Linux virtual bridge not transparent

Question

I'm attempting to set up the Openstack tutorial demo using libvirt VMs on my desktop but I'm having some problems with the virtual bridge on the host desktop.

While debugging this, I noticed that the bridge (IP 10.0.0.1) is no longer transparent for pings that fail, and the ping response packet goes back to the bridge rather than the source VM. The following is a tcpdump on the host, with a ping from VM1 going to VM2

sudo tcpdump -nnvXSs 0 -i any icmp

tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes

21:06:41.928040 IP (tos 0x0, ttl 64, id 24879, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.0.31 > 10.0.1.21: ICMP echo request, id 1194, seq 1, length 64
    0x0000:  4500 0054 612f 4000 4001 c446 0a00 001f  E..Ta/@.@..F....
    0x0010:  0a00 0115 0800 276d 04aa 0001 d1d0 e753  ......'m.......S
    0x0020:  0000 0000 49f0 0a00 0000 0000 1011 1213  ....I...........
    0x0030:  1415 1617 1819 1a1b 1c1d 1e1f 2021 2223  .............!"#
    0x0040:  2425 2627 2829 2a2b 2c2d 2e2f 3031 3233  $%&'()*+,-./0123
    0x0050:  3435 3637                                4567
21:06:41.928075 IP (tos 0x0, ttl 64, id 24879, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.0.1 > 10.0.1.21: ICMP echo request, id 1194, seq 1, length 64
    0x0000:  4500 0054 612f 4000 4001 c464 0a00 0001  E..Ta/@.@..d....
    0x0010:  0a00 0115 0800 276d 04aa 0001 d1d0 e753  ......'m.......S
    0x0020:  0000 0000 49f0 0a00 0000 0000 1011 1213  ....I...........
    0x0030:  1415 1617 1819 1a1b 1c1d 1e1f 2021 2223  .............!"#
    0x0040:  2425 2627 2829 2a2b 2c2d 2e2f 3031 3233  $%&'()*+,-./0123
    0x0050:  3435 3637                                4567
21:06:41.928205 IP (tos 0x0, ttl 64, id 11556, offset 0, flags [none], proto ICMP (1), length 84)
    10.0.1.21 > 10.0.0.1: ICMP echo reply, id 1194, seq 1, length 64
    0x0000:  4500 0054 2d24 0000 4001 3870 0a00 0115  E..T-$..@.8p....
    0x0010:  0a00 0001 0000 2f6d 04aa 0001 d1d0 e753  ....../m.......S
    0x0020:  0000 0000 49f0 0a00 0000 0000 1011 1213  ....I...........
    0x0030:  1415 1617 1819 1a1b 1c1d 1e1f 2021 2223  .............!"#
    0x0040:  2425 2627 2829 2a2b 2c2d 2e2f 3031 3233  $%&'()*+,-./0123
    0x0050:  3435 3637                                4567

For pings that succeed, the bridge IP doesn't appear in tcpdump output:

sudo tcpdump -nnvXSs 0 -i any icmp
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes



21:08:08.036689 IP (tos 0x0, ttl 64, id 64179, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.0.31 > 10.0.0.21: ICMP echo request, id 1195, seq 1, length 64
    0x0000:  4500 0054 fab3 4000 4001 2bc2 0a00 001f  E..T..@.@.+.....
    0x0010:  0a00 0015 0800 0cc3 04ab 0001 27d1 e753  ............'..S
    0x0020:  0000 0000 0c99 0c00 0000 0000 1011 1213  ................
    0x0030:  1415 1617 1819 1a1b 1c1d 1e1f 2021 2223  .............!"#
    0x0040:  2425 2627 2829 2a2b 2c2d 2e2f 3031 3233  $%&'()*+,-./0123
    0x0050:  3435 3637                                4567
21:08:08.036714 IP (tos 0x0, ttl 64, id 64179, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.0.31 > 10.0.0.21: ICMP echo request, id 1195, seq 1, length 64
    0x0000:  4500 0054 fab3 4000 4001 2bc2 0a00 001f  E..T..@.@.+.....
    0x0010:  0a00 0015 0800 0cc3 04ab 0001 27d1 e753  ............'..S
    0x0020:  0000 0000 0c99 0c00 0000 0000 1011 1213  ................
    0x0030:  1415 1617 1819 1a1b 1c1d 1e1f 2021 2223  .............!"#
    0x0040:  2425 2627 2829 2a2b 2c2d 2e2f 3031 3233  $%&'()*+,-./0123
    0x0050:  3435 3637                                4567
21:08:08.036855 IP (tos 0x0, ttl 64, id 13850, offset 0, flags [none], proto ICMP (1), length 84)
    10.0.0.21 > 10.0.0.31: ICMP echo reply, id 1195, seq 1, length 64
    0x0000:  4500 0054 361a 0000 4001 305c 0a00 0015  E..T6...@.0\....
    0x0010:  0a00 001f 0000 14c3 04ab 0001 27d1 e753  ............'..S
    0x0020:  0000 0000 0c99 0c00 0000 0000 1011 1213  ................
    0x0030:  1415 1617 1819 1a1b 1c1d 1e1f 2021 2223  .............!"#
    0x0040:  2425 2627 2829 2a2b 2c2d 2e2f 3031 3233  $%&'()*+,-./0123
    0x0050:  3435 3637                                4567
21:08:08.036873 IP (tos 0x0, ttl 64, id 13850, offset 0, flags [none], proto ICMP (1), length 84)
    10.0.0.21 > 10.0.0.31: ICMP echo reply, id 1195, seq 1, length 64
    0x0000:  4500 0054 361a 0000 4001 305c 0a00 0015  E..T6...@.0\....
    0x0010:  0a00 001f 0000 14c3 04ab 0001 27d1 e753  ............'..S
    0x0020:  0000 0000 0c99 0c00 0000 0000 1011 1213  ................
    0x0030:  1415 1617 1819 1a1b 1c1d 1e1f 2021 2223  .............!"#
    0x0040:  2425 2627 2829 2a2b 2c2d 2e2f 3031 3233  $%&'()*+,-./0123
    0x0050:  3435 3637                                4567

Why would the bridge's IP show up in the tcpdump like that? I've tried changing the mac address of the bridge to be higher or lower that each of the hosted virtual NICs but this doesn't make any difference. Additionally, even for pings that succeed, each packet is duplicated - why might that be?

Answer 1

I eventually solved this by changing the bridge interface netmask to be 255.255.0.0 instead of 255.255.255.0

The additional point about tcpdump - I was seeing the same packets more than once because the -i any switch was showing the same packet hitting different interfaces.