ip proxy-arp
2007-12-05 23:48
How Does Proxy ARP Work?Proxy ARP 是如何工作的?
Below is an example of how proxy ARP works:
下面这个例子说明了Proxy ARP 是如何工作的
Network Diagram图表
 The Host A (172.16.10.100) on Subnet A needs to send packets to Host D (172.16.20.200) on Subnet B. As shown in the diagram above, Host A has a /16 subnet mask. What this means is that Host A believes that it is directly connected to all of network 172.16.0.0. When Host A needs to communicate with any devices it believes are directly connected, it will send an ARP request to the destination. Therefore, when Host A needs to send a packet to Host D, Host A believes that Host D is directly connected, so it sends an ARP request to Host D.
这个主机A要发送数据包到主机D。图表显示主机A使用的是16位掩码。(注意这一点!)主机A相信目的网段是直接连接在172.16.0.0上的。于是主机A直接发送一个ARP请求给目的站点。
To reach Host D (172.16.20.200), Host A needs the MAC address of Host D.
Therefore, Host A broadcasts an ARP request on Subnet A, as below:
主机A 需要得到主机D的MAC地址,所以主机A广播ARP请求:
In above ARP request, Host A (172.16.10.100) is requesting that Host D (172.16.20.200) send its MAC address. The above ARP request packet is then encapsulated in an Ethernet frame with Host A's MAC address as the source address and a broadcast (FFFF.FFFF.FFFF) as the destination address. Since the ARP request is a broadcast, it reaches all the nodes in the Subnet A, including the router's e0 interface, but does not reach Host D. The broadcast will not reach Host D because routers, by default, do not forward broadcasts.
ARP请求里主机A将自己的MAC地址作为源地址 FFFF.FFFF.FFFF 做为目的地址进行广播。但是路由器的E0 口默认不支持转发广播。所以主机D不能响应这个ARP请求。
Since the router knows that the target address (172.16.20.200) is on another subnet and can reach Host D, it will reply with its own MAC address to Host A.
路由器知道主机D在其他子网,于是用自己的MAC地址来应答A
Above is the Proxy ARP reply that the router sends to Host A. The proxy ARP reply packet is encapsulated in an Ethernet frame with router's MAC address as the source address and Host A's MAC address as the destination address. The ARP replies are always unicast to the original requester.
路由器用自己接口的MAC地址作为源地址回复ARP应答给主机A。这个ARP应答总是利用单播来回复。
On receiving this ARP reply, Host A updates its ARP table as below:
主机A收到ARP请求后更新自己的MAC地址表
From now on Host A will forward all the packets that it wants to reach 172.16.20.200 (Host D) to the MAC address 00-00-0c-94-36-ab (router). Since the router knows how to reach Host D, the router forwards the packet to Host D. The ARP cache on the hosts in Subnet A is populated with the MAC address of the router for all the hosts on Subnet B. Hence, all packets destined to Subnet B are sent to the router. The router forwards those packets to the hosts in Subnet B.
现在主机A如果发送数据包给主机D就将数据发送给MAC 00-00-0c-94-36-ab.由路由器转发给主机D。所以目的地址为子网B的数据都发送给路由器。子网A内所有主机ARP地址表显示去往子网B主机的MAC地址全是路由器接口的MAC地址。这个路由器转发其他数据包到子网B。
The ARP cache of Host A is given below:
这个主机A的ARP 地址表
Note: Multiple IP addresses are mapped to a single MAC address (the router's MAC address), indicating that proxy ARP is in use.
多个IP地址被映射到一个MAC地址。标志这在路由器上使用了 proxy-arp。(查看主机的arp表就清楚)
The Cisco router's interface should be configured to accept and respond to proxy ARP. This is enabled by default. Proxy ARP can be disabled on a per interface basis with the interface configuration command no ip proxy-arp, as shown below:
cisco 交换机应该配置为能够支持proxy arp。而且它默认是被开启的。如果需要关闭可以使用 no ip proxy-arp 在接口模式下关闭。
Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# interface ethernet 0 Router(config-if)# no ip proxy-arp Router(config-if)# ^Z Router# To enable proxy ARP on an interface, use the ip proxy-arp interface configuration command.
在接口上使用 ip proxy-arp 命令启用 proxy-arp 补充:摘自CCNA学习指南: 为什么要用代理ARP呢?这是因为网络中的主机是不允许设置多个默认网关的。如果某个默认网关出现问题,使用代理ARP可以自动帮助那些在某个子网中的主机,在不重新配置路由甚至默认网关的情况下,发送数据到远程主机。 使用代理ARP的一个优点是,可以在网络中单独地增加一台路由器而不扰乱同在一个网络上的其他路由器的路由组成。 使用代理ARP一个严重缺点是:会明显增加网络分段中的传输业务量,并且网络中的主机也将会保存比正常时大许多的ARP表。(这点我们在上面翻译中已经可以看到,主机还保存了其他子网的主机的mac地址) |
