This section describes the 7450 ESS or 7750 SR acting as a Broadband Subscriber Aggregator (BSA).
In Triple Play networks, typically downstream broadcast is not allowed on subscriber SAPs. As a result, subscribers cannot receive ARP requests from the network. Instead, the 7450 ESS or 7750 SR responds to ARP requests from the network, with information from the DHCP lease state table.
In the upstream direction (toward the network), the ARP reply agent intercepts ARP Requests on subscriber SAPs, and checks them against the DHCP lease state table. The purpose is to prevent a malicious subscriber spoofing ARP request or ARP reply messages and therefore populating the upstream router's ARP table with incorrect entries.
When the keyword sub-ident is added in the ARP reply agent configuration, also the subscriber identity is checked. If an upstream ARP request is targeted to the same subscriber, it is dropped. Otherwise, it is flooded to all VPLS interfaces outside the received Split Horizon Group (SHG).
Static hosts can be defined on the SAP using the host command. Dynamic hosts are enabled on the system by enabling the lease-populate command in the SAP’s dhcp context. If both a static host and a dynamic host share the same IP and MAC address, the VPLS ARP reply agent retains the host information until both the static and dynamic information are removed. If both a static and dynamic host share the same IP address, but different MAC addresses, the VPLS ARP reply agent is populated with the static host information.
In brief, the ARP Replay Agent operation is as follows:
For ARP request received from a customer SAP:
first check in DHCP lease state table — if no match: discard
if (sub-ident enabled) and (destination equals the same subscriber): discard
otherwise: flood to all SAPs/SDPs outside this SHG
For ARP request received from the network:
lookup IP address in DHCP lease state table — if no match: discard
otherwise: respond with MAC address from the DHCP lease state table