TUN and TAP are virtual network kernel devices. They differ from ordinary network devices which are backed up by hardware network adapters.
TUN (network TUNnel) simulates a network layer device and it operates with layer 3 packets like IP packets. TAP simulates a link layer device and it operates with layer 2 packets like Ethernet frames. TUN is used with routing, while TAP is used to create a network bridge.
Packets sent to a TUN/TAP device are delivered to a user space program, such as QEMU, that has bound itself to the interface.
A bridge is required to connect multiple NIC devices. Any real device and virtual devices (e.g. tap0) can be connected to it.
There are a number of ways to create a bridge. We describe the creation using the
Create a new bridge and change its state to up:
# ip link add name bridge_name type bridge # ip link set bridge_name up
To add an interface (e.g. eth0) into the bridge, its state must be up:
# ip link set eth0 up
Adding the interface to the bridge is done by setting its master to the bridge_name:
# ip link set eth0 master bridge_name
To show the existing bridges and associated interfaces, use the
# bridge link
This is how to remove an interface from a bridge
# ip link set eth0 nomaster
The interface will still be up, so you may also want to bring it down
# ip link set eth0 down
To delete a bridge issue the following command
# ip link delete bridge_name type bridge
When the bridge is fully set up, it can be assighen an IP address:
# ip addr dev bridge_name 192.168.66.66/24
Create the virtual interface and set is up
# ip tuntap add name tap0 mode tap # ip link set tap0 up
Add the TAP interface to the bridge
# ip link set tap0 master bridge_name
QEMU can use TAP networking for a virtual machine so that packets sent by the operating system to the tap interface will be sent to the virtual machine and appear as coming from a network interface (usually an Ethernet interface) in the virtual machine. Conversely, everything that the virtual machine sends through its network interface will appear on the tap interface.
TAP devices are supported by the Linux bridge drivers, so it is possible to bridge together tap devices with each other and possibly with other host interfaces such as