Re: Proxy-Arp with two routers on a segment..

From: Carlos G Mendioroz (tron@huapi.ba.ar)
Date: Thu Nov 02 2006 - 13:41:10 ART

Hi,
if I understand your original request, this can be done with a
7200 feature called ARP ACL.

Basically, you have to filter R2 from "listening" to subnet 1 ARP
requests, and vice versa.

Take a look at
http://www.cisco.com/en/US/products/ps6922/products_command_reference_chapter09186a00806c09b6.html#wp1009674

-Carlos

Venkataramanaiah.R @ 31/10/2006 11:07 -0500 dixit:
> thanks for jumping in.. Your understanding is correct.
>
> However, we are building a loop free topology, where downlink for
> Subnet A must always choose R1 and for Subnet B must always choose the
> R2 path.. I cannot have the same subnet on both routers for this
> reason..!
>
> On 10/31/06, Vincent Mashburn <vmashburn@fedex.com> wrote:
>> If I understand your predicament correctly here, you have 2 routers on
>> the same physical segment, but each router is the gateway to a different
>> subnet. If this is the case, why not make each router part of both
>> subnets (via secondary addressing) and then use something like HSRP or
>> VRRP (using 2 groups) to make Router 1 the primary for subnet 1 and
>> Router 2 the primary for subnet 2? Just a thought... may be work
>> trying.
>> Thanks
>> Vince Mashburn
>> Voice / Data Engineer
>> 901-263-5072
>> CCVP, CCNP, CCDA,Network +
>> Cisco IP Telephony Support Specialist
>> Cisco IP Telephony Operations Specialist
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>> Venkataramanaiah.R
>> Sent: Tuesday, October 31, 2006 3:01 AM
>> To: Brian McGahan
>> Cc: fangbo; Fosket, William; ccielab@groupstudy.com
>> Subject: Re: Proxy-Arp with two routers on a segment..
>>
>> Brian is correct.. We tested this with Windows host and it behaves this
>> way...
>>
>> However my legacy host some trouble while generating the arp requests,
>> it always uses the first subnet IP while raising the arp request,
>> although it owns both subnets on the same NIC. So at all times, Router
>> of Subnet A is chosen.
>>
>> Regards
>> -Venkat
>>
>> On 10/31/06, Brian McGahan <bmcgahan@internetworkexpert.com> wrote:
>> > Tim,
>> >
>> > Assuming that proxy-ARP is enabled and that the host who
>> > originates the ARP request has an IP address in the same subnet of the
>> > interface that the router receives the ARP request on, then yes.
>> >
>> > Brian McGahan, CCIE #8593 (R&S/SP)
>> > bmcgahan@internetworkexpert.com
>> >
>> > Internetwork Expert, Inc.
>> > http://www.InternetworkExpert.com
>> > Toll Free: 877-224-8987 x 705
>> > Outside US: 775-826-4344 x 705
>> > 24/7 Support: http://forum.internetworkexpert.com
>> > Live Chat: http://www.internetworkexpert.com/chat/
>> >
>> >
>> > > -----Original Message-----
>> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
>> > Of
>> > > fangbo
>> > > Sent: Monday, October 30, 2006 10:33 PM
>> > > To: Brian McGahan; 'Fosket, William'; 'Venkataramanaiah.R'
>> > > Cc: ccielab@groupstudy.com
>> > > Subject: re: Proxy-Arp with two routers on a segment..
>> > >
>> > > Hi there,
>> > >
>> > > I guess the host will send arp request to broadcast( FFFFFFFFFFFF),
>> so
>> > > every
>> > > routers on same segment will get the request and send arp reply out
>> if
>> > he
>> > > know the route to destination.
>> > > Is this right?
>> > > Thanks and regards,
>> > >
>> > > tim
>> > > -----SJ<~T-<~-----
>> > > 7"<~HK: nobody@groupstudy.com [mailto:nobody@groupstudy.com] 4z1m
>> > Brian
>> > > McGahan
>> > > 7"KMJ1<d: 2006Dj10TB31HU 5:49
>> > > JU<~HK: Fosket, William; Venkataramanaiah.R
>> > > 3-KM: ccielab@groupstudy.com
>> > > VwLb: RE: Proxy-Arp with two routers on a segment..
>> > >
>> > > > If an arp request from 1.1.1.2/24 were seen by a router at
>> > 1.1.1.1/24
>> > > > and a router at 2.2.2.1/24 on the same segment, would their be any
