Proxy 是如何工作的?
Below is an example of how proxy ARP works:
下面这个例子说明了Proxy ARP 是如何工作的
图表
The Host A (172.16.10.100) on Subnet A needs send packets Host D (172.16.20.200) on Subnet B. As shown in
diagram above, Host A has a /16 subnet mask. What this means is that
Host A believes that it is directly connected to all of network
172.16.0.0. When Host A needs to communicate with any devices it
believes are directly connected, it will send an ARP request to
destination. Therefore, when Host A needs to send a packet to Host D,
Host A believes that Host D is directly connected, so it sends an ARP
request to Host D.
这个A要发送数据包到D。图表显示主机A使用的是16位掩码。主机A相信目的网段是直接连接在172.16.0.0上的。于是主机A直接发送一个ARP请求给目的站点。
To reach Host D (172.16.20.200), Host A needs the address of Host D.
Therefore, Host A broadcasts an ARP request on Subnet A, as below:
主机A 需要得到主机D的MAC地址,所以主机A广播ARP请求:
|
Sender's MAC Address
|
Sender's IP Address
|
Target MAC Address
|
Target IP Address
|
|
00-00-0c-94-36-aa
|
172.16.10.100
|
00-00-00-00-00-00
|
172.16.20.200
|
In above ARP request, Host A (172.16.10.100) is requesting that
Host D (172.16.20.200) send its MAC address. The above ARP request
packet is then encapsulated in an Ethernet frame with Host A's MAC
address as the source address and a broadcast (FFFF.FFFF.FFFF) as the
destination address. Since the ARP request is a broadcast, it reaches
all the nodes in the Subnet A, including the router's e0 interface, but
does not reach Host D. The broadcast will not reach Host D because
routers, by default, do not forward broadcasts.
ARP请求里主机A将自己的MAC地址作为源地址 FFFF.FFFF.FFFF 做为目的地址进行广播。但是路由器的E0 口默认不支持转发广播。所以主机D不能响应这个ARP请求。
Since the router knows that the target address (172.16.20.200) is
on another subnet and can reach Host D, it will reply with its own MAC
address to Host A.
路由器知道主机D在其他子网,于是用自己的MAC地址来应答A
|
Sender's MAC Address
|
Sender's IP Address
|
Target MAC Address
|
Target IP Address
|
|
00-00-0c-94-36-ab
|
172.16.20.200
|
00-00-0c-94-36-aa
|
172.16.10.100
|
Above is the Proxy ARP reply that the router sends to Host A. The
proxy ARP reply packet is encapsulated in an Ethernet frame with
router's MAC address as the source address and Host A's MAC address as
the destination address. The ARP replies are always unicast to the
original requester.
路由器用自己接口的MAC地址作为源地址回复ARP应答给主机A。这个ARP应答总是利用单播来回复。
On receiving this ARP reply, Host A updates its ARP table as below:
主机A收到ARP请求后更新自己的MAC地址表
|
IP Address
|
MAC Address
|
|
172.16.20.200
|
00-00-0c-94-36-ab
|
From now on Host A will forward all the packets that it wants to
reach 172.16.20.200 (Host D) to the MAC address 00-00-0c-94-36-ab
(router). Since the router knows how to reach Host D, the router
forwards the packet to Host D. The ARP cache on the hosts in Subnet A is
populated with the MAC address of the router for all the hosts on
Subnet B. Hence, all packets destined to Subnet B are sent to the
router. The router forwards those packets to the hosts in Subnet B.
现在主机A如果发送数据包给主机D就将数据发送给MAC
00-00-0c-94-36-ab.由路由器转发给主机D。所以目的地址为子网B的数据都发送给路由器。子网A内所有主机ARP地址表显示去往子网B主
机的MAC地址全是路由器接口的MAC地址。这个路由器转发其他数据包到子网B。
The ARP cache of Host A is given below:
这个主机A的ARP 地址表
|
IP Address
|
MAC Address
|
|
172.16.20.200
|
00-00-0c-94-36-ab
|
|
172.16.20.100
|
00-00-0c-94-36-ab
|
|
172.16.10.99
|
00-00-0c-94-36-ab
|
|
172.16.10.200
|
00-00-0c-94-36-bb
|
Note: Multiple IP addresses are mapped to a single MAC address (the router's MAC address), indicating that proxy ARP is in use.
多个IP地址被映射到一个MAC地址。标志这在路由器上使用了 proxy-arp。
The Cisco router's interface should be configured to accept and
respond to proxy ARP. This is enabled by default. Proxy ARP can be
disabled on a per interface basis with the interface configuration
command no ip proxy-arp, as shown below:
cisco 交换机应该配置为能够支持proxy arp。而且它默认是被开启的。如果需要关闭可以使用 no ip proxy-arp 在接口模式下关闭。
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# interface ethernet 0
Router(config-if)# no ip proxy-arp
Router(config-if)# ^Z
Router#
To enable proxy ARP on an interface, use the ip proxy-arp interface configuration command.
在接口上使用 ip proxy-arp 命令启用 proxy-arp
