Network virtualization is an important, though usually overlooked part of moving toward a Software Defined Data Center or SDDC. For network-connected workloads, a virtual network appears and operates like a traditional physical layer. Workloads “see” the same layers, 2, 3, 4 through 7;that they would in a traditional physical configuration. The key element and difference is the network hypervisor which renders the services as consumable virtual assets and logical instances of distributed software modules on the local host and applied at the virtual interface of the virtual switch.
VMWare, NSX example: The virtual network, from the workload’s perspective (logical).
The physical network still transports layer 2 network frames as it would in a traditional physical network. The Virtual Machine or VM sends a standard layer 2 network frame which is encapsulated at the source hypervisor with an additional IP, user datagram protocol (UDP), and virtual extensible LAN (VXLAN) headers. The physical network forwards the frame as a standard layer 2 network frame, and the destination hypervisor decapsulates the headers and delivers the original layer 2 frame to the destination VM.
The ability to apply and enforce security services at the virtual interface of the virtual switch also eliminates “hair-pinning” in situations where east–west traffic between two VMs on the same hypervisor, but in different subnets, is required to traverse the network to reach essential services such as routing and firewalling.
Virtual Networking and VLANs
There are important differences between the concepts of ‘virtual networking’ and a Virtual LAN. The VLAN approach attempts to break up a physical local area network into multiple virtual networks. Groups of ports are isolated from each other as if they were on physically different networks. The VLAN approach is like slicing a big network pie into a lot of bite‐size networks. There is a limitation of 4,096 total VLANs in a single LAN.
The big limitation is that VLANs don’t allow you to save, snapshot, delete, clone, or move networks. There is also an inherent security risk as well. VLANs do not allow you to control traffic between two systems on the same VLAN. This means that an attack which impacts one system may cross into another system.
Network virtualization (NV or NSX) is quite different than setting up VLANs. NV allows the creation of entire networks in software including switching, routing, firewalling, and load balancing. This provides far greater flexibility and granularity. With all networking and security services handled in software and attached to VMs, labor‐intensive management and configuration processes can be streamlined and automated, and networks are created automatically to meet workload demands.
Network Virtualization versus Software‐Defined Networking
Network virtualization may sound a lot like software‐defined networking (SDN), but there are actually major differences between these terms. Though the term software‐defined networking is not that well defined, the main idea is to allow software to control the network and its physical devices. This means that the core of SDN is having software, interact with hardware. Some term this a ‘next generation’ network solution. Although SDN centralizes management and allows you to control network switches and routers through software, SDN doesn’t virtualize all networking functions and components. In other words, SDN doesn’t allow you to run the entire network in software. Hardware remains the driving force for the network.
In contrast to SDN, network virtualization completely decouples network resources from the underlying hardware. All networking components and functions are faithfully replicated in software. Virtualization principles are applied to physical network infrastructure to create a flexible pool of transport capacity that can be allocated, used, and repurposed on demand.
With your networking resources decoupled from the physical infrastructure, you basically don’t have to touch the underlying hardware. Virtual machines can move from one logical domain to another without anyone having to reconfigure the network or wire up domain connections. You implement network virtualization in the hypervisor layer on x86 servers rather than on network switches.
Software‐defined networking allows you to control network switches and routers through software. It doesn’t virtualize all networking functions and components.
Network virtualization replicates all networking components and functions in software. It allows you to run the entire network in software.