Proxy ARP detection

Niels Bakker niels=nanog at
Wed Jan 15 23:47:02 UTC 2014

* clay at (Clay Fiske) [Thu 16 Jan 2014, 00:35 CET]:
>Seriously though, it’s not so simple. You only get replies if the IP 
>you ARP for is in the offender’s route table (or they have a default 
>route). I’ve seen different routers respond depending on which 
>non-local IP was ARPed for. And while using something like 
>might be an obvious choice, I don’t care to hose up everyone’s 
>connectivity to it just to find local proxy ARP offenders on my 

You'll never be entirely sure but obviously you're not limited to 
sending only one ARP request - this isn't The Hunt For The Red October 
movie.  We're talking a common misconfiguration here in this thread - 
or at least you were, two mails upthread.

How will checking for Proxy ARP possibly hose up anybody's 
connectivity?  You realise that ARP replies are unicast, right?  
And that IXPs generally have dedicated servers for monitoring from 
which they can source packets?

	-- Niels.

"It's amazing what people will do to get their name on the internet, 
  which is odd, because all you really need is a Blogspot account."
			-- roy edroso,

More information about the NANOG mailing list