# Difference between a loopback device and tun/tap device.

## dE_logics

One requires a module and one does not? I can have many tun/tap devices and just one loopback?

Another question -- on the tun/tap device, the server/daemon/kernel will listen for incoming connections on an IP which the virtual interface. The client will connect from the same interface and have the same source IP? e.g. 

A packet is received by the kernel from a userspace application, it's source = 192.168.2.1 and destination = 192.168.2.1.

Am I missing something?

----------

## eccerr0r

Not sure what you're asking here, they are kind of different...

Loopback points back to the same machine you're on...

TUNnel/TAP "wires into" a network interface so you can add/extract packets into the interface, and they can lead out of the machine (but not always necessary)... 

You can have many taps/tunnels.  But you can only be yourself (though 127.x.x.x all are loopback, so you have 16 million loopback addresses minus broadcast...)

I had a UML virtual machine using tun/tap (creating a tap).  It had an external IP address.  People could connect to it from the outside world and connections from with the VM shows up as the external address.  If I connect from it to the machine the VM is hosted on, it shows up as its own IP address.

This isn't the only use for tun/tap, can create software tunnels for VPNs as well so packets going through will go through software before sent back...

Maybe this is more confusing now. hmm.

----------

## dE_logics

Ok, so the main thing is bridging to a real interface which cannot happen (?) with a loopback device. But bridging requires tap exclusively.

----------

## 666threesixes666

out of curiosity, what tap/tun method are you using, openvpn?

----------

## eccerr0r

You can bridge interfaces together but a tap is associated with an interface.

What are you trying to do here, I guess that'd be interesting information.

Currently for me:

I use virtual network interfaces for my virtual machines and bridge them together.  You make a bridge and then attach the physical/virtual interfaces to it.

On another machine I use tun/tap with openvpn that opens software tunnel interfaces that will encrypt and send out packets...

----------

## dE_logics

"Method"? I'm using ip command (iproute2) to create the interfaces.

@eccerr0r

Purpose is same as yours -- Advanced networking with Qemu -- I'm learning that right now.

But tun device doesn't have level 2, and bridging requires handling of frames and ARP.

----------

## eccerr0r

Apparently QEMU virt-manager made it really easy, except networkmanager does not support bridges.

This is what I did: 

I got rid of networkmanager.

I setup enp4s0 (my onboard ethernet) to be enabled but not get an ip address

I setup br0 with a bridge connection to enp4s0

I setup br0 to get an IP address.

/etc/conf.d/net

```
config_enp4s0="null"

brctl_br0="stp off"

bridge_br0="enp4s0"

config_br0="dhcp"

rc_net_br0_need="net.enp4s0"

```

/etc/init.d/net.enp4s0 and /etc/init.d/net.br0 link to net.lo like the usual Gentoo setup.

At this point virt-manager let me select my bridge br0 as the network device, and automatically configures a macvlan for each VM and hooks it into your bridge.  Very simple setup IMHO....

It seems to just "work" for me, the only downside is that for some reason NFS is really slow.  I'm using the virtio driver between VM and host, and not emulating real hardware.

----------

## dE_logics

Thanks. In Qemu networking I'll take this into reference.

----------

