D-Link DFL-800 Product Manual - Page 158
A Proxy ARP Example, Setting Up Proxy ARP, Transparent Mode as an Alternative
UPC - 790069282133
View all D-Link DFL-800 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 158 highlights
4.2.6. Proxy ARP Chapter 4. Routing pretending to be the target host. After receiving the reply, Host A then sends data directly to NetDefendOS which forwards the data to host B. In the process NetDefendOS checks the traffic against the configured rule sets. Setting Up Proxy ARP Setting up proxy ARP is done by specifying the option for a route in a routing table. Let us suppose we have a network and it is divided into two parts which are called net_1 and net_2. The network net_1 is connected to the interface if1 and the network net_2 is connected to the interface if2. In NetDefendOS there will be a route configured that says net_1 can be found on if1. This might be called route_1. For route_1 it is possible to specify the option that this network should be proxy ARP'ed on interface if2.. Now any ARP request issued by a net_2 host connected to if2 looking for an IP address in net_1 will get a positive response from NetDefendOS. In other words, NetDefendOS will pretend that the net_1 address is found on if2 and will forward data traffic to net_1. In the same way, net_2 could be published on the interface if1 so that there is a mirroring of routes and ARP proxy publishing. Route # 1 2 Network net_1 net_2 Interface if1 if2 Proxy ARP Published if2 if1 In this way there is complete separation of the sub-networks but the hosts are unaware of this. The routes are a pair which are a mirror image of each other but there is no requirement that proxy ARP is used in a pairing like this. Keep in mind that if the host has an ARP request for an IP address outside of the local network then this will be sent to the gateway configured for that host. The entire example is illustrated below. Figure 4.4. A Proxy ARP Example Transparent Mode as an Alternative Transparent Mode is an alternative and preferred way of splitting Ethernet networks. Setup is simpler than using proxy ARP since only the appropriate switch routes need to be defined. Using switch routes is fully explained in Section 4.7, "Transparent Mode". Proxy ARP depends on static routing where the location of networks on interfaces are known and usually fixed. Transparent mode is more suited to networks whose interface location can change. 158