At 03:32 PM 5/25/01, Chuck Larrieu wrote:
>Forgive the silly questions, but 1) was proxy arp enabled on the router
It's not a silly question and I really wondered about that also. It doesn't
show up in the config because it's the default, but I typed "no ip
proxy-arp" and "ip proxy-arp" in Ethernet interface config mode to make
sure. And I did get the router to actually do proxy arp in a few cases. My
latest testing was with 172.16.0.0 networks:
My address was set to 172.16.10.10/16. My default gateway address was set
to 172.16.10.1.
The default gateway's e0 was set to 172.16.10.1/24 and the router also had
direct connections and EIGRP routes to 172.16.20.0, 172.16.30.0, and
172.16.40.0 and 172.16.50.0.
Router responded on behalf of my PC's ARPs for 172.16.20.1, 172.16.30.1,
172.16.40.1 and 172.16.50.1. Yeah. Proxy ARP lives!
If I configured my PC with its own address as the default gateway, I got
the same results. Hooray!
If I left out the configuration for the default gateway, my PC couldn't get
anywhere off its major net. It didn't even try. The application just
responded immediately with an error and no packets were seen with debug or
sniffer. Boo. My PC could get to other networks within 172.16.0.0 because
of Proxy ARP.
I added a default route to my router while my PC was configured to use
itself as the gateway.
ip route 0.0.0.0 0.0.0.0 172.16.20.2
I pinged 200.200.200.200. My PC ARPed for it. The router responded! Hooray!
Proxy ARP rocks.
I also tried the original case, once I was sure Proxy ARP was really
enabled. I left my PC on its normal office config on network 208.x.x.x, but
connected to the lab network. The router complained about the source being
on a different cable and did not respond to an ARP for my default gateway.
If I had my default gateway set to myself, causing me to ARP for non-remote
stations, the router also did not respond, complaining about the source
being on a different cable. See Chuck's comments and quote from RFC below.
Conclusions:
Using Proxy ARP would not solve our travelling hotel user's problems. The
user would have to do some reconfigs.
Proxy ARP is a HACK.
Caveats: I was running IOS 11.0 and Windows 98, both hacks themselves!? ;-)
Priscilla
>and
>2) was there a route to the 10dot network, or a default route in the routing
>table of the router in question?
>
> From RFC 1027:
>
>To permit multiple subnets per physical network, an ARP subnet gateway must
>use the physical network interface, not the subnet number to determine when
>to reply to an ARP request. That is, it should send a proxy ARP reply only
>when the source network interface differs from the target network interface.
>In addition, appropriate routing table entries for these "phantom" subnets
>must be added to the subnet gateway routing tables.
>
>OK. I get it. The router still needs to be one the same subnet as the host
>making the request. The RFC refers to multiple subnets of the same major
>network. In the case you, PO, mention, the router interface would have to
>have secondary addressing to cover all possibilities. Score one for the
>designer! Good call.
>
>Chuck
>
>
>-----Original Message-----
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
>Priscilla Oppenheimer
>Sent: Friday, May 25, 2001 3:24 PM
>To: [EMAIL PROTECTED]
>Subject: RE: ARP versus Proxy-arp [7:5664]
>
>At 05:05 PM 5/25/01, Bob Vance wrote:
>
> >Once the Proxy ARP answers the client's request for his
> >DG on net 10, then all the other packets will be to "real" Internet
> >addresses.
>
>OK, I hear you on the routing questions, but it turns out the router does
>NOT respond to the ARP for the DG. I decided to try it. It doesn't work for
>a different reason than expected.
>
>I left my PC configured as I use it on a real network and plugged it into
>my lab network, which uses a different addressing scheme. I was emulating a
>traveller connecting to the hotel network without reconfiguring the TCP/IP
>control panel.
>
>I had debug arp on and here was the result:
>
>IP ARP req filtered src 10.0.0.2 0000.0ed5.c7e7, dst 10.0.0.1 0000.0000.
>0000 wrong cable
>
>The router won't respond to an ARP from a station that isn't on its subnet.
>Remember that an ARP packet has the sender's IP address in it. I was
>running 11.0 because my lab network is old so your results may vary.
>
>I think the hotel network is on fantasy island. ;-)
>
>Priscilla
>
>
>
> >-------------------------------------------------
> >Tks |
> >BV |
> >Sr. Technical Consultant, SBM, A Gates/Arrow Co.
> >Vox 770-623-3430 11455 Lakefield Dr.
