Today traditional networks are not built to support the scalability required by large-scale server virtualization and the automated provisioning that is required for Infrastructure-as-a-Service models. But new network virtualization methods -- possibly even a network hypervisor -- could change all of that.
Today upward of 50% of all servers run as virtual machines. Each one is connected to a virtual network with virtual switches and network adapters that are all created through the server virtualization hypervisor. This wide-scale virtualization will enable service providers and large enterprises to offer Infrastructure-as-a-Service in which companies or groups of users can self-provision virtual machines and network resources on demand with just a few clicks. Ultimately, they'll be able to create mini virtual data centers using these resources.
On the server side of this equation, the technology is ready to go, but traditional networks are preventing this flexibility. These networks are burdened with cumbersome physical components and traffic management issues that make it impossible to support an environment in which the need for capacity varies and is unpredictable. With traditional networks, engineers are struggling with Layer 2 vs. Layer 3 configurations; a cumbersome access/distribution/core architecture; the need to manage traffic and ports on physical switches, routers, firewalls; and disparate bandwidth issues in the LAN and the WAN. As if that weren't enough, the 802.1q standard only provides up to 4,094 VLANs, which is not nearly enough for cloud providers or large enterprises that want to create multi-tenant networks for Infrastructure-as-a-Service models.
The need for network virtualization
Network traffic doesn't function like a server with the OS and apps stuck on a particular host. In fact, network packets are already virtual. In networking, what still needs to be virtualized are the physical components that make up the network -- switches, routers and firewalls.
But once these components are virtualized, engineers need to be able to programmatically control the provisioning of these resources. To do that, the limitations of the physical network (VLAN scalability, MAC scalability, VM mobility, and conflicting IP addresses) must be eliminated. In addition, network admins will need the same visibility and functionality into virtual network that they have on the physical network.
More on the network virtualization and the new hypervisor
The storage hypervisor: Virtualization is about more than the server
vSphere networking tools: Gaining control of virtualization
Nicira network virtualization: The VMware of networking?
Some of these networking capabilities exist in the server hypervisor (VMware has a vSwitch and virtual network adapters), but these server hypervisors aren't specialized enough.
Enter the network hypervisor.
State of the network hypervisor
Today many networking vendors are working toward technology that manages the provisioning and control of virtual networks, but only a few actually call this technology "network hypervisor."
Probably the best known is the Nicira solution, which is a distributed software suite that creates scalable, fully featured, isolated virtual networks that are completely decoupled and independent from the underlying physical network. Nicira's solution can work across any physical network and is compatible with any server hypervisor. Nicira's open, programmable approach not only delivers Layer 2 and Layer 3 networking, it also supports Layers 4-7 services within virtual networks.
However, just because Nicira (which means vigilant in Sanskrit) has already sold its technology to some of the largest cloud providers and Internet players in the world, it remains to be seen whether this is the approach that will stick in the long term. Many competitors have other strategies.
Virtualized network components already exist
Companies like Vyatta, Cisco, VMware and Extreme Networks are all releasing new network virtualization solutions. Some of these work alongside the server virtualization hypervisor, while others are virtual appliances providing Layer 3 or security services. There are several examples:
- Cisco has gained lots of traction with its Nexus 1000-V advanced virtual switch for vSphere, which is solely focused on virtual network management and visibility. Using the Nexus 1000-V, engineers can ensure that QoS and security policies can follow vSphere virtual machines as they move from host to host with vMotion. Cisco also recently released the Virtual Security Gateway (VSG) for the Nexus 1000-V, which provides network security for vSphere. The VSG could be compared to a virtualized version of the Cisco ASA security appliance.
- VMware has continued to enhance and release more virtual network solutions in its vShield product line. When vSphere 5 was released so was vShield 5, which offers vShield Edge for firewall and VPN. Additionally, another innovative vShield solution was released, vShield Endpoint, which offers security compliance and data protection solutions.
- Extreme Networks is offering an XNV network hypervisor, which appears to compete with the Cisco Nexus 1000V but is compatible with Microsoft Hyper-V, Citrix XenServer, VMware vSphere and Linux KVM. However, just because it is labeled a network hypervisor doesn't mean that it offers the same functionality of Nicira.
- Vyatta offers an enterprise-grade virtual network router, firewall and VPN solution. Those needing Layer 3 IP networking services can install these directly on physical servers and turn them into routers. Vyatta calls its technology a "network operating system" and says it provides similar functionality to a Cisco Layer 3 switch, except using a modified version of Linux.
Is Software-Defined Networking (SDN) the true network hypervisor?
As network virtualization solutions emerge, a number of companies are working on SDN strategies that will make the network flexible and yet manageable enough for Infrastructure-as-a-Service and for nimble virtual resource provisioning in general.
Using SDN, engineers can create a separate control and forwarding plane and use centralized software-based controllers that push down forwarding rules and policies. With an SDN strategy, engineers can define how virtual routers and firewalls can be used in conjunction with virtual switches to provision virtual networks as needed.
Nicira's network hypervisor, as well as some of the other available solutions, can work within an overall SDN architecture.
Only time will tell whether the network hypervisor will reign in networking for massive virtualized environments. What is clear is that virtualization will not stop at server hardware and will get much more complex than basic network component virtualization.
About the Author: David Davis is the author of the best-selling VMware vSphere video training library from Train Signal. He has written hundreds of virtualization articles on the Web, is a vExpert, VCP, VCAP-DCA, and CCIE #9369, with more than 18 years of enterprise IT experience. His personal website is VMwareVideos.com.
- E-Guide: Virtualization implementation and management: A network perspective –SearchSecurity.com
- Network virtualization FAQ –SearchSecurity.com
- Simplify the Adoption of Network Functions Virtualization –Red Hat
- Understanding the pros and cons of network virtualization –SearchSecurity.com