Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
662
Views
20
Helpful
3
Replies

Could use some help on clarifying transit router commands

Go to solution
hfakoor222
Spotlight
Spotlight

‎06-03-2022 01:57 PM - last edited on ‎06-04-2022 01:46 AM by Community Manager

Below the transit router is given some commands I want some clarification from engineers with experience about the nuances of a couple of commands

2.png

 

 

 

TR2 is given these commands on f1/0

3.png

what is the significance of ipv6 nd (neighbor discovery) rn suppress all  - why would something like this be used in a real situation

 

 

and also 

no ip proxy-arp

what is significance of this command in a real/similar situation

Is it done for security?

 

Google says

 
But in many network there are some hosts that do ARP for remote addresses (there are several reasons why this may be the case). In this case configuring no ip proxy-arp will mean that these hosts will no longer have the same access that they had before.

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎06-03-2022 02:19 PM - edited ‎06-03-2022 02:20 PM

 

On a LAN IPv6 router advertisements will cause clients to try and use IPv6 and you may well want this for end devices but you may not want it to automatically happen for servers in a DC and you really don't need it on transit links between providers etc. so it is easier to simply disable it in that case. 

 

In terms of proxy arp it is a lot less common nowadays for clients to arp for remote IPs so it is not so much of a concern to disable it and yes it is mainly for security that you would disable it. 

 

Note though that in some instances you do need proxy arp eg. for certain configurations of NAT it is needed for the translations to work properly. 

 

Jon

View solution in original post

3 Replies 3

Go to solution
Harold Ritter
Spotlight
Spotlight

‎06-03-2022 02:15 PM - last edited on ‎06-04-2022 01:48 AM by Community Manager

Hi @hfakoor222 ,

 

what is the significance of ipv6 nd (neighbor discovery) rn suppress all

 

router advertisement (RA) is only needed on user subnets. This is why they disable it on core links.

 

> no ip proxy-arp

 

It is normally best practice to disable proxy arp.

 

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎06-03-2022 02:19 PM - edited ‎06-03-2022 02:20 PM

 

On a LAN IPv6 router advertisements will cause clients to try and use IPv6 and you may well want this for end devices but you may not want it to automatically happen for servers in a DC and you really don't need it on transit links between providers etc. so it is easier to simply disable it in that case. 

 

In terms of proxy arp it is a lot less common nowadays for clients to arp for remote IPs so it is not so much of a concern to disable it and yes it is mainly for security that you would disable it. 

 

Note though that in some instances you do need proxy arp eg. for certain configurations of NAT it is needed for the translations to work properly. 

 

Jon

Go to solution
Flavio Miranda
VIP
VIP

‎06-03-2022 02:32 PM - last edited on ‎06-04-2022 01:53 AM by Community Manager

Hi

 "ipv6 nd (neighbor discovery) rn suppress all"  suppress Router Advertisement (RA) packets from being sent .

You can read more here:

https://blog.apnic.net/2021/08/30/lets-all-suppress-router-advertisements/ 

 

no ip proxy-arp

First, it is necessary to understand

Proxy-arp.

The figure below is a good examle. With proxy arp enable, the router is able to response ARP request  from a host in the left segment to a host on the right segment. It works as a proxy between this two segment.

 

arp-media-proxy-arp-topology.png

 

Here is a very good explanation with animation.

 

https://www.practicalnetworking.net/series/arp/proxy-arp/ 

 

Resuming,

proxy-arp

is enable by default so it is a good idea use the

no ip proxy-arp

command. This can avoid security problem and also connectivity problem.

 

Customers Also Viewed These Support Documents