So yesterday I started seeing some arp warnings in my server logs:
Aug 23 16:09:29 lisa /bsd: arp info overwritten for 22.214.171.124 by
f0:1c:2d:8d:0e:cf on em2
Aug 23 16:12:24 lisa /bsd: arp info overwritten for 126.96.36.199 by
f0:1c:2d:8d:0e:cf on em2
Aug 23 16:21:28 lisa /bsd: arp info overwritten for 188.8.131.52 by
00:25:90:da:ea:f9 on em2
f0:1c:2d:8d:0e:cf is the MAC address of 184.108.40.206,
L100.LSANCA-VFTTP-55.gni.frontiernet.net, my FIOS gateway. It seems that for
some reason proxy arp has been enabled on the router providing my gateway,
and it is arp'ing for my static IP addresses as shown below:
0c:c4:7a:b3:ca:54 - MAC of lisa.pbhware.com (220.127.116.11)
00:25:90:da:ea:f9 - MAC of bart.pbhware.com (18.104.22.168)
f0:1c:2d:8d:0e:cf - MAC of L100.LSANCA-VFTTP-55.gni.frontiernet.net
$ ping 22.214.171.124
16:12:24.416405 00:25:90:da:ea:f9 0c:c4:7a:b3:ca:54 arp 60: arp reply
bart.pbhware.com is-at 00:25:90:da:ea:f9
16:12:24.419522 f0:1c:2d:8d:0e:cf 0c:c4:7a:b3:ca:54 arp 60: arp reply
bart.pbhware.com is-at f0:1c:2d:8d:0e:cf
Another example for an IP address (126.96.36.199/static-5.pbhware.com) not
currently in use:
$ ping 188.8.131.52
16:26:15.787624 f0:1c:2d:8d:0e:cf 0c:c4:7a:b3:ca:54 arp 60: arp reply
static-5.pbhware.com is-at f0:1c:2d:8d:0e:cf
16:26:15.787677 0c:c4:7a:b3:ca:54 f0:1c:2d:8d:0e:cf ip 98: lisa.pbhware.com
static-5.pbhware.com: icmp: echo request
The gateway starts arp'ing looking for the real owner of that IP so it can
proxy the traffic:
When I googled it, I found a number of complaints about this dating back
years regarding Verizon FIOS, where proxy arp deployments seemed to be a
standard practice in some areas, but for the decade I have had business FIOS
this has never happened before. So I contacted frontier technical support to
ask about it; unfortunately, the interaction was less than successful :(.
While the level 1 support person was very helpful and didn't take very long
to convince to escalate the issue, the first level 2 support person didn't
quite seem to understand the concept, as demonstrated by the following
excerpts from the chat:
"turning off the ARP is done from the device that is receiving the request"
"that is something he would need to turn off on his router, because we do
not support 3rd party equipment"
"sorry but we cannot make the change that he is requesting, it needs to be
done on his device"
"I understand what you are saying but the ARP request needs to be turned off
through his equipment it is what is allowing signal in, just like a Ping can
be turned off in the router even if something else is requesting the OPING"
Technically, that last comment is true - if my system did not make an arp
request, the frontier router would indeed not respond with a proxy arp
reply. Of course, my systems would have a really hard time talking to each
other if they weren't running arp 8-/.
The last thing he had to say was "its not, on a router if you turn off Ping
requests it will not get pinged, same thing with ARP requests" and I decided
to stop wasting my time on him. Sadly, the level 1 tech informed me that the
level 2 tech was actually working with his lead while responding to my
issue. As I mentioned, the level 1 tech was very helpful, he offered to try
to reach a different level 2 tech. The second level 2 tech refused to have
anything to do with me unless I hooked up the original actiontech router
that came with the Fios service 10 years ago, so I wrote off the official
tech-support channel for now.
So, long story short, are there any fios employees hanging out here that
could possibly get me in contact with someone who understands the concept of
proxy arp and would be able to determine why it suddenly was enabled on the
gateway for my service yesterday and hopefully get it turned back off? That
would be much appreciated.
In the worst case I suppose I can work around this mess with arp inspection
on the switch or static arp entries on the servers s, but I'd rather avoid