Editing Differences between venet and veth

Jump to: navigation, search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision Your text
Line 1: Line 1:
OpenVZ provides [[veth]] (Virtual ETHernet) or [[venet]] (Virtual NETwork) devices (or both) for in-[[CT]] networking. Here we describe the differences between those devices.
+
OpenVZ provides you to use either  [[veth]] (Virtual eTHernet) or [[venet]] (Virtual NETwork) devices (or both) for in-[[CT]] networking. Here we describe the differences between those devices.
  
 
* ''veth'' allows broadcasts in CT, so you can use even a DHCP server inside a CT, or a samba server with domain broadcasts or other such stuff.
 
* ''veth'' allows broadcasts in CT, so you can use even a DHCP server inside a CT, or a samba server with domain broadcasts or other such stuff.
* ''veth'' has some security implications. It is normally bridged directly to the host physical ethernet device and so must be treated with the same considerations as a real ethernet device on a standalone host. The CT users can access a ''veth'' device as they would a real ethernet interface.  However, the CT root user is the only one that has priviledged access to the ''veth'' device.
+
* ''veth'' has some security implications, so is not recommended in untrusted environments like HSP. This is due to broadcasts, traffic sniffing, possible IP collisions etc. i.e. CT's user can actually ruin your ethernet network with such direct access to ethernet layer.
 
* With ''venet'' device, only OpenVZ host node administrator can assign an IP to a CT. With ''veth'' device, network settings can be fully done on CT side by the CT administrator. CT should setup correct gateway, IP/netmask etc. and then a [[HN|node]] admin can only choose where your traffic goes.
 
* With ''venet'' device, only OpenVZ host node administrator can assign an IP to a CT. With ''veth'' device, network settings can be fully done on CT side by the CT administrator. CT should setup correct gateway, IP/netmask etc. and then a [[HN|node]] admin can only choose where your traffic goes.
 
* ''veth'' devices can be bridged together and/or with other devices. For example, in host system admin can bridge ''veth'' from 2 CTs with some VLAN eth0.X. In this case, these 2 CTs will be connected to this VLAN.
 
* ''veth'' devices can be bridged together and/or with other devices. For example, in host system admin can bridge ''veth'' from 2 CTs with some VLAN eth0.X. In this case, these 2 CTs will be connected to this VLAN.
Line 23: Line 23:
 
|-
 
|-
 
! Network security
 
! Network security
| style="background: #ffdddd" | Low <ref>Independent of host.  Each CT must setup its own separate network security.</ref>
+
| style="background: #ffdddd" | Low <ref>Due to broadcasts, sniffing and possible IP collisions etc.</ref>
| style="background: #ddffdd" | High<ref>Controlled by host.</ref>
+
| style="background: #ddffdd" | High
 
|-                         
 
|-                         
 
! Can be used in bridges
 
! Can be used in bridges
 
| {{yes}} || {{no}}
 
| {{yes}} || {{no}}
|-
 
! IPv6 ready
 
| {{yes}} || {{yes}}
 
 
|-
 
|-
 
! Performance
 
! Performance

Please note that all contributions to OpenVZ Virtuozzo Containers Wiki may be edited, altered, or removed by other contributors. If you don't want your writing to be edited mercilessly, then don't submit it here.
 If you are going to add external links to an article, read the External links policy first!

To edit this page, please answer the question that appears below (more info):

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "https://wiki.openvz.org/Differences_between_venet_and_veth"