CentOS - Sep 2012 - Basic KVM networking question

A CentOS 6.3 box ("host") runs several KVM virtual machines, each of
which
has two interfaces attached to the two bridges br1 and br2 (and each thus 
has two IP's; one on 192.168.0.0/22 and one on 192.168.4.0/22); 
net.ipv4.ip_forward on the host is 1. Simplified diagram:

                                host
                          +---------------+
                          |               |
   net1 = 192.168.0.0/22  |               |          net2 = 192.168.4.0/22
   -----------------------+  br1      br2 +---------------------------------
           |              |               |                |
           |              |               |                |
       Client A           +---------------+            Client B
                        (hosts KVM1, KVM2, etc)

Each client uses the bridge's IP address on the same side as default 
gateway. Client A can successfully ping or ssh (for example) to a KVM 
machine by IP address by using the KVM machine's net1 IP address. Client B 
can likewise communicate using the KVM machine's net2 IP address. However, 
neither client can communicate by using the address on the opposing 
segment (eg, Client A using KVM1_net2_IP); I can see from tcpdump that the 
packets are received by the virtual machine but no reply is ever made. Any 
clue?

Steve

On Mon, Sep 10, 2012 at 11:34 AM, Steve Thompson <smt at vgersoft.com>
wrote:
>
> A CentOS 6.3 box ("host") runs several KVM virtual machines, each
of which
> has two interfaces attached to the two bridges br1 and br2 (and each thus
> has two IP's; one on 192.168.0.0/22 and one on 192.168.4.0/22);
> net.ipv4.ip_forward on the host is 1. Simplified diagram:
>
>                                 host
>                           +---------------+
>                           |               |
>    net1 = 192.168.0.0/22  |               |          net2 = 192.168.4.0/22
>    -----------------------+  br1      br2
+---------------------------------
>            |              |               |                |
>            |              |               |                |
>        Client A           +---------------+            Client B
>                         (hosts KVM1, KVM2, etc)
>
> Each client uses the bridge's IP address on the same side as default
> gateway. Client A can successfully ping or ssh (for example) to a KVM
> machine by IP address by using the KVM machine's net1 IP address.
Client B
> can likewise communicate using the KVM machine's net2 IP address.
However,
> neither client can communicate by using the address on the opposing
> segment (eg, Client A using KVM1_net2_IP); I can see from tcpdump that the
> packets are received by the virtual machine but no reply is ever made. Any
> clue?
Routing problem?  What are the response to each of the commands below on
all five systems: host, Client A and B, KVM1 and 2:

# ip addr show
# ip route show

-- 
Dale Dellutri

On Mon, Sep 10, 2012 at 11:34 AM, Steve Thompson <smt at vgersoft.com>
wrote:
>
>
> Each client uses the bridge's IP address on the same side as default
> gateway.
What does that mean?   A bridge shouldn't have an address and a
gateway needs to be the IP of something capable of routing.

-- 
   Les Mikesell
     lesmikesell at gmail.com