Hi!
Im trying to configure proxy arp for subscribers on MX80.
DHCP client got address 100.64.36.198/16. When it try to ping any host in net 100.64.0.0/16, juniper reply to all arp requests, but it has not any other routes or clients in this net.
It should not reply to ARP, except for the client`s default gateway.
Part of dynamic profile for DHCP clients.
show dynamic-profiles DProf-dhcp-ds
routing-instances {
"$junos-routing-instance" {
interface "$junos-interface-name";
}
}
interfaces {
demux0 {
description DHCP;
unit "$junos-interface-unit" {
actual-transit-statistics;
no-traps;
proxy-arp unrestricted;
demux-options {
underlying-interface "$junos-underlying-interface";
}
family inet {
demux-source {
$junos-subscriber-ip-address;
}
unnumbered-address "$junos-loopback-interface" preferred-source-address "$junos-preferred-source-address";
}
family inet6 {
demux-source {
"$junos-subscriber-ipv6-address";
}
unnumbered-address "$junos-loopback-interface";
show route 100.64.0.0/16
inet.0: 778 destinations, 778 routes (778 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
100.64.0.5/32 *[Direct/0] 16:12:18
> via lo0.0
100.64.36.198/32 *[Access-internal/12] 00:04:48
Private unicast
ARP table on client`s router:
1 DC 100.64.1.104 5C:5E:AB:DE:DF:C0 eth1.150.1102
2 DC 100.64.1.102 5C:5E:AB:DE:DF:C0 eth1.150.1102
3 DC 100.64.1.101 5C:5E:AB:DE:DF:C0 eth1.150.1102
4 DC 100.64.1.103 5C:5E:AB:DE:DF:C0 eth1.150.1102
5 DC 100.64.0.5 5C:5E:AB:DE:DF:C0 eth1.150.1102
monitor traffic interface demux0.3221237913 no-resolve:
12:05:13.331136 In arp who-has 100.64.1.101 tell 100.64.36.198
12:05:13.331611 Out arp reply 100.64.1.101 is-at 5c:5e:ab:de:df:c0
12:05:15.767996 In arp who-has 100.64.1.102 tell 100.64.36.198
12:05:15.768453 Out arp reply 100.64.1.102 is-at 5c:5e:ab:de:df:c0
12:05:17.914415 In arp who-has 100.64.1.103 tell 100.64.36.198
12:05:17.914880 Out arp reply 100.64.1.103 is-at 5c:5e:ab:de:df:c0
12:05:19.822708 In arp who-has 100.64.1.104 tell 100.64.36.198
12:05:19.823172 Out arp reply 100.64.1.104 is-at 5c:5e:ab:de:df:c0
12:05:36.915172 In arp who-has 100.64.0.5 tell 100.64.36.198
12:05:36.915504 Out arp reply 100.64.0.5 is-at 5c:5e:ab:de:df:c0
12:05:36.917600 Out IP 100.64.0.5 > 100.64.36.198: ICMP echo reply, id 474, seq 0, length 36
12:05:37.912559 Out IP 100.64.0.5 > 100.64.36.198: ICMP echo reply, id 474, seq 1, length 36
Acording to documentation:
When proxy ARP is enabled, if the switch receives an ARP request for which it has a route to the target (destination) IP address, the switch responds by sending a proxy ARP reply packet containing its own MAC address
.
...
Two modes of proxy ARP are supported: restricted and unrestricted. Both modes require that the switch have an active route to the destination address of the ARP request.
I tried proxy-arp/restricted/unrestricted, and always got reply without any /32. In both dynamic-profiles(vlan for auto-configure and DHCP)
What i missed? If where are another BRAS/BGN in same vlan, it make a lot of problems. How i can turn off these replies?
Junos: 21.2R3-S5.4