Proxy arp (rfc1027) was used decades ago to make hosts whose
networking stacks did not understand subnetworking and routing
work (in my environment those were SVR2 machine AT&T 3b{2,5,10,20}s).
Typically we used to run a daemon on the gateway host that
watched for bogus arp requests (requests for addresses not in the
local broadcast domain/subnet that could not be satisfied) and
reply to them by saying that the gateway host(*) had the address
required and add this address to the arp table as a proxy entry.

I don't remember what was special about proxy arp entries, but my
guess is probably nothing; it was just a special marker to recognize
that these were added manually just for proxying.

The two plausible reasons would be:
- not to time them out (but that would not make sense
because proxyarpd did not have any timeout code, so these
would become permanent
- not to consult them for local routing decisions, but this
is not done anyway

You can still get a copy of a proxyarpd implementation from:

ftp://mirror.ucsd.edu/pub/proxyarpd-1.7.shar

christos

(*) It ended being more complicated than that for hosts with multiple
gateways. There was a "proxytab" file which said which
interfaces/ip-addresses where responsible for what subnets.


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

Besides the use case Christos mentioned, the other one is when you have
an Ethernet with a subnet, and one host you have some link to another
host that you'd like to also be addressed within the subnet. Consider
10.0.0.0/8, with a host 10.0.0.20, and another computer without an
ethernet but with a SLIP or PPP link to 10.0.0.20, that you want to be
10.0.0.21.

On 10.0.0.20, you would publish a proxy arp entry for 10.0.0.21, using
10.0.0.20's ethernet address. This would be "pub", to cause replies to
be sent to queries (normally queries are processed without looking at
the arp cache, but only your addresses, I think). And "proxy", so that
10.0.0.20 would not use it.

Sometimes this would be done for dialup hosts, especially homegrown ad
hoc to one's computer at campus.

This setup does not require a proxy arp daemon, because there are small
numbers of non-changing entries.

Besides "why don't you plug .21 into the Ethernet", the other question
is "why don't you allocate a subnet for the PPP link and run a routing
protocol", and the answer was usually "I dno't have any subnets to
allocate" or "it's too hard to make it work".

That is correct. This is another use case and pppd does this (sets SIN_PROXY)
in sys-bsd.c
Or I want to be in the same broadcast domain with my cable box
because cable providers are using that to figure out if I am
allowed to stream to my device or not.

christos


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

I don't even understand what is the proposal for removing code in
the kernel? Don't set SIN_PROXY? It does not seem like a worthwhile goal.

christos


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

Hi all,

Thank you for answering my questions!

Before replying individual mails I would like to explain some background
of my questions (I should write this in the first place obviously) and
some results of the survey by myself.

I'm working on separting nexthop caches(*). The change is likely to break
the proxy arp easily so I want to know about the feature well to not break
it and hopefully write some tests for it (I already wrote some but they're
not enough).

(*) http://wiki.netbsd.org/projects/project/nexthop_cache/

And here is what I investigated about why "pub proxy" was introduced
(I'm maybe wrong):

Originally there was only "pub" option; an added arp entry (a route)
acts like a ARP responder for a someone behind it (really?). (It has
a network route with /32 netmask.) If there is the same route entry
when a "pub" arp entry is added, the arp entry is automatically
changed into a something shadow route (SIN_PROXY avoids conflict
pre-existing one). A typical case is that there is a point-to-point
route (e.g., for ppp). The arp entry acts only a proxy for the
point-to-point destination; it doesn't provide a valid route. It worked
but at some point, the automatic change failed to work for some reason
(by some changes in the kernel?) and "pub proxy" option was added;
it forcibly sets SIN_PROXY to an arp entry (a route).

(FreeBSD and OpenBSD haven't introduced "pub proxy" option. Mac OS X
has it I guess because it was derived from NetBSD source code that
already added the option (I'm not sure though).)

In the context of separting nexthop caches, a "pub proxy" ARP entry
is easy to provide because what it should do is just to response to
ARP requests for the ARP entry. OTOH, "pub" one involves a network
route so I'm not sure how to deal with it after separting nexthop
caches because an ARP entry won't be a route anymore.

Anyway I'll reply your replies individually later,
ozaki-r

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

I understand the "proxy" case but don't understand well "pub" case well.
In the above case, a route to 10.0.0.21 should direct to the other
computer while the proxy arp entry should be on an interface where
10.0.0.20 is assigned, to reply ARP requests for 10.0.0.21. IIUC, this
is "proxy" case and so I don't know when "pub" case is useful.

Thanks,
ozaki-r
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de