I’m using Proxy ARP on port ether9 in my RB2011UiAS-RM to workaround a problem with Virtual Machines in motion between our two offices. Each office have their own subnet (10.1.0.0/16 and 10.2.0.0/16).
When a VM is moved from Office1 to Office2 (and versa-vice), the VM continues working without changing network settings. All “off site” traffic passess through ether9.
I manage this manually, by setting static routes in both routers.
In Office1’s router I set:
ip route add distance=1 dst-address=<vm_ip_address>/32 gateway=ether9
and in the Office2’s router set:
ip route add distance=1 dst-address=<vm_ip_address>/32 gateway=<Office1_router_ip>
It works 100%, no pain. but… this is affecting local machines.
When some client machine tries to access any other computer in the same subnet, the router simply takes the place of the computer, delivering his MAC Address to client computer, causing a total mess in their ARP Table.
D4:CA:6D:0A:AC:97 is the ether9 MAC Address from Office1’s router.
In the image, all address in the ARP table from 10.1.5.5 to 10.1.5.11 does not exist in my network. I simply ping-ed these address to demonstrate the error.
The ping response was
Reply from <ip_address>: TTL expired in transit.
The router should not deliver his MAC address to the client ONLY IF it knows the way?
If you add an IP number / mask from the subnet to the interfaces connected to those subnets it should then stop proxying requests within those subnet ranges (on the interfaces which are members of the subnets).
I can’t tell from your description if that will also affect your “solution”.
I don’t know your complete config but proxy-arp does not respond to ARP requests on (say) Ether X if those ARP requests are for addresses in the range A.B.C.D/Y and RouterOS itself has an address in that range on Ether X unless RouterOS also has the requested address on another interface (e.g. a loopback). If it hears ARP requests for IP numbers outside the A.B.C.D/Y range on Ether X then it will respond in order to provide a default route for clients on Ether X assuming it has been configured as such.
Proxy-arp has a few good uses but can often cause confusion and misery beyond those.
Since the router knows that the target address (172.16.2.3) is on another subnet but it can reach Host D, it replies with its own MAC address to Host A.
Right! But what if the router DOES NOT know the route to that address? It still says “It’s me. Take my MAC address”
This is giving me some headaches, because when we poweroff some computers here, when it turns back it says “Conflicting IP address”
