Proxy ARP is an often overlooked IP service that can be really useful if applied correctly. Proxy ARP allows a routed interface to reply to ARP requests that it normally shouldn’t reply to. For instance, let’s take a look at this topology…
Let’s say that we need all three servers on the bottom of the diagram to be able to talk to the backup server on the top. Normally we’d do this just by letting the server route through the MLS but let’s think outside the box for a minute. Let’s say that you have a bunch of windows servers that need to have a second NIC strictly for backing themselves up. Since an end host can’t have multiple default gateways, how would you get this second NIC to talk to a host on a different network? Proxy ARP can help!
Note that all of the servers have a /16 mask. That being said, when they try and talk to the backup server they think that it’s on the same local subnet. This is the key to proxy ARP working correctly. The hosts need to think that the destination they are talking to is on the local subnet. Without proxy ARP, this obviously won’t work. But if we turn it on, we’ll see the switch reply to the servers ARP request with it’s own MAC…
Switch#show int vlan 10
Vlan10 is up, line protocol is up
Hardware is EtherSVI, address is 000d.2818.af42 (bia 000d.2818.af42)
Internet address is 10.254.0.1/24
The ARP table on one of the servers…
Internet 10.254.10.50 2 000d.2818.af42
Pretty easy concept, but pretty powerful as well.