Routing

 View Only
last person joined: 4 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

Subscriber management. Proxy Arp issue

  • 1.  Subscriber management. Proxy Arp issue

    Posted 02-21-2024 06:28
    Edited by DMYTRO VASNIEV 02-21-2024 11:51

    Hi!

    Im trying to configure proxy arp for subscribers on MX80.

    DHCP client got address 100.64.36.198/16. When it try to ping any host in net 100.64.0.0/16, juniper reply to all arp requests, but it has not any other routes or clients in this net.

    It should not reply to ARP, except for the client`s default gateway.

    Part of dynamic profile for DHCP clients.

    show dynamic-profiles DProf-dhcp-ds 
    routing-instances {
        "$junos-routing-instance" {
            interface "$junos-interface-name";
        }
    }
    interfaces {
        demux0 {
            description DHCP;
            unit "$junos-interface-unit" {
                actual-transit-statistics;
                no-traps;
                proxy-arp unrestricted;
                demux-options {
                    underlying-interface "$junos-underlying-interface";
                }
                family inet {
                    demux-source {
                        $junos-subscriber-ip-address;
                    }
                    unnumbered-address "$junos-loopback-interface" preferred-source-address "$junos-preferred-source-address";
                }
                family inet6 {
                    demux-source {
                        "$junos-subscriber-ipv6-address";
                    }
                    unnumbered-address "$junos-loopback-interface";
    

    show route 100.64.0.0/16 
    
    inet.0: 778 destinations, 778 routes (778 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    100.64.0.5/32      *[Direct/0] 16:12:18
                        >  via lo0.0
    100.64.36.198/32   *[Access-internal/12] 00:04:48
                           Private unicast
    

    ARP table on client`s router:

     1 DC 100.64.1.104    5C:5E:AB:DE:DF:C0 eth1.150.1102                                                                                                                                                                                                                          
     2 DC 100.64.1.102    5C:5E:AB:DE:DF:C0 eth1.150.1102                                                                                                                                                                                                                          
     3 DC 100.64.1.101    5C:5E:AB:DE:DF:C0 eth1.150.1102                                                                                                                                                                                                                          
     4 DC 100.64.1.103    5C:5E:AB:DE:DF:C0 eth1.150.1102                                                                                                                                                                                                                          
     5 DC 100.64.0.5      5C:5E:AB:DE:DF:C0 eth1.150.1102                        
    

    monitor traffic interface demux0.3221237913 no-resolve:

    12:05:13.331136  In arp who-has 100.64.1.101 tell 100.64.36.198
    12:05:13.331611 Out arp reply 100.64.1.101 is-at 5c:5e:ab:de:df:c0
    12:05:15.767996  In arp who-has 100.64.1.102 tell 100.64.36.198
    12:05:15.768453 Out arp reply 100.64.1.102 is-at 5c:5e:ab:de:df:c0
    12:05:17.914415  In arp who-has 100.64.1.103 tell 100.64.36.198
    12:05:17.914880 Out arp reply 100.64.1.103 is-at 5c:5e:ab:de:df:c0
    12:05:19.822708  In arp who-has 100.64.1.104 tell 100.64.36.198
    12:05:19.823172 Out arp reply 100.64.1.104 is-at 5c:5e:ab:de:df:c0
    12:05:36.915172  In arp who-has 100.64.0.5 tell 100.64.36.198
    12:05:36.915504 Out arp reply 100.64.0.5 is-at 5c:5e:ab:de:df:c0
    12:05:36.917600 Out IP 100.64.0.5 > 100.64.36.198: ICMP echo reply, id 474, seq 0, length 36
    12:05:37.912559 Out IP 100.64.0.5 > 100.64.36.198: ICMP echo reply, id 474, seq 1, length 36
    

    Acording to documentation:

    When proxy ARP is enabled, if the switch receives an ARP request for which it has a route to the target (destination) IP address, the switch responds by sending a proxy ARP reply packet containing its own MAC address

    .

    ...

    Two modes of proxy ARP are supported: restricted and unrestricted. Both modes require that the switch have an active route to the destination address of the ARP request.

    I tried proxy-arp/restricted/unrestricted, and always got reply without any /32. In both dynamic-profiles(vlan for auto-configure and DHCP)

    What i missed? If where are another BRAS/BGN in same vlan, it make a lot of problems. How i can turn off these replies?

    Junos: 21.2R3-S5.4

    --------------

    i cut out all external routes ( default gw and public /32 from other BRASses)and MX still responses to arp just because.

    It reply for ARP and send 'net unreachable' at same time

    ping 100.64.0.77
    SEQ HOST                                     SIZE TTL TIME  STATUS
    0 100.64.0.5                              56 255 1ms   net unreachable
    1 100.64.0.5                              56 255 0ms   net unreachable
    2 100.64.0.5                              56 255 0ms   net unreachable
    

    4 DC 100.64.0.77     5C:5E:AB:DE:DF:C0 eth1.150.1102
    5 DC 100.64.0.66     5C:5E:AB:DE:DF:C0 eth1.150.1102
    



    ------------------------------
    DMYTRO VASNIEV
    ------------------------------