Proxy Arp - D-Link DFL-260E User Manual

4.2.6. Proxy ARP

Ping poll interval
The time in milliseconds between sending a Ping to hosts.
Default: 1000
Grace time
The length of time in seconds between startup or reconfigure and monitoring start.
Default: 30
Consecutive fails
The number of consecutive failures that occurs before a route is marked as being unavailable.
Default: 5
Consecutive success
The number of consecutive successes that must occur before a route is marked as being available.
Default: 5
Gratuitous ARP on fail
Send a gratuitous ARP on HA failover to alert hosts of the changes in interface Ethernet and IP
addresses.
Default: Enabled
4.2.6. Proxy ARP
Overview
As discussed previously in Section 3.4, "ARP", the ARP protocol facilitates a mapping between an
IP address and the MAC address of a host on an Ethernet network.
However, situations may exist where a network running Ethernet is separated into two parts with a
routing device such as a NetDefend Firewall in between. In such a case, NetDefendOS itself can
respond to ARP requests directed to the network on the other side of the NetDefend Firewall using
the feature known as Proxy ARP.
The splitting of an Ethernet network into distinct parts so that traffic between them can be controlled
is a common usage of the proxy ARP feature. NetDefendOS rule sets can then be used to impose
security policies on the traffic passing between the different network parts.
A Typical Scenario
As an example of a typical proxy ARP scenario, consider a network split into two sub-networks
with a NetDefend Firewall between the two.
Host A on one sub-network might send an ARP request to find out the MAC address for the IP
address of host B on the other sub-network. With the proxy ARP feature configured, NetDefendOS
responds to this ARP request instead of host B. NetDefendOS sends its own MAC address in reply,
162
Chapter 4. Routing