Virtual Networking Devices

From HPCWIKI
Revision as of 11:30, 27 May 2023 by Admin (talk | contribs) (Created page with "In physical world, computer systems typically consist of one or more physical network adapter something like ethx, enox. however, in virtual networking world, '''TUN, TAP''' and '''veth Pairs are used for VMs for network connectivity.''' TUN/TAP/VETH makes a virtual network interface on host then we can assign an IP to it, analyze the traffic, route traffic to it etc. File:Packetcoders.io.image.png|center|thumb|813x813px|Ref-https://www.packetcoders.io/content/images...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

In physical world, computer systems typically consist of one or more physical network adapter something like ethx, enox. however, in virtual networking world, TUN, TAP and veth Pairs are used for VMs for network connectivity.

TUN/TAP/VETH makes a virtual network interface on host then we can assign an IP to it, analyze the traffic, route traffic to it etc.

Ref-image1.png

Basic aspects and limitations of standard Linux bridges[1]

  • A “tap” device attached to one Linux bridge cannot be attached to another Linux bridge.
  • All attached devices are switched into the promiscuous mode.
  • The bridge itself (not a tap device at a port!) can get an IP address and may work as a standard Ethernet device. The host can communicate via this address with other guests attached to the bridge.
  • Properly configured the bridge transfers packets directly between two specific bridge ports related to the communication stream of 2 attached guests – without exposing the communication to other ports and other guests. The bridge may learn and update the relevant association of MAC addresses to bridge ports.
  • The virtual bridge device itself – in its role as an Ethernet device – does not work in promiscuous mode. However, packets arriving through one of its ports for (yet) unknown addresses may be flooded to all ports.
  • You cannot bridge a Linux bridge directly by or with another Linux bridge (no Linux bridge cascading). You can neither connect a Linux bride to another Linux bridge via a “tap” device.

vtap

A virtual “tap” device is a single point to point device - a file descriptor (fd) is read/written layer 3 raw ethernet packets (not IP base) for transaction - in user space program or inside of virtual machine. KVM/qemu virtualization uses vtap.

vtun(tunnel)

like vtap, vtun device is a single point to point device in user space program. however, it operates at layer 3 meaning IP based TX/RX.

veth

A virtual "eth" devices are a pairs of connected virtual Ethernet interfaces like physical network cable with both end. each veth-device of a pair can be attached to different virtual networking components together, such as Linux bridges, OVS bridges and LXC containers or VMware network.

*KVM guest need to have macVtap/macVlan to bridge a veth[2].

References

  1. https://linux-blog.anracom.com/2016/02/02/fun-with-veth-devices-linux-virtual-bridges-kvm-vmware-attach-the-host-and-connect-bridges-via-veth/
  2. https://seravo.fi/2012/virtualized-bridged-networking-with-macvtap
Retrieved from "http://wiki.hpcmate.com/index.php?title=Virtual_Networking_Devices&oldid=1015"