Proxy Services

There are situations where a Cisco router can act as a proxy for another network device. This proxy services function can help preserve bandwidth and can also help in situations where workstations would otherwise be isolated in the internetwork. This section describes a few of these situations.

IPX Proxy Services

Still have a bit of IPX on your network? Many large networks have not yet migrated completely to IP and have a few, well, cobwebs in the corners to sweep away. While you’re waiting for that last NetWare 3.12 server to die, here are a few IPX Proxy services you may find useful:

GNS Requests

When IPX clients need to access any resource, they transmit an IPX broadcast called a Get Nearest Server (GNS), assuming that it will be both heard and answered by a Novell server. The servers that receive the GNS check their SAP tables to find a NetWare server that matches the client’s request, and then respond to the client with another GNS, which includes the address of the server that the client can contact for the resource it requested. If none of the servers hearing the client’s GNS broadcast have a server in their SAP tables that hosts the requested resource, they simply don’t respond, leaving the requesting client without access.

All is not lost. Cisco routers build SAP tables and can respond to client GNS requests just as if they were NetWare servers. (This doesn’t mean they offer the services that NetWare servers do, just that their responses are identical when it comes to locating services.) So a GNS response to a client can come from a local NetWare server, from a remote NetWare server, or from a Cisco router. If any local NetWare servers are present, they’ll usually respond to the client. However, if none are present, a local Cisco router that is connected to the client’s segment can respond to its GNS request instead.

IPX Watchdog Spoofing

NetWare servers like to keep track of their clients. They do this by periodically sending a watchdog packet to their attached clients and waiting for a response. If the client does not respond, the server will terminate the client’s connection. This leaves the client hanging when it goes to resume the connection.

Cisco routers can spoof these watchdog packets, meaning that when a NetWare server sends a watchdog to a client, the router will respond to the server as if it were the client. The router will not actually forward the packet. However, since it receives a response to its watchdog request, the NetWare server assumes that the client is all right, and as a result, the client’s connection does not get terminated.

Proxy ARP

Proxy ARP is a method of providing dynamic default router addresses to IP clients. The clients must first be configured to Address Resolution Protocol (ARP) whenever they need to communicate with a remote IP device, regardless of whether the device is on their subnet or not. Then, when a router receives an ARP request (for a device on a different network), it can respond with its own MAC address. This allows the workstation to simply ARP for a device not on its own subnet and dynamically receive back the equivalent of a default gateway through the router.

This can be useful when there are several routers providing a path out of a network. Should one of the routers go down, the other one could always respond to the ARP requests, thus providing a fault-tolerant path out to the internetwork.

IP Helper Address

Cisco routers can be configured with IP addresses to assist workstations in communicating with remote servers. For example, a Cisco router can use an IP helper address to forward Dynamic Host Configuration Protocol (DHCP) requests from a segment without a DHCP server to the actual DHCP server. The DHCP server would then respond back to the router, which forwards the lease offer just as if the DHCP server were local to that segment. This is all transparent to the workstation.

This configuration makes deploying DHCP significantly easier. First, it saves having to bridge traffic to get LAN-based broadcasts to the appropriate servers, which ultimately saves on bandwidth. Second, it saves having to install or configure specialized devices, such as DHCP servers, on every subnet. You can run multiple subnets on a single DHCP server, all without having to configure bridging of DHCP requests to your server.