Difference between revisions of "Differences between venet and veth"
| m (removed extra |) | m (some cleaning (link, bold, italic, order, VE=>CT, misspelling)) | ||
| Line 1: | Line 1: | ||
| − | OpenVZ provides you to use either [[ | + | OpenVZ provides you to use either  [[veth]] (Virtual eTHernet) or [[venet]] (Virtual NETwork) devices (or both) for in-[[CT]] networking. Here we describe the differences between those devices. | 
| − | * veth allows broadcasts in  | + | * ''veth'' allows broadcasts in CT, so you can use even a DHCP server inside a CT, or a samba server with domain broadcasts or other such stuff. | 
| − | * veth has some security implications, so is not recommended in untrusted environments like HSP. This is due to broadcasts, traffic sniffing, possible IP collisions etc. i.e.  | + | * ''veth'' has some security implications, so is not recommended in untrusted environments like HSP. This is due to broadcasts, traffic sniffing, possible IP collisions etc. i.e. CT's user can actually ruin your ethernet network with such direct access to ethernet layer. | 
| − | * With  | + | * With ''veth'' device, only node administrator can assign an IP to a CT. With ''veth'' device, network settings can be fully done on CT side. CT should setup correct gateway, IP/netmask etc. and then a [[HN|node]] admin can only choose where your traffic goes. | 
| − | * veth devices can be bridged together and/or with other devices. For example, in host system admin can bridge veth from 2  | + | * ''veth'' devices can be bridged together and/or with other devices. For example, in host system admin can bridge ''veth'' from 2 CTs with some VLAN eth0.X. In this case, these 2 CTs will be connected to this VLAN. | 
| − | *  | + | * ''veth'' device is a bit faster and more efficient. | 
| − | * With veth devices, IPv6 auto generates an address from MAC. | + | * With ''veth'' devices, IPv6 auto generates an address from MAC. | 
| The brief summary: | The brief summary: | ||
| {| class="wikitable" style="text-align: center;" | {| class="wikitable" style="text-align: center;" | ||
| |+ '''Differences between veth and venet''' | |+ '''Differences between veth and venet''' | ||
| − | ! Feature !! veth !! venet | + | ! Feature !! [[veth]] !! [[venet]] | 
| |- | |- | ||
| ! MAC address | ! MAC address | ||
| | {{yes}} || {{no}} | | {{yes}} || {{no}} | ||
| |- | |- | ||
| − | ! Broadcasts inside  | + | ! Broadcasts inside CT | 
| | {{yes}} || {{no}} | | {{yes}} || {{no}} | ||
| |- | |- | ||
Revision as of 12:27, 19 May 2008
OpenVZ provides you to use either veth (Virtual eTHernet) or venet (Virtual NETwork) devices (or both) for in-CT networking. Here we describe the differences between those devices.
- veth allows broadcasts in CT, so you can use even a DHCP server inside a CT, or a samba server with domain broadcasts or other such stuff.
- veth has some security implications, so is not recommended in untrusted environments like HSP. This is due to broadcasts, traffic sniffing, possible IP collisions etc. i.e. CT's user can actually ruin your ethernet network with such direct access to ethernet layer.
- With veth device, only node administrator can assign an IP to a CT. With veth device, network settings can be fully done on CT side. CT should setup correct gateway, IP/netmask etc. and then a node admin can only choose where your traffic goes.
- veth devices can be bridged together and/or with other devices. For example, in host system admin can bridge veth from 2 CTs with some VLAN eth0.X. In this case, these 2 CTs will be connected to this VLAN.
- veth device is a bit faster and more efficient.
- With veth devices, IPv6 auto generates an address from MAC.
The brief summary:
| Feature | veth | venet | 
|---|---|---|
| MAC address | Yes | No | 
| Broadcasts inside CT | Yes | No | 
| Traffic sniffing | Yes | No | 
| Network security | Low [1] | High | 
| Can be used in bridges | Yes | No | 
| Performance | Fast | Fastest | 
- ↑ Due to broadcasts, sniffing and possible IP collisions etc.
