IP Addresses and Services Configuration Guide for Cisco NCS 540 Series Routers, IOS XR Release 24.1.x, 24.2.x, 24.3.x
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Address resolution
is the process of mapping network addresses to Media Access Control (MAC)
addresses, which is typically done dynamically by the system using the ARP
protocol, but can also be done by Static ARP entry configuration. This process
is accomplished using the Address Resolution Protocol (ARP).
ARP is used to
associate IP addresses with media or MAC addresses. Taking an IP address as
input, ARP determines the associated media address. After a media or MAC
address is determined, the IP address or media address association is stored in
an ARP cache for rapid retrieval. Then the IP datagram is encapsulated in a
link-layer frame and sent over the network.
As all incoming control traffic goes through LPTS policer, if the ARP packets come in a burst they are policed according to
the configuration. For more details on LPTS, see LPTS Overview.
Two forms of
address resolution are supported by Cisco IOS XR software: Address Resolution
Protocol (ARP) and proxy ARP, as defined in RFC 826 and RFC 1027, respectively.
Cisco IOS XR software also supports a form of ARP called local proxy ARP.
The following
restrictions apply to configuring ARP :
Reverse
Address Resolution Protocol (RARP) is not supported.
ARP
throttling, which is the rate limiting of ARP packets in Forwarding Information
Base (FIB), is not supported.
ARP Cache
Entries
ARP establishes correspondences between network addresses (an IP
address, for example) and Ethernet hardware addresses. A record of each
correspondence is kept in a cache for a predetermined amount of time and then
discarded.
You can also add a static (permanent) entry to the ARP cache that
persists until explicitly removed.
Defining a Static
ARP Cache Entry
ARP and other address
resolution protocols provide a dynamic mapping between IP addresses and media
addresses. Because most hosts support dynamic address resolution, generally you
need not specify static ARP entries. If you must define them, you can do so
globally. Performing this task installs a permanent entry in the ARP cache.
Cisco IOS XR software uses this entry to translate 32-bit IP addresses into
48-bit hardware addresses.
Optionally, you can
specify that the software responds to ARP requests as if the software was
identified by the specified IP address, by making an alias entry in the ARP
cache.
Configuration
Example
A cache entry is
created to establish connection between an IP address
203.0.1.2 and
the MAC address
0010.9400.000c. Additionally, the cache entry is created as
an alias entry such that the interface to which the entry is attached will
respond to ARP request packets for this network layer address with the data
link layer address in the entry.
Verify that the
State is static for proper functioning:
Router#show arp location 0/RP0/CPU0
Address Age Hardware Addr State Type Interface
203.0.1.1 - ea28.5f0b.8024 Interface ARPA HundredGigE0/0/1/0
203.0.1.2 - 0010.9400.000c Static ARPA HundredGigE0/0/1/0
Proxy ARP and Local
Proxy ARP
When proxy ARP is
disabled, the networking device responds to ARP requests received on an
interface only if one of the following conditions is met:
The target IP
address in the ARP request is the same as the interface IP address on which the
request is received.
The target IP
address in the ARP request has a statically configured ARP alias.
When proxy ARP is
enabled, the networking device also responds to ARP requests that meet all the
following conditions:
The target IP
address is not on the same physical network (LAN) on which the request is
received.
The networking
device has one or more routes to the target IP address.
All of the routes
to the target IP address go through interfaces other than the one on which the
request is received.
When local proxy ARP
is enabled, the networking device responds to ARP requests that meet all the
following conditions:
The target IP
address in the ARP request, the IP address of the ARP source, and the IP
address of the interface on which the ARP request is received are on the same
Layer 3 network.
The next hop for
the target IP address is through the same interface as the request is received.
Typically, local proxy
ARP is used to resolve MAC addresses to IP addresses in the same Layer 3
network. Local proxy
ARP supports all types of interfaces supported by ARP and unnumbered
interfaces.
