Ubuntu – What’s the difference between tun/tap vs bridge+vnet vs macvtap? (For virtualization KVM)

I've just found a lot of different ways to do KVM networking. But I'm stuck about what's the right way to do it. I discovered that openstack uses macvtap to do neutron networking.
And it looks good.

But what's the difference and why to use each way.

Way 1 [ OLD? TUN/TAP ]

http://www.shakthimaan.com/installs/debian-tun-tap-setup.html

/--------\   /----\   /----\   /----\   /--------\
|Internet|---|eth0|---|br0 |---|tap0|---|Guest NIC
\--------/   \----/   \----/   \----/   \--------/

Deprecated, right?

Way 2 [ Bridge+Vnet ] <- That's what virt-manager does

http://www.linux-kvm.com/content/using-bridged-networking-virt-manager

Basicly you create a bridge interface with your physical interface inside and

auto br0
#iface br0 inet dhcp
iface br0 inet static
address 172.16.0.100
network 172.16.0.0
netmask 255.255.0.0
broadcast 172.16.255.255
gateway 172.16.0.1
   bridge_ports eth2
   bridge_stp off
    bridge_fd 0
    bridge_maxwait 0

And when you start a virtual machine from virt-manager a vnet interface is created and added to the bridge. At least until where I know. No tun/tap interface is needed.

It worked quite well for a long time but now with saucy I've found problems.

https://bugs.launchpad.net/ubuntu/+source/core-network/+bug/1255516

Why can you add a new vnet interface to the bridge without the TAP interface?

Way 3 [ MACVTAP ]

Last is macvtap interface.

http://virt.kernelnewbies.org/MacVTap

It copies the TUN/TAP software interface but it does in a better way. Don't know what way, but it seems to be better.

What's the advantage of macvtap over the second way?

What's better?

Any help on this?

Best Answer

It really depends what exactly you want to achieve

TAP/ TUN

Doesn't matter it's VM or physical machine. TUN brings you a tunneled network and TAP a device. In short, you go through a tunneled network to reach out another network.

For instance, when configuring an OpenVPN network, you'd be given 10.8.0.6 on your client. VPN server 10.8.0.1 routes your request to another network (eg 192.168.x.x) behind. When using TAP, you'd receive an IP (192.168.10.10/24) directly from your target network (192.168.10.x/24). Simple.

Bridge

"Linux Bridge" bridges VNET (from VM) to physical ethernet. If you want a VM (KVM based), bridge is a must between vnet and ethernet on host

Best Answer

Related Solutions

Ubuntu – What’s the friendliest virtualization solution

Ubuntu – How to add an IP alias on a bridged interface

Related Question