proxy arp 代理ARP

思科官网上是这么介绍它的,Proxy ARP is the technique in which one host, usually a router, answers ARP requests intended for another machine. By "faking" its identity, the router accepts responsibility for routing packets to the "real" destination. Proxy ARP can help machines on a subnet reach remote subnets without the need to configure routing or a default gateway.大概意思就是代理ARP可以帮助一个网段上的机器不通过配置路由或者网关就能访问另一个网段的机器。

接下来用实验来证明一下。拓扑如下

proxy arp_ARP

R1:e0/0 12.1.1.1/24 

R2:e0/0 12.1.1.2/24 e0/1 23.1.1.2/24 

R3:e0/1 23.1.1.3

配置完上面的基础配置后,我们将R1模拟成一台PC

R1(config)#no ip routing

R2(config)#ip arp proxy 全局开启代理ARP功能

R3(config)#ip route 12.1.1.0 255.255.255.0 23.1.1.2 R3上开启回包的静态路由

首先在R1上面开启debug arp

然后在R1上ping 23.1.1.3  查看现象

ping通

*Mar  1 00:07:58.587: IP ARP: creating incomplete entry for IP address: 23.1.1.3 interface Ethernet0/0

*Mar  1 00:07:58.591: IP ARP: sent req src 12.1.1.1 cc00.13ac.0000,

                 dst 23.1.1.3 0000.0000.0000 Ethernet0/0

*Mar  1 00:07:58.623: IP ARP: rcvd rep src 23.1.1.3 cc01.13ac.0000, dst 12.1.1.1 Ethernet0/0

Internet  12.1.1.2                -   cc01.13ac.0000  ARPA   Ethernet0/0

虽然回应的地址是23.1.1.3 但是MAC地址却是R2的e0/0的MAC地址。这正好证明了代理ARP的功能,R2做了回好人,让R1认为自己就是R3。这就是代理ARP的原理