IP Proxy-Arp

boshardy1 · ‎08-30-2006

I read in alot of best practices guides for Cisco IOS switching to turn off proxy-arp. In what cases would you actually need this to run on a switch and what are the net effects of turning it off?

dcissystems · ‎08-30-2006

Not sure if you have read this document. it helps explain advantages/disadvantages

http://www.cisco.com/warp/public/105/5.pdf#search=%22cisco%20proxy%20arp%22

sundar.palaniappan · ‎08-30-2006

An example would highlight the advantage/disadvantage of proxy arp.

Let's say R1 is configured with the following route.

ip route 0.0.0.0 0.0.0.0 ethernet0

R1 would arp for every unknown destination out ethernet0 interface. If proxy arp is enabled then the device(s) on that wire would respond with it's own MAC if any one them know how to route that destination. On the other hand, if proxy ARP was disabled on the responding devices then none of the device(s) would respond and the packet would get dropped.

If you are wondering why does the route point to the egress interface rather than next hop address. There may be an occassion where you mayn't know the next hop address. Another reason is when the next hop is actually unreachable R1 mightn't drop that route as the ethernet interface mayn't go down and hence, the traffic can get black holed. There is a mechanism called reliable static route that does address this problem.

I hope you can see the advantage/disadvantage of proxy ARP based on the above example. There may be other reasons for enabling/disabling proxy ARP but that has to be dealt with on a case by case basis.

HTH,

Sundar