[Devel] Re: [Announce] New vzctl and devel kernel releases; OpenVZ wiki
Kirill Korotaev
dev at openvz.org
Wed Jun 7 09:17:39 PDT 2006
>> * Support for veth device.
>
>
> Can you provide details as to how the veth device is different from
> venet0 ?
unlike venet, veth is ethernet like adapter with MAC address.
due to this, it can be used in configurations, when veth is bridged to
ethX or other device and VPS user fully setups his networking himself,
including IPs, gateways etc.
List of differences:
- veth allows broadcasts in VPS, so you can use even dhcp server
inside VPS or samba server with domain broadcasts or other such stuff.
- veth has some security implications, so is not recommended in
untrusted environments like HSP. This is due to broadcasts,
traffic sniffing, possible IP collisions etc. i.e. VPS user can
actually ruin your ethernet network with such direct access to
ethernet layer.
- with venet device, only node administrator can assign IP to VPS.
With veth device, network settings can be fully done on VPS side.
VPS should setup correct GW, IP/mask etc and node admin then can
only choose where your traffic goes.
- veth devices can be bridged together and/or with other devices.
For example, in host system admin can bridge veth from 2 VPSs with
some VLAN eth0.X. In this case, these 2 VPSs will be connected to
this VLAN.
- venet device is a bit faster and more efficient.
- with veth devices IPv6 auto generates an address from MAC.
The brief summary:
veth venet
MAC address + -
broadcasts inside VPS + -
traffic sniffing + -
network security low hi
(due to broadcasts,
sniffing and possible IP
collisions etc.)
can be used in bridges + -
performance fast fastest
Usage scenarios will be added here soon:
http://wiki.openvz.org/Virtual_Ethernet_device
Thanks,
Kirill
More information about the Devel
mailing list