next up previous contents
Next: Route NAT status Up: ip-cref Previous: Source address selection   Contents


Proxy ARP/NDISC

Routers may answer ARP/NDISC solicitations on behalf of other hosts. In Linux-2.2 proxy ARP on an interface may be enabled by setting the kernel sysctl variable /proc/sys/net/ipv4/conf/<dev>/proxy_arp to 1. After this, the router starts to answer ARP requests on the interface <dev>, provided the route to the requested destination does not go back via the same device.

The variable /proc/sys/net/ipv4/conf/all/proxy_arp enables proxy ARP on all the IP devices.

However, this approach fails in the case of IPv6 because the router must join the solicited node multicast address to listen for the corresponding NDISC queries. It means that proxy NDISC is possible only on a per destination basis.

Logically, proxy ARP/NDISC is not a kernel task. It can easily be implemented in user space. However, similar functionality was present in BSD kernels and in Linux-2.0, so we have to preserve it at least to the extent that is standardized in BSD. 1cm NB. Linux-2.0 ARP had a feature called subnet proxy ARP. It is replaced with the sysctl flag in Linux-2.2.

The ip utility provides a way to manage proxy ARP/NDISC with the ip neigh command, namely:

  ip neigh add proxy ADDRESS [ dev NAME ]
adds a new proxy ARP/NDISC record and
  ip neigh del proxy ADDRESS [ dev NAME ]
deletes it.

If the name of the device is not given, the router will answer solicitations for address ADDRESS on all devices, otherwise it will only serve the device NAME. Even if the proxy entry is created with ip neigh, the router will not answer a query if the route to the destination goes back via the interface from which the solicitation was received.

It is important to emphasize that proxy entries have no parameters other than these (IP/IPv6 address and optional device). Particularly, the entry does not store any link layer address. It always advertises the station address of the interface on which it sends advertisements (i.e. it's own station address).


next up previous contents
Next: Route NAT status Up: ip-cref Previous: Source address selection   Contents
Martin A. Brown 2003-03-14