Proxy ARP

From Free net encyclopedia

Proxy ARP is a technique for using the ARP protocol to provide an ad hoc routing mechanism.

A multi-port networking device (e.g. a router) implementing Proxy ARP will respond to ARP requests on one interface as being responsible for addresses of device addresses on another interface. The device can then receive and forward packets addressed to the other devices.

The advantage of Proxy ARP over other networking schemes is simplicity. A network can be extended using this technique without the knowledge of the upstream router.

For example, suppose a host, say A, wants to contact another host, say B, on another subnet. For this, host A will send an ARP request with IP address of B in its ARP packet. The multihomed router which is connected to both the subnets, answers to host A's request with its MAC address instead of host B's actual MAC address, thus proxying for host B. In the due course of time, when host A sends a packet to the router which is actually destined to host B, the router just forwards the packet to host B. The communication between host A and B is totally unaware of the router proxying for each other. The process which results in node responding with its own MAC address to an ARP request for a different IP address for proxying purposes is sometimes referred to as 'publishing'.

Below are some typical use cases for proxy ARP.

  • Joining a broadcast LAN with serial links (e.g., dialup or VPN connections).

Assume a broadcast network (e.g., a group of stations connected to the same hub) using a certain IPv4 address range (e.g., 192.168.0.0/24, where 192.168.0.1-192.168.0.127 are assigned to wired nodes). One or more of the stations is an access router accepting dialup or VPN connections. Provided the addresses given to dialup/VPN-connected nodes need to be of the same range (let's assume a dial-up node gets an address of 192.168.0.254 from an access server with LAN IP address of 192.168.0.1), Proxy ARP is used to create 'presence' effect for the said node; the access server 'publishes' its MAC for 192.168.0.254, the address of the dial-up node.

  • Taking multiple addresses from a LAN

Assume a station (e.g., a server) with an interface (10.0.0.2) connected to a network (10.0.0.0/24). Certain applications may require multiple IP addresss on the server. Provided the addresses have to be from the 10.0.0.0/24 range, the way problem is solved is Proxy ARP. Additional addresses (say, 10.0.0.240-10.0.0.254) are aliased to the loopback interface of the server (or assigned to special interfaces, the later typically being the case with VMware/UML/jails/vservers/other virtual server invironements) and 'published' on the 10.0.0.2 interface (though many operating systems allow direct alocation of multiple addresses to one interface eliminating the need for such tricks).

Disadvantages of the Proxy ARP include scalability (ARP resolution is required for every device routed in this manner) and reliability (no fallback mechanism is present, and the masquerading can be confusing in some environments). It should be noted that ARP manipulation techniques, however, are the basis for protocols providing redundancy on broadcast networks (e.g., Ethernet), most notably CARP and VRRP.it:Proxy ARP es:Proxy ARP

Retrieved from "http://www.netipedia.com/index.php/Proxy_ARP"