CCIE: Blueprint Practice Configs – IP Services
IP Services
ARP:
ARP is the process of resolving unknown L2 (MAC) information FROM known L3 (IP) information. Inverse ARP is learning unknown L3 (IP) information from known L2 (DLCI) information.
Proxy ARP, as defined in RFC 1027, was implemented to enable devices that are separated into physical network segments connected by a router in the same IP network or subnetwork to resolve the IP-to-MAC addresses. When devices are not in the same data link layer network but in the same IP network, they try to transmit data to each other as if they are on the local network. However, the router that separates the devices will not send a broadcast message because routers do not pass hardware-layer broadcasts. The addresses cannot be resolved.
Proxy ARP is enabled by default so the “proxy router” that resides between the local networks will respond with its MAC address as if it is the router to which the broadcast is addressed. When the sending device receives the MAC address of the proxy router, it sends the datagram to the proxy router that in turns sends the datagram to the designated device.
Proxy ARP is invoked by the following conditions:
- The target IP address is not on the same physical network (LAN) on which the request is received.
- The networking device has one or more routes to the target IP address.
- All of the routes to the target IP address go through interfaces other than the one on which the request is received.
When proxy ARP is disabled, a device will respond to ARP requests received on its interface only if the target IP address is the same as its IP address, or the target IP address in the ARP request has a statically configured ARP alias.
Sample Proxy ARP Configuration:
interface fa0/0
ip proxy-arp (no ip proxy-arp to disable)
ip local-proxy-arp
The local proxy ARP feature allows the Multilayer Switching Feature Card (MSFC) to respond to ARP requests for IP addresses within a subnet where normally no routing is required. With the local proxy ARP feature enabled, the MSFC responds to all ARP requests for IP addresses within the subnet and forwards all traffic between hosts in the subnet. Use this feature only on subnets where hosts are intentionally prevented (isolated/pVLAN) from communicating directly to the switch on which they are connected.
Before the local proxy ARP feature can be used, the IP proxy ARP feature must be enabled. The IP proxy ARP feature is enabled by default.
Internet Control Message Protocol (ICMP) redirects are disabled on interfaces where the local proxy ARP feature is enabled.
HSRP:
Preemption is recommend for deterministic behavior.
Use groups that relate to VLAN ID or IP addressing scheme.
HSRP vV1: Virtual MAC address is 0000:0c07:ac XX where XX = the group ID.
For example group 146 would be 0000:0c07:ac92
HEX to DEC 142 = 92 or Binary 1001 0010
HSRP version 2 is designed to address the following issues relative to HSRP version 1:
•Previously, millisecond timer values are not advertised or learned. HSRP version 2 advertises and learns millisecond timer values. This change ensures stability of the HSRP groups in all cases.
•Group numbers are restricted to the range from 0 to 255. HSRP version 2 expands the group number range from 0 to 4095.
•HSRP version 2 provides improved management and troubleshooting. With HSRP version 1, there is no method to identify from HSRP active hello messages which physical router sent the message because the source MAC address is the HSRP virtual MAC address. The HSRP version 2 packet format includes a 6-byte identifier field that is used to uniquely identify the sender of the message. Typically, this field is populated with the interface MAC address.
•The multicast address 224.0.0.2 is used to send HSRP hello messages. This address can conflict with Cisco Group Management Protocol (CGMP) leave processing.
Version 1 is the default version of HSRP.
HSRP version 2 permits an expanded group number range, 0 to 4095, and consequently uses a new MAC address range 0000.0C9F.F000 to 0000.0C9F.FFFF. The increased group number range does not imply that an interface can, or should, support that many HSRP groups. The expanded group number range was changed to allow the group number to match the VLAN number on subinterfaces.
One thought on “CCIE: Blueprint Practice Configs – IP Services”
“ICMP redirects are disabled where local proxy-ARP is enabled” is true for all cisco IOS routers? If so, are there any workarounds to somehow allow local proxy-ARP to pull in the packets then route back out the same interface to another router which does not have local proxy-ARP enabled?
Comments are closed.