An Arp Publish Ethernet Frame - D-Link NetDefendOS User Manual

The Difference Between Publish and XPublish Modes
To understand the difference between Publish and XPublish it is necessary to understand that
when NetDefendOS responds to an ARP query, there are two MAC addresses in the Ethernet
frame sent back with the ARP response:
1. The MAC address in the Ethernet frame of the Ethernet interface sending the response.
2. The MAC address in the ARP response which is contained within this frame. This is usually
the same as (1) the source MAC address in the Ethernet frame but does not have to be.
These are shown in the illustration below of an Ethernet frame containing an ARP response:
The Publish option uses the real MAC address of the sending interface for the address (1) in the
Ethernet frame.
In rare cases, some network equipment will require that both MAC addresses in the response (1
and 2 above) are the same. In this case XPublish is used since it changes both MAC addresses in
the response to be the published MAC address. In other words, XPublish "lies" about the source
address of the ARP response.
If a published MAC address is the same as the MAC address of the physical interface, it will make
no difference if Publish or XPublish is selected, the result will be the same.
ARP and Neighbor Discovery
Neighbor Discovery with IPv6 is the equivalent of ARP with IPv4. For this reason, ARP and
neighbor discovery are combined in The graphical interface to NetDefendOS uses the same
dialog to add either one. Neighbor Discovery is discussed further in Section 3.2, "IPv6 Support".
Example 3.30. Defining an ARP/Neighbor Discovery Object
This example will create a static mapping between IPv4 address 192.168.10.15 and Ethernet
Figure 3.11. An ARP Publish Ethernet Frame
225
Chapter 3: Fundamentals