SRX Services Gateway
Highlighted
SRX Services Gateway

proxy-arp

‎08-31-2015 09:16 AM
Hi,

I have a very casual scenario and apologies to pointing to a personal web-blog but i have all the outputs documented there so i thought it would save time for everyone, let me know if its otherwise , i will try to point it out here.

The below one am using a source-pool and as we can see all the outputs mentioned below. The only catch is for external interfaces am using gre interface gr-0/0/0, i have not used any proxy-arp configuration anywhere and still it works fine.

Note that the below example is done a SRX240H

https://r2079.wordpress.com/2015/08/29/quick-series-12-source-nat-pool-based-nat-with-address-shifti...

--------

Secondly Destination NAT

I have configured destination nat for ip 200.0.0.1/32 which is non-exsistant on router and still because of D-NAT policies i can see everything working fine, again i am using a gre interface for this and am not using any proxy-arp

https://r2079.wordpress.com/2015/08/30/quick-series-14-destination-nat-pool-based/



I read proxy-arp and understand that any ip which has not been configured on the device and still out of requirement if devices uses that arbitrary IP, we use proxy-arp, what is that JUNOS srx is flawless even without the usage , is that becuase it is over GRE ?

Thanks
Rakesh M
https://r2079.wordpress.com
JNCIE-SP#02079 / CCIE-SP #47613
6 REPLIES 6
Highlighted
SRX Services Gateway

Re: proxy-arp

‎08-31-2015 09:24 AM

Hi Rakesh,

 

The proxy arp in the SRX/Junos is only required if the ip address you are trying to reach is in the same subnet as that of the interface.

Please read the below document for better understanding;

http://kb.juniper.net/InfoCenter/index?page=content&id=KB21785&smlogin=true

 

 

Shailesh
[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Highlighted
SRX Services Gateway

Re: proxy-arp

‎08-31-2015 09:54 AM

Hey sailesh, 

 

I have trouble understanding the usage, so in a scenario where you have a pool-based source nat, will there be no necessisity of proxy-arp ?

 

Thanks

Rakesh M

https://r2079.wordpress.com

JNCIE-SP #2079/ CCIE-SP #47613

Highlighted
SRX Services Gateway

Re: proxy-arp

‎08-31-2015 10:00 AM

Hi Rakesh,

 

The proxy NAT as mentioned in the kb, is not used in conjunction with source nat;

Proxy ARP should be configured for the following scenarios:

  • When addresses defined in the static NAT and source NAT pool are in the same subnet as that of the ingress interface   (Source NAT and Static NAT scenario)
  • When addresses in the original destination address entry in the destination NAT rules are in the same subnet as that of the ingress interface   (Destination NAT scenario)
Shailesh
[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Highlighted
SRX Services Gateway

Re: proxy-arp

‎09-01-2015 02:35 AM

Hi,

 

Thanks for the revert. Bear with me for few questions though it may sound very basic

 

So, when i do a pool-based source-nat and pool is from external-interface itself (11.0.0.0/24 is subnet, pool 11.0.0.16/28) do i need to configure proxy-arp in this case ?

 

Thanks

Highlighted
SRX Services Gateway
Solution
Accepted by topic author Rakesh Madupu
‎09-01-2015 04:54 AM

Re: proxy-arp

‎09-01-2015 02:37 AM

No , you do not need that.

Shailesh
[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Highlighted
SRX Services Gateway

Re: proxy-arp

‎09-01-2015 04:55 AM

Thanks Shailesh

Feedback