Interface used as gateway instead of next hop IP@

Answered Question
Feb 2nd, 2009
User Badges:

If on a router is defined a static route using as gateway one of its interfaces instead of next hop IP@, then my understanding is that Proxy ARP is mandatory to be enabled on the remote router connected to that interface, otherwise that remote router won't reply to ARP Request sent by this router.

Am I right?

Ex: if on router R1 I define a static route as follows:

ip route 1.1.1.0 255.255.255.0 fastethernet 1/0


then on router R2 connected to that interface proxy arp is mandatory to be enabled.

Correct Answer by Giuseppe Larosa about 8 years 1 month ago

Hello Badalam,

your understanding is correct when you specifiy an outgoing interface of type ethernet for a default static route your router is relying on the willingness of another device to answer to arbitrary ARP requests (on proxy-arp indeed)


I saw this in a customer network: some c7200 were acting as L2TP terminators of access services and they had

ip route 0.0.0.0 0.0.0.0 fas0/0


after a security assessment the ip proxy-arp was disabled on the router they were connected to and as a result of this service stopped to work.

fixing the static routes using ip address as next hop solved the issue.


on a windows pc if you specify the ip address of the PC itself as its default gateway it will rely on proxy-arp as a router with a default static route that specifies the interface.


There is another thread where high cpu and memory usage is caused by this type of default static route.


Hope to help

Giuseppe



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Tshi M Mon, 02/02/2009 - 04:31
User Badges:
  • Silver, 250 points or more

I am not quite sure that is the case because I have my Internet edge router setup to use the router serial interface as the gateway without knowing what how the ISP setup their router.


regards,

Mohamed Sobair Mon, 02/02/2009 - 04:35
User Badges:
  • Gold, 750 points or more


Hi,


This is not true. Proxy Arp is a feature eleminates you from setting a gateway. Instead of sending broadcast request to a specified GW, the Interface which enabled for Proxy Arp is always going to broadcast its mac-address as a GW.


whenever you set the Inerface as Nexthop, the router is going to consult its Arp table to find the nexthop address to forward the packet via the specified Interface.



HTH

Mohamed

Mohamed Sobair Mon, 02/02/2009 - 04:37
User Badges:
  • Gold, 750 points or more

One Point:


Its though recommended to set the next hop IP address instead of the physical Interface.


HTH

Mohamed

mahmoodmkl Mon, 02/02/2009 - 04:39
User Badges:
  • Gold, 750 points or more

Hi


My understanding for specifying the interface as the next hop for a route is that the router will arp for every destination through that interface.


Thanks

Mahmood

badalam_nt Mon, 02/02/2009 - 05:10
User Badges:

To all:

1) My question was referring to Ethernet connection between the routers, not for serial links etc, as I implied ARP in discussion.


If I set the interface name instead of next hop IP@, whenever it has to route a packet towards a subnet for which it has that static route defined with interface as gateway, the router will first send on that interface an ARP Request for finding out the MAC@ corresponding to destination IP@, IP@ which is from another subnet.

And if the remote router does not have proxy ARP enabled, then nobody will answer to that ARP Request.


So I still don't understand how it could work without Proxy ARP to be enabled on the remote router.


2) Additionally I don't see how we could have the Proxy ARP used in cases without gateways defined.

If a Windows PC is defined without gateway IP@ then the PC will not send anything out its NIC when the destination IP@ is from another subnet.

Could you tell me please what equipment (ex: PC with Linux, router type X etc) could still send ARP messages when no gateway is defined on them ?

Correct Answer
Giuseppe Larosa Mon, 02/02/2009 - 05:53
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Badalam,

your understanding is correct when you specifiy an outgoing interface of type ethernet for a default static route your router is relying on the willingness of another device to answer to arbitrary ARP requests (on proxy-arp indeed)


I saw this in a customer network: some c7200 were acting as L2TP terminators of access services and they had

ip route 0.0.0.0 0.0.0.0 fas0/0


after a security assessment the ip proxy-arp was disabled on the router they were connected to and as a result of this service stopped to work.

fixing the static routes using ip address as next hop solved the issue.


on a windows pc if you specify the ip address of the PC itself as its default gateway it will rely on proxy-arp as a router with a default static route that specifies the interface.


There is another thread where high cpu and memory usage is caused by this type of default static route.


Hope to help

Giuseppe



badalam_nt Mon, 02/02/2009 - 07:37
User Badges:

Giuslar, could you tell me please if my understanding is correct also for the following:

1) for Ethernet connections, if the gateway is always set as next hop IP@, then Proxy ARP feature, even if enabled, will actually never be used.

2) THE ONLY uses of Proxy ARP are:

2a)during a transitory period, when splitting a large broadcast domain into several different subnets, so when going from instance from /24 prefix to /26 prefix. Once all equipments/hosts are migrated to the new prefix, Proxy ARP won't be used anymore.

2b) when gateway is defined as interface name, instead of next hop IP@

2c) ???

Giuseppe Larosa Mon, 02/02/2009 - 07:52
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Badalam,


1) yes, only one ARP request is done for the next-hop address. So proxy-arp in not used


2)proxy-arp can be used in transitions or in scenarios where multiple routers connecting to different networks are connected to the same client vlan.

In this case or an ICMP redirect is sent by default gateway to a PC trying to reach an ip address for whom there is a better gateway or you can used proxy-arp.


The original use of proxy-arp was to provide ip connectivity to old unix hosts that were not capable of subnetting: the only way to provide them network services is to answer for all their ARP requests for the whole major network.

Cisco implementation of proxy-arp has gone a step further and a Cisco router answers (if proxy-arp is enabled) to requests for networks also behind the major network of the interface where the ARP request is received.


Hope to help

Giuseppe


Actions

This Discussion