>> > > > special configuration required to prevent 2.2.2.1 from answering?
>> > >
>> > > No extra configuration is needed. The router at 2.2.2.1/24
>> will
>> > > not respond to an ARP from 1.1.1.2 unless Local Area Mobility is
>> > > enabled.
>> > >
>> > > Brian McGahan, CCIE #8593 (R&S/SP)
>> > > bmcgahan@internetworkexpert.com
>> > >
>> > > Internetwork Expert, Inc.
>> > > http://www.InternetworkExpert.com
>> > > Toll Free: 877-224-8987 x 705
>> > > Outside US: 775-826-4344 x 705
>> > > 24/7 Support: http://forum.internetworkexpert.com
>> > > Live Chat: http://www.internetworkexpert.com/chat/
>> > >
>> > >
>> > > > -----Original Message-----
>> > > > From: Fosket, William [mailto:William.Fosket@compass.net]
>> > > > Sent: Monday, October 30, 2006 3:06 PM
>> > > > To: Brian McGahan; Venkataramanaiah.R
>> > > > Cc: ccielab@groupstudy.com
>> > > > Subject: RE: Proxy-Arp with two routers on a segment..
>> > > >
>> > > > It's more of an issue of where the request is coming from than
>> where
>> > > > they are trying to get to, I think. It is more a question about
>> how
>> > > arp
>> > > > works than how proxy arp works. Though the requests would come
>> from
>> > > the
>> > > > same segment, they'd be coming from different subnets (if I
>> > understood
>> > > > correctly).
>> > > >
>> > > > If an arp request from 1.1.1.2/24 were seen by a router at
>> > 1.1.1.1/24
>> > > > and a router at 2.2.2.1/24 on the same segment, would their be any
>> > > > special configuration required to prevent 2.2.2.1 from answering?
>> > > >
>> > > > Bill Fosket CCIE #16041
>> > > >
>> > > > -----Original Message-----
>> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
>> Behalf
>> > > Of
>> > > > Brian McGahan
>> > > > Sent: Monday, October 30, 2006 1:47 PM
>> > > > To: Venkataramanaiah.R
>> > > > Cc: ccielab@groupstudy.com
>> > > > Subject: RE: Proxy-Arp with two routers on a segment..
>> > > >
>> > > > The ARP request will always come in from a host on a directly
>> > > > connected segment. If the router has a route to the ARP's
>> > destination
>> > > > and proxy-arp is enabled on the connected link that the ARP was
>> > > received
>> > > > the router will reply with its own MAC address. The destination
>> > does
>> > > > not have to be connected, it just has to be in the routing table.
>> > > >
>> > > > Diagram out your topology and let me know exactly what you are
>> > > > trying to accomplish and I can give you a better recommendation.
>> > > >
>> > > >
>> > > > HTH,
>> > > >
>> > > > Brian McGahan, CCIE #8593 (R&S/SP)
>> > > > bmcgahan@internetworkexpert.com
>> > > >
>> > > > Internetwork Expert, Inc.
>> > > > http://www.InternetworkExpert.com
>> > > > Toll Free: 877-224-8987 x 705
>> > > > Outside US: 775-826-4344 x 705
>> > > > 24/7 Support: http://forum.internetworkexpert.com
>> > > > Live Chat: http://www.internetworkexpert.com/chat/
>> > > >
>> > > >
>> > > > > -----Original Message-----
>> > > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
>> > Behalf
>> > > > Of
>> > > > > Venkataramanaiah.R
>> > > > > Sent: Monday, October 30, 2006 10:59 AM
>> > > > > To: Brian McGahan
>> > > > > Cc: ccielab@groupstudy.com
>> > > > > Subject: Re: Proxy-Arp with two routers on a segment..
>> > > > >
>> > > > > Brian, Moreover, you suggestion will apply only if i am proxy
>> > arping
>> > > B
>> > > > > from A and vice versa.. But when i arp any other subnets, both
>> > > routers
>> > > > > will have these routers..
>> > > > >
>> > > > > In any case, i think bill's understanding with this issue is
>> > > correct.
>> > > > > Routers seem to responding only to the connect hosts. (They
>> verify
>> > > > > source addresses before responding with MAC). However, in our
>> > case,
>> > > > > our legacy hosts, which uses same NIC for both subnets, never
