Proxy ARP detection
niels=nanog at bakker.net
Thu Jan 16 16:28:34 UTC 2014
* clay at bloomcounty.org (Clay Fiske) [Thu 16 Jan 2014, 01:25 CET]:
>On Jan 15, 2014, at 4:03 PM, Niels Bakker <niels=nanog at bakker.net> wrote:
>>* clay at bloomcounty.org (Clay Fiske) [Thu 16 Jan 2014, 00:59 CET]:
>>>This is where theory diverges nicely from practice. In some
>>>cases the offender broadcast his reply, and guess what else? A
>>>lot of routers listen to unsolicited ARP replies.
>>I've never seen this. Please name vendor and product, if only so
>>other subscribers to this list can avoid doing business with them.
>This was some time ago, but the two I was able to dig up from that
>case were both Junipers. Perhaps it’s something that only happens
>when proxy ARP is enabled?
Maybe. I don't think I've ever dealt with a situation in which Proxy
ARP was enabled on a Juniper router. I've certainly not seen them
reply to a request with a broadcast, and frankly that sounds like such
a weird implementation decision that I'm going to need to see pcaps
before I believe it.
Even if this were a regular occurrence - which it evidently is not -
it's still better to trigger this when you know you're doing something
rather than have to step in later when another misconfiguration
triggers routing problems like described in an earlier mail,
renumbering into a larger subnet.
"It's amazing what people will do to get their name on the internet,
which is odd, because all you really need is a Blogspot account."
-- roy edroso, alicublog.blogspot.com
More information about the NANOG