ARP vs Proxy ARP

ARP vs Proxy ARP

Is ARP used when Host1  is trying to reach Host2 in the same subnet  and Proxy ARP used when Host1 and Host2 are separated by a router (Default Gateway) ? in other words, the Default gateway sends ARP request to Host2 and fetch that Host IP address to Host1 but with the MAC address of the Default Gateway.

Thank you
jskfanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
Arp is used to find a peer.... on the same subnet (for IPv4, IPv6 has no ARP).
Proxy arp is answering on behalf of another system.
A router may do this...., proxyarp hardly effectively used.  Any system may do this

When routing is involved this is known on the initiating system, which will lookup the GW mentioned in the routing table to run through ARP.
if the routing table doesn't provide a solution, you will mostly get: Net (or Host) not reachable errors.
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Proxy ARP is only used if the remote target is supposed to be on the same subnet (connected by switches), but indeed has to cross a router. The client does not know a router is involved. Dial-in clients usually rely on this kind of technique, becasue the dialed-in client often gets an IP from the local subnet range.
If the target is in another subnet, normal routing rules apply, the client knows it has to reach out to the gateway, and no Proxy ARP is used.
0
jskfanAuthor Commented:
A router may do this...., proxyarp hardly effectively used.  Any system may do this

What do you mean ?
I thought whenever there is a router in the middle or any Layer 3 device, it will do the Proxy ARP. it will send ARP requests to the next hop on behalf of the Host
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

JustInCaseCommented:
Proxy ARP is the case when router is answering to ARP request on behalf on IP address that is not present on interface that received ARP request. Router will answer to ARP request only if route to remote target network is present in routing table (default route is good enough as it can be seen below). I configured my ISR router (switch's SVI proxy ARP is not disabled), on my host default gateway IP 8.8.8.8 (I obviously don't own this address :) ), and issued ping to www.asus.com. As it can be seen DNS resolution and ping are working OK.

In this case MAC address of IP for default gateway - 8.8.8.8 is resolved by proxy ARP. Router answered instead of 8.8.8.8.
Proxy ARP - gateway on different subnet
The rules how ARP is working are not so straight forward as many engineers tend to believe (devices need to be in the same subnet for ARP to be functional). Device also can ARP for devices in other subnets and ARP can be resolved if all needed configuration parts are present (of course, this is bad network design, but it is important detail to understand how ARP is working and also how networks generally function).
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Predrag, this is a very strange misuse, and should not work. By definition, a gateway has to be on the same subnet as the NIC.
Also, having a route to another network does not enable Proxy ARP at all. You need special setups to do that. Routers won't do it by default.
0
JustInCaseCommented:
There is nothing special about this one regarding router configuration.
Few years back when I was preparing Windows Server 2012 certification exam I read that, according to Microsoft, default gateway can be few hops away. I tested that statement and result was that statement is true (it was strange at the time, but since it worked I had to revise my understanding how network is really functioning). That's why I wrote ARP is not working the way network engineers expect it is working. ARP is not strictly related to local subnet. :)

This is how it works, please test it yourself on some decent router.
0
nociSoftware EngineerCommented:
hm. It isn't the first time that microsoft sees things a little different, and implements accordingly. They have security rules for software writers, and there is a security researcher that already has published 52 topics where microsoft still doesn't follow their own security rules. (some years AFTER they came into effect.)
Microsoft als has a lot of hoops to jump through to get mail deliverd to hotmail/outlook/live/... users. Except their own server don;t follow suit. live.com servers presenting hotmail certificates,  reverselookup not matching forward lookups...., so i don't consider microsoft to deliver the "right" standards in software.

Now there is a lot you can say about IP protocols, but most have been described in some RFC:
Please meet the specification of Proxy ARP aka RFC 1027:

Status of this Memo

    This RFC describes the use of the Ethernet Address Resolution
    Protocol (ARP) by subnet gateways to permit hosts on the connected
    subnets to communicate without being aware of the existence of
    subnets, using the technique of "Proxy ARP" [6].  It is based on
    RFC-950 [1], RFC-922 [2], and RFC-826 [3] and is a restricted subset
    of the mechanism of RFC-925 [4].  Distribution of this memo is
    unlimited.
https://tools.ietf.org/html/rfc1027

This does describe functionality like Microsoft implemented it...
And it seems BSD systems do indeed work this way. Windows happens to be based on the BSD stack (in a long time ago).

Proxy arp is by default disabled on Linux systems.
# cat /proc/sys/net/ipv4/conf/all/proxy_arp
0

Open in new window


And i haven't seen it actively used on systems other then concentrators  with remote PtP connections.
0
JustInCaseCommented:
By default on all Cisco routers proxy ARP is enabled. Is proxy ARP enabled or disabled by default does not really influence how it is functioning once it is enabled.
There are better examples to understand how ARP is functioning. The example above don't help understanding how ARP and proxy ARP are functioning, it is just showing that it is not functioning as it is generally expected. It is just showing that ARP is functioning a little bit different that it was described in this topic.
0
nociSoftware EngineerCommented:
@Pedrag, your expectations don't align with the RFC i am afraid.
And i agree Proxy-ARP is a corner case where on some Texas University someone thought of an alternative for not getting routing right in the first place.

BTW: "by proxy" is almost always best translated with "on behalf of"
0
JustInCaseCommented:
Not my expectations, but my understanding is related to case:

R1's fa0/0 is directly connected to R2's fa0/0 interface

R1
interface fa0/0
 ip address 192.168.1.1 255.255.255.0
 no ip proxy-arp
 no shut
R2
 interface fa0/0
  ip address 10.0.0.1 255.255.255.0
  no ip proxy-arp
  no shut

Can those 2 routers in any case ping each other (there is no other connection between those two routers)?
My opinion is that when answer to that question is answered correctly and reasons are understood than person can understand logic on which ARP is relaying to function.
:)
0
nociSoftware EngineerCommented:
That should not work.... An arp response can only be on one network.
So:
R1: 
interface fa0/0
  ip address 192.168.1.1 255.255.255.0
  no shut[
  ip proxy-arp

Open in new window

R2: 
interface fa0/0
  ip address 192.168.1.2 255.255.255.0
  no shut[
  ip proxy-arp

interface fa0/1
  ip address 10.0.0.1 255.255.255.0
  no ip proxy-arp
  no shut
ip route 0.0.0.0 0.0.0.0 

Open in new window


Now if  R1 needs to access 8.8.8.8, then R2 MAY answer it's own MAC address of fa0/0 for this.
0
JustInCaseCommented:
It is not working as it is, but... with adjusting some configuration details ping be functional between those 2 routers with IP addresses from my previous post. To make ping work ARP need to resolve L2 addresses first. That's what I'm saying, if you solve that one it should be obvious how ARP is functioning.
:)
There is no 8.8.8.8 or anything else in this scenario, just those two routers.
0
nociSoftware EngineerCommented:
Your example won't work as the networks are different. (Broadcast from one unrecognized by the other and vise versa)
In my example the 8.8.8.8 would be resolved using proxy ARP because there is a defaut route on R2 in my set....

See RFC 1027, chapter 2.2.
0
JustInCaseCommented:
@noci
OK, it is pointless, I am sorry for trying. I can make it work (add configuration details to make it functional), you can't since RFC 1027, chapter 2.2 explicitly forbid you to do so.
0
jskfanAuthor Commented:
Thank you Guys
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.