This is the desired scenario:
Internet -> ISP Router -> Router VM 1 -> DDoS Scrubbing VM -> Router VM 2 -> Target VM and vice versa.
The current problem really is that requests FROM the "Target VM" arrive at vmbr0 and go out to the nexthop, but
any answer packet is going nowhere because there is no way for the ISP router to find a route via "Router VM 1".
Is it possible to implement this scenario without the ISP changing any routing?
Internet -> ISP Router -> Router VM 1 -> DDoS Scrubbing VM -> Router VM 2 -> Target VM and vice versa.
The current problem really is that requests FROM the "Target VM" arrive at vmbr0 and go out to the nexthop, but
any answer packet is going nowhere because there is no way for the ISP router to find a route via "Router VM 1".
Is it possible to implement this scenario without the ISP changing any routing?