Using VETH instead of VENET in OpenVZ

By default OpenVZ is using VENET as network device. It does packet switching based on IP header, which makes it look like a point-to-point connection between VPS and the physical host. An alternative device is Virtual Ethernet device (a.k.a. VETH).

Veth is an Ethernet-like device, unlike venet network device, veth device has a MAC address, therefore it can be used in configurations. When veth is bridged to ethX or other device, the administrator is able to sets up his networking himself, including IPs, gateways etc.

VENet consists of two Ethernet devices — the one in physical server and another one in virtualized guest. These devices are connected to each other, so if a packet goes into one device it will come out from the other device.

In this post, we’ll share some tips on how to enable venet. The content is mainly from OpenVZ’s official guide.

The commands that we used are listed below with explanations.

Firstly, assuming that we’re in the physical server, We need to add a new device named eth0

vzctl set 150 --netif_add eth0,00:12:34:56:78:9A,veth101.0,00:12:34:56:78:9B --save

The second MAC address is from the mother side, and the first MAC address is self-generated. Click here if you’re not sure how to generate a MAC address.

Then enable forwarding and ARP proxy, and apply some changes in route table:

# cat veth150.sh
ifconfig veth150.0 0
echo 1 > /proc/sys/net/ipv4/conf/veth150.0/forwarding
echo 1 > /proc/sys/net/ipv4/conf/veth150.0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
ip route add 192.168.201.150 dev veth150.0

Warning: Before making these changes to your system, you’re suggested to verify what exactly you’re doing. For example, proxy_arp is problematic in a mixed network.

Secondly, in the VPS we need to config the new device eth0 like this:

/sbin/ifconfig venet0:0 0
/sbin/ifconfig eth0 0
/sbin/ip addr add 192.168.201.150 dev eth0
/sbin/ip route add default dev eth0

The IP address 192.168.201.150 can be in a different network from the physical side, you just need to make sure they are in the same VLAN.

When it’s tested OK, don’t forget to modify your network configuration files in /etc/sysconfig/network-scripts/ for a permanent change.

Share Button

2 thoughts on “Using VETH instead of VENET in OpenVZ

  1. When you say, “The second MAC address is from the mother side” does this mean that the mac address associated with veth150.0 should be the mac address of the physical interface being used on the host node?

Leave a comment

Your email address will not be published. Required fields are marked *