Virtual network switch standards currently being considered by the IEEE's 802.1 Working Group hold promise for network administrators who struggle with managing virtualized infrastructure, but they also promise to renew hostilities between network and server management teams. Both the proposed standards, the Virtual Ethernet Port Aggregation (VEPA) originated by HP ProCurve and the VN-Tagging port extension approach originated by Cisco Systems, will give network administrators more control over the virtual switching that takes place in server virtualization, but server administrators have become accustomed to having control over the virtual switching that happens inside a virtualized server.
"You have an ongoing battle between the server and networking guys," said Joe Skorupa, research vice president at Gartner. "The network guys want to maintain control. They want to be able to enforce consistent policy all the way up into the server. They want to own that virtual switch. They want to configure it. They want to be the ones in charge. But the server guys will come back and say, 'We want to isolate as much of server configuration as possible from the network guys because every time we ask them for a change, it takes two weeks for them to respond. So we want to do all that switching ourselves and maybe do it in VEPA on the adaptor.'"
"So [VEPA] doesn't necessarily give the network guy control," Skorupa said. "This is a battle we're going to see play out over the next few years because frankly the server and networking teams don't like each other. They view the world through very different lenses, and the server guys saw what happened to the old voice communication guys when the IP-heads came in and crushed and destroyed those departments and just wiped them off the face of the earth. The server and storage guys have no intention of becoming network road kill."
But enterprises can use these pending standards to find a way to make peace between the networking and server teams, according to Joe Pelissier, principal engineer at Cisco.
"Part of the conflict is that server administrators don't see why network administrators should have control over the traffic that's going from virtual machine to virtual machine," Pelissier said. "On the other hand, it seems fairly self-evident why a network administrator would want to have some control over traffic going from a virtual machine out into the overall network. The layered architecture that we are proposing in the IEEE provides for that."
Using Cisco's port extension technology in VN-Tagging, which allows virtual machines to connect to physical switches for QoS and security features, enterprises could set policies on virtual machines where server administrators would have control over virtual networking between virtual machines, but network administrators would have control over any switching that sends traffic out into the network. Companies could also decide that network administrators need to be involved in all switching for security or compliance reasons.
In any case, it will be up to the data center manager or the CIO to set firm policies that clearly demarcate the sphere of control that network and server teams have over virtual server networking. Otherwise, conflict will disrupt collaboration in the data center.
Let us know what you think about the story; email: Shamus McGillicuddy, News Editor