venet0 Mode

By default, all the Containers on the server are operating in the venet0 mode, which means that they are connected among themselves and with the server using a virtual network adapter called venet0 . The picture below provides an example of the network structure when all Containers ( Container #1 , Container #2 , Container #3 ) are functioning in the venet0 mode:

All Containers on the server use the venet0 virtual adapter as the default gateway to send and receive data to/from other networks (shown as the PUBLIC NETWORK in the picture above). The procedure of handling incoming and outgoing IP packets may be described as follows:

• All IP packets from Containers operating in the venet0 mode come to this adapter and are redirected through a public IP address of the server to the corresponding server on the public network.
• All IP packets coming from external networks and destined for Container IP addresses reach the public IP address of the server first and, afterwards, are sent through venet0 to the IP addresses of the corresponding Containers.

The venet0 adapter is also used to exchange the traffic among all the Containers hosted on the given server. All the network traffic of a Container is isolated from that of the other Containers, i.e. all Containers are protected from each other in the way that makes traffic snooping impossible.