Top.Mail.Ru
? ?

June 8th, 2006

virtual ethernet device

We have just released a new kernel from the development branch — a shiny new 2.6.16-026test014.4. Aside from the usual bunch of fixes and some performance optimizations, it includes three major features:

  • Virtual ethernet device (a.k.a. veth) for a VE
  • /proc/meminfo virtualization
  • IPv6 virtualization

I will probably describe the other features some time later, now I want to tell you a bit about what veth is.

As each VE is "just like a real server", it needs networking abilities, thus it needs an IP address. For that to happen, there is a special network device implemented in OpenVZ kernel, called venet. Venet appears in a VE, and a physical server admin can set up an IP (or a few) for a VE. Note that IP for a VE should be set from the host system, because the proper route should be added to the host's routing table.

While venet is just fine for most of the purposes, there are some special cases which it just can not handle. For example, since venet has no MAC address, there is no ability to send/receive broadcasts, which makes impossible to run DHCP software in a VE. There is no ability to use multicasts. VE owner can not add a new IP to his system (which is actually good if your VE is untrusted, but in some other cases is a bit inconvenient).

So, to solve the above, here comes yet another virtual network device for a VE called veth. Being a human I am too lazy to repeat the work already done, so let me just quote Kirill Korotaev, our kernel team leader:

Read more...Collapse )

So, to conclude, with virtual ethernet device OpenVZ becomes even more powerful and useful in some advanced networking scenarios. As always, the power comes with the responsibility: do not give veth to the untrusted VEs, or you'll be b0rked.

Latest Month

July 2016
S M T W T F S
     12
3456789
10111213141516
17181920212223
24252627282930
31      

Comments

Powered by LiveJournal.com
Designed by Tiffany Chow