no ip redirects/no ip proxy-arp in GLBP

Unanswered Question
Jon Marshall Thu, 12/06/2007 - 11:53

Hi Ali

They are not really related as such. You can run GLBP with them on or off. I usually turn off any unneeded services under the interface.


Edison Ortiz Thu, 12/06/2007 - 12:00

proxy-arp provides services for devices on that segment that do not have a default gateway. If you want to ensure the devices on that segment use the GLBP VIP address, then disabling proxy-arp will be recommended.

As for ip redirect, it has no correlation to GLBP but is a recommended security practice to disable it. If you disable ip redirect, the devices on that segment will always contact their default gateway (GLBP VIP) if more than one gateway exists on that segment.

Edison Ortiz Thu, 12/06/2007 - 12:51

If you forget to configure no ip proxy-arp under an interface, devices on that subnet with missing default gateway will be serviced by this interface.

For instance,

If you have a workstation with IP (missing its default gateway) and a switch with with proxy-arp enabled, the switch will respond to arp queries from the workstation and route to other segments on the workstation's behalf.

This behavior will cause a lot of overhead in the switch and network as you rely on ARP for routing to other segments.

By disabling proxy-arp, the switch does not route the packet and the workstation gets a request time-out if the destination resides in another subnet.


This Discussion