Re: Proxy ARP

[Roy Marples <roy%marples.name@localhost>]

On 25/02/2016 14:24, Joerg Sonnenberger wrote:
> On Thu, Feb 25, 2016 at 12:57:59PM +0000, Christos Zoulas wrote:
>> In article <CAKrYomjukGiXD+COWino3rTDd_u+0o+q04aWxv_qn0GCM-GOgQ%mail.gmail.com@localhost>,
>> Ryota Ozaki  <ozaki-r%netbsd.org@localhost> wrote:
>>> Hi,
>>>
>>> I have questions about the Proxy ARP feature.
>>>
>>> arp(8) has two options: "pub" and "pub proxy".
>>> What's the different between them and what
>>> are expected behaviors of them?
>>>
>>
>> Proxy arp (rfc1027) was used decades ago to make hosts whose
>> networking stacks did not understand subnetworking and routing
>> work (in my environment those were SVR2 machine AT&T 3b{2,5,10,20}s).
> 
> I have used it much more recently for VMs and the like. If you
> configure the host machine to provide proxy ARP and use point-to-point
> links for the individual machines, you can avoid having to run a full
> blown bridge and naturally get isolation of the individual VMs without
> having further MAC filtering. The host has the correct routes to speak
> with the VMs and proxy ARP allows other machine on the outside network
> to be ignorant of the internal subnetting.
> 
> I don't think this needs proxy flags on the kernel side though.
> 
>> You can still get a copy of a proxyarpd implementation from:
>>
>> 	ftp://mirror.ucsd.edu/pub/proxyarpd-1.7.shar
> 
> Roy has one as well, it can be found in pkgsrc under net/parpd.

So there exists two implementations in userland, one of which at least
is in pkgsrc.
Could we remove this feature from arp itself and the kernel to trim it
down some? Or is the need still there?

Roy