I have a question about network masks and proxy ARP that I have not
understood for a long time. I'm not sure that I can clearly explain the
question, but I'll give it my best. I got bits and pieces about the
situation, so I don't know exactly what is working and when.
A co-worker has a customer that has a really messy IP scheme. For
simplicity, the network scheme should be
network A router A
172.16.1.0 /24 172.16.1.1 e0
192.168.1.1 s0
connects over WAN to
network B router B
172.16.2.0 /24 172.16.2.1 e0
192.168.1.2 s0
This customer has hosts with misconfigured masks and default gateways all
over the place. Some hosts have wrong masks, some wrong gateways, on some
both are wrong, and some are right. The routers are configured correctly, as
above. Obviously he is experiencing some connectivity issues - sometimes
things work, and sometimes they don't.
I would like to more completely understand why. Proxy ARP is on (default).
Lets assume the following:
host A (wrong mask configured, 172.16.1.5 /16, gateway 172.16.1.1) tries to
connect to host B 172.16.2.6 (correctly configured as /24, gateway
172.16.2.1)
My understanding of what happens: Host A does binary anding, and thinks
that host B is on the same subnet. So it ARPs for 172.16.2.1. Proxy ARP is
on, so I would think the router recognize that it needs to respond to host
A's ARP request. Host A now thinks that host B = MAC address of router A.
Host A sends traffic to router A and router A forwards. Both router A and
host A know the correct MAC address of each other, so host B's response will
get to host A. So this should work consistently despite the
misconfiguration, but I know better. How am I thinking incorrectly?
Next question, let's assume the following:
host A (wrong gateway configured, 172.16.1.5 /24, gateway 172.16.1.3) tries
to connect to host B 172.16.2.6 (correctly configured as /24, gateway
172.16.2.1)
My understanding of what happens: Host A does binary anding, and thinks
that host B is on another subnet. Host A thinks that the gateway is
172.16.1.3, and ARPs for that. If there is a 172.16.1.3, it will respond
with it's MAC, host A will send traffic for host B to 172.16.1.3, which will
promptly drop it because it has no idea what to do with it. If there is not
a 172.16.1.3, host A will not get a response, and will timeout eventually. I
will need to check, but I don't think that host A will ARP for host B (as
opposed to ARPing for the gateway). So this should consistently not work. If
host A did not have a gateway at all, it would ARP for host B and router A
would respond (due to proxy ARP) and connectivity would be established. Am I
correct?
I do think it makes a difference who initiates the connection, because of
ARP. If host B tries to connect to host A, router A would ARP for host A.
Host A would place router A's MAC in it's ARP table for host B, and as long
as that entry existed, communication would work consistently? Am I thinking
correctly?
If proxy ARP is enabled, why is a default gateway needed? I have never seen
a TCP/IP configuration that doesn't have a spot to enter a default gateway.
Conversely, if everything has a default gateway, why is proxy ARP needed? If
one of those (either the gateway or proxy ARP) is not working for whatever
reason, why is communication spotty? Should it not be consistently either
working or not?
If proxy ARP works like it is supposed to, I don't see a need for hosts to
have masks and gateways configured. The only problem I see is if there are
multiple gateways available to a subnet, where both (or more) gateways will
forward the packet, so the destination gets 2 packets. What happens then is
protocol and application dependent.
Any comment is appreciated. I'm currently learning how little I know. ;-)
Scott Meyer
CCNA, CCDA, MCSE, etc
[EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3727&t=3727
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
