3 Replies Latest reply: Nov 8, 2018 4:39 AM by Juergen Ilse CCNA R&S RSS

    RARP, PROXY ARP AND GRATUITOUS ARP

    Shakir

      Hi


      1. what is RARP (reverse arp) and where we use it?

      2. what is proxy arp and where and why we use this arp?

      3. what is gratuitous arp and in which conditions we use this arp?



        • 1. Re: RARP, PROXY ARP AND GRATUITOUS ARP
          Juergen Ilse CCNA R&S

          Shakir schrieb:

           

          1. what is RARP (reverse arp) and where we use it?

          ARP is usually used to determine the L2 address belonging to an L3 address (with ethernet the MAC address of a machine holding an ip address). But it is also possible to detect the L3 address belonging to a L2 address (to detect an ip address belonging to a specific MAC address). It was used with booting via network to detect the ip address, which should be used as source address for loading a boot image via TFTP. Nowadays, BOOTP/DHCP is usually used instead.

          2. what is proxy arp and where and why we use this arp?

          Proxy ARP is something like "sending ARP answer for other hosts". Proxy arp is enabled on Cisco Routers by default. So if a Cisco router receives an arp request for an ip address, which is not diirectly connected to the interface where the arp request is received and if the router knows a route to that ip address, it will answer the arp request with its own MAC address. That may be used as "poor mans alternative of routing", but sometimes it must be disabled. So is for exaample the policy of many internet exchanges, that proxy arp must be disabled on the interfaces connected to the peering lan (otherwise the switchport in the peering lan will be set to shutdown to protect the peering LAN).

          If you need additional information about proxy arp and an example, where proxy arp was the cause of an outage at an internet exchange (many years ago), feels free to ask.

          3. what is gratuitous arp and in which conditions we use this arp?

          Gratious arp is something like "an ARP answer without a previous ARP request". Technically it is an (already answered) ARP request sent from a host for its own IP address. It may be used for something like "double address detection", and usually hosts will sent such a "gratious arp" if they connect to an ethernet segment (something like "hello, i'm new here and this is my IP-adress with corresponding MAC address"). This may reduce ARP traffic in a network (because the host "introduces itself" instead of waiting that someone asks for ARP information).

          • 2. Re: RARP, PROXY ARP AND GRATUITOUS ARP
            Shakir

            very very thanks for reply
            now my concept are much clear.

             

            kindly give me more details about internet exchange outage

            • 3. Re: RARP, PROXY ARP AND GRATUITOUS ARP
              Juergen Ilse CCNA R&S

              It was many years ago, that there was an incident at DE-CIX, which was based on "proxy-arp" (on a already connected router) in combination with a wrong netmask in the configuration of a new customer and distributing routing information about the peering LAN via BGP to the whole world. Nowadays, the prefix of the peering LAN (and subnets of it) will be filtered out in BGP annoucements, it is a need to turn of proxy-arp on routers connected to the peering LAN and new customers are first connected to another LAN to check the configuration of the interface before they can connect to the productive peering LAN.

               

              But now to the story. What happened? The peering LAN had a prefix-length of /23 in that old days. The new customer connected 2 routers to the peering LAN, one in the upper /24 range of the peering LAN, the other in the lower /24 range of the peering LAN. Unfortunytely, the new customer of that IX configured the interfaces of his routers with a /24 netmask and announced that /24 network via BGP to the whole world.

              The already connected router with proxy arp turned on was not directly peering with that new customer at the IX. Now that already connected router (which had an ip address in the lower /24 range of the peering LAN) received a route for the upper /24 via BGP. Because it was a more specific route, the router used that (BGP) route for the upper /24 of the peering network and it answered ARP requests for IP addresses from that upper /24 subnet of the peering LAN!!!!

              So that router got lot of traffic destined to other machines connected to the peering LAN (because machines got the "proxy arp" answer instead or in addition to the "real ARP answer"), and the peering sessions to that other customers went down ... It was really a harmful incident at that Internet Exchange ...