hi, i'm using debian-6.0.4-amd64-stand w/o any modifications as my guest's image. there is no chance that guest vm will change its mac address. it's has been a long time since i reported this bug. the system's environment on this server has changed significantly and couldn't reproduce the bug on it. but i succeeded to reproduce this bug on my personal server w/ both debian-6.0.4 and cirros guest images. stanzgy % uname -a Linux stanzgy-netease 3.6.8-1-ARCH #1 SMP PREEMPT Mon Nov 26 22:10:40 CET 2012 x86_64 GNU/Linux stanzgy % qemu-kvm --version QEMU emulator version 1.2.0 (qemu-kvm-1.2.0), Copyright (c) 2003-2008 Fabrice Bellard stanzgy % libvirtd --version libvirtd (libvirt) 1.0.0 stanzgy % dnsmasq --version Dnsmasq version 2.63rc6 Copyright (c) 2000-2012 Simon Kelley Compile time options: IPv6 GNU-getopt DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack (in guest vm) root # dhclient -v -4 -1 eth0 Internet Systems Consortium DHCP Client 4.1.1-P1 Copyright 2004-2010 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Listening on LPF/eth0/fa:16:3e:5a:cf:47 Sending on LPF/eth0/fa:16:3e:5a:cf:47 Sending on Socket/fallback DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8 DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 9 DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 9 DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 20 DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 15 5 bad udp checksums in 5 packets No DHCPOFFERS received. Unable to obtain a lease on first try. Exiting. stanzgy % sudo tcpdump -ni br100 udp port 67 or udp port 68 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on br100, link-type EN10MB (Ethernet), capture size 65535 bytes 17:22:53.501451 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from fa:16:3e:5a:cf:47, length 300 17:22:53.501633 IP 10.0.0.1.67 > 10.0.1.13.68: BOOTP/DHCP, Reply, length 309 17:23:01.507726 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from fa:16:3e:5a:cf:47, length 300 17:23:01.507874 IP 10.0.0.1.67 > 10.0.1.13.68: BOOTP/DHCP, Reply, length 309 17:23:10.508736 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from fa:16:3e:5a:cf:47, length 300 17:23:10.508909 IP 10.0.0.1.67 > 10.0.1.13.68: BOOTP/DHCP, Reply, length 309 17:23:19.508799 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from fa:16:3e:5a:cf:47, length 300 17:23:19.508963 IP 10.0.0.1.67 > 10.0.1.13.68: BOOTP/DHCP, Reply, length 309 17:23:39.519797 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from fa:16:3e:5a:cf:47, length 300 17:23:39.519947 IP 10.0.0.1.67 > 10.0.1.13.68: BOOTP/DHCP, Reply, length 309 10 packets captured 10 packets received by filter 0 packets dropped by kernel it looked like sth got broken with udp checksum. after a search i found explanation about this bug here: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization_Host_Configuration_and_Guest_Installation_Guide/ch11s02.html the temporarily workaround is to manually add an iptable rule stanzgy % sudo iptables -t mangle -A POSTROUTING -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill then dhcp works good again (in guest vm) root # dhclient -v -4 -1 eth0 Internet Systems Consortium DHCP Client 4.1.1-P1 Copyright 2004-2010 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Listening on LPF/eth0/fa:16:3e:5a:cf:47 Sending on LPF/eth0/fa:16:3e:5a:cf:47 Sending on Socket/fallback DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5 DHCPOFFER from 10.0.0.1 DHCPREQUEST on eth0 to 255.255.255.255 port 67 DHCPACK from 10.0.0.1 bound to 10.0.1.13 -- renewal in 48 seconds. stanzgy % sudo tcpdump -ni br100 udp port 67 or udp port 68 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on br100, link-type EN10MB (Ethernet), capture size 65535 bytes 17:26:18.502548 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from fa:16:3e:5a:cf:47, length 300 17:26:18.502731 IP 10.0.0.1.67 > 10.0.1.13.68: BOOTP/DHCP, Reply, length 309 17:26:18.502965 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from fa:16:3e:5a:cf:47, length 300 17:26:18.521110 IP 10.0.0.1.67 > 10.0.1.13.68: BOOTP/DHCP, Reply, length 309 4 packets captured 4 packets received by filter 0 packets dropped by kernel