D   A   T   A   W   O   K





Creation: January 01 1970
Modified: September 11 2018

TUN/TAP Networking

TUN/TAP

TUN and TAP are virtual network kernel devices. They differ from ordinary network devices which are backed up by hardware network adapters.

TUN (network TUNnel) simulates a network layer device and it operates with layer 3 packets like IP packets. TAP simulates a link layer device and it operates with layer 2 packets like Ethernet frames. TUN is used with routing, while TAP is used to create a network bridge.

Packets sent to a TUN/TAP device are delivered to a user space program, such as QEMU, that has bound itself to the interface.

Creating a Bridge

A bridge is required to connect multiple NIC devices. Any real device and virtual devices (e.g. tap0) can be connected to it.

There are a number of ways to create a bridge. We describe the creation using the ip tool.

Create a new bridge and change its state to up:

# ip link add name bridge_name type bridge
# ip link set bridge_name up

To add an interface (e.g. eth0) into the bridge, its state must be up:

# ip link set eth0 up

Adding the interface to the bridge is done by setting its master to the bridge_name:

# ip link set eth0 master bridge_name

To show the existing bridges and associated interfaces, use the bridge utility.

# bridge link

This is how to remove an interface from a bridge

# ip link set eth0 nomaster

The interface will still be up, so you may also want to bring it down

# ip link set eth0 down

To delete a bridge issue the following command

# ip link delete bridge_name type bridge

When the bridge is fully set up, it can be assighen an IP address:

# ip addr dev bridge_name 192.168.66.66/24

TAP interface

Create the virtual interface and set is up

# ip tuntap add name tap0 mode tap
# ip link set tap0 up

Add the TAP interface to the bridge

# ip link set tap0 master bridge_name

TAP with QEMU

QEMU can use TAP networking for a virtual machine so that packets sent by the operating system to the tap interface will be sent to the virtual machine and appear as coming from a network interface (usually an Ethernet interface) in the virtual machine. Conversely, everything that the virtual machine sends through its network interface will appear on the tap interface.

TAP devices are supported by the Linux bridge drivers, so it is possible to bridge together tap devices with each other and possibly with other host interfaces such as eth0.

References

davxy