[j-nsp] MX: Proxy ARP and ARP cache

Vincent Bernat bernat at luffy.cx
Tue Nov 15 05:47:53 EST 2016 

Hey!

I am in the process of migrating from one setup to another and I need
the MX to proxy some ARP requests in the process. I can't use "proxy-arp
unrestricted" as it would attract far too much traffic, so I am trying
to stick with "proxy-arp restricted".

The documentation says:

 The router or switch responds to ARP requests in which the physical
 networks of the source and target are different and does not respond if
 the source and target IP addresses are in the same subnet. The router
 or switch must also have a route to the target IP address.

This totally matches my case. However, I have noticed that when there is
an entry for the target IP in the ARP cache, there is no answer. This is
quite inconvenient for me.

For example, assume that the MX is 192.0.2.1/24 and we have two hosts,
192.0.2.14 and 192.0.2.15, which are connected to some interface to the
MX. Therefore, the MX has the following entries in its cache:

06:ea:3c:00:00:62 192.0.2.14    ae0.90                   none
06:ea:3c:00:00:63 192.0.2.15    ae0.90                   none

Then, 192.0.2.14 moves to another equipment and the MX receives a route
to let it know how to contact it:

192.0.2.14/32      *[BGP/170] 00:11:52, localpref 100
                      AS path: 65002 65004 I
                    > to 198.51.0.14 via ae1.180

The ARP cache entry is left intact. The MX has no problem to ping
192.0.2.14 from now on. It uses the route, not the ARP cache
entry. However, on ae0.90, the MX is also configured with "proxy-arp
unrestricted". The idea is that 192.0.2.15 should be able to contact
192.0.2.14. The MX should fake an ARP answer and route the traffic.

However, as long as the 192.0.2.14 entry stays in the ARP cache, the MX
won't answer the ARP request. Once the entry is expired, this works as
expected.

The JTAC has been unhelpful on this case as they consider that something
that never worked is out of their scope.

Any tip on how to make this kind of setup works would be helpful.

Thanks!
-- 
One of the most striking differences between a cat and a lie is that a cat has
only nine lives.
		-- Mark Twain, "Pudd'nhead Wilson's Calendar"

More information about the juniper-nsp mailing list