Network Virtualisation vs Network Appliances

First two articles on Network Virtualisation are here and here.

Networking functions can be delivered via Virtual Appliances (ready‐to‐go virtual machines that run on a hypervisor). Virtual appliances are usually designed to deliver the functionality of a single network function, such as a router, a WAN accelerator, or a network firewall.

Though they can meet targeted needs, virtual appliances have some distinct drawbacks. Virtual Appliances (VA’s) run as guests on top of a hypervisor, which limits performance and with VA’s there is always the issue of sprawl. Because of the limited performance of the devices, you may end up having to deploy tens, hundreds, or even thousands of VA’s to reach the scale of a full data center. This is expensive and presents operational-support challenges and associated costs.

By contrast network virtualization integrates the networking functions within the hypervisor. This is a more sophisticated approach which allows the network and the full range of its functions to follow virtual machines as they move from one server to another. There’s no need to reconfigure any network connections, because those are all in software. Basically, the network can go anywhere in the data center that is virtualized.

Some Benefits of Network Virtualization are given below.

 Meeting the demands of a dynamic business

Often Software and application development may move faster than hardware. This would mean that it is far  easier to deploy services, make changes, and roll back to previous application versions, when the network is represented within a software (hypervisor) layer. In many firms there may be changing business requirements, which means that demands on IT infrastructure are also changing and are becoming more demanding and immediate, necessitating the virtualization of the network, and not just the usage of sprawling VA’s.

Increasing flexibility with hardware abstraction

Network virtualization moves intelligence from dedicated hardware to flexible software which should increase IT and business agility. This concept is known as abstraction. With server virtualization, an abstraction layer, or hypervisor, reproduces the attributes of the physical server — CPU, RAM, disk — in software. Abstraction allows these attributes to be assembled on the fly to produce a unique virtual machine.

Network virtualization works the same way. With network virtualization, the functional equivalent of a “network hypervisor” reproduces networking services — such as switching, routing, access control, firewalling, QoS, and load balancing — in software. With everything in software, virtualized services can be assembled in any combination to produce a unique virtual network in a matter of seconds.

This level of agility is one of the big benefits of the software‐ defined data center, and one of the key arguments for network virtualization.

Increasing security with network micro‐segmentation

Another argument for network virtualization revolves around the need for stronger security. Network virtualization increases security by serving as the foundational building block for micro‐segmentation (the use of fine‐grained policies and network control to enable security inside the data center). Micro‐segmentation allows you to shrink‐wrap security around each workload, preventing the spread of server‐to‐server threats.

With network virtualization, networks are isolated by default, which means that workloads on two unrelated networks have no possibility of communicating with each other. Isolation is foundational to network security, whether for compliance, containment, or simply  keeping  development, test, and production environments from interacting. When virtual networks are created, they remain isolated from each other unless you decide to connect them. No physical subnets, no VLANs, no access control lists (ACLs), and no firewall rules are required in order to enable this isolation.

Virtual networks are also isolated from the underlying physical network. This isolation not only decouples changes in one virtual network from affecting another, but it also protects the underlying physical infrastructure from attacks launched from workloads in any of your virtual networks. Once again, you don’t need any VLANs, ACLs, or firewall rules to create this isolation. That’s just the way it is with network virtualization.

VMWare view of the SDDC

Establishing a platform for the SDDC

A software‐defined data center is a much‐needed framework for greater IT agility and more responsive IT service delivery, all at a lower cost. As the critical third pillar of the SDDC, building on the pillars of compute and storage virtualization, network virtualization is key to the SDDC.

Network virtualization is a transformative architecture that makes it possible to create and run entire networks in parallel on top of existing network hardware. This results in faster deployment of workloads, as well as greater agility and security in the face of increasingly dynamic data centers.

Key components of the SDDC

Rethinking the Network

Though it leverages your existing network hardware, network virtualization is a fundamentally new approach to the network. This means you need to think about your network in new ways. In the past, network functions revolved all around hardware. Now they have all the flexibility of software.

A virtualized network should allow you to take an entire net- work, complete with all its configurations and functions, and duplicate it in software.

You should be able to create and run your virtualized network in parallel on top of your existing network hardware. A virtual network can be created, saved, deleted, and restored, just as you would do with virtual machines.

In more specific terms, a virtualized network should give you the ability to

  • Decouple the network from underlying hardware and apply virtualization principles to network infrastructure.
  • Create a flexible pool of transport capacity that can be allocated, utilized, and repurposed on demand.
  • Deploy networks in software that are fully isolated from each other, as well as from other changes in the data center.
  • Transfer, move, and replicate the network, just as you can do with virtualized compute and storage resources.
  • Make consistent network functionality available any- where in your enterprise.

==END

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.