Skip to content

ARP Proxy Probe

Module Status

TBD

Enabled proxy ARP in combination with an incorrectly configured prefix length on a router interface in the peering LAN can lead to serious traffic interruptions. This probe tries to detect such misconfigurations by sending ARP requests for various IP addresses.

Detection

  • by looking for ARP requests for IP addresses which don't match the subnet they are being broadcasted on

Functionality

  • router will have to respond to the ARP request with its own MAC-address
  • misconfigured host will try to communicate layer two with the devices on the other subnet
  • router has to route these frames to the other subnet

Configuration

arp_proxy:
  enable: true
    lower_ip: 192.0.2.1
    upper_ip: 192.0.2.254