交换机ARP代理详解

 

交换机ARP代理详解

图表

The Host A (172.16.10.100) on Subnet A needs to send packets to Host D (172.16.20.200) on Subnet B. As shown in the diagram above, Host A has a /16 subnet mask. What this means is that Host A believes that it is directly connected to all of network 172.16.0.0. When Host A needs to communicate with any devices it believes are directly connected, it will send an ARP request to the destination. Therefore, when Host A needs to send a packet to Host D, Host A believes that Host D is directly connected, so it sends an ARP request to Host D.

这个主机A要发送数据包到主机D。图表显示主机A使用的是16位掩码。主机A相信目的网段是直接连接在172.16.0.0上的。于是主机A直接发送一个ARP请求给目的站点。

To reach Host D (172.16.20.200), Host A needs the MAC address of Host D.
Therefore, Host A broadcasts an ARP request on Subnet A, as below:

主机A 需要得到主机D的MAC地址，所以主机A广播ARP请求：

Sender's MAC Address	Sender's IP Address	Target MAC Address	Target IP Address
00-00-0c-94-36-aa	172.16.10.100	00-00-00-00-00-00	172.16.20.200

In above ARP request, Host A (172.16.10.100) is requesting that Host D (172.16.20.200) send its MAC address. The above ARP request packet is then encapsulated in an Ethernet frame with Host A's MAC address as the source address and a broadcast (FFFF.FFFF.FFFF) as the destination address. Since the ARP request is a broadcast, it reaches all the nodes in the Subnet A, including the router's e0 interface, but does not reach Host D. The broadcast will not reach Host D because routers, by default, do not forward broadcasts.

ARP请求里主机A将自己的MAC地址作为源地址 FFFF.FFFF.FFFF 做为目的地址进行广播。但是路由器的E0 口默认不支持转发广播。所以主机D不能响应这个ARP请求。

Since the router knows that the target address (172.16.20.200) is on another subnet and can reach Host D, it will reply with its own MAC address to Host A.

路由器知道主机D在其他子网，于是用自己的MAC地址来应答A

Sender's MAC Address	Sender's IP Address	Target MAC Address	Target IP Address
00-00-0c-94-36-ab	172.16.20.200	00-00-0c-94-36-aa	172.16.10.100

Above is the Proxy ARP reply that the router sends to Host A. The proxy ARP reply packet is encapsulated in an Ethernet frame with router's MAC address as the source address and Host A's MAC address as the destination address. The ARP replies are always unicast to the original requester.

路由器用自己接口的MAC地址作为源地址回复ARP应答给主机A。这个ARP应答总是利用单播来回复。

On receiving this ARP reply, Host A updates its ARP table as below:

主机A收到ARP请求后更新自己的MAC地址表

IP Address	MAC Address
172.16.20.200	00-00-0c-94-36-ab

From now on Host A will forward all the packets that it wants to reach 172.16.20.200 (Host D) to the MAC address 00-00-0c-94-36-ab (router). Since the router knows how to reach Host D, the router forwards the packet to Host D. The ARP cache on the hosts in Subnet A is populated with the MAC address of the router for all the hosts on Subnet B. Hence, all packets destined to Subnet B are sent to the router. The router forwards those packets to the hosts in Subnet B.

现在主机A如果发送数据包给主机D就将数据发送给MAC 00-00-0c-94-36-ab.由路由器转发给主机D。所以目的地址为子网B的数据都发送给路由器。子网A内所有主机ARP地址表显示去往子网B主机的MAC地址 全是路由器接口的MAC地址。这个路由器转发其他数据包到子网B。

The ARP cache of Host A is given below:

这个主机A的ARP 地址表

IP Address	MAC Address
172.16.20.200	00-00-0c-94-36-ab
172.16.20.100	00-00-0c-94-36-ab
172.16.10.99	00-00-0c-94-36-ab
172.16.10.200	00-00-0c-94-36-bb

Note: Multiple IP addresses are mapped to a single MAC address (the router's MAC address), indicating that proxy ARP is in use.

多个IP地址被映射到一个MAC地址。标志这在路由器上使用了 proxy-arp。

The Cisco router's interface should be configured to accept and respond to proxy ARP. This is enabled by default. Proxy ARP can be disabled on a per interface basis with the interface configuration command no ip proxy-arp, as shown below:

cisco 交换机应该配置为能够支持proxy arp。而且它默认是被开启的。如果需要关闭可以使用 no ip proxy-arp 在接口模式下关闭。

Router# configure terminalEnter configuration commands, one per line.  End with CNTL/Z.Router(config)# interface ethernet 0Router(config-if)# no ip proxy-arpRouter(config-if)# ^ZRouter#

To enable proxy ARP on an interface, use the ip proxy-arp interface configuration command.

在接口上使用 ip proxy-arp 命令启用 proxy-arp