Proxy ARP on F5 LTM

Unless you put the VLANS in a VLAN group, it appears the default behavior is not to proxy arp.

http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos_management_guide_10_1/tmos_vlans.html1015864

Jason

I reserve the right to be dead wrong at all times.

So, the two servers are on different IP subnets? If so, surely each only needs to ARP for its default gateway? Can you clarify please?

Proxy ARP is widely considered to be a bad idea, and not supported in the BigIP by default, as it is a default deny device. Typically, I would suggest that you correct the subnet masks on both sides of the BigIP, and you will have to add forwarding virtual servers to allow traffic to traverse the BigIP in a more routed fashion.

For those unfamiliar, proxy ARP allows a network device to answer ARP on behalf of hosts on other subnets at layer 2, and then route that traffic over layer 3 to its destination. I'll give a generic example.

Host on 10.0.1.10 Mask 255.255.0.0 Arps for host on 10.0.2.10

Switch on 10.0.1.1 mask 255.255.255.0 (notice the mask change) Answers that ARP, sends back its own MAC to host 10.0.1.10.

Host 10.0.1.10 forwards traffic to switch MAC, but destination IP 10.0.2.10 Switch 10.0.1.10 routes traffic to destination device where 10.0.2.0 subnet resides.

Switch 10.0.2.1 switch forwards to 10.0.2.10 for delivery.

The same happens in reverse. The hosts must always assume a broader network mask than the network, and all interfaces on the network must permit proxy arp to function. Note, this will not work the same as a layer 2 network. You are routing, so all broadcast based traffic will not function properly.