Proxy
Proxy ARP is a technique that allow a server on a given network answers the Address Resolution Protocol (ARP) queries for an IP address that is not on that network.
Test ARP Proxy Same Interface
Description
In this scenario, proxy ARP replies are sent back to the
same interface from which the ARP request/solicitation
was received (eth0). This is done to support
features like RFC#3069, where the individual ports are
NOT allowed to communicate with each other, but they are
allowed to talk to the upstream router.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.10/24 set interfaces ethernet eth0 ip arp pvlan-proxy set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.20/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.10 from DUT1:
admin@DUT1$ ping 192.168.100.10 count 1 size 56 timeout 1Show output
PING 192.168.100.10 (192.168.100.10) 56(84) bytes of data. 64 bytes from 192.168.100.10: icmp_seq=1 ttl=64 time=0.298 ms --- 192.168.100.10 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.298/0.298/0.298/0.000 ms
Step 4: Send arp ping from DUT1 to IP address 192.168.100.30:
admin@DUT1$ arping 192.168.100.30 interface eth0 timeout 5 count 1Show output
ARPING 192.168.100.30 from 192.168.100.20 eth0 Unicast reply from 192.168.100.30 [DE:AD:BE:EF:6C:00] 312.599ms Sent 1 probes (1 broadcast(s)) Received 1 response(s)
Test ARP Proxy Other Interface
Description
In this scenario, proxy ARP replies (using
eth0 interface) for addresses in a different
network (eth1 in this case).
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.10/24 set interfaces ethernet eth0 ip arp proxy set interfaces ethernet eth1 address 192.168.200.10/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.20/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.10 from DUT1:
admin@DUT1$ ping 192.168.100.10 count 1 size 56 timeout 1Show output
PING 192.168.100.10 (192.168.100.10) 56(84) bytes of data. 64 bytes from 192.168.100.10: icmp_seq=1 ttl=64 time=0.329 ms --- 192.168.100.10 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.329/0.329/0.329/0.000 ms
Step 4: Send arp ping from DUT1 to IP address 192.168.200.30:
admin@DUT1$ arping 192.168.200.30 interface eth0 timeout 5 count 1Show output
ARPING 192.168.200.30 from 192.168.100.20 eth0 Unicast reply from 192.168.200.30 [DE:AD:BE:EF:6C:00] 800.927ms Sent 1 probes (1 broadcast(s)) Received 1 response(s)