Enabling Proxy
ARP
Cisco IOS XR software uses proxy ARP (as defined in RFC 1027) to help hosts with no
knowledge of routing determine the media addresses of hosts on other networks
or subnets. For example, if the router receives an ARP request for a host that
is not on the same interface as the ARP request sender, and if the router has
all of its routes to that host through other interfaces, then it generates a
proxy ARP reply packet giving its own local data-link address. The host that
sent the ARP request then sends its packets to the router, which forwards them
to the intended host. Proxy ARP is disabled by default; this task describes how
to enable proxy ARP if it has been disabled.
Configuration
Example
Proxy ARP is enabled on the HundredGigE interface-0/0/1/0:
Router# show running-config interface HundredGigE0/0/1/0
mtu 4000
ipv4 address 1.0.0.1 255.255.255.0
proxy-arp
!
!
Verification
Verify that proxy
ARP is configured and enabled:
Router# show arp idb interface HundredGigE0/0/1/0(0x08000038):
IPv4 address 1.0.0.1, Vrf ID 0x60000000
VRF Name default
Dynamic learning: Enable
Dynamic entry timeout: 14400 secs
Purge delay: off
IPv4 caps added (state up)
MPLS caps not added
Interface not virtual, not client fwd ref,
Proxy arp is configured, is enabled
Local Proxy arp not configured
Packet IO layer is NetIO
Srg Role : DEFAULT
Idb Flag : 262332
IDB is Complete
Enabling Local Proxy
ARP
Local proxy ARP is
used to resolve MAC addresses to IP addresses in the same Layer 3 network such
as, private VLANs that are Layer 2-separated. Local proxy ARP supports all
types of interfaces supported by ARP and unnumbered interfaces.
Configuration
Example
Local proxy ARP is enabled on the HundredGigE interface-0/0/1/0
Router# show arp idb interface HundredGigE0/0/1/0 location 0/RP0/CPU0
(0x08000038):
IPv4 address 1.0.0.1, Vrf ID 0x60000000
VRF Name default
Dynamic learning: Enable
Dynamic entry timeout: 14400 secs
Purge delay: off
IPv4 caps added (state up)
MPLS caps not added
Interface not virtual, not client fwd ref,
Proxy arp not configured, not enabled
Local Proxy arp is configured
Packet IO layer is NetIO
Srg Role : DEFAULT
Idb Flag : 264332
IDB is Complete
Enable the interface and commit your configuration.
Router(config-if)# no shut
Router(config-if)# commit
RP/0/0/CPU0:Dec 12 13:41:16.580 : ifmgr[397]: %PKT_INFRA-LINK-3-UPDOWN : interface TenGigE 0/0/1/1, changed state to Down
RP/0/0/CPU0:Dec 12 13:41:16.683 : ifmgr[397]: %PKT_INFRA-LINK-3-UPDOWN : interface TenGigE 0/0/1/1 changed state to Up
Confirm your configuration.
Router(config-if)# show running-configuration
..
Building configuration...
!! IOS XR Configuration 0.0.0
!! Last configuration change at Mon Dec 12 13:41:16 2016
!interface TenGigE 0/0/1/1
ipv4 address 12.1.3.4 255.255.255.0
arp learning local
!
Verify if local ARP learning is working as configured on the interface.
Router(config-if)# do show arp idb TenGigE 0/0/1/1 location 0/RP0/CPU0
Thu Dec 15 10:00:11.733 IST
TenGigE 0/0/1/1 (0x00000040):
IPv4 address 12.1.3.4, Vrf ID 0x60000000
VRF Name default
Dynamic learning: Local
Dynamic entry timeout: 14400 secs
Purge delay: off
IPv4 caps added (state up)
MPLS caps not added
Interface not virtual, not client fwd ref,
Proxy arp not configured, not enabled
Local Proxy arp not configured
Packet IO layer is NetIO
Srg Role : DEFAULT
Idb Flag : 2146444
IDB is Complete
(Optional) You can monitor the ARP traffic on the interface.
