22
edits
Changes
IPv6 support
Virtual network device (<code>venet</code>) is the default network device for a [[container]]. This Due to [[w:Network_Layer|Layer 3]] employed by OpenVZ's venet, this network device looks like a point-to-point connection between [[container]] and the [[CT0|host system]]. It does packet switching based on IP header. This is a default network device for container (an alternative is [[veth]] device).
Venet drop ip-packets '''from''' the container with a source address, and '''in''' the container with the destination address, which is not corresponding to an ip-address of the container.
</pre>
After executing this command IP address 10.0.0.1 will be removed from container 101, but IP configuration will not be changed in container config file. And after container reboot IP address 10.0.0.1 will be assigned to this container again.
== Specific aspects of venet network device ==
{{Note|If you require a feature which venet is lacking (from the list below), please consider using [[veth]]device (which have [[w:Data_Link_Layer|layer 2]] support.)}}
=== No [[w:ARPAddress_Resolution_Protocol|ARP]] protocol support ===
Venet network device is explicitly NOARP, so there is no MAC address.
Consequently, it's not possible to make broadcasts inside a [[container]], so software like Samba server or DHCP server will not function (under a container with a venet network device).
=== No [[w:Network_bridge|bridge ]] support ===
Venet network device cannot be bridged together and/or with other devices.
=== No possiblity to assign an IP from the CT ===
With venet device, only OpenVZ [[hardware node]] administrator can assign an IP address to a [[container]].
=== No full support of IPv6 stack ===
venet devices are not fully IPv6 compliant. They do not properly support MAC addresses and consequently link local addresses and can not play nice with neighbor discovery or router advertisements, router discovery, or auto-conf. They also require additional modifications to the layer 3 forwarding behaviour of the host via sysctl, to get your venet devices working.
Please have a look at the [[Quick installation#sysctl]] section.
veth devices do require iptables and ip6tables exceptions on the host for each VE address.
You'll need to use the veth bridging device if you want full IPv6 compliance. See the [[VEs and HNs in same subnets]] article for an example.
== See also ==
