I've a very strange networking problem with KVM (tried kvm-75/kvm-77 and gentoo-sources 2.6.25-r7/2.6.27-r1 - host and guest running same kernel version - paravirt. disabled/enabled, tried both). It's a HP 380G5 server with two ethernet ports (Broadcom Corporation NetXtreme II BCM5708 rev12 - onboard) and two ports Intel 82571EB Gigabit Ethernet Controller rev 06 (dual port card). I've configured a bridge br0 on eth0 (Broadcom) and a bridge br1 on eth2 (Intel). br0/eth0 is connected to a Cisco Switch 2950 port which is in VLAN 104 (network 172.18.104.0/22). br1 is connected to the same switch but this switch port is in VLAN 96 (which is network 172.18.96.0/21).

Both bridges working fine if I configure a IP address on br0 (e.g 172.18.105.20) and br1 (e.g. 172.18.96.10). Now I'm adding a tap device (call it tap.br0) to bridge br0 with brctl. I'm also adding a additional tap device tap.br1 and add this one to bridge br1. Now I'm starting KVM e.g with the following options (also tried -net nic,model=virtio):

/usr/bin/kvm
-m 1024
-smp 4
-curses
-daemonize
-k us
-vnc 127.0.0.1:1
-hda /opt/kvm/kvmimages/kvm.qcow2
-net nic,model=e1000,macaddr=98:84:44:78:12:e0
-net tap,ifname=tap.br0,script=no

Now KVM has a network device eth0 which works as expected. I can do everything network related I want in the KVM. Everything happens in VLAN 104. Very fine. But I need a second card in the KVM because I need access to VLAN 96. So I stop KVM. Now I'm using the same options as mentioned above but I'm adding the following two lines and start KVM again:

-net nic,model=e1000,macaddr=98:84:44:78:12:e2 \
-net tap,ifname=tap.br1,script=no

And now the problem start. The switch (Cisco 2950) shows the following message:

10:03:47: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet0/36 (96), with sw02 GigabitEthernet0/39 (104).

If I'm using model=virtio the message comes up shortly after KVM starts. If I'm using model=e1000 the message comes up when the e1000 driver is loaded.

This message appears more often within the next few hours until the switch is going totally mad (kinda DoS). The strange thing is that I can ping members (IP addresses) of VLAN 104 and 96 from inside the KVM. From the KVM point of view everything is working as it should but the switch is complaining. There're no messages in dmesg, /var/log/messages or somewhere else. There must be some problem with the bridges inside the KVM. It seems that the KVM is mixing something together which doesn't belong together.

If I can't get this working we have to drop KVM and go with VMWare ESXi on all our servers. But I really don't want that! I really love KVM but with the errors mentioned above this is a killer showstopper. If anyone has an idea what's going on here please let me know.

Many thanks!
Robert