Router(config-if)# do show arp idb TenGigE 0/0/1/1 location 0/RP0/CPU0
Thu Dec 15 10:13:28.964 IST
ARP statistics:
Recv: 0 requests, 0 replies
Sent: 0 requests, 1 replies (0 proxy, 0 local proxy, 1 gratuitous)
Subscriber Interface:
0 requests recv, 0 replies sent, 0 gratuitous replies sent
Resolve requests rcvd: 0
Resolve requests dropped: 0
Errors: 0 out of memory, 0 no buffers, 0 out of sunbet
ARP cache:
Total ARP entries in cache: 1
Dynamic: 0, Interface: 1, Standby: 0
Alias: 0, Static: 0, DHCP: 0
IP Packet drop count for GigabitEthernet0_0_0_1: 0
Information About
Configuring ARP
Addressing
Resolution Overview
A device in the IP can have both a local address (which uniquely
identifies the device on its local segment or LAN) and a network address (which
identifies the network to which the device belongs). The local address is more
properly known as a
data link address, because it is contained in the data link
layer (Layer 2 of the OSI model) part of the packet header and is read by
data-link devices (bridges and all device interfaces, for example). The more
technically inclined person will refer to local addresses as
MAC addresses, because the MAC sublayer within the data link
layer processes addresses for the layer.
To communicate with a device on Ethernet, for example,
Cisco IOS XR software first must determine the 48-bit MAC or local data-link address of
that device. The process of determining the local data-link address from an IP
address is called address resolution.
Address Resolution
on a Single LAN
The following
process describes address resolution when the source and destination devices
are attached to the same LAN:
End System A
(Node A) broadcasts an ARP request onto the LAN, attempting to learn the MAC
address of End System B (Node B).
The broadcast is
received and processed by all devices on the LAN, including End System B.
Only End System
B replies to the ARP request. It sends an ARP reply containing its MAC address
to End System A (Node A).
End System A
(Node A) receives the reply and saves the MAC address of End System B in its
ARP cache. (The ARP cache is where network addresses are associated with MAC
addresses.)
Whenever End
System A (Node A) needs to communicate with End System B, it checks the ARP
cache, finds the MAC address of System B, and sends the frame directly, without
needing to first use an ARP request.
Address Resolution
When Interconnected by a Router
The following
process describes address resolution when the source and destination devices
are attached to different LANs that are interconnected by a router (only if
proxy-arp is turned on):
End System Y
(Node A) broadcasts an ARP request onto the LAN, attempting to learn the MAC
address of End System Z (Node B).
The broadcast is
received and processed by all devices on the LAN, including Router X.
Router X checks
its routing table and finds that End System Z (Node B) is located on a
different LAN.
Router X
therefore acts as a proxy for End System Z (Node B). It replies to the ARP
request from End System Y (Node A), sending an ARP reply containing its own MAC
address as if it belonged to End System Z (Node B).
End System Y
(Node A) receives the ARP reply and saves the MAC address of Router X in its
ARP cache, in the entry for End System Z (Node B).
When End System
Y (Node A) needs to communicate with End System Z (Node B), it checks the ARP
cache, finds the MAC address of Router X, and sends the frame directly, without
using ARP requests.
Router X
receives the traffic from End System Y (Node A) and forwards it to End System Z
(Node B) on the other LAN.
Policing Duplicate ARP Packets
This example sets the police interval within which the duplicate ARP packets from the same sender protocol address (IP) or
same source MAC address are policed:
configurearp police-interval 34
ARP Policer Behaviour
When the arp police-interval command is configured, ARP requests coming from the same IP address or MAC address within the configured interval are dropped.
If there was an ARP response existing for the ARP request from the same IP address within the configured interval, the new
request will be dropped.
If the ARP response was not existing already for the ARP request from the same IP address, then the MAC policer will be checked.