User`s guide
Managing Parallels Server Bare Metal Network 147
Both interfaces are closely linked to each other, which means that an IP packet entering one
interface will always come out from the other one.
Differences Between venet0 and veth Modes
The veth mode demonstrates the following differences as compared to the venet0 mode:
Each of the Ethernet interfaces constituting a veth virtual adapter has a MAC address
assigned to it while venet0 does not have any. Thanks to this fact:
Any Container can see all broadcast and multicast packets received from or sent to the
selected network adapter on the server.
Using a veth virtual adapter inside a Container allows you to host a DHCP or Samba
server inside this Container, etc.
There is no more need to assign all network settings (IP addresses, subnet mask, gateway,
etc.) to a Container from the Host OS. All network parameters can be set from inside the
Container.
veth adapters can be bridged among themselves and with other devices. If several veth
adapters are united into a bridge, this bridge can be used to handle network traffic for the
Containers whose veth adapters are included in the bridge.
Due to the fact that veth adapters act as full members on the network (rather than 'hidden'
beyond venet0), they are more prone to security vulnerabilities: traffic sniffing, IP address
collisions, etc. Therefore, veth adapters are recommended to be used in trusted network
environments only.
The veth mode has poorer scalability than the venet0 mode. This is caused by the fact
that any broadcast packet meant for any veth virtual network adapter is duplicated and
transmitted to all available veth network adapters, which requires the CPU(s) on the server
to process all the resulting broadcast packets and may noticeably degrade the system
performance. So, we highly recommend that you create no more than 100 veth network
adapters for every CPU on the server.