veth (Virtual Ethernet)
A veth (Virtual Ethernet) pair is a Linux kernel feature that creates two virtual network interfaces that are linked together. Think of it as a virtual patch cable. Packets sent out one interface of the pair are immediately received on the other interface.
This simple concept is incredibly powerful for creating complex virtual network topologies, especially in the context of containers and network namespaces.
How veth Pairs Work
When you create a veth pair, you are creating two distinct network interfaces. For them to be useful, you typically move one of the interfaces into a different network namespace (like a container) and connect the other to a bridge on the host.
Common Use Cases
-
Connecting Containers to the Host Network: This is the most common use case. One end of the veth pair is placed inside the container's network namespace (appearing as
eth0inside the container), and the other end remains on the host and is attached to a virtual bridge (likebr0). This allows the container to communicate with the host and other containers on the same bridge. -
Network Testing and Simulation: Veth pairs are essential for creating isolated network environments for testing. You can build virtual networks of switches and routers to simulate real-world network conditions without any physical hardware.
Example: Creating and Using a veth Pair
# 1. Create the veth pair
sudo ip link add veth0 type veth peer name veth1
# 2. At this point, you have two linked interfaces: veth0 and veth1
ip link show
# 3. To make them useful, you might attach one to a bridge
sudo brctl addif br0 veth0
sudo ip link set veth0 up
# 4. And move the other into a network namespace (e.g., for a container)
# (This is a more advanced step involving network namespaces)