How Does Proxy ARP Work?
Proxy ARP 是如何工作的?
Below is an example of how proxy ARP works:
下面這個例子說明了Proxy ARP 是如何工作的
Network Diagram
圖表
The Host A (172.16.10.100) on Subnet A needs to send packets to Host D (172.16.20.200) on Subnet B. As shown in the diagram above, Host A has a /16 subnet mask. What this means is that Host A believes that it is directly connected to all of network 172.16.0.0.
When Host A needs to communicate with any devices it believes are directly connected, it will send an ARP request to the destination. Therefore, when Host A needs to send a packet to Host D, Host A believes that Host D is directly connected, so it sends an
ARP request to Host D.
這個主機A要發送數據包到主機D。圖表顯示主機A使用的是16位掩碼。(注意這一點!)主機A相信目的網段是直接連接在172.16.0.0上的。於是主機A直接發送一個ARP請求給目的站點。
To reach Host D (172.16.20.200), Host A needs the MAC address of Host D.
Therefore, Host A broadcasts an ARP request on Subnet A, as below:
主機A 需要得到主機D的MAC地址,所以主機A廣播ARP請求:
|
Sender's MAC Address
|
Sender's IP Address
|
Target MAC Address
|
Target IP Address
|
|---|---|---|---|
|
00-00-0c-94-36-aa
|
172.16.10.100
|
00-00-00-00-00-00
|
172.16.20.200
|
In above ARP request, Host A (172.16.10.100) is requesting that Host D (172.16.20.200) send its MAC address. The above ARP request packet is then encapsulated in an Ethernet frame with Host A's MAC address as the source address and a broadcast (FFFF.FFFF.FFFF)
as the destination address. Since the ARP request is a broadcast, it reaches all the nodes in the Subnet A, including the router's e0 interface, but does not reach Host D. The broadcast will not reach Host D because routers, by default, do not forward broadcasts.
ARP請求裏主機A將自己的MAC地址作爲源地址 FFFF.FFFF.FFFF 做爲目的地址進行廣播。但是路由器的E0 口默認不支持轉發廣播。所以主機D不能響應這個ARP請求。
Since the router knows that the target address (172.16.20.200) is on another subnet and can reach Host D, it will reply with its own MAC address to Host A.
路由器知道主機D在其他子網,於是用自己的MAC地址來應答A
|
Sender's MAC Address
|
Sender's IP Address
|
Target MAC Address
|
Target IP Address
|
|---|---|---|---|
|
00-00-0c-94-36-ab
|
172.16.20.200
|
00-00-0c-94-36-aa
|
172.16.10.100
|
Above is the Proxy ARP reply that the router sends to Host A. The proxy ARP reply packet is encapsulated in an Ethernet frame with router's MAC address as the source address and Host A's MAC address as the destination address. The ARP replies are always
unicast to the original requester.
路由器用自己接口的MAC地址作爲源地址回覆ARP應答給主機A。這個ARP應答總是利用單播來回復。
On receiving this ARP reply, Host A updates its ARP table as below:
主機A收到ARP請求後更新自己的MAC地址表
|
IP Address
|
MAC Address
|
|---|---|
|
172.16.20.200
|
00-00-0c-94-36-ab
|
From now on Host A will forward all the packets that it wants to reach 172.16.20.200 (Host D) to the MAC address 00-00-0c-94-36-ab (router). Since the router knows how to reach Host D, the router forwards the packet to Host D. The ARP cache on the hosts
in Subnet A is populated with the MAC address of the router for all the hosts on Subnet B. Hence, all packets destined to Subnet B are sent to the router. The router forwards those packets to the hosts in Subnet B.
現在主機A如果發送數據包給主機D就將數據發送給MAC 00-00-0c-94-36-ab.由路由器轉發給主機D。所以目的地址爲子網B的數據都發送給路由器。子網A內所有主機ARP地址表顯示去往子網B主機的MAC地址全是路由器接口的MAC地址。這個路由器轉發其他數據包到子網B。
The ARP cache of Host A is given below:
這個主機A的ARP 地址表
|
IP Address
|
MAC Address
|
|---|---|
|
172.16.20.200
|
00-00-0c-94-36-ab
|
|
172.16.20.100
|
00-00-0c-94-36-ab
|
|
172.16.10.99
|
00-00-0c-94-36-ab
|
|
172.16.10.200
|
00-00-0c-94-36-bb
|
Note: Multiple IP addresses are mapped to a single MAC address (the router's MAC address), indicating that proxy ARP is in use.
多個IP地址被映射到一個MAC地址。標誌這在路由器上使用了 proxy-arp。(查看主機的arp表就清楚)
The Cisco router's interface should be configured to accept and respond to proxy ARP. This is enabled by default. Proxy ARP can be disabled on a per interface basis with the interface configuration commandno ip proxy-arp, as shown below:
cisco 交換機應該配置爲能夠支持proxy arp。而且它默認是被開啓的。如果需要關閉可以使用 no ip proxy-arp 在接口模式下關閉。
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# interface ethernet 0
Router(config-if)# no ip proxy-arp
Router(config-if)# ^Z
Router#
To enable proxy ARP on an interface, use the ip proxy-arp interface configuration command.
在接口上使用 ip proxy-arp 命令啓用 proxy-arp
爲什麼要用代理ARP呢?這是因爲網絡中的主機是不允許設置多個默認網關的。如果某個默認網關出現問題,使用代理ARP可以自動幫助那些在某個子網中的主機,在不重新配置路由甚至默認網關的情況下,發送數據到遠程主機。
使用代理ARP的一個優點是,可以在網絡中單獨地增加一臺路由器而不擾亂同在一個網絡上的其他路由器的路由組成。
使用代理ARP一個嚴重缺點是:會明顯增加網絡分段中的傳輸業務量,並且網絡中的主機也將會保存比正常時大許多的ARP表。(這點我們在上面翻譯中已經可以看到,主機還保存了其他子網的主機的mac地址)