>> uses
>> > > > > second subnet to ask for MAC. So always R1 responds..
>> > > > >
>> > > > >
>> > > > >
>> > > > > On 10/30/06, Venkataramanaiah. R <vramanaiah@gmail.com> wrote:
>> > > > > > Brian, I like your advise, but i cannot do that, i want this
>> > > > > > intercommunication to around via both routers..
>> > > > > >
>> > > > > > It is a strange topology that we are trying to build upon
>> here,
>> > > with
>> > > > > > legacy telcom hosts. So bear with me for that ;-)
>> > > > > >
>> > > > > > thanks
>> > > > > >
>> > > > > >
>> > > > > > On 10/30/06, Brian McGahan <bmcgahan@internetworkexpert.com>
>> > > wrote:
>> > > > > > > You will only reply with proxy-arp if you have a route to
>> the
>> > > > > requested
>> > > > > > > host's subnet. Remove router 1's route to subnet 2 and
>> remove
>> > > > router
>> > > > > > > 2's route to subnet 1 and you will see the desired behavior.
>> > > > > > >
>> > > > > > >
>> > > > > > > HTH,
>> > > > > > >
>> > > > > > > Brian McGahan, CCIE #8593 (R&S/SP)
>> > > > > > > bmcgahan@internetworkexpert.com
>> > > > > > >
>> > > > > > > Internetwork Expert, Inc.
>> > > > > > > http://www.InternetworkExpert.com
>> > > > > > > Toll Free: 877-224-8987 x 705
>> > > > > > > Outside US: 775-826-4344 x 705
>> > > > > > > 24/7 Support: http://forum.internetworkexpert.com
>> > > > > > > Live Chat: http://www.internetworkexpert.com/chat/
>> > > > > > >
>> > > > > > >
>> > > > > > > > -----Original Message-----
>> > > > > > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]
>> > On
>> > > > Behalf
>> > > > > > > Of
>> > > > > > > > Venkataramanaiah.R
>> > > > > > > > Sent: Saturday, October 28, 2006 1:09 PM
>> > > > > > > > To: ccielab@groupstudy.com
>> > > > > > > > Subject: Proxy-Arp with two routers on a segment..
>> > > > > > > >
>> > > > > > > > I have a requirement where there will be two routers on
>> the
>> > > same
>> > > > > > > > segment supporting two different subnets... The segments
>> > have
>> > > > hosts
>> > > > > > > > belonging to both these subnets..
>> > > > > > > >
>> > > > > > > > I want to enforce the following..
>> > > > > > > >
>> > > > > > > > Router 1 must respond to proxy-arp request only from hosts
>> > > > belonging
>> > > > > > > > to Subnet 1.
>> > > > > > > >
>> > > > > > > > Router 2 must respond to proxy-arp request only from hosts
>> > > > belonging
>> > > > > > > > to Subnet 2.
>> > > > > > > >
>> > > > > > > > Is there a way out..? I cant think of any way to achieve
>> > > this,
>> > > > so
>> > > > > > > > thought i will ask the experts :-)
>> > > > > > > >
>> > > > > > > >
>> > > > > > > > Regards
>> > > > > > > > -Venkat
>> > > > > > > >
>> > > > > > > >
>> > > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> _______________________________________________________________________
>> > > > > > > > Subscription information may be found at:
>> > > > > > > > http://www.groupstudy.com/list/CCIELab.html
>> > > > >
>> > > > >
>> > > >
>> > >
>> >
>> _______________________________________________________________________
>> > > > > Subscription information may be found at:
>> > > > > http://www.groupstudy.com/list/CCIELab.html
>> > > >
>> > > >
>> > >
>> >
>> _______________________________________________________________________
>> > > > Subscription information may be found at:
>> > > > http://www.groupstudy.com/list/CCIELab.html
>> > >
>> > >
>> >
>> _______________________________________________________________________
>> > > Subscription information may be found at:
>> > > http://www.groupstudy.com/list/CCIELab.html
>> > >
>> > >
>> >
>> _______________________________________________________________________
>> > > Subscription information may be found at:
>> > > http://www.groupstudy.com/list/CCIELab.html
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:45 ART