Lets disable this feature on R2 to see if we are right. R1 puts this into its routing table and R1 is satisfied because he has a 元 to L2 mapping. Then R2 responds to that ARP-request with a reply that says “2.2.2.2 is at c201.0c38.0000 at Layer 2. R2 has a route to 2.2.2.2 as it is directly connected. Proxy-ARP takes that ARP-request and does a lookup in its FIB. On Cisco routers there is a feature called “proxy-arp” which is on per default on 元 interfaces. Sounds strange but the router sends an ARP-request for 2.2.2.2 out the network to the L2 address FF:FF:FF:FF:FF:FF. So far so good, but Ethernet is an multi-access network and there could be a lot of hosts in that /24 network who could receive that packets which would be a major security problem. Well here is what happens: R1 only knows that it shall route the packets out Fa0/0. For all other ip addresses usually routing is used. What the hell is this? The ip address of R2s loopback is in the arp table? Strange because usually in the arp cache there are only ip addresses of subnets that are directly connected. Same result as before, but lets check the ARP-table. Success rate is 80 percent (4/5), round-trip min/avg/max = 12/53/120 ms Looks a little different but thats ok because we changed the static route and our ping should succeed anyways. * directly connected, via FastEthernet0/0 Known via "static", distance 1, metric 0 (connected) R1(config)#ip route 2.2.2.2 255.255.255.255 fa0/0įor fairness we clear the arp-table of both routers and see what happens when we try to ping. Route metric is 0, traffic share count is 1 Before we do that we check the routing entry for that network. Lets now try the same ping but not with a next-hop ip address in the static route but with an interface. Protocol Address Age (min) Hardware Addr Type Interface ARP…lets check the ARP table there should be an entry carrying the mac-address that belongs to 172.16.21.2. The first packet gets lost due to the arp-request the router sends out. Success rate is 80 percent (4/5), round-trip min/avg/max = 16/61/100 ms Lets use a static route to tell R1 where to route the packets. There is no route to the destination in our FIB so the router doesnt know where to send the packet out. Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds: So first of all we will try to ping the loopback from the interface fa0/0 of R1 which should not work. Sounds easy but we will see that under some circumstances this isnt easy at all. – ping the loopback from R2 by using a static route to an interface Quite simple with two routers and R2 also has a loopback interface. Its the feature proxy arp that comes into play when you have a router running a static route not to an next-hop ip address but to an interface only. Today I will have a look to a phenomenon that some people of you might already have experienced but werent able to explain it why it works.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |