Hi, I'm using libvirt and qemu on Debian Wheezy. I'm having a strange behavior. Guests can't connect to each other when they're on the same host. On the host I'm using bonding (in active / backup mode) and vlan. It looks like this : eth0 \ / macvtap0 bond0 --- vlan222 eth1 / \ macvtap1 So I've got two guests, let's say A and B. When I try to ping B from A, it works : # ping -s 3000 -c 5 78.109.95.11 PING 78.109.95.11 (78.109.95.11) 3000(3028) bytes of data. 3008 bytes from 78.109.95.11: icmp_req=1 ttl=64 time=0.065 ms 3008 bytes from 78.109.95.11: icmp_req=2 ttl=64 time=2.19 ms 3008 bytes from 78.109.95.11: icmp_req=3 ttl=64 time=1.43 ms --- 78.109.95.11 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4001ms rtt min/avg/max/mdev = 0.065/0.960/2.197/0.760 ms But nothing happens when I try to ssh it (not even a timeout). You'll find enclosed the tcpdump captures on the source and the destination. It's the same when I use netcat in udp. At the same time, connection from the host to one guest is working perfectly. There is no iptables rule on the host, and nothing too on the guests. Here are the virsh dumpxml of the different components : # virsh dumpxml vm1 <domain type='kvm' id='11'> <name>vm1</name> <uuid>4eaaed00-c610-b468-ad55-600a0b4e244c</uuid> <memory>2048000</memory> <currentMemory>2048000</currentMemory> <memoryBacking> <hugepages/> </memoryBacking> <vcpu cpuset='0,2,4,8,10,12,14'>8</vcpu> <cputune> <vcpupin vcpu='0' cpuset='0,8'/> <vcpupin vcpu='1' cpuset='2,10'/> <vcpupin vcpu='2' cpuset='4,12'/> <vcpupin vcpu='3' cpuset='6,14'/> <vcpupin vcpu='4' cpuset='0,8'/> <vcpupin vcpu='5' cpuset='2,10'/> <vcpupin vcpu='6' cpuset='4,12'/> <vcpupin vcpu='7' cpuset='6,14'/> </cputune> <os> <type arch='x86_64' machine='pc-1.0'>hvm</type> <boot dev='hd'/> <boot dev='network'/> </os> <features> <acpi/> <apic/> </features> <cpu match='exact'> <model>Westmere</model> <vendor>Intel</vendor> <topology sockets='1' cores='8' threads='1'/> <feature policy='require' name='tm2'/> <feature policy='require' name='est'/> <feature policy='require' name='vmx'/> <feature policy='require' name='ds'/> <feature policy='require' name='smx'/> <feature policy='require' name='ss'/> <feature policy='require' name='vme'/> <feature policy='require' name='dtes64'/> <feature policy='require' name='rdtscp'/> <feature policy='require' name='ht'/> <feature policy='require' name='dca'/> <feature policy='require' name='pbe'/> <feature policy='require' name='tm'/> <feature policy='require' name='pdcm'/> <feature policy='require' name='pdpe1gb'/> <feature policy='require' name='ds_cpl'/> <feature policy='require' name='pclmuldq'/> <feature policy='require' name='xtpr'/> <feature policy='require' name='acpi'/> <feature policy='require' name='monitor'/> </cpu> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>destroy</on_crash> <devices> <emulator>/usr/bin/kvm</emulator> <disk type='block' device='disk'> <driver name='qemu' type='raw' cache='none' io='native'/> <source dev='/dev/vps/vm1'/> <target dev='vda' bus='virtio'/> <alias name='virtio-disk0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> </disk> <interface type='network'> <mac address='52:54:00:0e:58:ae'/> <source network='vlan222'/> <target dev='macvtap0'/> <model type='virtio'/> <alias name='net0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> <serial type='pty'> <source path='/dev/pts/0'/> <target port='0'/> <alias name='serial0'/> </serial> <console type='pty' tty='/dev/pts/0'> <source path='/dev/pts/0'/> <target type='serial' port='0'/> <alias name='serial0'/> </console> <input type='mouse' bus='ps2'/> <graphics