Proxy ARP detection

Niels Bakker niels=nanog at
Thu Jan 16 16:28:34 UTC 2014

* clay at (Clay Fiske) [Thu 16 Jan 2014, 01:25 CET]:
>On Jan 15, 2014, at 4:03 PM, Niels Bakker <niels=nanog at> wrote:
>>* clay at (Clay Fiske) [Thu 16 Jan 2014, 00:59 CET]:
>>>This is where theory diverges nicely from practice. In some 
>>>cases the offender broadcast his reply, and guess what else? A 
>>>lot of routers listen to unsolicited ARP replies.
>>I've never seen this.  Please name vendor and product, if only so 
>>other subscribers to this list can avoid doing business with them.
>This was some time ago, but the two I was able to dig up from that 
>case were both Junipers. Perhaps it’s something that only happens 
>when proxy ARP is enabled?

Maybe.  I don't think I've ever dealt with a situation in which Proxy 
ARP was enabled on a Juniper router.  I've certainly not seen them 
reply to a request with a broadcast, and frankly that sounds like such 
a weird implementation decision that I'm going to need to see pcaps 
before I believe it.

Even if this were a regular occurrence - which it evidently is not - 
it's still better to trigger this when you know you're doing something 
rather than have to step in later when another misconfiguration 
triggers routing problems like described in an earlier mail, 
renumbering into a larger subnet.

	-- Niels.

"It's amazing what people will do to get their name on the internet, 
  which is odd, because all you really need is a Blogspot account."
			-- roy edroso,

More information about the NANOG mailing list