OpenVZ Forum


Home » General » Support » Differences between venet and veth
Differences between venet and veth [message #26251] Fri, 18 January 2008 15:04 Go to next message
rema is currently offline  rema
Messages: 17
Registered: November 2006
Junior Member
Hi,

I read this page http://wiki.openvz.org/Differences_between_venet_and_veth
and have following question:

I think i must use veth because my hw_firewall blocked venet based VPS because of no MAC-Adresses.

Can somebody explain what Performance Fast (veth) / Fastest (venet) mean.

Is this just a mathematical difference or a "human noticeable" .


Best
rema

Report message to a moderator

Re: Differences between venet and veth [message #26253 is a reply to message #26251] Fri, 18 January 2008 16:03 Go to previous messageGo to next message
khorenko is currently offline  khorenko
Messages: 533
Registered: January 2006
Location: Moscow, Russia
Senior Member
Hi rema,

> Can somebody explain what Performance Fast (veth) / Fastest (venet) mean.
> Is this just a mathematical difference or a "human noticeable" .

Well, look in ideal situation the speeds of venet and veth can be roughly equal, but! If you are going to use bridge with veth and have many VEs, then there can be a LOT of broadcast packets in the net and all the VEs would have handle them - and this might significantly decrease the network speed.
(i even don't speak about the intentional broadcasts generation by an attacker)

> I think i must use veth because my hw_firewall blocked venet based VPS because of no MAC-Adresses.

Excuse me, can you please explain what do you mean under "hw_firewall"? "Firewall configuration on the Hardware Node"? If yes - why not to reconfigure the firewall?

Regards,
Konstantin

If your problem is solved - please, report it!
It's even more important than reporting the problem itself...

Report message to a moderator

Re: Differences between venet and veth [message #26280 is a reply to message #26251] Sat, 19 January 2008 21:14 Go to previous messageGo to next message
rema is currently offline  rema
Messages: 17
Registered: November 2006
Junior Member
Hello Konstantin,

tnx for your replay.

The firewall is a Hardwarefirewall with IDS inside.
This can't be disabled because i would like to protect my hosts from the net Wink

With Broadcast you mean smb and so on?
If so this won't be a problem because there are just LAMP-Systems on the host.

Best
rema

Report message to a moderator

Re: Differences between venet and veth [message #26306 is a reply to message #26280] Mon, 21 January 2008 09:42 Go to previous message
khorenko is currently offline  khorenko
Messages: 533
Registered: January 2006
Location: Moscow, Russia
Senior Member
Hello rema,

rema wrote on Sun, 20 January 2008 00:14


The firewall is a Hardwarefirewall with IDS inside.
This can't be disabled because i would like to protect my hosts from the net Wink

Well, in this case there should be no difference for external Hardwarefirewall if a packet was sent from the Hardware Node (VE0) or from a VE, cause the packet from the VE will also have the MAC - the MAC of the Hardware Node, so you can also configure Hardwarefirewall to handle the packet.

Quote:


With Broadcast you mean smb and so on?
If so this won't be a problem because there are just LAMP-Systems on the host.

Well, yes, for example - smb.
Ok, i just warn you about the possible situations. Smile

Regards,
Konstantin

If your problem is solved - please, report it!
It's even more important than reporting the problem itself...

Report message to a moderator

Previous Topic: route question
Next Topic: failure in name resolution
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Mon Aug 05 14:06:48 GMT 2024

Total time taken to generate the page: 0.03178 seconds
Powered by FUDforum Powered by Virtuozzo Containers