Proxy ARP

You can configure Proxy Address Resolution Protocol (ARP) to enable a switch to respond to ARP queries for network addresses by offering its own Ethernet media access control (MAC) address. With proxy ARP enabled, the switch captures and routes traffic to the intended destination. Before getting into details of proxy ARP, we shall start with ARP. A basic, which all network engineer should know.

ARP operates at Layer 2 in the OSI model. Protocol support is implemented in the device drivers of network operating systems. Internet RFC 826 documents technical details of the protocol including its packet format and the workings of request and response messages. ARP works on modern Ethernet and Wi-Fi networks as follows:

1. Network adapters are produced with a physical address embedded in the hardware called the Media Access Control (MAC) address. Manufacturers take care to ensure these 6-byte (48-bit) addresses are unique, as IP relies on these unique identifiers for message delivery.
2. When any device wishes to send data to another target device, it must first determine the MAC address of that target given its IP address These IP-to-MAC address mappings are derived from an ARP cache maintained on each device.
3. If the given IP address does not appear in a device's cache, that device cannot direct messages to that target until it obtains a new mapping. To do this, the initiating device first sends an ARP request broadcast message on the local subnet.  Below is an example of an ARP Request packet. As you may see, the ARP Request packet will contain the Source IP & MAC (Senders IP & MAC) as well as the Destination IP (Target IP). The Target Mac Address is what the PC needs to know to complete the frame to be able to transmit the packet.
4. If the Sender PC is connected to a Switch, as the switch receives the ARP Request, it will check the Sender Mac Address & see if it already have an entry in it’s MAC Address Table. If it does, it will simply broadcast the packet to all the ports except the ports from which the packet arrived. If it does not have an entry in it’s MAC Table with the sender MAC Address, it will add an entry to it’s MAC Address Table with the Sender Mac Address along with the ingress Interface the packet arrived from and the will broadcast the frame.
5. All host in the network will receive the ARP request. All the host who do not have it’s IP as the destination IP as mention in the Arp Request will discard the packet. The host with the given IP address will send an ARP reply as a unicast, allowing the initiating device to update its cache and proceed to deliver messages directly to the target.
6. Once the PC receives the ARP Replies, it will have the Destination Mac Address & will then be able to communicate with the Destination PC.

Proxy ARP works differently. Proxy ARP is useful in situations where hosts are on different physical networks and you do not want to use subnet masking. Because ARP broadcasts are not propagated between hosts on different physical networks, hosts will not receive a response to their ARP request if the destination is on a different subnet. Enabling the switch to act as an ARP proxy allows the hosts to transparently communicate with each other through the switch. Proxy ARP can help hosts on a subnet reach remote subnets without your having to configure routing or a default gateway.

Assuming that a router has an ARP entry of some IP address, if he receives an ARP request from somebody for that IP, the router will respond with its own MAC address. Proxy ARP is fairly simple technique for nodes to get MAC address of a destination host that is on a different subnet but on the same router. Same router different interface.

If we have in the network one edge router that is our way out from the local LAN network. That router has Proxy ARP enabled by default. When it receives an ARP request on his interface for a client that is not actually from that local network it will try to be helpful and it will search his routing table if that network is locally connected on some other local interface. If he finds it, it will respond with his own MAC address to tell the source that he is the way to go towards that host.