Proxy ARP detection (was re: best practice for advertising peering fabric routes)
ml at kenweb.org
Thu Jan 16 04:49:15 UTC 2014
On 1/15/2014 6:31 PM, Clay Fiske wrote:
> Yes, yes, I expected a smug reply like this. I just didn’t expect it to take so long.
> But how can I detect proxy ARP when detecting proxy ARP was patented in 1996?
> Seriously though, it’s not so simple. You only get replies if the IP you ARP for is in the offender’s route table (or they have a default route). I’ve seen different routers respond depending on which non-local IP was ARPed for. And while using something like 22.214.171.124 might be an obvious choice, I don’t care to hose up everyone’s connectivity to it just to find local proxy ARP offenders on my network.
Shouldn't ARP inspection be a common feature?
More information about the NANOG