kc0010:~ # xm list Name ID Mem VCPUs State Time(s) Domain-0 0 4525 4 r----- 154.3 kc3040 3 750 1 -b---- 14.6 kc3041 2 750 1 -b---- 14.3 kc3072 4 1000 1 -b---- 14.7 kc3075 1 1000 2 -b---- 18.8 kc0010:~ # brctl show bridge name bridge id STP enabled interfaces br0 8000.001321b03bfc no eth0 vif1.0 vif2.0 vif3.0 br1 8000.ea686e944411 no dummy0 vif3.1 vif4.0 br2 8000.c65d269fb072 no dummy1 vif2.1 vif4.1 br3 8000.c639c8a6da4f no dummy2 vif1.1 vif2.2 vif3.2 vif4.2 kc3072:~ # netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 172.16.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo ============================================================================ kc3075:~ # ping -c2 fwext PING kc3040.kc.mindef.nl (192.168.0.235) 56(84) bytes of data. 64 bytes from kc3040.kc.mindef.nl (192.168.0.235): icmp_seq=1 ttl=64 time=0.365 ms 64 bytes from kc3040.kc.mindef.nl (192.168.0.235): icmp_seq=2 ttl=64 time=0.213 ms --- kc3040.kc.mindef.nl ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.213/0.289/0.365/0.076 ms kc3075:~ # kc3075:~ # ping -c2 vpn PING kc3072.kc.mindef.nl (192.168.0.236) 56(84) bytes of data. 64 bytes from kc3072.kc.mindef.nl (192.168.0.236): icmp_seq=1 ttl=64 time=0.444 ms 64 bytes from kc3072.kc.mindef.nl (192.168.0.236): icmp_seq=2 ttl=64 time=0.270 ms --- kc3072.kc.mindef.nl ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1003ms rtt min/avg/max/mdev = 0.270/0.357/0.444/0.087 ms kc3075:~ # kc3075:~ # ping -c2 fwint PING kc3041.kc.mindef.nl (192.168.0.237) 56(84) bytes of data. 64 bytes from kc3041.kc.mindef.nl (192.168.0.237): icmp_seq=1 ttl=64 time=0.468 ms 64 bytes from kc3041.kc.mindef.nl (192.168.0.237): icmp_seq=2 ttl=64 time=0.275 ms --- kc3041.kc.mindef.nl ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1003ms rtt min/avg/max/mdev = 0.275/0.371/0.468/0.098 ms kc3075:~ # kc0010:~ # tcpdump -i br3 not port 22 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on br3, link-type EN10MB (Ethernet), capture size 96 bytes 12:39:30.587644 IP 192.168.0.233 > 192.168.0.235: ICMP echo request, id 30989, seq 1, length 64 12:39:30.588879 IP 192.168.0.235 > 192.168.0.233: ICMP echo reply, id 30989, seq 1, length 64 12:39:31.591886 IP 192.168.0.233 > 192.168.0.235: ICMP echo request, id 30989, seq 2, length 64 12:39:31.592045 IP 192.168.0.235 > 192.168.0.233: ICMP echo reply, id 30989, seq 2, length 64 12:39:35.589930 arp who-has 192.168.0.233 tell 192.168.0.235 12:39:35.590103 arp reply 192.168.0.233 is-at 00:16:3e:30:75:01 (oui Unknown) 12:39:35.835579 IP 192.168.0.233 > 192.168.0.236: ICMP echo request, id 31245, seq 1, length 64 12:39:35.836132 IP 192.168.0.236 > 192.168.0.233: ICMP echo reply, id 31245, seq 1, length 64 12:39:36.835934 IP 192.168.0.233 > 192.168.0.236: ICMP echo request, id 31245, seq 2, length 64 12:39:36.836224 IP 192.168.0.236 > 192.168.0.233: ICMP echo reply, id 31245, seq 2, length 64 12:39:40.331613 IP 192.168.0.233 > 192.168.0.237: ICMP echo request, id 31501, seq 1, length 64 12:39:40.332136 IP 192.168.0.237 > 192.168.0.233: ICMP echo reply, id 31501, seq 1, length 64 12:39:40.836861 arp who-has 192.168.0.233 tell 192.168.0.236 12:39:40.837015 arp reply 192.168.0.233 is-at 00:16:3e:30:75:01 (oui Unknown) 12:39:41.331909 IP 192.168.0.233 > 192.168.0.237: ICMP echo request, id 31501, seq 2, length 64 12:39:41.332115 IP 192.168.0.237 > 192.168.0.233: ICMP echo reply, id 31501, seq 2, length 64 12:39:45.340449 arp who-has 192.168.0.233 tell 192.168.0.237 12:39:45.340650 arp reply 192.168.0.233 is-at 00:16:3e:30:75:01 (oui Unknown) ============================================================================ kc3040:~ # ping vpn -c2 PING vpn (192.168.100.2) 56(84) bytes of data. 64 bytes from vpn (192.168.100.2): icmp_req=1 