type='vnc' port='5900' autoport='yes' listen='0.0.0.0' keymap='fr'> <listen type='address' address='0.0.0.0'/> </graphics> <video> <model type='vga' vram='9216' heads='1'/> <alias name='video0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> </video> <memballoon model='virtio'> <alias name='balloon0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> </memballoon> </devices> </domain> # virsh dumpxml vm2 <domain type='kvm' id='13'> <name>vm2</name> <uuid>4f760831-22b1-ff3b-26e7-6b3fec49e918</uuid> <memory>2048000</memory> <currentMemory>2048000</currentMemory> <memoryBacking> <hugepages/> </memoryBacking> <vcpu cpuset='1,3,5,7,9,11,13,15'>8</vcpu> <cputune> <vcpupin vcpu='0' cpuset='1,3,5,7,9,11,13,15'/> <vcpupin vcpu='1' cpuset='1,3,5,7,9,11,13,15'/> <vcpupin vcpu='2' cpuset='1,3,5,7,9,11,13,15'/> <vcpupin vcpu='3' cpuset='1,3,5,7,9,11,13,15'/> <vcpupin vcpu='4' cpuset='1,3,5,7,9,11,13,15'/> <vcpupin vcpu='5' cpuset='1,3,5,7,9,11,13,15'/> <vcpupin vcpu='6' cpuset='1,3,5,7,9,11,13,15'/> <vcpupin vcpu='7' cpuset='1,3,5,7,9,11,13,15'/> </cputune> <os> <type arch='x86_64' machine='pc-1.0'>hvm</type> <boot dev='hd'/> <boot dev='network'/> </os> <features> <acpi/> <apic/> </features> <cpu match='exact'> <model>Westmere</model> <vendor>Intel</vendor> <topology sockets='1' cores='4' threads='2'/> <feature policy='require' name='tm2'/> <feature policy='require' name='est'/> <feature policy='require' name='vmx'/> <feature policy='require' name='ds'/> <feature policy='require' name='smx'/> <feature policy='require' name='ss'/> <feature policy='require' name='vme'/> <feature policy='require' name='dtes64'/> <feature policy='require' name='rdtscp'/> <feature policy='require' name='ht'/> <feature policy='require' name='dca'/> <feature policy='require' name='pbe'/> <feature policy='require' name='tm'/> <feature policy='require' name='pdcm'/> <feature policy='require' name='pdpe1gb'/> <feature policy='require' name='ds_cpl'/> <feature policy='require' name='pclmuldq'/> <feature policy='require' name='xtpr'/> <feature policy='require' name='acpi'/> <feature policy='require' name='monitor'/> </cpu> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>destroy</on_crash> <devices> <emulator>/usr/bin/kvm</emulator> <disk type='block' device='disk'> <driver name='qemu' type='raw' cache='none' io='native'/> <source dev='/dev/vps/vm2'/> <target dev='vda' bus='virtio'/> <alias name='virtio-disk0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> </disk> <interface type='network'> <mac address='52:54:00:cb:ce:41'/> <source network='vlan222'/> <target dev='macvtap1'/> <model type='virtio'/> <alias name='net0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> <serial type='pty'> <source path='/dev/pts/1'/> <target port='0'/> <alias name='serial0'/> </serial> <console type='pty' tty='/dev/pts/1'> <source path='/dev/pts/1'/> <target type='serial' port='0'/> <alias name='serial0'/> </console> <input type='mouse' bus='ps2'/> <graphics type='vnc' port='5901' autoport='yes' listen='0.0.0.0' keymap='fr'> <listen type='address' address='0.0.0.0'/> </graphics> <video> <model type='vga' vram='9216' heads='1'/> <alias name='video0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> </video> <memballoon model='virtio'> <alias name='balloon0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> </memballoon> </devices> </domain> # virsh net-dumpxml vlan222 <network> <name>vlan222</name> <uuid>2b763b5c-4ec1-9b5f-b29d-b7a7ea0f743d</uuid> <forward dev='vlan222' mode='bridge'> <interface dev='vlan222'/> </forward> </network> Thanks in advance to help me understand this issue.