Google Cloud VPC: Is there any restriction on N-S traffic and ARP requests from alias IP?

Question

Platform: Google Cloud VPC

Scenario: We are trying to integrate our cloud infra solution within GCP instances using nested virtulization. The solution includes a SDN component which performs both L2 and L3 within the VM (GCP instance). We are using alias IPs assigned to NIC for allocating IPs to the virtual SDN components like virtual router, virtual switch. So the traffic generating from these components will be having source IP address as one of the IP from alias IP range and custom MAC address( which is virtually generated by the virtual router within the VM)

Concern: The N-S traffic generating from these alias IP addresses are not passing through the GCP VCP. Also we could see that the ARP requests send from these virtual routers to resolve the MAC address of VPC subnet's gateway are also getting dropped.

So, is there any restriction on the packets generated from the alias IPs for the N-S traffic as well as for ARP requests?

Thanks and Regards,

Answer 1

VPC Networks do not recognize custom MAC addresses. MAC addresses are generated based on the instance's internal IP. The VPC network, using Proxy ARP, responds with the default MAC address of the destination instance. Also, Alias IPs are just secondary IPs which would be associated with the same vNIC and they should not have their own MACs. There are third party tools you can use to create "fake" MACs inside a VM but traffic generated from these MACs won't exist outside the VM and won't be passed by Google network. That being said, you can still configure a nested VM to be accessible from outside the host VM by following this documentation.