Virtual networking devices in Linux

linux networking virtual tap
21,057

Solution 1

Linux tap interfaces created with ip tuntap cannot be used to attach network namespaces to linuxbridges or the openvswitch so we need to depend upon veth pair.

Virtual Ethernet interfaces come in pairs, and they are connected like a tube—whatever comes in one veth interface will come out the other peer veth interface. As a result, you can use veth interfaces to connect a network namespace to the outside world via the “default” or “global” namespace where physical interfaces exist.

A TAP device, such as vnet0 is how hypervisors such as KVM and Xen implement a virtual network interface card (typically called a VIF or vNIC). An Ethernet frame sent to a TAP device is received by the guest operating system.

Solution 2

The purpose of these virtual networking artifacts are similar. But there are subtle differences and hence they are used in different circumstances:

  1. TAP: The user-space application/VM can read or write an ethernet frame to the tap interface and it would reach the host kernel, where it would be handled like any other ethernet frame that reached the kernel via physical (e.g. eth0) ports. You can potentially add it to a software-bridge (e.g. linux-bridge)

  2. VETH: Typically used when you are trying to connect two entities which would want to "get hold of" (for lack of better phrase) an interface to forward/receive frames. These entities could be containers/bridges/ovs-switch etc. Say you want to connect a docker/lxc container to OVS. You can create a veth pair and push the first interface to the docker/lxc (say, as a phys interface) and push the other interface to OVS. You cannot do this with TAP.

Please note that we should not misconstrue that we need to use VETH and not tap when using the OVS. We can always create the internal ports in OVS which behave exactly like the tap interface. But this is not always possible, for instance when you want to connect to an entity that cannot synthesise a tap-like interface. I.e.:

$ ovs-vsctl add-port ovs-switch-name tap0

Now you can use tap0 like we use the tap interfaces.

Share:
21,057

Related videos on Youtube

paraflou
Author by

paraflou

Updated on July 19, 2022

Comments

  • paraflou
    paraflou almost 2 years

    Can someone explain in detail what are the differences of veth pairs and tap interfaces and how these devices connect to linux bridge or openvswitch.

    I found this: "Veth is a special net devices which were created in pair, I consider it as a method to change the traffic's direction, that is, when the out direction traffic is sent to veth device from Linux protocol stack, it was sent to another its mirror veth device, so the mirror one treats it as a in direction traffic and put it back to Linux protocol stack for further usage.

    Tap device is logical net device but have different with any other one: it allows user space program directly injecting traffic into Linux protocol stack, as well as it can retrieve traffic from the stack. It opens a tunnel to Linux protocol stack at level 2(or tun device at level 3) in user space, the stack will consider data from user space as in direction traffic"

    but it didn't gave me the whole picture.

    thanks in advance!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why are incoming packets on a TAP interface seen with tcpdump but not with iptables?
Cannot open TUN/TAP dev
What exactly happens to packets written to a TUN/TAP device?
Ping not working from tap interface attached to bridge interface with ip on same subnet as that of bridge to outside
Tap interfaces and /dev/net/tun device, using ip tuntap command
multiple default gateways for alias interfaces
How to reliably measure the network bandwidth used by a process
what is the command in linux to kill tcp connection or session?
How to configure docker default bridge work with unusual network configuration?
In UNIX, how do I send a message to another UNIX box on the same network by IP address?