Computer systems typically consist of one or more networking devices, i.e eth0, eth1 etc. These network devices are associated with a physical network adapter, which is responsible for placing the packets onto the wire.

image3

However, in the world of virtual networking, a degree of internal plumbing is required to patch, tunnel and forward packets within the system. This "internal plumbing" is built using virtual networking devices, such as - TUN, TAP and veth Pairs.

TUN/TAP

TUN/TAP provides packet reception and transmission for user space programs. It can be seen as a simple Point-to-Point or Ethernet device, which, instead of receiving packets from physical media, receives them from a user space program and instead of sending packets via physical media writes them to the user space program.[1]

In other words, the TUN/TAP driver builds a virtual network interface on your Linux host. The interface functions like any other interface, i.e you can assign an IP to it, analyze the traffic, route traffic to it etc. When traffic is sent to the interface, the traffic is sent to your user space program rather than the real network.

There are 2 driver modes for TUN/TAP, yep you guessed it - TUN and TAP.

  • TUN (tunnel) devices operate at layer 3, meaning the data (packets) you will receive from the file descriptor will be IP based. Data written back to the device must also be in the form of an IP packet.
  • TAP (network tap) operates much like TUN however instead of only being able to write and receive layer 3 packets to/from the file descriptor it can use raw ethernet packets. You will typically see TAP devices used by KVM/Qemu virtualization, where a TAP device is assigned to a virtual guest interface during creation.

image2

Veth Pairs

Veth devices are built as pairs of connected virtual ethernet interfaces[2] and can be thought of as a virtual patch cable. What goes in one end will come out the other.

This makes veth pairs ideal for connecting different virtual networking components together, such as Linux bridges, OVS bridges and LXC containers.

One common use case you will see for veth pairs is within OpenStack Neutron. Where veth pairs are used to connect multiple Linux bridges together, something that you cannot currently do with TAP based devices.

image4

Reference Diagram

And finally, we provide a side-by-side comparison of the previously described network devices below.

image1

References

  1. "TUN/TAP driver - The Linux Kernel Archives." https://www.kernel.org/doc/Documentation/networking/tuntap.txt. Accessed 26 Sep. 2020. ↩︎

  2. "Fun with veth devices, Linux virtual bridges, KVM, VMware ...." https://linux-blog.anracom.com/2016/02/02/fun-with-veth-devices-linux-virtual-bridges-kvm-vmware-attach-the-host-and-connect-bridges-via-veth/. Accessed 26 Sep. 2020. ↩︎

Ready to Master Network Automation? Start Your Journey Today!
Our membership provides:
  • Full deep-dive course library (inc. Batfish, pyATS, Netmiko)
  • Code repositories inc. full course code, scripts and examples
  • 24x7 multi-vendor labs (Arista, Cisco, Juniper)
  • Private online community
  • Live monthly tech sessions
  • Access to tech session library

Join Now ➜