Understanding Proxy ARP on EX Series Switches
You can configure proxy Address Resolution Protocol (ARP) on your Juniper Networks EX Series Ethernet switch to enable the switch to respond to ARP queries for network addresses by offering its own Ethernet media access control (MAC) address. With proxy ARP enabled, the switch captures and routes traffic to the intended destination.
Proxy ARP is useful in situations where hosts are on different physical networks and you do not want to use subnet masking. Because ARP broadcasts are not propagated between hosts on different physical networks, hosts will not receive a response to their ARP request if the destination is on a different subnet. Enabling the switch to act as an ARP proxy allows the hosts to transparently communicate with each other through the switch. Proxy ARP can help hosts on a subnet reach remote subnets without configuring routing or a default gateway.
What Is ARP?
Ethernet LANs use ARP to map Ethernet media access control (MAC) addresses to IP addresses. The switch maintains this mapping in a cache that it consults when forwarding packets to network devices. If the ARP cache does not contain an entry for the destination device, the host (which is the DHCP client) broadcasts an ARP request for that device's address and stores the response in the cache.
Unrestricted Proxy ARP Overview
If you enable proxy ARP on an EX Series switch, the default mode is unrestricted, which is the only mode supported, and it applies globally to all interfaces on the switch. This includes routed VLAN interfaces (RVIs). The switch responds to any ARP request as long as the switch has an active route to the destination address. The switch provides its own MAC address in the ARP response, thereby acting as a proxy for the destination host. The switch forwards subsequent messages from the requesting host to the appropriate destination host.
Because proxy ARP applies to all the interfaces on the switch, all hosts attached to the switch receive the switch’s MAC address in response to their ARP requests and all hosts transmit subsequent messages to the switch’s MAC address. The switch routes subsequent messages from the hosts to the appropriate destination addresses.
If you do not enable proxy ARP, the switch responds to an ARP request only if the IP address of the destination device is configured on the switch.
Why Disable Gratuitous ARP Requests?
If you enable proxy ARP, we recommend that you disable the switch’s interfaces from responding to gratuitous ARP requests.
If you enable proxy ARP and do not disable gratuitous ARP requests, the switch responds to all ARP requests, including gratuitous ARP requests. When the switch receives a gratuitous ARP request, the switch might interpret it as an indication of an IP conflict.
You do not need to disable gratuitous ARP replies. (Updating of the ARP cache for replies received in response to gratuitous ARP requests is disabled by default on all Ethernet interfaces.)
Gratuitous ARP is a type of ARP message in which the host broadcasts an ARP request or reply for its own MAC address:
- Gratuitous ARP request—An ARP request packet in which the source and destination IP addresses are both set to the IP address of the device issuing the packet and the destination MAC address is the broadcast address.
- Gratuitous ARP reply—An ARP reply sent in the absence of an ARP request.
Some common usages of gratuitous ARP messages are to:
- Resolve IP conflict issues—When a device receives an ARP request with a source IP address that matches its own IP address, it detects an IP conflict and sends an alert by broadcasting a gratuitous ARP message.
- Update hardware changes—When a device receives a gratuitous ARP reply, it updates its ARP cache, replacing the old MAC address with the new MAC address.
- Notify local hosts of a link up event—When an IP interface or link goes up, the interface typically sends a gratuitous ARP reply to preload the ARP tables of other local hosts. In this case, the gratuitous ARP message indicates that the host has just had a link up event, such as a machine being rebooted. Multiple gratuitous ARP replies from the same host might indicate a problem.