> >Fax 770-623-3429 Duluth, GA 30097-1511
> >=================================================
> >
> >
> >
> >
> >
> >-----Original Message-----
> >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> >Priscilla Oppenheimer
> >Sent: Friday, May 25, 2001 3:04 PM
> >To: [EMAIL PROTECTED]
> >Subject: RE: ARP versus Proxy-arp [7:5664]
> >
> >
> >If a router running Proxy ARP didn't have a "route of last resort" or
> >"default route" would it still respond to an ARP for some random
> >non-local
> >network? It would cause problems if it responded to the ARP when it
> >couldn't really route packets to the destination. I suppose it usually
> >works because this router or the DG as you mention below has a default
> >route to the rest of the world.
> >
> >And how about network 10.0.0.0? The hotel router in the scenario
> >wouldn't
> >respond to a customer's ARP for a DG of 10.0.0.1 unless the hotel
> >network
> >was configured with a 10.0.0.0 network, would it? Or maybe the default
> >route would cover this too, but maybe not since it's a private address.
> >
> >I realize I'm being brain damaged about the whole topic, but I think the
> >issues are more subtle than people realize.
> >
> >Priscilla
> >
> >At 09:14 PM 5/24/01, Bob Vance wrote:
> > > >Why would it think it can get to 10.0.0.0 (that ones a little
> > > >easier) or 138.1.0.0 (unlikely) when the client computer ARPs for its
> > > >default gateway?
> > >
> > >Well, now.
> > >Does a DG of its own count as "knowing how to get there"?>)
> > >
> > >
> > >-------------------------------------------------
> > >Tks |
> > >BV |
> > >Sr. Technical Consultant, SBM, A Gates/Arrow Co.
> > >Vox 770-623-3430 11455 Lakefield Dr.
> > >Fax 770-623-3429 Duluth, GA 30097-1511
> > >=================================================
> > >
> > >
> > >
> > >
> > >
> > >-----Original Message-----
> > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > >Priscilla Oppenheimer
> > >Sent: Thursday, May 24, 2001 6:24 PM
> > >To: [EMAIL PROTECTED]
> > >Subject: RE: ARP versus Proxy-arp [7:5664]
> > >
> > >
> > >You missed the point. I know what Proxy ARP is.
> > >
> > >I assume the goal is that the traveller doesn't need to do any
> > >reconfiguration and can leave the default gateway set to the home
> >office
> > >setting of 10.0.0.32, or 138.1.80.193 in my second example. A router
> > >doesn't just blindly respond to ARPs. It only responds if it thinks it
> > >can
> > >get there. Why would it think it can get to 10.0.0.0 (that ones a
> >little
> > >easier) or 138.1.0.0 (unlikely) when the client computer ARPs for its
> > >default gateway?
> > >
> > >The design of the hotel network must be quite interesting. I was hoping
> > >the
> > >original poster had more details.
> > >
> > >Priscilla
> > >
> > >At 12:35 PM 5/24/01, Cornell Manea wrote:
> > > >Proxy-arp is used to find a router and get by on a
> > > >segment when you don't know the IP address of the
> > > >default gateway...
> > > >
> > > >
> > > >--- Priscilla Oppenheimer wrote:
> > > > > Hmm... That's interesting. I'm trying to figure it
> > > > > out. Say, on my office
> > > > > network, my default gateway is something like
> > > > > 10.0.0.32 because we're using
> > > > > private addresses and NAT. When I travel, would the
> > > > > router in the hotel
> > > > > respond to my ARP for 10.0.0.32?? Would the router
> > > > > think that it can reach
> > > > > network 10.0.0.0?
> > > > >
> > > > > And, let's say that I don't use private addresses on
> > > > > my office network
> > > > > (which I don't). Let's say the default gateway is
> > > > > 138.1.80.193. Would the
> > > > > hotel router respond to my ARP for 138.1.80.193?
> > > > > Would the router think
> > > > > that it can reach network 138.1.0.0?
> > > > >
> > > > > I would hate to be the desk clerk responding to
> > > > > questions about this! ;-)
> > > > >
> > > > > Priscilla
> > > > >
> > > > > At 10:56 AM 5/24/01, [EMAIL PROTECTED] wrote:
> > > > > >Proxy-Arp Lives!
> > > > > >
> > > > > >I have to add that as I understand it proxy arp and
> > > > > nat are how hotels offer
> > > > > >internet connectivity. Take a laptop with any ip
> > > > > address configured plug it
> > > > > >in and it will arp for its default gateway. The
> > > > > router with proxy arp will
> > > > > >answer as the default gateways mac address. Then
> > > > > using a wide scope for nat
> > > > > >(the scope would be the entire ip address range)
> > > > > the hotel can provide
> > > > > >internet connectivity to a client with any
> > > > > configured ip address and
> > > > > >gateway.
> > > > > >
> > > > > >Dean Whitley
> > > > > >
> > > > > >-----Original Message-----
> > > > > >From: Hire, Ejay [mailto:[EMAIL PROTECTED]]
> > > > > >Sent: Thursday, May 24, 2001 10:32 AM
> > > > > >To: [EMAIL PROTECTED]
> > > > > >Subject: RE: ARP versus Proxy-arp [7:5664]
> > > > > >
> > > > > >
> > > > > >Proxy arp isn't dead, it is still in use very
> > > > > frequently on dial-up links.
