beautypg.com

A proxy arp example – Amer Networks E5Web GUI User Manual

Page 270

background image

impose security policies on the traffic passing between the different network parts.

A Typical Scenario

As an example of a typical proxy ARP scenario, consider a network split into two sub-networks
with a Clavister Security Gateway between the two.

Host A on one sub-network might send an ARP request to find out the MAC address for the IP
address of host B on the other sub-network. With the proxy ARP feature configured, cOS Core
responds to this ARP request instead of host B. cOS Core sends its own MAC address in reply,
pretending to be the target host. After receiving the reply, Host A then sends data directly to cOS
Core which forwards the data to host B. In the process cOS Core checks the traffic against the
configured rule sets.

Setting Up Proxy ARP

Setting up proxy ARP is done by specifying the option for a route in a routing table. Suppose
there is a network that is divided into two parts called net_1 and net_2.

The network net_1 is connected to the interface if1 and the network net_2 is connected to the
interface if2. In cOS Core there will be a route configured that says net_1 can be found on if1. This
might be called route_1.

For route_1 it is possible to specify the option that this network should be proxy ARPed on
interface if2. Now any ARP request issued by a net_2 host connected to if2 looking for an IP
address in net_1 will get a positive response from cOS Core. In other words, cOS Core will
pretend that the net_1 address is found on if2 and will forward data traffic to net_1.

In the same way, net_2 could be published on the interface if1 so that there is a mirroring of
routes and ARP proxy publishing.

Route #

Network

Interface

Proxy ARP Published

1

net_1

if1

if2

2

net_2

if2

if1

In this way there is complete separation of the sub-networks but the hosts are unaware of this.
The routes are a pair which are a mirror image of each other but there is no requirement that
proxy ARP is used in a pairing like this.

Keep in mind that if the host has an ARP request for an IP address outside of the local network
then this will be sent to the gateway configured for that host. The entire example is illustrated
below.

Chapter 4: Routing

270

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: