[j-nsp] MX: Proxy ARP and ARP cache

Vincent Bernat bernat at luffy.cx
Sat Nov 19 01:19:43 EST 2016


 ❦ 15 novembre 2016 11:47 +0100, Vincent Bernat <bernat at luffy.cx> :

> For example, assume that the MX is 192.0.2.1/24 and we have two hosts,
> 192.0.2.14 and 192.0.2.15, which are connected to some interface to the
> MX. Therefore, the MX has the following entries in its cache:
>
> 06:ea:3c:00:00:62 192.0.2.14    ae0.90                   none
> 06:ea:3c:00:00:63 192.0.2.15    ae0.90                   none
>
> Then, 192.0.2.14 moves to another equipment and the MX receives a route
> to let it know how to contact it:
>
> 192.0.2.14/32      *[BGP/170] 00:11:52, localpref 100
>                       AS path: 65002 65004 I
>                     > to 198.51.0.14 via ae1.180
>
> The ARP cache entry is left intact. The MX has no problem to ping
> 192.0.2.14 from now on. It uses the route, not the ARP cache
> entry. However, on ae0.90, the MX is also configured with "proxy-arp
> unrestricted". The idea is that 192.0.2.15 should be able to contact
> 192.0.2.14. The MX should fake an ARP answer and route the traffic.
>
> However, as long as the 192.0.2.14 entry stays in the ARP cache, the MX
> won't answer the ARP request. Once the entry is expired, this works as
> expected.

Another funny behavior is the inability to delete the ARP entry. Once a
more specific route is setup, it's not possible to use "clear arp" on
the entry ("clear arp vpn public hostname 192.0.2.14"). Once the route
is removed, the entry can be deleted.
-- 
Watch out for off-by-one errors.
            - The Elements of Programming Style (Kernighan & Plauger)


More information about the juniper-nsp mailing list