Most technicians learn about the process of mapping an IP address to a Mac address. This process, known as arp, is a layer 2 process that allows the Internet Protocol to function over Ethernet. What isn’t always well known and understood is a process called proxy ARP. Although Proxy ARP is often enabled by default on routers, it’s use is typically unintentional.
Before we get into exactly what proxy ARP is, we should probably describe what it isn’t. First, it doesn’t relay ARP requests to a remote network. It also doesn’t allow a router to route an ARP request. Proxy ARP, on the other hand, DOES permit a router’s response to arp requests for IP addresses that match routes in its routing table.
The most common use case of a proxy Arp request is a misconfigured subnet mask on a given host. Additionally, some hosts with very simply IP stacks may function by depending on the proxy Arp process. IOS based routers respond to proxy Arp requests by default. The result is that the host sends the traffic to the gateway by forwarding traffic to the appropriate Mac address.
On the surface, this seems fine. However, there are many legitimate reasons why we shouldn’t use this feature. A typical concern is that it is often identified as a security issue. By sending arp requests it can be determined what routes exist in the routing table.
Another concern is that active hosts may build a huge arp table. For me, the primary issue is that things may not be working how we expect them to and depending on proxy arp could cause unpredictable results.
Now that we know what proxy Arp is and why using it is discouraged, we can look at the operation of proxy Arp and see what can happen when it is disabled.