Editing Differences between venet and veth
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
− | OpenVZ provides [[veth]] (Virtual | + | OpenVZ provides you to use either [[veth]] (Virtual eTHernet) or [[venet]] (Virtual NETwork) devices (or both) for in-[[CT]] networking. Here we describe the differences between those devices. |
* ''veth'' allows broadcasts in CT, so you can use even a DHCP server inside a CT, or a samba server with domain broadcasts or other such stuff. | * ''veth'' allows broadcasts in CT, so you can use even a DHCP server inside a CT, or a samba server with domain broadcasts or other such stuff. | ||
− | * ''veth'' has some security implications. | + | * ''veth'' has some security implications, so is not recommended in untrusted environments like HSP. This is due to broadcasts, traffic sniffing, possible IP collisions etc. i.e. CT's user can actually ruin your ethernet network with such direct access to ethernet layer. |
* With ''venet'' device, only OpenVZ host node administrator can assign an IP to a CT. With ''veth'' device, network settings can be fully done on CT side by the CT administrator. CT should setup correct gateway, IP/netmask etc. and then a [[HN|node]] admin can only choose where your traffic goes. | * With ''venet'' device, only OpenVZ host node administrator can assign an IP to a CT. With ''veth'' device, network settings can be fully done on CT side by the CT administrator. CT should setup correct gateway, IP/netmask etc. and then a [[HN|node]] admin can only choose where your traffic goes. | ||
* ''veth'' devices can be bridged together and/or with other devices. For example, in host system admin can bridge ''veth'' from 2 CTs with some VLAN eth0.X. In this case, these 2 CTs will be connected to this VLAN. | * ''veth'' devices can be bridged together and/or with other devices. For example, in host system admin can bridge ''veth'' from 2 CTs with some VLAN eth0.X. In this case, these 2 CTs will be connected to this VLAN. | ||
Line 23: | Line 23: | ||
|- | |- | ||
! Network security | ! Network security | ||
− | | style="background: #ffdddd" | Low <ref> | + | | style="background: #ffdddd" | Low <ref>Due to broadcasts, sniffing and possible IP collisions etc.</ref> |
− | | style="background: #ddffdd" | High | + | | style="background: #ddffdd" | High |
|- | |- | ||
! Can be used in bridges | ! Can be used in bridges | ||
| {{yes}} || {{no}} | | {{yes}} || {{no}} | ||
− | |||
− | |||
− | |||
|- | |- | ||
! Performance | ! Performance |