Internet IP Routing for Kloudust - TekMonksGitHub/kloudust GitHub Wiki

Internet IP to VM Routing

Scenario

• Host1: 91.232.105.77
• Host2: 109.236.83.38
• Public IP to assign to VM: 109.236.83.42
• VM is running on host1 but the IP terminates on host2.

---

Step 1: Create the VxLAN Tunnel for the Internet Traffic

On host1

ip link add vinetrouter type vxlan id 42 dev eno2 dstport 0
ip link set up dev vinetrouter

On host2

ip link add vinetrouter type vxlan id 42 dev eno2 dstport 0
ip link set up dev vinetrouter

---

Step 2: Create the Bridge for the Internet Traffic

On both hosts

ip link add name vinetrouter_br type bridge
ip link set up dev vinetrouter_br
ip link set vinetrouter master vinetrouter_br

---

Step 3: Add FDB Entries for VxLAN Peering

This step explicitly tells the bridge how to reach the remote host via VxLAN.

On host1

# Add remote host2’s MAC to the bridge FDB
bridge fdb append 00:00:00:00:00:00 dev vinetrouter dst 109.236.83.38

On host2

# Add remote host1’s MAC to the bridge FDB
bridge fdb append 00:00:00:00:00:00 dev vinetrouter dst 91.232.105.77

The MAC 00:00:00:00:00:00 is a “wildcard” MAC entry – it works in VxLAN to enable traffic to any MAC address via the remote host’s VxLAN endpoint.

---

Step 4: Configure Public IP Routing and Proxy ARP on host2

On host2:

# Remove any existing route that might misroute the public IP block
ip route del 109.236.83.0/24

# Enable proxy ARP to respond to ARP queries for the public IP
echo 1 | sudo tee /proc/sys/net/ipv4/conf/all/proxy_arp

# Add a route for the public IP to go via the bridge (this may not be needed)
ip route add 109.236.83.42/32 dev vinetrouter_br

---

Step 5: Connect the VM on host1 to the Same Bridge

On host1:

# Create a veth pair
ip link add vm_a type veth peer name vm_b

# Add one end to the bridge
ip link set vm_b master vinetrouter_br
ip link set up dev vm_b

# Move the other end to the VM's network namespace (or attach to VM directly)
ip link set vm_a netns <VM_PID_or_name>

---

Step 6: Assign the Public IP to the VM Interface

Inside the VM:

ip addr add 109.236.83.42/24 dev vm_a
ip link set up dev vm_a

Add default route via the interface connected to the internet VxLAN bridge, this ensures the outbound traffic flows out to the internet

ip route add default via 0.0.0.0 dev vm_a

---

Key advantages of the approach

✅ Explicit control: Only intended traffic for remote VMs uses the VxLAN tunnel.
✅ Efficient bridging: Reduces flooding of unknown traffic by telling the bridge exactly how to forward frames.
✅ No need for NAT: The VM directly uses the public IP, routed via the VxLAN link.