A Proxy Arp Example - D-Link NetDefendOS User Manual

Setting Up Proxy ARP
Setting up proxy ARP is done by specifying the option for a route in a routing table. Suppose
there is a network that is divided into two parts called net_1 and net_2.
The network net_1 is connected to the interface if1 and the network net_2 is connected to the
interface if2. In NetDefendOS there will be a route configured that says net_1 can be found on if1.
This might be called route_1.
For route_1 it is possible to specify the option that this network should be proxy ARPed on
interface if2. Now any ARP request issued by a net_2 host connected to if2 looking for an IP
address in net_1 will get a positive response from NetDefendOS. In other words, NetDefendOS
will pretend that the net_1 address is found on if2 and will forward data traffic to net_1.
In the same way, net_2 could be published on the interface if1 so that there is a mirroring of
routes and ARP proxy publishing.
Route #
1
2
In this way there is complete separation of the sub-networks but the hosts are unaware of this.
The routes are a pair which are a mirror image of each other but there is no requirement that
proxy ARP is used in a pairing like this.
Keep in mind that if the host has an ARP request for an IP address outside of the local network
then this will be sent to the gateway configured for that host. The entire example is illustrated
below.
Transparent Mode as an Alternative
Transparent Mode is an alternative and preferred way of splitting Ethernet networks. Setup is
simpler than using proxy ARP since only the appropriate switch routes need to be defined. Using
switch routes is fully explained in Section 4.8, "Transparent Mode".
Proxy ARP depends on static routing where the location of networks on interfaces are known
and usually fixed. Transparent mode is more suited to networks whose interface location can
change.
Network
net_1
net_2
Figure 4.4. A Proxy ARP Example
303
Interface
if1
if2
Chapter 4: Routing
Proxy ARP Published
if2
if1