[c-nsp] Is proxy-arp evil?

Elmar K. Bins elmi at 4ever.de
Tue Jul 29 14:40:01 EDT 2008 

Hi knowledgeable fellows,

I think I should bounce this off the people on this list before
I shoot myself in the foot...

My setup looks like this:

                                  +--- [Server]
[ISP]---| a.b.c.d/28 |--[Router]--+--- [Server]
                                  +--- [Server]

Access network to the ISP is a.b.c.d/28, transfer network between
"Router" (a WS-3750G in L3 mode) and Servers is something else (think
192.168.1.0/24) with every server having a unique address on that
transfer network (like .2, .3 and .4).

Every server also has one address from the access network, called
"service address" on a loopback/dummy and the router is configured
with static routes for that service address to each of the servers'
transfer addresses:


3750#show run | i relevant
!
interface vlan 10
 description OUTSIDE
 ip address a.b.c.+2 255.255.255.240
!
interface vlan 11
 description INSIDE
 ip address 192.168.1.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 a.b.c.+1
ip route a.b.c.+3 255.255.255.255 192.168.1.2
ip route a.b.c.+3 255.255.255.255 192.168.1.3
ip route a.b.c.+3 255.255.255.255 192.168.1.4
!
ip cef
ip cef load-sharing algorithm tunnel


This setup does work flawlessly as long as the service address is not
from the ISP transfer block. CEF does a pretty good balancing job to
the inside, the forwarding on a 3750 is not bad either.

As soon as the service address is from the transfer block, I need to
make traffic happen towards the routing system to be able to push
it further (and control the routing).

The solution I do see is to use 

interface vlan 11
 ip local-proxy-arp

on the inside interface.


In my lab environment this seems to work flawlessly, but maybe I am
overlooking an obvious alternative solution (renumbering the entire
setup and adding a transfer network is not an option in the short run).

Am I being st00pid? Is that how one is supposed to do it? Is there
a way around proxy-arp (which I frankly never liked)?

Any ideas/thoughts...
			Elmi.

-- 

"Hinken ist kein Mangel eines Vergleichs, sondern sollte als wesentliche
 Eigenschaft von Vergleichen angesehen werden."       (Marius Fränzel in desd)

--------------------------------------------------------------[ ELMI-RIPE ]---

More information about the cisco-nsp mailing list