I have difficulties to understand difference between tap and tun interface. I know it is an often asked question and I apologize for that.
I read tap work at layer 2 and tun works at layer 3. I also read that tap is used for bridging and tun is used for routing. I already heard things like "ROUTERS work at layer 3" or "BRIDGES work at layer 3" : this make sense for me because routers manipulate layer 3 protocols and bridge manipulate layer 2 protocols? but, because tap and tun are "interfaces", it means the sentence like "INTERFACES work at layer 3" has a sense but i don't understand what it is : I mean interfaces doesn't manipulate protocols(the OS do that but not an interface) so it sounds like tun interface == tap interface:
If I create two tap interfaces(with tunctl) with two ip that are on different networks (192.168.2.1/24 and 192.168.3.1/24), then I link these to two kvm virtual machine (one tap interface match to one VM) and if I enable routing on the host, my two VM can communicate.
So tap interfaces can also be used for routing : what is the difference with tun ? maybe a tap is also a tun interface?
Also I can create a tap interface with tunctl command but how can I create a tun interface with the same command(the command is called TUNctl not TAPctl...)?
Can you help me to clarify that? Thank you.