I've got a weird situation that I can't figure out. I have a 2611 with 2 ethernet interfaces. e0/0 is facing my access network via an RFC1483 bridged DSL service. e1/1 is facing my LAN. When I look at the arp table on the 2611, I see thousands of arp entries in the table and through further investigation, the router is putting every destination into the arp table with the MAC address of the far end of this DSL connection (a 7206VXR acting as the DSL concentrator).
I have no idea what's causing this or how to fix it. I updated the code on the 2611 to 12.2.11T8 and the problem persisted.
Anyone have any ideas?
Solved! Go to Solution.
Very interesting hypothesis. It was infact configured for e0/0. I reconfigured it to be the next-hop and I will see if this helps.
Question: Why does it matter? Are there notes on this anywhere? I'd like to understand why it makes a difference between one and the other.
I'm confused by it myself but tried it in my lab and it does work that way. Normally it would not arp for something not on the attached network but since the default was pointed to a broadcast interface there isnt much else it can do.
This happens because for every packet out the interface, the router sends an ARP request when the routing table directs the packet to the interface instead of the next hop. Of course, the DSL device on the LAN responds with its own MAC address. This is the nature of sending a packet out an ethernet interface - basically ARP for everything. Without a specific next-hop, the router doesn't know to do anything else.
When the routing table directs the packets to a specific gateway on the connected network, the router will only ARP for that device (and this should happen very seldom since there is likely to be continuous traffic sent to that network, so the ARP entry will not age out very often) and send ethernet frames, carrying the IP packet, directly to that gateway.
I hope this clears things up.
Weird indeed. First thoughts:
- sniff the e0/0 interface to see what happens (who is sending arp requests, who is replying)
- debug arp on the local router and/or the 7206 (whatch out for impact on router load)
- check if perhaps "ip proxy-arp" is configured on the 7206 interface to you
Please keep us posted, it's an interesting problem :)
PS: I see the problem has already been solved. never mind :)
Well it an interesting problem, but it goes via the way ip routing works.
Case 1. Device tries to reach another device it believes is directly connected.
In this case the device does an arp broadcast to get the device mac address. The IP packet destined to the device is then sent with the ip address and the mac address of the destined device
Case 2. Device tries to reach another device it believes is not directly connected.
The router in this case does an arp broadcast for the gateway or next hop device. It then creates the ip packet with the MAc address of the next hop device with the ip address of the destined device.
In your scenario, when a route is set on a router to point to an interface, it believes that the network is directly connected. It therefore does an arp broadcast for every host the route applies to. The default behaviour of cisco router is to do proxy arp for known routes. Hence, the 7206 replies with its MAC address, and the 2611 truly believes that its the mac address of the device. If arp proxy is disabled on the 7206, your routing will not work anymore. The behaviour is the reason why next hop address is often preferred to interface addresses.