees things a little different, and implements accordingly. They have security rules for software writers, and there is a security researcher that already has published 52 topics where microsoft still doesn't follow their own security rules. (some years AFTER they came into effect.)
Microsoft als has a lot of hoops to jump through to get mail deliverd to hotmail/outlook/live/... users. Except their own server don;t follow suit. live.com servers presenting hotmail certificates,  reverselookup not matching forward lookups...., so i don't consider microsoft to deliver the "right" standards in software.

Now there is a lot you can say about IP protocols, but most have been described in some RFC:
Please meet the specification of Proxy ARP aka RFC 1027:

Status of this Memo

    This RFC describes the use of the Ethernet Address Resolution
    Protocol (ARP) by subnet gateways to permit hosts on the connected
    subnets to communicate without being aware of the existence of
    subnets, using the technique of "Proxy ARP" [6].  It is based on
    RFC-950 [1], RFC-922 [2], and RFC-826 [3] and is a restricted subset
    of the mechanism of RFC-925 [4].  Distribution of this memo is
    unlimited.
https://tools.ietf.org/html/rfc1027

This does describe functionality like Microsoft implemented it...
And it seems BSD systems do indeed work this way. Windows happens to be based on the BSD stack (in a long time ago).

Proxy arp is by default disabled on Linux systems.
# cat /proc/sys/net/ipv4/conf/all/proxy_arp
0

Open in new window


And i haven't seen it actively used on systems other then concentrators  with remote PtP connections.
Distinguished Expert 2018

Commented:
By default on all Cisco routers proxy ARP is enabled. Is proxy ARP enabled or disabled by default does not really influence how it is functioning once it is enabled.
There are better examples to understand how ARP is functioning. The example above don't help understanding how ARP and proxy ARP are functioning, it is just showing that it is not functioning as it is generally expected. It is just showing that ARP is functioning a little bit different that it was described in this topic.
nociSoftware Engineer
Distinguished Expert 2018

Commented:
@Pedrag, your expectations don't align with the RFC i am afraid.
And i agree Proxy-ARP is a corner case where on some Texas University someone thought of an alternative for not getting routing right in the first place.

BTW: "by proxy" is almost always best translated with "on behalf of"
Distinguished Expert 2018

Commented:
Not my expectations, but my understanding is related to case:

R1's fa0/0 is directly connected to R2's fa0/0 interface

R1
interface fa0/0
 ip address 192.168.1.1 255.255.255.0
 no ip proxy-arp
 no shut
R2
 interface fa0/0
  ip address 10.0.0.1 255.255.255.0
  no ip proxy-arp
  no shut

Can those 2 routers in any case ping each other (there is no other connection between those two routers)?
My opinion is that when answer to that question is answered correctly and reasons are understood than person can understand logic on which ARP is relaying to function.
:)
nociSoftware Engineer
Distinguished Expert 2018

Commented:
That should not work.... An arp response can only be on one network.
So:
R1: 
interface fa0/0
  ip address 192.168.1.1 255.255.255.0
  no shut[
  ip proxy-arp

Open in new window

R2: 
interface fa0/0
  ip address 192.168.1.2 255.255.255.0
  no shut[
  ip proxy-arp

interface fa0/1
  ip address 10.0.0.1 255.255.255.0
  no ip proxy-arp
  no shut
ip route 0.0.0.0 0.0.0.0 

Open in new window


Now if  R1 needs to access 8.8.8.8, then R2 MAY answer it's own MAC address of fa0/0 for this.
Distinguished Expert 2018

Commented:
It is not working as it is, but... with adjusting some configuration details ping be functional between those 2 routers with IP addresses from my previous post. To make ping work ARP need to resolve L2 addresses first. That's what I'm saying, if you solve that one it should be obvious how ARP is functioning.
:)
There is no 8.8.8.8 or anything else in this scenario, just those two routers.
nociSoftware Engineer
Distinguished Expert 2018

Commented:
Your example won't work as the networks are different. (Broadcast from one unrecognized by the other and vise versa)
In my example the 8.8.8.8 would be resolved using proxy ARP because there is a defaut route on R2 in my set....

See RFC 1027, chapter 2.2.
Distinguished Expert 2018

Commented:
@noci
OK, it is pointless, I am sorry for trying. I can make it work (add configuration details to make it functional), you can't since RFC 1027, chapter 2.2 explicitly forbid you to do so.

Author

Commented:
Thank you Guys

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial