22
edits
Changes
Differences between venet and veth
= Differences between venet and veth =
* veth allows broadcasts in VE, so you can use even dhcp server inside VE or samba server with domain broadcasts or other such stuff.
* veth has some security implications, so is not recommended in untrusted environments like HSP. This is due to broadcasts, traffic sniffing, possible IP collisions etc. i.e. VE user can actually ruin your ethernet network with such direct access to ethernet layer.
* With venet device, only node administrator can assign an IP to a VE. With veth device, network settings can be fully done on VE side. VE should setup correct GW, IP/mask etc and node admin then can only choose where your traffic goes.
* veth devices can be bridged together and/or with other devices. For example, in host system admin can bridge veth from 2 VEs with some VLAN eth0.X. In this case, these 2 VEs will be connected to this VLAN.
* venet device is a bit faster and more efficient.
* With veth devices IPv6 auto generates an address from MAC.
The brief summary:
{| class="wikitable" style="text-align: center;"
|+ '''Differences between veth and venet'''
! Feature !! veth !! venet
|-
! MAC address
| {{yes}} || {{no}}
|-
! Broadcasts inside VE
| {{yes}} || {{no}}
|-
! Traffic sniffing
| {{yes}} || {{no}}
|-
! Network security
| low <ref>Due to broadcasts, sniffing and possible IP collisions etc.</ref> || hi
|-
! Can be used in bridges
| {{yes}} || {{no}}
|-
! Performance
| fast || fastest
|-
|}
<references/>
* veth allows broadcasts in VE, so you can use even dhcp server inside VE or samba server with domain broadcasts or other such stuff.
* veth has some security implications, so is not recommended in untrusted environments like HSP. This is due to broadcasts, traffic sniffing, possible IP collisions etc. i.e. VE user can actually ruin your ethernet network with such direct access to ethernet layer.
* With venet device, only node administrator can assign an IP to a VE. With veth device, network settings can be fully done on VE side. VE should setup correct GW, IP/mask etc and node admin then can only choose where your traffic goes.
* veth devices can be bridged together and/or with other devices. For example, in host system admin can bridge veth from 2 VEs with some VLAN eth0.X. In this case, these 2 VEs will be connected to this VLAN.
* venet device is a bit faster and more efficient.
* With veth devices IPv6 auto generates an address from MAC.
The brief summary:
{| class="wikitable" style="text-align: center;"
|+ '''Differences between veth and venet'''
! Feature !! veth !! venet
|-
! MAC address
| {{yes}} || {{no}}
|-
! Broadcasts inside VE
| {{yes}} || {{no}}
|-
! Traffic sniffing
| {{yes}} || {{no}}
|-
! Network security
| low <ref>Due to broadcasts, sniffing and possible IP collisions etc.</ref> || hi
|-
! Can be used in bridges
| {{yes}} || {{no}}
|-
! Performance
| fast || fastest
|-
|}
<references/>