ttl=64 time=0.398 ms 64 bytes from vpn (192.168.100.2): icmp_req=2 ttl=64 time=0.358 ms --- vpn ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.358/0.378/0.398/0.020 ms kc0010:~ # tcpdump -i br1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on br1, link-type EN10MB (Ethernet), capture size 96 bytes 12:20:19.940868 arp who-has 192.168.100.1 tell 192.168.100.2 12:20:19.941024 arp reply 192.168.100.1 is-at 00:16:3e:30:40:01 (oui Unknown) 12:21:07.677547 IP 192.168.100.1 > 192.168.100.2: ICMP echo request, id 2439, seq 1, length 64 12:21:07.677801 IP 192.168.100.2 > 192.168.100.1: ICMP echo reply, id 2439, seq 1, length 64 12:21:08.677945 IP 192.168.100.1 > 192.168.100.2: ICMP echo request, id 2439, seq 2, length 64 12:21:08.678170 IP 192.168.100.2 > 192.168.100.1: ICMP echo reply, id 2439, seq 2, length 64 12:21:12.676862 arp who-has 192.168.100.1 tell 192.168.100.2 12:21:12.677026 arp reply 192.168.100.1 is-at 00:16:3e:30:40:01 (oui Unknown) ============================================================================ kc3072:~ # ping fwext -c2 PING fwext.br1 (192.168.100.1) 56(84) bytes of data. 64 bytes from fwext.br1 (192.168.100.1): icmp_seq=1 ttl=64 time=0.265 ms 64 bytes from fwext.br1 (192.168.100.1): icmp_seq=2 ttl=64 time=0.334 ms --- fwext.br1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.265/0.299/0.334/0.038 ms kc0010:~ # tcpdump -i br1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on br1, link-type EN10MB (Ethernet), capture size 96 bytes 12:25:33.141908 arp who-has 192.168.100.2 tell 192.168.100.1 12:25:33.142065 arp reply 192.168.100.2 is-at 00:16:3e:30:72:01 (oui Unknown) 12:25:34.936489 IP 192.168.100.2 > 192.168.100.1: ICMP echo request, id 60940, seq 1, length 64 12:25:34.936660 IP 192.168.100.1 > 192.168.100.2: ICMP echo reply, id 60940, seq 1, length 64 12:25:35.935512 IP 192.168.100.2 > 192.168.100.1: ICMP echo request, id 60940, seq 2, length 64 12:25:35.935700 IP 192.168.100.1 > 192.168.100.2: ICMP echo reply, id 60940, seq 2, length 64 ============================================================================ kc3041:~ # ping vpn -c2 PING vpn (172.16.100.1) 56(84) bytes of data. From 172.25.204.41 icmp_seq=1 Destination Host Unreachable From 172.25.204.41 icmp_seq=2 Destination Host Unreachable --- vpn ping statistics --- 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 33035ms kc0010:~ # tcpdump -i br2 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on br2, link-type EN10MB (Ethernet), capture size 96 bytes ============================================================================ kc3072:~ # ping -c2 fwint PING fwint.br2 (172.16.100.2) 56(84) bytes of data. From kc3072.br2 (172.16.100.1): icmp_seq=1 Destination Host Unreachable From kc3072.br2 (172.16.100.1) icmp_seq=1 Destination Host Unreachable From kc3072.br2 (172.16.100.1) icmp_seq=2 Destination Host Unreachable --- fwint.br2 ping statistics --- 2 packets transmitted, 0 received, +3 errors, 100% packet loss, time 1000ms , pipe 2 kc0010:~ # tcpdump -i br2 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on br2, link-type EN10MB (Ethernet), capture size 96 bytes 12:30:00.036840 arp who-has 172.16.100.2 tell 172.16.100.1 12:30:01.036864 arp who-has 172.16.100.2 tell 172.16.100.1 12:30:02.036862 arp who-has 172.16.100.2 tell 172.16.100.1 12:30:58.000910 arp who-has 172.16.100.2 tell 172.16.100.1 12:30:59.000855 arp who-has 172.16.100.2 tell 172.16.100.1 12:31:00.000868 arp who-has 172.16.100.2 tell 172.16.100.1 12:31:14.576873 arp who-has 172.16.100.2 tell 172.16.100.1 12:31:15.576874 arp who-has 172.16.100.2 tell 172.16.100.1 12:31:16.576867 arp who-has 172.16.100.2 tell 172.16.100.1 ============================================================================