High CPU – ARP or Proxy-ARP Causing High CPU

Let's start out with the remark that routers not doing proxy arp is the default situation, proxy arp is disabled in most networks, and, if not used carefully, it can break a lot of things in nasty ways.

In the normal situation with proxy ARP disabled your client will see that the other machine is not on its local network. So it looks at its routing table and see that it should reach the other network via the router. Then, it will forward packets there.

As for your second question: one example of that is a misconfiguration in netmasks. A machine with 10.0.0.1/24 can think it's netmask was configured as a /16 because it sees ARP entries for 10.0.1.1/16, while the latter is not on the local network.

Let me start by saying proxy ARP is at best a sloppy solution. They only time I found it useful as a feature is when I was dealing with devices on the network that could not utilize classless netmasks or couldn't set a default route.

Yes, it can "cover" many client configuration or bad design problems, but it doesn't fix those problems. It also doesn't "cover" all of them and it can make troubleshooting issues more difficult.

Getting back to your question, the most likely reason this isn't working is that your client's aren't ARPing. My guess is that you have given them what is often considered a "standard" network mask of /24. So the solution would be to switch the network masks on the clients to /16.

Why? A client uses it's IP address and network mask to determine if a destination is on the local network or not. If it is on the local network, the client checks it's ARP table for any entries for the destination and if one doesn't exist, will send out an ARP request to get this information. This is where the router with proxy ARP enabled can respond, but if there is no ARP request then the router cannot provide a proxy ARP response.

If the destination is not on the local network, then the client will check it's routing table to see where to forward the traffic. This is typically your default gateway.

Now, with the IP addresses you used, if you used a /24 network mask, when the client checked the destination against it's IP/mask, it would find the destination is not on the local network. Going to the routing table, it won't have a specific entry for the destination network (clients won't by default) and no default route/gateway. It will then fail with a "no route to host" type of message.