[168239] in North American Network Operators' Group
Re: Proxy ARP detection (was re: best practice for advertising peering
daemon@ATHENA.MIT.EDU (ML)
Wed Jan 15 23:49:44 2014
Date: Wed, 15 Jan 2014 23:49:15 -0500
From: ML <ml@kenweb.org>
To: nanog@nanog.org
In-Reply-To: <AF5AC7C2-F705-4E23-BF69-F89C569F17F7@bloomcounty.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 1/15/2014 6:31 PM, Clay Fiske wrote:
> Yes, yes, I expected a smug reply like this. I just didn’t expect it to take so long.
>
> But how can I detect proxy ARP when detecting proxy ARP was patented in 1996?
>
> http://www.google.com/patents/US5708654
>
>
> Seriously though, it’s not so simple. You only get replies if the IP you ARP for is in the offender’s route table (or they have a default route). I’ve seen different routers respond depending on which non-local IP was ARPed for. And while using something like 8.8.8.8 might be an obvious choice, I don’t care to hose up everyone’s connectivity to it just to find local proxy ARP offenders on my network.
>
> -c
>
Shouldn't ARP inspection be a common feature?
