venet0 Mode
By default, all the Containers on the server are operating in the
venet0
mode, which means that they are connected among themselves and with the server using a virtual network adapter called
venet0
. The picture below provides an example of the network structure when all Containers (
Container #1
,
Container #2
,
Container #3
) are functioning in the
venet0
mode:
All Containers on the server use the
venet0
virtual adapter as the default gateway to send and receive data to/from other networks (shown as the
PUBLIC NETWORK
in the picture above). The procedure of handling incoming and outgoing IP packets may be described as follows:
-
All IP packets from Containers operating in the
venet0
mode come to this adapter and are redirected through a public IP address of the server to the corresponding server on the public network.
-
All IP packets coming from external networks and destined for Container IP addresses reach the public IP address of the server first and, afterwards, are sent through
venet0
to the IP addresses of the corresponding Containers.
The
venet0
adapter is also used to exchange the traffic among all the Containers hosted on the given server. All the network traffic of a Container is isolated from that of the other Containers, i.e. all Containers are protected from each other in the way that makes traffic snooping impossible.
|