Community discussions

MUM Europe 2020
 
FernandoSuperGG
newbie
Topic Author
Posts: 43
Joined: Fri Sep 06, 2013 6:51 pm

Proxy ARP is catching all address. Is this expected?

Thu May 15, 2014 6:30 pm

I'm using Proxy ARP on port ether9 in my RB2011UiAS-RM to workaround a problem with Virtual Machines in motion between our two offices. Each office have their own subnet (10.1.0.0/16 and 10.2.0.0/16).
When a VM is moved from Office1 to Office2 (and versa-vice), the VM continues working without changing network settings. All "off site" traffic passess through ether9.
I manage this manually, by setting static routes in both routers.
In Office1's router I set:
ip route add distance=1 dst-address=<vm_ip_address>/32 gateway=ether9
and in the Office2's router set:
ip route add distance=1 dst-address=<vm_ip_address>/32 gateway=<Office1_router_ip>
It works 100%, no pain. but... this is affecting local machines.

When some client machine tries to access any other computer in the same subnet, the router simply takes the place of the computer, delivering his MAC Address to client computer, causing a total mess in their ARP Table.

Image

D4:CA:6D:0A:AC:97 is the ether9 MAC Address from Office1's router.

In the image, all address in the ARP table from 10.1.5.5 to 10.1.5.11 does not exist in my network. I simply ping-ed these address to demonstrate the error.
The ping response was
Reply from <ip_address>: TTL expired in transit.
The router should not deliver his MAC address to the client ONLY IF it knows the way?
 
CelticComms
Forum Guru
Forum Guru
Posts: 1766
Joined: Wed May 02, 2012 5:48 am

Re: Proxy ARP is catching all address. Is this expected?

Thu May 15, 2014 6:46 pm

If you add an IP number / mask from the subnet to the interfaces connected to those subnets it should then stop proxying requests within those subnet ranges (on the interfaces which are members of the subnets).

I can't tell from your description if that will also affect your "solution".
Interlynx | Networking and Information Security Consultants & Trainers | Email: routerlynx@gmail.com
BGP | EIGRP | OSPF | MPLS | Firewall | VPN | IPsec | Multicast | QOS | IPv4/6 | STP | VLAN | PON | AE | M2M | and more!

 
FernandoSuperGG
newbie
Topic Author
Posts: 43
Joined: Fri Sep 06, 2013 6:51 pm

Re: Proxy ARP is catching all address. Is this expected?

Thu May 15, 2014 9:23 pm

If you mean:
ip address add address=10.x.x.x/16 interface=ether9 network=10.x.0.0
Does not solve the problem.
 
CelticComms
Forum Guru
Forum Guru
Posts: 1766
Joined: Wed May 02, 2012 5:48 am

Re: Proxy ARP is catching all address. Is this expected?

Thu May 15, 2014 10:27 pm

I don't know your complete config but proxy-arp does not respond to ARP requests on (say) Ether X if those ARP requests are for addresses in the range A.B.C.D/Y and RouterOS itself has an address in that range on Ether X unless RouterOS also has the requested address on another interface (e.g. a loopback). If it hears ARP requests for IP numbers outside the A.B.C.D/Y range on Ether X then it will respond in order to provide a default route for clients on Ether X assuming it has been configured as such.

Proxy-arp has a few good uses but can often cause confusion and misery beyond those.
Interlynx | Networking and Information Security Consultants & Trainers | Email: routerlynx@gmail.com
BGP | EIGRP | OSPF | MPLS | Firewall | VPN | IPsec | Multicast | QOS | IPv4/6 | STP | VLAN | PON | AE | M2M | and more!

 
FernandoSuperGG
newbie
Topic Author
Posts: 43
Joined: Fri Sep 06, 2013 6:51 pm

Re: Proxy ARP is catching all address. Is this expected?

Fri May 16, 2014 12:43 am

hm... ok.

In wiki about ARP: http://wiki.mikrotik.com/wiki/Manual:IP/ARP#Proxy_ARP
It says:
Since the router knows that the target address (172.16.2.3) is on another subnet but it can reach Host D, it replies with its own MAC address to Host A.
Right! But what if the router DOES NOT know the route to that address? It still says "It's me. Take my MAC address"
This is giving me some headaches, because when we poweroff some computers here, when it turns back it says "Conflicting IP address"

oh man..
 
CelticComms
Forum Guru
Forum Guru
Posts: 1766
Joined: Wed May 02, 2012 5:48 am

Re: Proxy ARP is catching all address. Is this expected?

Fri May 16, 2014 12:53 am

Does your router not have a default route set? If it does it thinks it knows the route to everywhere.
Interlynx | Networking and Information Security Consultants & Trainers | Email: routerlynx@gmail.com
BGP | EIGRP | OSPF | MPLS | Firewall | VPN | IPsec | Multicast | QOS | IPv4/6 | STP | VLAN | PON | AE | M2M | and more!

 
FernandoSuperGG
newbie
Topic Author
Posts: 43
Joined: Fri Sep 06, 2013 6:51 pm

Re: Proxy ARP is catching all address. Is this expected?

Fri May 16, 2014 2:00 pm

Makes sense....

It have a route to 0.0.0.0/0 for PPPoE ADSL2.
 
FernandoSuperGG
newbie
Topic Author
Posts: 43
Joined: Fri Sep 06, 2013 6:51 pm

Re: Proxy ARP is catching all address. Is this expected?

Mon May 19, 2014 9:15 pm

I don't know your complete config but proxy-arp does not respond to ARP requests on (say) Ether X if those ARP requests are for addresses in the range A.B.C.D/Y and RouterOS itself has an address in that range on Ether X unless RouterOS also has the requested address on another interface (e.g. a loopback). If it hears ARP requests for IP numbers outside the A.B.C.D/Y range on Ether X then it will respond in order to provide a default route for clients on Ether X assuming it has been configured as such.

Proxy-arp has a few good uses but can often cause confusion and misery beyond those.
Thank you CelticComms. It worked.
 
FernandoSuperGG
newbie
Topic Author
Posts: 43
Joined: Fri Sep 06, 2013 6:51 pm

Re: Proxy ARP is catching all address. Is this expected?

Fri Jun 06, 2014 5:20 pm

Happened again, even with IP address set and without default route configured.

This only happens from time to time. Everything worked fine for 17 days until today.

Any chance of having this fixed in 6.14?

Who is online

Users browsing this forum: pwrusrcom and 48 guests