Solved: Re: lan routing question

carl_townshend · ‎02-26-2006

If my pc is on a 10.0.0.0 class A network and I wanted to reach a 10.1.1.1 address on a class C subnet, would I need to put a route on my pc pointing to the router because my pc would look out on the lan because it thinks its already there ?

khuysmans · ‎02-27-2006

Hello Carl,

When your PC tries to reach a host in the 10.1.1.0/24 range, it will try to find that host on the LAN segment since you have configured your PC with a 10.0.0.0/8 LAN network range.

Without proxy ARP your PC will not find the host 10.1.1.10 (for example) since it simply is not there on your -local- segment.

Now, remember how your PC is asking the entire network (using ARP) "Hey, are you 10.1.1.10? If you are, tell me your MAC address". When you enable proxy-arp on a device, for example your router, that router will respond to those questions saying "Hi, I am 10.1.1.10, here is my MAC address." - Your PC can then send the traffic destined for 10.1.1.10 (layer 3) to the layer 2 address (or MAC address) provided by the router. Of course, your router isn't 10.1.1.10, but that's ok, your router is acting as a proxy for 10.1.1.10 (10.1.1.0/24). When the PC has sent the packet to the router, he will then have to deal with it. Your router will then forward the packet himself to wherever you told him to send packets for 10.1.1.10 (10.1.1.0/24) to.

In this example I took 10.1.1.10 as an example. Please understand that your router would reply with "Hey, this is me, send that traffic to me." to -all- ARP requests sent to the entire 10.1.1.0/24 network (if you have set up proxy ARP, of course).

So, yes, I would say that configuring proxy ARP would make a difference indeed.

With kind regards,

Kevin

View solution in original post

bhedlund · ‎02-26-2006

If 'proxy-arp' is enabled on the router no specific route would be necessary on the PC.

Please rate all helpful posts.

-Brad

carl_townshend · ‎02-27-2006

why would proxy arp make a difference ?

scottmac · ‎02-26-2006

Without some special settings (like proxy ARP) it wouldn't work.

Routers don't just suck up frames from the LAN and route them to some other LAN: the frame has to be addresses to it at layer 2 (MAC address).

When the stack in the PC gets the packet, it looks at the destination L3 address (the IP address) to see if it's local (on the same subnet) or remote( on another address block).

If it's local, the PC ARPs for the MAC, and the ither machine will presumably respond with the IP->MAC information. In this case, the other machine won't respond, because the ARP broadcast request wouldn't make it through the router. You'd get a "Host not found" kind of message (no response to the ARP).

If the request is decided to be remote, then the PC uses the "Default Gateway" setting and ARPs (if necessary) to get the MAC address of the Default Gateway and sends the frame there for forwarding.

For your example, the PC would never try the Default Gateway, becasue it thinks the address is on its LAN, and since it doesn't respond to the ARP, it decides that that host is not available.

Good Luck

Scott

st_kannan · ‎02-26-2006

Hi Scott,

Nice explanation.

Let me know after how many retry or time intevel the PC (as you mentioned in your post "You'd get a "Host not found" kind of message") uses "Default Gateway" settings if configured?

Regards,

Kannan.S.T.

carl_townshend · ‎02-27-2006

why would proxy arp make a difference ? what is this doing ?

khuysmans · ‎02-27-2006

Hello Carl,

When your PC tries to reach a host in the 10.1.1.0/24 range, it will try to find that host on the LAN segment since you have configured your PC with a 10.0.0.0/8 LAN network range.

Without proxy ARP your PC will not find the host 10.1.1.10 (for example) since it simply is not there on your -local- segment.

Now, remember how your PC is asking the entire network (using ARP) "Hey, are you 10.1.1.10? If you are, tell me your MAC address". When you enable proxy-arp on a device, for example your router, that router will respond to those questions saying "Hi, I am 10.1.1.10, here is my MAC address." - Your PC can then send the traffic destined for 10.1.1.10 (layer 3) to the layer 2 address (or MAC address) provided by the router. Of course, your router isn't 10.1.1.10, but that's ok, your router is acting as a proxy for 10.1.1.10 (10.1.1.0/24). When the PC has sent the packet to the router, he will then have to deal with it. Your router will then forward the packet himself to wherever you told him to send packets for 10.1.1.10 (10.1.1.0/24) to.

In this example I took 10.1.1.10 as an example. Please understand that your router would reply with "Hey, this is me, send that traffic to me." to -all- ARP requests sent to the entire 10.1.1.0/24 network (if you have set up proxy ARP, of course).

So, yes, I would say that configuring proxy ARP would make a difference indeed.

With kind regards,

Kevin

khuysmans · ‎02-27-2006

S.T. Kannan,

The PC will never resort to trying the default gateway if the host was not found on the local segment.

The PC determines that since the destination IP address is configured as being within the network range of it's local (LAN) segment, it will look for the host on there. If the host does not respond ("host not found"), the PC concludes that the host machine is simply not there and no further processing is done.

The PC will send traffic to the default gateway only when the destination IP address appears to be one that is not to be found on the local segment.

In this thread, all traffic destined for 10.0.0.0/8 will resort in the PC looking for the destination host on the local segment using ARP.

All other traffic will be sent to the default gateway, if configured, in the hopes that this default gateway knows how to deal with it so that the traffic might still reach the desired destination.

With kind regards,

Kevin

carl_townshend · ‎02-27-2006

just to add, does that mean the router will then answer all arp requests for that lan, or will it still be flooded to all devices ?

khuysmans · ‎02-27-2006

Dear Carl,

ARP requests are sent using a layer 2 broadcast, they are always flooded to all devices within the same layer 2 broadcast domain. So as far as your network is concerned, everytime your PC wants to reach something in 10.0.0.0/8 (so also when he wants to reach something in 10.1.1.0/24 since that is comprised within that network) it will flood all devices with the question "Is this you?".

(Note: it will not do this if it has recently already asked this and received a response since the PC stores the information for a limited time to prevent having to flood the network each and every time a packet needs to be sent. But do not worry about this.)

So, it will still be flooded to all devices AND the router will answer all ARP request for the part of the 10.0.0.0/8 LAN for which you have configured the Proxy ARP. In your case, you will have the router respond to ARP requests for 10.1.1.0/24 and not to ARP requests which inquire about information for other hosts. (It will also still reply to ARP requests that inquire about its own, native, interfaces (the interfaces on the router itself).)

Hope this helped.

Please rate all helpful posts.

With kind regards,

Kevin