TCP/IP On-Subnet and Off-Subnet Addressing

The exact mechanism of how an IP node on a subnet to which the remote access server is attached resolves the media access control (MAC) address of the LAN interface of the remote access server depends on whether the remote access server is configured for on-subnet or off-subnet addressing:

• On-subnet addressing is the allocation of IP addresses to remote access clients that are in a range defined by a subnet to which the remote access server is attached. On-subnet addressing uses a subset of addresses of an attached subnet.

• Off-subnet addressing is the allocation of IP addresses to remote access clients that are not in a range defined by a subnet to which the remote access server is attached. Off-subnet addressing uses a separate subnet address space that is unique to the intranet.

On-Subnet Addressing and Proxy ARP

With on-subnet addressing, remote access clients are logically on the same subnet as a subnet attached to the remote access server. Proxy ARP is used by the remote access server to receive IP datagrams being forwarded to remote access clients.

There are two cases where Proxy ARP is used:

1. When the remote access server is configured to use DHCP to obtain addresses for IP-based remote access clients

2. When the remote access server is configured with a static IP address pool consisting of address ranges that are a subset of the addresses for a subnet to which the remote access server is attached.

In either case, the remote access clients are logically on the same subnet as the remote access server. Therefore, IP nodes on that subnet forwarding IP datagrams to a remote access client perform a direct delivery by sending a broadcast Address Resolution Protocol (ARP) Request frame for the remote access client's IP address.

The remote access client cannot respond to the ARP Request because the remote access server does not forward the ARP Request frame to the remote access client, and the remote access client does not have a media access control (MAC) address corresponding to the remote access connection.

Therefore, the remote access server responds with an ARP Reply frame with its own MAC address. The node forwarding the packet then sends the IP datagram to the remote access server's MAC address. The remote access server then uses the IP routing process to forward the IP datagram across the dial-up connection to the remote access client.

Off-Subnet Addressing and IP Routing

With off-subnet addressing, remote access clients are logically on a separate subnet reachable across the remote access server. In this case, Proxy ARP is not used. The remote access server is acting as a router between the subnet of the remote access clients and the subnets to which the remote access server is attached. IP nodes on the LAN-based subnets attached to the remote access server forwarding IP datagrams to a remote access client perform an indirect delivery by sending a broadcast Address Resolution Protocol (ARP) Request frame for the remote access server's IP address.

In order for the remote access clients to be reachable from IP nodes on the intranet, routes representing the address ranges of the IP address pool and pointing to the LAN interface of the remote access server must be present in intranet routers.

When the first TCP/IP-based remote access client connects, routes corresponding to the off-subnet address ranges pointing to the RAS server interface are added to the IP routing table of the remote access server. If the remote access server is configured with an IP routing protocol, the new routes are advertised to neighboring routers using the normal advertising process of the configured routing protocol. If the remote access server is not configured with an IP routing protocol, routes corresponding to the off-subnet address ranges pointing to the remote access server's LAN interface must be added to the routers of the intranet.