Proxy ARP detection
niels=nanog at bakker.net
Wed Jan 15 23:47:02 UTC 2014
* clay at bloomcounty.org (Clay Fiske) [Thu 16 Jan 2014, 00:35 CET]:
>Seriously though, it’s not so simple. You only get replies if the IP
>you ARP for is in the offender’s route table (or they have a default
>route). I’ve seen different routers respond depending on which
>non-local IP was ARPed for. And while using something like 188.8.131.52
>might be an obvious choice, I don’t care to hose up everyone’s
>connectivity to it just to find local proxy ARP offenders on my
You'll never be entirely sure but obviously you're not limited to
sending only one ARP request - this isn't The Hunt For The Red October
movie. We're talking a common misconfiguration here in this thread -
or at least you were, two mails upthread.
How will checking for Proxy ARP possibly hose up anybody's
connectivity? You realise that ARP replies are unicast, right?
And that IXPs generally have dedicated servers for monitoring from
which they can source packets?
"It's amazing what people will do to get their name on the internet,
which is odd, because all you really need is a Blogspot account."
-- roy edroso, alicublog.blogspot.com
More information about the NANOG