AlcatelLucent_Hor_2col_lrg

R6.1 Configuration Note

Proxy ARP

Last Updated: 2014-06-18

Version 1.0

Introduction:

Proxy ARP is a technique in which a router on a given network answers ARP requests intended for another node located on another network. The router pretends to be the target of the ARP requests by sending ARP responses that associate its own MAC address with the real (destination) node’s IP address. The router acts as a proxy and takes responsibility for routing packets to the real destination.

The 7705 SAR supports the following proxy ARP types:

· Local proxy ARP - Allows the 7705 SAR to respond to ARP requests for an IP address that belongs to a subnet assigned to the interface receiving the request.

· Remote proxy ARP - Allows the 7705 SAR to respond to ARP requests for an IP address that belongs to a subnet different from the receiving interface subnet.

In 6.1, Proxy ARP can be used under the following contexts:

· VPRN

· IES

· Base Router

Setup 1:

Prerequisites:

This Configuration Note assumes that the following base configuration has been implemented on the PEs:

- Cards, MDAs and ports configured

- Interfaces configured

Proxy ARP and NAT configuration

In this example, the 7705 SAR is going to be configured to apply SNAT to the traffic sourced from the ixia by using the “to-68” interface IP address for the NAT pool.

The 7705 SAR is already configured with the following:

1. IES service with one SAP (ID 1/1/1). The SAP is connected to (IXIA tester).

A:SARHC-66>config>service# info

----------------------------------------------

customer 1 create

description "Default customer"

exit

ies 100 customer 1 create

interface "to-ixia" create

address 192.168.1.1/24

sap 1/1/1 create

exit

no shutdown

exit

----------------------------------------------

2. OSPF and LDP are enabled.

A:SARHC-66>config>router>ospf# info

----------------------------------------------

area 0.0.0.0

interface "system"

interface-type point-to-point

exit

interface "to-68"

interface-type point-to-point

exit

interface "to-ixia"

interface-type point-to-point

exit

----------------------------------------------

A:SARHC-66>config>router>ldp# info

----------------------------------------------

interface-parameters

interface "to-68"

exit

targeted-session

exit

---------------------------------------------

Configure Security profile and policy

A:SARHC-66>config>security# info detail

----------------------------------------------

no session-high-wmark

no session-low-wmark

profile 1 create

name "DEFAULT"

description "Default Session Profile"

timeouts

tcp-syn sec 15

tcp-transitory min 4

tcp-established hrs 2 min 4

no tcp-time-wait

udp min 5

udp-initial sec 15

udp-dns sec 15

icmp-request min 1

exit

policy 1 create

no name

description "test policy"

entry 1 create

no description

match protocol udp

direction zone-inbound

src-ip 192.168.1.2 to 192.168.1.4

no src-port

no dst-ip

no dst-port

no icmp-code

no icmp-type

exit

limit

no concurrent-sessions

exit

action nat

profile 1

exit

commit

----------------------------------------------

Configure Zone

A:SARHC-66# configure router zone 10

A:SARHC-66>conf>router>zone# info

----------------------------------------------

interface to-68

exit

nat

Line Callout 2: The NAT pool IP addresses are part of the “to-68” interface subnet. pool 10 create

direction zone-inbound

entry 10 create

ip-addr 10.66.68.3 to 10.66.68.5

port 30000 to 30002

exit

policy 1

commit

----------------------------------------------

A network interface named “to-68” configured under the base router context. The interface is using port 1/1/2 to connect to the public network (another SAR-Hc box).

A:SARHC-66# configure router interface to-68

A:SARHC-66>config>router>if# info

----------------------------------------------

address 10.66.68.1/24

port 1/1/2

Line Callout 2: Although the NAT pool IP addresses belong to the same subnet defined for this interface, remote-proxy-arp is used instead of local-proxy-arp to respond to ARP requests.
The NAT pool IP addresses are logically considered to be in a different domain (remote IP addresses). remote-proxy-arp

dhcp

shutdown

exit

----------------------------------------------

Verification:

Use <show router arp> to display the router arp table.

A:SARHC-68# show router arp

===============================================================================

ARP Table (Router: Base)

===============================================================================

IP Address MAC Address Expiry Type Interface

-------------------------------------------------------------------------------

Line Callout 2: MAC Address of the interface 10.66.68.1 is being used to respond for ARP requests for 10.66.68.3, 10.66.68.4, 10.66.68.5 10.0.0.68 34:aa:99:f0:5d:6d 00h00m00s Oth system

10.66.68.1 34:aa:99:f0:39:4e 02h56m35s Dyn[I] to-66

10.66.68.2 34:aa:99:f0:5d:a8 00h00m00s Oth[I] to-66

10.66.68.3 34:aa:99:f0:39:4e 03h28m36s Dyn[I] to-66

10.66.68.4 34:aa:99:f0:39:4e 03h28m36s Dyn[I] to-66

10.66.68.5 34:aa:99:f0:39:4e 03h28m36s Dyn[I] to-66

30.30.30.1 34:aa:99:f0:5d:a7 00h00m00s Oth[I] to-ixia

30.30.30.2 00:00:00:00:00:08 02h57m03s Dyn[I] to-ixia

-------------------------------------------------------------------------------

No. of ARP Entries: 8

===============================================================================

Note:

- Proxy ARP is used to allow an interface (or a port) to respond to ARP requests instead of the real host.

- The IP addresses should be in a subnet that is directly connected; otherwise, the ARP request will not be sent.