Public VLAN: Routed with Proxy ARP
Let us assume the host is on a public VLAN 220.127.116.11/26 and has been given the IP of 18.104.22.168. The range 22.214.171.124/24 has been routed to 126.96.36.199.
For this setup:
- IP forwarding needs enabling for virtual machine traffic to leave the machine. The guests can talk to each other without it enabled.
- Proxy ARP needs enabling on tapN so the virtual machines can reach each other.
- eth0 will only emit traffic from its own MAC address as all packets are routed.
- Repeatedly assign 188.8.131.52 to tap interfaces with a peer address of the virtual machine’s IP (or use static routes).
This is what we do on our own virtual machine platform.
The routing table on the host machine should look like:
184.108.40.206/26 via eth0 220.127.116.11 dev tap1 18.104.22.168 dev tap2 22.214.171.124 dev tap3 126.96.36.199/24 dev null default via 188.8.131.52
The line “184.108.40.206/24 dev null” is best practise, but optional and not usually done.