Skip to main content

QuickBite: Tap Vs Veth

Linux supports virtual networking via various artifacts such as:
  • Soft Switches (Linux Bridge, OpenVSwitch)
  • Virtual Network Adapters (tun, tap, veth and a few more)
In this blog, we will look at the virtual network adapters tap and veth. From a practical view point, both seem to be having the same functionality and its a bit confusing as to where to use what.

A quick definition of tap/veth is as follows:

TAP

A TAP is a simulated interface which exists only in the kernel and has no physical component associated with it. It can be viewed as a simple Point-to-Point or Ethernet device, which instead of receiving packets from a physical media, receives them from user space program and instead of sending packets via physical media writes them to the user space program.

When a user space program (in our case the VM) gets attached to the tap interface it gets hold of a file descriptor, reading from which gives it the data being sent on the tap interface. Writing to the file descriptor will send the data out on the tap interface.

Veth (Virtual Ethernet)

Veth interfaces always come in pairs and are like two ethernet adapters connected together by a RJ45 cable. Data sent on one interface exits the other and viceversa.

Openstack heavily uses these artifacts and when a person gets newly introduced to these concepts things can become quite fuzzy. One area that can cause confusion is in understanding what the difference between a tap interface is as compared to veth interface, as both of them seem to be doing the same thing i.e transmitting ethernet frames.

To illustrate, when a VM (vm01) is spawned in Openstack, the artifacts used in the background are shown below:

Pic obtained from Openstack Admin Guide


The network connectivity of vm01 is as follows:

vm01:eth0 <==== connected to ===> vnet0 (tap interface) of qbrXXX (bridge)

qbrXXX (Linux bridge) <=== connected to ===> br-int (OVS bridge) by the veth pair qvbXXX---qv0XXX.

As can be seen the tap connects vm0 to the first bridge and the veth pair connects the first bridge to the next. So both of them look like an RJ45 cable connecting devices. So whats the big deal? Why can't we use only one type? Why do we need this mix?

The answer is* because of legacy technologies in play. When a VM is spawned on KVM it expects a tap interface to be connected to the VM's ethernet port (eth0). By this process, KVM gets a file descriptor on which it can write/read ethernet frames.

Veth on the other hand is a newer construct and is supported by latest artifacts such as linux bridges, namespaces and openvswith.

In summary, both tap & Veth do the same job but interface with technologies from different eras.

Further Reading:
Note: I have derived this conclusion based on my current understanding of these artifacts. There is no cross reference available for the same. Till I get across any further insights/info or till some one points out any further use cases, I believe this conclusion to hold true.

    Comments

    Desi Dude said…
    Thank you for that clarification. I was always confused about the tun/tap, veth-pair etc.
    Cool!! Thanks for taking your time to say Thanks :)

    Popular posts from this blog

    Solved: Fix for Git clone failure due to GnuTLS recv error (-9)

    My devstack installation was failing with an error reported by the GnuTLS module as shown below:

    $ git clone https://github.com/openstack/horizon.git /opt/stack/horizon --branch master
    Cloning into '/opt/stack/horizon'...
    remote: Counting objects: 154213, done.
    remote: Compressing objects: 100% (11/11), done.
    error: RPC failed; curl 56 GnuTLS recv error (-9): A TLS packet with unexpected length was received.
    fatal: The remote end hung up unexpectedly
    fatal: early EOF
    fatal: index-pack failed

    The following Git config changes fixed the issue for me. Am hoping it will be useful for someone out there:

    $ git config http.sslVerify false
    $ git config --global http.postBuffer 1048576000

    Creating Juniper VSRX 2.0 VM on Virtualbox

    Juniper has come out with their latest version of VSRX 2.0 (formerly called as Firefly or VSRX 1.0). This release supports a broader set of features and is more performant than the earlier version. More details about the product can be obtained here

    I had recently tried out instantiating VSRX 2.0 on Virtualbox. The process required a few minor tweaks and this blog will cover them.

    Prerequisites
    Download VSRX KVM Applicance from Juniper Website (You need to take care of the legal formalities)Virtualbox 4.3 and aboveDownload qemu-img converter for Windows  The image provided by Juniper is in QCOW2 format. In order to use it in Virtual box you need to convert it to VDI format. To do this you can use the tool qemu-img converter as follows:
    #qemu-img.exe convert media-srx-ffp-vsrx-vmdisk-15.1X49-D15.4.qcow2 -O vdi vsrx2.0-1.vdi
    The conversion will take a few seconds and you should have the VDI created in the directory. At this piont, you can proceed to create a VM by following these steps:







    O…