Attach a host network interface to a VM and ping other hosts

Question

I have an Ubuntu 18.04 host with a pr0 interface, that is connected, via a hardware bridge, to other hosts in the network.

I have created a virtual machine (at my host), using KVM (virsh) and I want to attach the pr0 interface of the host to an interface at the VM, so that all the traffic coming from the pr0 is channeled to the VM and vice versa.

Notes

• The VM is a Debian-10 based distribution, VyOS.
• The host's pr0 IP is 172.16.0.7.

Here's what I've tried

sudo brctl addbr prbridge
sudo brctl addif prbridge pr0
sudo ip addr add 172.16.0.17 dev prbridge
sudo ip -4 route add 172.16.0.27/32 via 172.16.0.17
sudo ifconfig prbridge up

virsh attach-interface --domain vyos --type bridge \
        --source prbridge --model virtio \
        --config --live

Inside the VM, I've run this

vyos@vyos:~# set interfaces ethernet eth2 address '172.16.0.27/24' && commit
# which is the equivalent of having run something like this
# sudo ip addr add 172.16.0.27 dev eth2

Outcome
Using the configuration described above, I can successfully ping from within the VM, the bridge IP 172.16.0.17 and the pr0 IP 172.16.0.7.

Problem
The problem is that I am trying to ping another host in the pr0 network, e.g., 172.16.0.6 and I am not getting any replies.

vyos@vyos:~$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.16.0.0      0.0.0.0         255.255.255.0   U     0      0        0 eth2
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
vyos@vyos:~$ ping 172.16.0.6
PING 172.16.0.6 (172.16.0.6) 56(84) bytes of data.
^C
--- 172.16.0.6 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 7ms

I have verified the packets do arrive at the host's pr0 interface, but no reply is being received.

sudo tcpdump -en -i pr0 host 172.16.0.27
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pr0, link-type EN10MB (Ethernet), capture size 262144 bytes
16:16:49.251756 52:54:00:c4:87:9e > 50:3e:aa:8b:33:5a, ethertype IPv4 (0x0800), length 98: 172.16.0.27 > 172.16.0.6: ICMP echo request, id 5768, seq 2, length 64
16:16:50.275727 52:54:00:c4:87:9e > 50:3e:aa:8b:33:5a, ethertype IPv4 (0x0800), length 98: 172.16.0.27 > 172.16.0.6: ICMP echo request, id 5768, seq 3, length 64
16:16:53.283618 52:54:00:c4:87:9e > 50:3e:aa:8b:33:5a, ethertype ARP (0x0806), length 42: Request who-has 172.16.0.6 tell 172.16.0.27, length 28
16:16:53.285253 50:3e:aa:8b:33:5a > 52:54:00:c4:87:9e, ethertype ARP (0x0806), length 60: Reply 172.16.0.6 is-at 50:3e:aa:8b:33:5a, length 46
16:17:06.549448 52:54:00:c4:87:9e > 50:3e:aa:8b:33:5a, ethertype IPv4 (0x0800), length 98: 172.16.0.27 > 172.16.0.6: ICMP echo request, id 5792, seq 1, length 64
16:17:07.555578 52:54:00:c4:87:9e > 50:3e:aa:8b:33:5a, ethertype IPv4 (0x0800), length 98: 172.16.0.27 > 172.16.0.6: ICMP echo request, id 5792, seq 2, length 64

Any ideas or pointers to read-up on (as I've just started with networking) would be more than welcome.

Answer 1

The bridge is just a bridge, you're extending the broadcast domain, i.e. you don't have to care about routing (unless you want something like masquerading).

If I got your setup correctly, then you assigned an IP to pr0 and another IP to prbridge.

What you would usually do is just assign the IP to prbridge. Remove the IP from the host interface. Then remove the host route (172.16.0.27/32) from your routing table and you should be good to go.