[rbridge] ARP <whatever> (was it's time to summarize things)

Joe Touch touch at ISI.EDU
Fri Dec 16 15:22:57 PST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Gray, Eric wrote:
> Joe, 
> 
> --- [SNIP] ---
> --> > 
> --> > However, ARP caching (in a sense similar to web caching) has a
> --> > "spin" (if you will) that includes mechanisms (such as Radia
> --> > suggested) for handling these problems.
> --> 
> --> That's a well-known term on the host side; caching prevents 
> --> the ARP from being emitted in the first place.
> -->
> 
> This is slightly over-simplified.  Host ARP cache entries may 
> also become stale and this is corrected using one of (at least) 
> two approaches: ICMP redirect and periodic ARP emission.  Most
> of the time, ARP cache at the host results in less ARP traffic
> on the network.
> 
> In this sense, this is a more than fair analog to what we have
> discussed relative to RBridge ARP <whatever>.

Host ARP caches do not report responses on the line; that is the focus
of the analog. Both router proxy ARP and ARP replay rely on local caches
which have the same characteristics of host caches you note above, so
that is assumed.

> In the same sense, I doubt that anyone is talking about strict
> ARP replay.  Like "spoofing", "replay" is usually associated 
> with an "attack."

The difference between replay and an attack is intent; this is benign
replay. If you prefer another term, let us know (I couldn't think of
anything as accurate as replay that was useful).

> I guess I didn't finish making my point relative to routers and
> "ARP proxy".  There is a largish difference between being an
> "ARP proxy" in the IP forwarding sense and providing an "ARP 
> (service) proxy."  Routers do not "proxy" an ARP service.  From
> a routers perspective, its MAC is the correct DA for traffic on
> a local (stub) subnet destined to a remote subnet(via the router
> in question), so it isn't answering on behalf of another device.

The 'proxy' in proxy ARP is that the router decides to emit such ARPs
based on seeing ARP responses on another interface - which is the device
on whose behalf it is answering. The intent is to emulate having the ARP
pass through the router, via redirection.

However, ICMP redirects are not the same as proxy ARPs. ICMP redirects
make the host send traffic to the IP address of the router. Proxy ARPs
fake the host into thinking it's talking to the desired endpoint when
it's really talking to the router.

> Perhaps the Cisco folks used the term Proxy because they were
> not familiar with the term Avatar.  Whatever.

Avatar implies proxy + manifestation in human form. There's little human
about what's going on here ;-)

> However, I can see where the confusion comes from, so I think it 
> is best to avoid it.

Agreed - is there a better, less derogatory term for replay?

Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDo0xRE5f5cImnZrsRAm1pAJ4iEQgwH9xdnIclveLf6bW2nXD4+QCeOxoh
gdpFttgP6G5FRJPetk46mBA=
=Io11
-----END PGP SIGNATURE-----

More information about the rbridge mailing list