I have recently learned about Proxy-ARP and am slightly confused about what would happen in the following scenario. Let's say I have two host devices A (IP: 10.0.0.10/24) and B (IP: 10.0.1.10/24) that are connected to the same layer 2 switch, but exist on different subnets. The interface that the switch connects to the router with supports two addresses (1 for each subnet). As a result, we can route between two subnets that are connected to the same physical interface. What would happen? Would the router respond to A acting as a proxy for B? Would B directly respond since the switch broadcasts the ARP request? If B responds does this somehow allow for direct communication between subnets without the need for a router?
Add a comment
|
2 Answers
I have recently learned about Proxy-ARP
Please, just turn it off because it is a giant security hole.
With proxy ARP, the router will answer for an ARP request for a host on a different network.
If B responds does this somehow allow for direct communication between subnets without the need for a router?
No, the router is the proxy for the ARP request, and the host must still send the layer-2 frame to the router for the router to send the packet to the other network.
answered Feb 23, 2021 at 0:46
As a result, we can route between two subnets that are connected to the same physical interface. What would happen?
A uses the router as gateway to B's subnet and vice versa, even when they're on the same L2 segment. No proxy ARP required (nor is it useful here).
A and B require routes pointing to the router. If the router is used as default gateway anyway then that's it already. If not, it'd be easiest to add the routes on the default gateway itself.
