ARP (Address Resolution Protocol):

1. ARP is used to resolve IP Address into MAC address.
2. Devices keep an ARP table where they store information about IP address and associated MAC address.

How ARP Works:

Let’s assume system-A wants to communicate with system-B.

As we know traffic moves from source to destination on basis of Layer 3 destination addresses, But the real transmission occurs at the layer 2 which uses a data-link address to send frames to a destination.

System-A will check ARP table to find the MAC address of System-B.

1. IF destination is available then it will use that MAC address for communication.
2. If a destination is not available then System-A will a send the broadcast packet to N/W using ARP request asking who is owning IP address (10.0.111.2). Whoever owns requested IP address will reply with unicast ARP Reply that says I own requested IP and this includes the MAC address which can receive the packet from system-B (10.0.111.2).

Let’s have look at ARP Request and Reply capture.

Here we have to notice that ARP is Link layer protocol. An ARP frame doesn’t have IP Layer means IP header. An ARP frame carries IP address as Data but the frame is a data link layer frame only means ARP frame will be switched based on source and destination MAC address not based on Source/Destination IP.

ARP Packet Format:

Hardware type (2bytes): This field specifies the network protocol type.

Protocol Type (2bytes): This field specifies the internetwork protocol for which the ARP request is intended. For IPv4, this has the value 0x0800.

Hardware Address Length (1byte): Length (in octets) of a hardware address. Ethernet addresses size is 6.

Protocol Address Length (1byte): Length (in octets) of addresses used in the upper layer protocol. IPv4 address size is 4.

Operation (2bytes): Specifies the operation that the sender is performing [1 ARP Request, 2 ARP response, 3 RARP Request, 4 RARP Response, etc]

Sender Hardware Address: MAC address or Physical address of the sender.

Sender Protocol address: The address of the device sending this message.

Target Hardware Address: The hardware (layer two) address of the device this message is being sent. This field is set to all zero in ARP requests operation.

Gratuitous ARP:

Gratuitous ARP is a sort of “advance notification“, a basically device is populating everyone ARP cache and Layer 2 forwarding table means the device is letting everyone know this is my IP address and MAC address so if you want to send anything to me then there is no need to send ARP Request.

G-ARP uses own address as Source and destination. please see packet capture.

Gratuitous ARPs are useful for four reasons:

1. G-ARP can help detect IP conflicts. When a machine receives an ARP request containing a source IP that matches its own, than it knows there is an IP conflict.
2. G-ARP might be used to advertise a new DATA link identifier. This is useful when a device receives a G-ARP for an IP address that is already in its ARP cache, Cache will be updated with sender’s New address. Generally, this comes when we move an IP from one NIC to another, or from one machine to another.
3. G-ARP can be used to update MAC address tables on switches that a MAC address is now on a different port. This plays important role when HSRP Active goes down and standby router becomes active therefore virtual MAC address needs to be updated on a different or new port.
4. Every time an IP interface or link goes up, the driver for that interface will typically send a gratuitous ARP to preload the ARP tables of all other local hosts. Thus, a gratuitous ARP will tell us that that host just has had a link up event, such as a link bounce, a machine just being rebooted or the user on that host just configuring the interface up.

If we see multiple gratuitous ARPs from the same host frequently, it can be an indication of bad Ethernet hardware/cabling resulting in frequent link bounces.

Proxy ARP

Proxy ARP is a technique in which device (generally router) answer ARP requests intended for another machine. Means we can understand Proxy-ARP is the function of answering ARP requests for destinations which is not on the local segment or N/W.

Proxy ARP enables router makes local host believe that router is the owner of that IP address and localhost will forward traffic to the router and router will be responsible to route packet to the real destination.

Where will use proxy ARP? 
Proxy ARP is used on the network where IP hosts are not configured with a default gateway.

Can Disabling Proxy ARP create Problem where it is enabled?

Before going to answer, i would like to tell you one incident where we were upgrading our distribution layer switch from 6k to 7k. We upgraded successfully and checked everything is working fine from routing and switching prospective. But we came with weird issue where someone from storage team is claiming that after upgrade his storage devices are not working.

Reason was subnet mask, configured subnet mask was incorrect at storage devices then question came how it was working before?

When we dig little into it than we came to know on 6k proxy arp was enabled and on 7k it was disabled. So now we will come to our question disabling proxy ARP can create problem where it is enabled?

If we are disabling proxy ARP means devices which has incorrect subnet mask or don’t have default gateway configured will be out of network means not able to communicate outside world. In other view we can correct all configuration once they highlighted by respective teams but there will be outrage for those machines.

The choice is yours. If we keep it as it is then there will not be any outage and communication will continue for devices who have network misconfiguration .

The disadvantage of Proxy ARP:

1. Increase the amount of ARP on your segment. why is this?
2. If we have a default gateway configured on host, It will always refer the same MAC (Default gateway MAC) to communicate with the outside network and proxy ARP will not come into effect.
3. If we don’t have a default gateway configured on the host than it sends ARP requests for all destination IP addresses it wants to communicate (even if the destination is not within the same network as the host) expecting a proxy ARP enabled device will reply to its request. If it receives a reply from a proxy ARP enabled router, host keeps the mapping in its ARP table. So host has to keep an IP to MAC mapping in its ARP table for all the destinations it communicates with.
4. Security can be undermined. How?

A machine can claim to be another in order to intercept packets, an act called “spoofing.”

With normal ARP process, this is also possible.

How does Proxy ARP?

Let’s have look using below topology:

In topology we have to notice one host is not configured with a default gateway and one host is configured with incorrect but still we are able to send traffic from LAN1 to LAN2. Why?because Proxy ARP is enabled.If proxy ARP is disabled then it will not work.

The Host-A (10.0.10.2) on LAN1 needs to send packets to Host-B (10.0.20.2) on LAN2.

As shown in the diagram, Host-A has a /8 subnet mask. This means Host-A believes that it is directly connected to 10.0.0.0/8.

When Host-A needs to communicate with any devices in 10.0.0.0/8 network it believes that it’s directly connected so sends an ARP request to the destination, not for the default gateway.

Therefore, when Host-A needs to send a packet to Host-B(10.0.20.2), Host-A believes that Host-B is directly connected in LAN1, so it sends an ARP request to Host-B. In order to reach Host-B(10.0.20.2), Host-A needs the MAC address of Host-B.

In this ARP request, Host-A(10.0.10.2) requests that Host-B (10.0.20.2) send its MAC address. The ARP request packet is then encapsulated in an Ethernet frame with the MAC address of Host-A as the source address and a broadcast (FFFF.FFFF.FFFF) as the destination address.

Since the ARP request is a broadcast, it reaches all the nodes in the LAN1 subnet, which includes the fa0/0 interface of the router, but does not reach Host-B as the broadcast is not forward by router. Since the router knows that the destination (10.0.20.2) is on another subnet and can reach Host-B, it replies with its own MAC address to Host-A. This is the Proxy ARP reply that the router sends to Host-A.Host-A forward all packets that it want to send to 10.0.20.2 to the MAC address of router’s fa0/0.

If proxy arp is disabled at router’s fa0/0 interface then traffic will not be forwarded.

Proxy ARP can be disabled or enabled globally or on per-interface basis using below command.

• no ip proxy-arp {under interface}
• ip arp proxy disable {at global configuration mode}