Click me if you are a network guru ...

huggy59 · Aug 6, 2007

With that subnet mask, there is only ONE other place things can go. So if it's not the server, the other IP HAS to be the gateway... things are different when there are only two working IP addresses! That's why I said it is usually used for WAN links to customer premise equipment...

electron · Aug 7, 2007

The other IP address is not in use.

wuench · Aug 18, 2007

Dan (electron) said:
The other IP address is not in use.

It's Proxy Arp. I just realized we use this a lot at work and don't even think about it. For example, we have a test network, typically we just let clients talk to whatever test server they need to out their default gateway on their subnet. But if we want to run the traffic through our WAN simulator then to the test server, we just tell them to point their default gateway on the client to to the simulator on a different subnet. Without having to re-cable or reconfigure anything. Then the traffic goes from being 100MB or a Gig to 128k or whatever we want to setup for the test.

deranged · Aug 18, 2007

This brings up a question I have had, what is the real need for proxy arp ?

It seems to me that it is being used to avoid properly setting up a network and routing.

Was proxy arp developed for a particular need and then just became the easy way to setup networks ?

StevenE

huggy59 · Aug 18, 2007

If I remember correctly, it was developed in part to help extend non-routable network protocols by allowing two network segments to appear as one across some boundary or intervening network segment. Proper subnetting is usually a better option.

wuench · Aug 20, 2007

huggy59 said:
If I remember correctly, it was developed in part to help extend non-routable network protocols by allowing two network segments to appear as one across some boundary or intervening network segment. Proper subnetting is usually a better option.

My book said a couple of other reasons are to prevent having to configure workstations in the absence of something like BOOTP/DHCP and also to allow for dynamic gateway redundancy as opposed to using something like HSRP/VRRP. You can have several gateway routers on a LAN and if one fails another will pick up the traffic.

gregoryx · Aug 22, 2007

deranged said:
This brings up a question I have had, what is the real need for proxy arp ?

It seems to me that it is being used to avoid properly setting up a network and routing.

Was proxy arp developed for a particular need and then just became the easy way to setup networks ?

StevenE

Mostly accurate, actually. It goes back a ways; but that's really the essence of it. Note that proxy ARP is different than a Proxy Server (as you'll note mentioned in your Windows "Internet Config" stuff).

The purpose of Proxy ARP is simple: make a machine pretend to be something it's not. It takes the place of what the "correct" configuration should be by taking advantage of the simple-minded structure of how the L2/L3 environment interact (somewhat outlined above in my post).

It is effectively how we run man-in-the-middle attacks on networks, BTW. It's a pretty powerful abuse of the simple L2/L3 interaction ruleset. It's kinda scary how easy it is to run a man-in-the-middle without being "in the middle" if you are in the L2 environment.

Hence, NAC and the disappearance of the trusted network. More revenue for network security folks, I guess. Hey! That's our company! Cool!

Click me if you are a network guru ...

huggy59

Active Member

electron

Administrator

wuench

Senior Member

deranged

Active Member

huggy59

Active Member

wuench

Senior Member

gregoryx

Active Member

Similar threads