Reference standards and protocols of the ARP proxy feature

61

The reference standard and protocol of the ARP proxy feature include:
IETF RFC1027: Using ARP to Implement Transparent Subnet Gateways

Other related questions:
What Are the Reference Standards and Protocols for the IPsec VPN?

The following standards and protocols are associated with the IPsec VPN:

  • RFC 4301: Security Architecture for the Internet Protocol
  • RFC 2403: The Use of HMAC-MD5-96 within ESP and AH
  • RFC 2409: The Internet Key Exchange (IKE)
  • RFC 2857: The Use of HMAC-RIPEMD-160-96 within ESP and AH
  • RFC 3566: The AES-XCBC-MAC-96 Algorithm and its use with IPsec
  • RFC 3625: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)
  • RFC 3664: The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE)
  • RFC 3706: A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers
  • RFC 3748: Extensible Authentication Protocol (EAP)
  • RFC 3947: Negotiation of NAT-Traversal in the IKE
  • RFC 4109: Algorithms for Internet Key Exchange version 1 (IKEv1)
  • RFC 3948: UDP Encapsulation of IPsec ESP Packets
  • RFC 4305: Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH)
  • RFC 4306: Internet Key Exchange (IKEv2) Protocol
  • RFC 4307: Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)
  • RFC 4322: Opportunistic Encryption using the Internet Key Exchange (IKE)
  • RFC 4359: The Use of RSA/SHA-1 Signatures within Encapsulating Security Payload (ESP) and Authentication Header (AH)
  • RFC 4434: The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE)
  • RFC 4478: Repeated Authentication in Internet Key Exchange (IKEv2)
  • RFC 5996: Internet Key Exchange Protocol Version 2 (IKEv2)

ARP proxy feature of the access network
When a PC sends an Address Resolution Protocol (ARP) request to another PC, the request is processed by the access device connected to the 2 PCs. This process is called ARP proxy. ARP proxy is often used for communication between the sub virtual local area networks (VLANs) in a super VLAN.

Proxy ARP configuration on S series switch
An S series switch, except S1700, supports the following proxy ARP: routed proxy ARP, intra-VLAN proxy ARP, and inter-VLAN proxy ARP, which are configured using the arp-proxy enable, arp-proxy inner-sub-vlan-proxy enable, and arp-proxy inter-sub-vlan-proxy enable commands respectively. Routed proxy ARP (available on all models in V2R5 and later versions, but unavailable on S275x and S5700LI in the versions earlier than V2R5) The destination IP address in the received ARP request packet and the IP address of the inbound interface are in different subnets, but there is a route to the destination IP address and the outbound/inbound interfaces of the route are different. Routed proxy ARP takes effect in this situation. The switch uses its MAC address as the source MAC address to return ARP reply packets. Intra-VLAN proxy ARP (available on all models in V2R5 and later versions, but unavailable on S275x and S5700LI in the versions earlier than V2R5) If the destination IP address of the received ARP request packet and the IP address of the inbound interface are in the same subnet, intra-VLAN proxy ARP takes effect. Inter-VLAN proxy ARP (unavailable on S1720, S2720, S275x, S5700LI and E series switches) It is similar to intra-VLAN proxy ARP. Inter-VLAN proxy ARP takes effect only on super VLAN. If the destination IP address of the received ARP request packet and the IP address of the inbound interface are in the same subnet, inter-VLAN proxy ARP takes effect. If the source and destination are in the same VLAN, inter-VLAN proxy ARP is not required. Regardless of which type of proxy ARP is used, the destination IP address of the received ARP request packet and the IP address of the inbound interface must be in the same subnet.

Standard spanning tree protocols used on S series switch
S series switches (except S1700 switches) support the following standard spanning tree protocols: 1. STP: Spanning Tree Protocol 2. RSTP: Rapid Spanning Tree Protocol, compatible with STP 3. MSTP: Multiple Spanning Tree Protocol, compatible with STP and RSTP By default, S series switches use MSTP. When running a command to set STP mode, you can select STP, RSTP, or MSTP. VLAN-Based Spanning Tree (VBST) is a Huawei proprietary spanning tree protocol, which sets up a spanning tree for each VLAN, so traffic in different VLANs can be forwarded through different spanning trees.

What are precautions for configuring intra-VLAN proxy ARP and inter-VLAN proxy ARP
Compared with routed proxy ARP, intra-VLAN proxy ARP and inter-VLAN proxy ARP can determine whether VLAN information meets proxy requirement based on ARP entries matching source and destination IP addresses of packets. If no ARP entry matches the destination IP address of a packet, the switch broadcasts an ARP request in all sub-VLANs of the super-VLAN to learn the APR entry matching the destination IP addresses. When multiple switches on a network have proxy ARP enabled and a requested destination IP address does not exist, this ARP broadcast packet triggers the same proxy process on other switches. This cyclic proxy process will cause a broadcast storm.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top