Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Significant behavior change with proxy ARP before and after Junos 10.0 release

0

0

Article ID: KB25335 KB Last Updated: 04 Mar 2017Version: 2.0
Summary:
This article provides information about the significant change in behavior of proxy ARP, before and after the Junos 10.0 release.
Symptoms:
  •  Prior to Junos release 9.6, proxy ARP was able to respond to the ARP request; regardless of whether or not, the router knows the route to the target IP address.

  • Customers, who have enabled proxy ARP on a Juniper router or switch, may experience unexpected traffic outage; when they upgrade Junos 9.6 (or earlier) to 10.0 (or later).

Cause:
  • Irrespective of being in the restricted or unrestricted mode, proxy ARP enables the interface to respond to the ARP request for the remote address, if the router has a route to the target IP address.

  • However, Junos 9.6 or earlier did not comply with RFC 1027 and the proxy ARP enabled interface will reply to the ARP request for the remote address; even if it does not have any route to the target IP address.

  • This confusing behavior has been fixed and the proxy ARP works, as per RFC 1027, from 10.0R1 (for more information, refer to PR444304).

Solution:
After upgrading from 9.6 (and earlier) to 10.0, if you notice that a router is unable to get the ARP request from the remote router, which should perform the address resolution, check if the remote router (proxy ARP enabled) has a route to the target IP address.

If the router does not have the route, change or add the configuration of the remote router to have a specific route to the target IP address in the APR request. If you cannot add the specific route to the target IP address and can only add a default route, you can still use proxy-arp with the following hidden knob:
set system arp proxy-arp-reply-for-default
The knob makes the router respond to the ARP request for the remote route and the target IP address matches the default route. The knob is system-wide and all proxy ARP configured on the interface work in the same manner. If you are going to apply the knob, test it carefully.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search