[j-nsp] EX3200 proxy-arp behavior

Jeff Wheeler jsw at inconcepts.biz
Wed Jan 4 10:05:51 EST 2012


I'd like to describe proxy-arp behavior I am observing on the EX3200.
I am not sure it is really doing the right thing.  It certainly isn't
ideal for my topology.

I have an ISP who is unable or unwilling to route additional subnets
to my client via routing protocols or static routes.  They simply add
secondary interfaces to their router for everything.  I would like
nothing more than to abandon these jokers, but in the mean time...

allocation A 192.0.2.1/29 my EX3200, .7 ISP router

allocation B 203.0.113.128/25, .254 is their secondary interface, but
I split this subnet into various /30s and similar, and
203.0.113.254/31 is not utilized (so goes to default route, 192.0.2.7)

allocation C 198.51.100.96/27, .126 is their secondary interface, and
I have the whole /27 configured on one of my downstream interfaces

So my ISP uplink port looks like this:
> show configuration interfaces ge-0/0/23.0
arp-resp unrestricted;
proxy-arp unrestricted;
family inet {
    address 192.0.2.1/29 {
        primary;
        preferred;
    }
    address 198.51.100.125/30;
}

Notice the additional 198.51.100.125/30 subnet configured on my
ISP-facing interface.  This was required because the EX3200 receives
the ISP's ARP WHO-HAS from 198.51.100.126 and, without this /30
configured, it either fails to respond to them or sends them out the
wrong interface (not sure which.)  As you may imagine, the ISP also
sends me WHO-HAS sourced from 203.0.113.254, but because I do not have
a route for that, the ARP behavior is "correct" without anything
hackish, for that allocation.

Obviously the solution to this is "don't design the network stupidly"
and maybe it wouldn't operate stupidly, but I found the behavior
described above surprising.  I think the EX3200 should simply respond
to the ISP gateway's WHO-HAS based on the L2 address of the request
and ignore the "tell 198.51.100.126" entirely.  That is not what
happens.  I do not think there is a standard behavior defined since
all this proxy arp garbage is evil anyway.

Insights or comparisons with other vendors' behavior appreciated
-- 
Jeff S Wheeler <jsw at inconcepts.biz>
Sr Network Operator  /  Innovative Network Concepts



More information about the juniper-nsp mailing list