> > > > > >If you get a chance, dial-up to earthlink and run
> > > > > winipcfg. You'll see that
> > > > > >your default gateway is actually set to yourself.
> > > > > Their is a reasonable
> > > > > >explanation of this behavior in the Sybex CCNP
> > > > > switch 2.0 chapter on
> > > > > >redundancy.
> > > > > >
> > > > > >-EH
> > > > > >
> > > > > >-----Original Message-----
> > > > > >From: Chuck Larrieu [mailto:[EMAIL PROTECTED]]
> > > > > >Sent: Wednesday, May 23, 2001 10:37 PM
> > > > > >To: [EMAIL PROTECTED]
> > > > > >Subject: ARP versus Proxy-arp [7:5664]
> > > > > >
> > > > > >
> > > > > >At the risk of becoming another Bob Vance......
> > > > > >
> > > > > >I'm reading Doug Comer's TCP/IP reference, on the
> > > > > assumption that it can't
> > > > > >hurt to really get into how TCP/IP works.
> > > > > >
> > > > > >Proxy-arp versus normal arp.
> > > > > >
> > > > > >A host does not know the physical address of
> > > > > another host so it sends out an
> > > > > >ARP request. If the host in question lies on
> > > > > another network, a router
> > > > > >responds to that request. Proxy ARP, correct?
> > > > > >
> > > > > >A host through it's TCP stack does the XOR and
> > > > > determines that a host lies
> > > > > >on another network. The host therefore sends the
> > > > > packet to the device
> > > > > >indicated as its default gateway in its
> > > > > configuration. It sends an ARP
> > > > > >request for the MAC of the default gateway. Normal
> > > > > ARP?
> > > > > >
> > > > > >So in other words, proxy arp may be viewed as
> > > > > something of an obsolete
> > > > > >protocol / operation in that most modern TCP stacks
> > > > > contain the mechanisms
> > > > > >for doing the network XOR determination, and then
> > > > > using the default gateway.
> > > > > >A modern stack would recognize that a host is on a
> > > > > different network and go
> > > > > >the default gateway route, so to speak.
> > > > > >
> > > > > >In other words, the necessity for proxy arp is
> > > > > eliminated for the most part
> > > > > >because of the default gateway concept and the
> > > > > modern TCP stack.
> > > > > >
> > > > > >Has it sunk through this thick head finally?
> > > > > >
> > > > > >PS Comer states that proxy arp is aka arp hack. :->
> > > > > >
> > > > > >Chuck
> > > > > >
> > > > > >One IOS to forward them all.
> > > > > >One IOS to find them.
> > > > > >One IOS to summarize them all
> > > > > >And in the routing table bind them.
> > > > > >
> > > > > >-JRR Chambers-
> > > > > >FAQ, list archives, and subscription info:
> > > > > >http://www.groupstudy.com/list/cisco.html
> > > > > >Report misconduct and Nondisclosure violations to
> > > > > [EMAIL PROTECTED]
> > > > > >FAQ, list archives, and subscription info:
> > > > > >http://www.groupstudy.com/list/cisco.html
> > > > > >Report misconduct and Nondisclosure violations to
> > > > > [EMAIL PROTECTED]
> > > > > >FAQ, list archives, and subscription info:
> > > > > >http://www.groupstudy.com/list/cisco.html
> > > > > >Report misconduct and Nondisclosure violations to
> > > > > [EMAIL PROTECTED]
> > > > >
> > > > >
> > > > > ________________________
> > > > >
> > > > > Priscilla Oppenheimer
> > > > > http://www.priscilla.com
> > > > > FAQ, list archives, and subscription info:
> > > > > http://www.groupstudy.com/list/cisco.html
> > > > > Report misconduct and Nondisclosure violations to
> > > >[EMAIL PROTECTED]
> > > >
> > > >
> > > >__________________________________________________
> > > >Do You Yahoo!?
> > > >Yahoo! Auctions - buy the things you want at great prices
> > > >http://auctions.yahoo.com/
> > >
> > >
> > >________________________
> > >
> > >Priscilla Oppenheimer
> > >http://www.priscilla.com
> > >FAQ, list archives, and subscription info:
> > >http://www.groupstudy.com/list/cisco.html
> > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> >
> >________________________
> >
> >Priscilla Oppenheimer
> >http://www.priscilla.com
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
>________________________
>
>Priscilla Oppenheimer
>http://www.priscilla.com
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
________________________
Priscilla Oppenheimer
http://www.priscilla.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=6006&t=5664
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
