OpenVZ Virtuozzo Containers Wiki - User contributions [en]

Virtual network device

2011-02-10T07:58:11Z

Cgb:

Virtual network device (<code>venet</code>) is the default network device for a [[container]]. Due to [[w:Network_Layer|Layer 3]] employed by OpenVZ's venet, this network device looks like a point-to-point connection between [[container]] and the [[CT0|host system]]. It does packet switching based on IP header. This is a default network device for container (an alternative is [[veth]] device).

Venet drop ip-packets '''from''' the container with a source address, and '''in''' the container with the destination address, which is not corresponding to an ip-address of the container.

Venet device is created automatically on [[container]] start. Vzctl scripts set up an appropriate IP address and other settings on venet inside a container.

== Usage ==

== Kernel module ==
First of all, check that <code>vznetdev</code> module is loaded:
<pre>
# lsmod | grep vznetdev
</pre>

If it is not, load the module:
<pre>
# modprobe vznetdev
</pre>

You might want to check /etc/init.d/vz script to make sure the module gets loaded during startup.

=== Adding IP address to a container ===
<pre>
vzctl set <CTID> --ipadd <IP1>[,<IP2>,...] [--save]
</pre>

{{Note|This option is incremental, so IP addresses are added to already existing ones.}}

==== Example ====
<pre>
vzctl set 101 --ipadd 10.0.0.1 --save
vzctl set 101 --ipadd fd00::101 --save
</pre>
After executing this command IP address 10.0.0.1 will be added to container 101 and IP configuration will be saved to a container configuration file.

=== Removing IP address from a container ===
<pre>
vzctl set <CTID> --ipdel <IP1>[,<IP2>,...] [--save]
vzctl set <CTID> --ipdel all [--save]
</pre>

==== Example ====
<pre>
vzctl set 101 --ipdel 10.0.0.1
vzctl set 101 --ipdel fd00::101
</pre>
After executing this command IP address 10.0.0.1 will be removed from container 101, but IP configuration will not be changed in container config file. And after container reboot IP address 10.0.0.1 will be assigned to this container again.

== Specific aspects of venet network device ==

{{Note|If you require a feature which venet is lacking (from the list below), please consider using [[veth]] device (which have [[w:Data_Link_Layer|layer 2]] support.)}}

=== No [[w:Address_Resolution_Protocol|ARP]] protocol support ===
Venet network device is explicitly NOARP, so there is no MAC address.
Consequently, it's not possible to make broadcasts inside a [[container]], so software like Samba server or DHCP server will not function (under a container with a venet network device).

=== No [[w:Network_bridge|bridge]] support ===
Venet network device cannot be bridged together and/or with other devices.

=== No possiblity to assign an IP from the CT ===
With venet device, only OpenVZ [[hardware node]] administrator can assign an IP address to a [[container]].

=== No full support of IPv6 stack ===

venet devices are not fully IPv6 compliant. They do not properly support MAC addresses and consequently link local addresses and can not play nice with neighbor discovery or router advertisements, router discovery, or auto-conf. They also require additional modifications to the layer 3 forwarding behaviour of the host via sysctl, to get your venet devices working.
Please have a look at the [[Quick installation#sysctl]] section.

veth devices do require iptables and ip6tables exceptions on the host for each VE address.

You'll need to use the veth bridging device if you want full IPv6 compliance. See the [[VEs and HNs in same subnets]] article for an example.

== See also ==
* [[Veth]]
* [[Differences between venet and veth]]

[[Category: Networking]]
[[Category: HOWTO]]

IPv6

2011-02-10T07:40:13Z

Cgb: Documented venet static IPv6 configuration (opening paragraph leads users to think IPv6 won't work with venet)

[[Category:HOWTO]]
[[Category:Networking]]
IPv6 works best when veth devices are used to bridge VEs to their host. An IPv6 compliant method of using veth interfaces for VEs can be found in the [[VEs and HNs in same subnets]] article.

venet devices are not fully IPv6 compliant, but still works if you statically assign IPv6 addresses. They do not properly support MAC addresses and consequently link local addresses and can not play nice with neighbor discovery or router advertisements, router discovery, or auto-conf. They also require additional modifications to the layer 3 forwarding behaviour of the host via sysctl.

== venet example ==
(tests done on CentOS kernel 2.6.18-194.26.1.el5.028stab079.2)

=== Adding an IPv6 address to a container ===
<pre>
# vzctl set <id> --ipadd <ipv6_addr> --save
</pre>

In my tests, the container had to be restarted before it would respond to ICMP6 echo requests.

=== Removing an IPv6 address to a container ===
<pre>
# vzctl set <id> --ipdel <ipv6_addr> --save
</pre>

Removal is effective immediately and the host stops replying to echo requests.

==See also==
* [[Virtual Ethernet device]]
* [[Differences between venet and veth]]

== External Links ==
* A user success story / howto on SixXS wiki [https://www.sixxs.net/wiki/User:JNN2-SIXXS/OpenVZ].

UBC parameters table

2010-06-26T14:57:07Z

Cgb: Added 'swappages' Aux param

{{UBC toc}}

{| class="wikitable"
! Name !! Description
|-
| colspan="2" align="center" | Primary parameters
|-
| numproc || Number of processes and threads.
|-
| numtcpsock || Number of TCP sockets.
|-
| numothersock || Number of sockets other than TCP.
|-
| vmguarpages || Memory allocation guarantee, in pages.
|-
| colspan="2" align="center" | Secondary parameters
|-
| kmemsize || Size of unswappable kernel memory, allocated for processes in this [[container]].
|-
| tcpsndbuf || Total size of TCP send buffers.
|-
| tcprcvbuf || Total size of TCP receive buffers.
|-
| othersockbuf || Total size of UNIX-domain socket buffers, UDP and other datagram protocol send buffers.
|-
| dgramrcvbuf || Receive buffers of UDP and other datagram protocols.
|-
| oomguarpages || The guaranteed amount of memory for the case the memory is “over-booked” (out-of-memory kill guarantee), in pages.
|-
| privvmpages || Memory allocation limit, in pages.
|-
| colspan="2" align="center" | Auxiliary parameters
|-
| lockedpages || Process pages not allowed to be swapped out (pages locked by <code>mlock(2)</code>).
|-
| shmpages || Total size of shared memory (IPC, shared anonymous mappings and <code>tmpfs</code> objects), in pages.
|-
| physpages || Total number of RAM pages used by processes.
|-
| numfile || Number of open files.
|-
| numflock || Number of file locks.
|-
| numpty || Number of pseudo-terminals.
|-
| numsiginfo || Number of <code>siginfo</code> structures.
|-
| dcachesize || Total size of <code>dentry</code> and <code>inode</code> structures locked in memory.
|-
| numiptent || Number of NETFILTER (IP packet filtering) entries.
|-
| swappages || Amount of swap space to show in container.
|}