ip local-proxy-arp

      3 Comments on ip local-proxy-arp

Recently, while trying to enable proxy arp on an interface, I noticed the presence of the sub interface command ‘ip local-proxy-arp’.  I was a little puzzled and the googling I did didn’t help me get a better understanding of the concept.  Bewildered, I turned to my favorite network forum, networking-forum.com and asked if someone could help out with an explanation…

http://www.networking-forum.com/viewtopic.php?f=33&t=35204

Vito was able to sum up the feature nicely for me.  Local proxy ARP just implies that it’s a proxy ARP that occurs on the same interface.  That is, the traffic comes in, and goes out of the same interface.  Let’s look at a quick example so you can see my point…

image

So here we have a basic private-VLAN configuration.  Router 1 is a promiscuous device that all of the machines in the isolated VLAN need to talk to.  In normal circumstances, this would work as you expect.  That is, all three servers could talk to the router, but not to each other.  However, if we turn on the ‘ip local-proxy-arp’ command on the router1’s southbound interface, things change…

router1#config t
Enter configuration commands, one per line.  End with CNTL/Z.
router1(config)#
int fa0/0

router1(config-if)#ip local-proxy-arp
router1(config-if)#end
router1#

Now, let’s try communicating from server to server…

ping 192.168.0.30

Sending 5, 100-byte ICMP Echos to 192.168.0.30, timeout is 2 seconds:
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/1/1 ms

Looking at the ARP table on the server we can now see that it has an ARP entry for one of the other isolated server (192.168.0.30) with the same layer 2 destination as that of router1. 

Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.0.10            3   0018.19f3.86fa  ARPA   FastEthernet0/0
Internet  192.168.0.30            0   0018.19f3.86fa  ARPA   FastEthernet0/0
Internet  192.168.0.20            –   0013.19d7.6990  ARPA   FastEthernet0/0

So as you can see, the local version of the proxy ARP command allows proxy ARP to work in and out of the same interface. 

Thanks Vito!

3 thoughts on “ip local-proxy-arp

  1. Ivan

    Hi,

    So in the above example i presume the link connecting the router to the switch where the three host are connected is on a promiscous port.In this case the arp request from Host A to Host B would reach the router on a promiscous port. Does the Router still do local proxy for the request received on a promiscous ports?? Or the local proxy works only on arp request received on a host ports?? You explanation would be of great help.

    Thanks,
    Ivan

    Reply
    1. Jon Langemak Post author

      I might be misunderstanding your question, but I’ll take a crack at answering it either way.

      The port on the router has to be a promiscuous port so that each host can talk to it. Enabling the local proxy ARP feature just allows proxy ARP to work on the same interface. That is, the hosts proxy ARP through the router to talk to the other hosts. This sort of breaks the private-VLAN model since your allowing hosts to talk directly to each other.

      Does that answer your question?

      Reply

Leave a Reply to Eddy B. Cancel reply

Your email address will not be published.