Re: Proxy ARP

To: Jan Danielsson <jan.m.danielsson%gmail.com@localhost>
Subject: Re: Proxy ARP
From: Robert Elz <kre%munnari.OZ.AU@localhost>
Date: Wed, 07 Aug 2019 07:39:31 +0700

    Date:        Tue, 6 Aug 2019 16:17:01 +0200
    From:        Jan Danielsson <jan.m.danielsson%gmail.com@localhost>
    Message-ID:  <f05ed9b2-62af-d4a4-ef87-07e31c521442%gmail.com@localhost>

  |     arp(8) seems to support this using the "pub" keyword.  But what does 
  | the "proxy" keyword do?

The difference between the two is that in one case, the ARP reply
gives the host's own MAC address as being associated with the IP
address - packets for the destination will be forwarded to the host
that is answering, which is then responsible for forwarding them
elsewhere.   This is generally used when an apparent (to IP) single
link is actually several different physical links (different broadcast
domains).  In the other case, the ARP reply uses some other host's
MAC address in the reply, so that packets for the destination will
be forwarded to it - it is (was) mostly used in the early days of
ARP when not all hosts supported that new protocol, and a host that
did use ARP was attempting to communicate with one which did not.

  |     Also, does ARP in any way associate the port/interface it receives a 
  | reply on with the port/interface it expects to reach the host on?

It certainly should.   The IP layer routes outgoing packets to a
particular interface - then ARP is used (by the interface driver
at least in the model, if not always in practice any more) to determine
the destination MAC address for the packet - the request is broadcast,
and the reply must come back on that same interface.

This is important, as the same IP address can be owned by different
hosts on different links (think link local addresses as an example)
and on each interface the "same" IP address will be associated with
a different MAC address.

  |     Will S (running NetBSD) send the "who/where is 10.0.0.X?" ARP 
  | request on wm0 or will it subnet mask match and only send it on wm1?

If routing says to use wm1, then wm1 is where the ARP request goes.

  |     My assumption is that there needs to be a Proxy ARP *before* the 
  | data diode on wm1 (i.e. it can't use wm0 for this), but it would be neat 
  | if that isn't the case.

Your assumption is right.

kre

Follow-Ups:
- Re: Proxy ARP
  - From: Andy Ruhl

References:
- Proxy ARP
  - From: Jan Danielsson

Prev by Date: Re: Proxy ARP
Next by Date: Re: Proxy ARP
Previous by Thread: Re: Proxy ARP
Next by Thread: Re: Proxy ARP
Indexes:

Home | Main Index | Thread Index | Old Index