HOW Proxy-ARP WORKS?


We’ll Understanding Proxy-ARP with help of few scenarios.


I’ve setup a lab in GNS3 where I have taken 3 routers R1, R2, R3.


R1 and R3 are routers itself but shown as hosts by changing the symbol. Also I have disabled the routing on both R1 and R3 so that both of them behave as hosts and not routers.


 

Scenario 1 : No Default-gateway configured on Hosts R1 and R3.

Configurations:

R1
no ip routing


interface FastEthernet0/0
ip address 172.9.12.2 255.255.255.0
——————

R2
interface FastEthernet0/0
ip address 172.9.12.1 255.255.255.0
interface FastEthernet1/0
ip address 192.9.23.1 255.255.255.0

——————

R3
no ip routing

interface FastEthernet0/0
ip address 192.9.23.2 255.255.255.0
——————–

Let’s ping IP of host R3 from host R1.

R1#ping 192.9.23.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.9.23.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 52/81/112 ms

We can see that the ping from host R1 (172.9.12.2) to host R3 (192.9.23.2) is working fine.

Reason: While we ping from host R1 to R3, it was Proxy-ARP’ed by Router R2. R2 also knows the directly connected network 192.9.23.0/24 connected to its f1/0 interface and forwards the ICMP packets to R3 using its routing table.

Below is the wireshark capture of R1–R2 link. The below captures show R1 sending ARP request for 192.9.23.2 (host R1’s IP) and R2 sends back ARP reply (Proxy-ARP) to host R1.


ARP Request from host R1:



 Proxy ARP reply from Router R2:


 The MAC address for 192.9.23.2 is actually the MAC address of Router R2’s fa0/0 interface as given below:


R1#sh arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.9.12.1              2   ca02.23f8.0000  ARPA   FastEthernet0/0
Internet  172.9.12.2              –   ca01.2080.0000  ARPA   FastEthernet0/0
Internet  192.9.23.2              0   ca02.23f8.0000  ARPA   FastEthernet0/0

———

R2#sh int f0/0 | i bia
Hardware is DEC21140, address is ca02.23f8.0000 (bia ca02.23f8.0000)


The above scenario confirms the working of Proxy-Arp.
 
Scenario 2:  Disable Proxy-arp on Router R2 and check if host R1 can ping host R3.
R2(config)#interface FastEthernet0/1
R2(config-if)#no ip proxy-arp
R2(config)#interface FastEthernet1/0
R2(config-if)#no ip proxy-arp

If we disable proxy-arp on R2, the ping from host R1 to host R3 should not be working.  I have also cleared the Arp-Cache on all 3 devices. Wait for some time and ping from host R1 to R3.

R1#ping 192.9.23.2

Sending 5, 100-byte ICMP Echos to 192.9.23.2, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)


R1#sh arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.9.12.1              5   ca02.23f8.0000  ARPA   FastEthernet0/0
Internet  172.9.12.2              –   ca01.2080.0000  ARPA   FastEthernet0/0
Internet  192.9.23.2              0   Incomplete      ARPA

The above output shows  that ping is not working as ARP for host R3’s IP is not getting resolved.

Reason: As Proxy-Arp is disabled on both interfaces of Router R2,  it is not replying with the proxy-arp for host R3’s IP while we ping from host R1.

The below snapshot shows that host R1 sending ARP request for 192.9.23.2 (R3’s IP) but R2 is not responding with ARP reply as Proxy-Arp is disabled on it.






Scenario 3 :  Disable Proxy-Arp on R2 (Scenario 2) and configure default-gateway on host R1 and R3.


Hosts R1 and R3 are configured with default-gateways (Respective Router R2’s interface IPs).

R1(config)#ip default-gateway 172.9.12.1
R3(config)#ip default-gateway 192.9.23.1
R1#ping 192.9.23.2
Sending 5, 100-byte ICMP Echos to 192.9.23.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/39/40 ms

After configuring the default-gateways on host R1 and R3, the ping started working.

Reason: While we ping host R3’s IP from host R1, which belongs subnet, host R1 knows that it need to use its default gateway. If host R1 doesn’t know the MAC of default-gateway,  It will sends a broadcast ARP to find the MAC of the default-gateway(R2’s fa0/0 IP). R2 sends ARP reply to host R1 with MAC of its fa0/0 interface. Once R1 learns R2’s fa0/0 MAC it stop sending broadcast/ARP packets to R2. Below capture shows host R1 sending ARP request for its default gateway, 172.9.12.1 (Router R2’s fa0/0 interface).

Now the ping packets from Host R1 to host R3 will continue with the MAC address of default-gateway (R2’s fa0/0). Once ICMP packets reach R2 it will lookup its routing-table and forwards the packets toward fa1/0 interface connected to host R3 and ping will be  successful.


Hope you have enjoyed reading this Post. Please share your feedback if you liked this post. You can also write to us on networkurge@gmail.com.