Essential Guide: Application-aware networking
A comprehensive collection of articles, videos and more, hand-picked by our editors
The emergence of software-defined networking has also sparked discourse among IT pros about the need for network virtualization. Yet in many ways, a singular network virtualization definition has yet to emerge.
In a recent interview with VMWare's Martin Casado, we learned SDN and network virtualization differ -- Casado likened SDN to a mechanism, while network virtualization is an application.
"SDN is relevant to system builders: I liken it to a way to build an engine," Casado said. "Someone building a car would use a new way of building an engine to build the car, but customers don't buy engines, they buy cars."
Here we've rounded up 10 key definitions to better explain the basics of network virtualization.
- Network virtualization. Network virtualization is a method of providing virtual instances of physical networks by separating bandwidth into independent channels. Each channel can be assigned or reassigned to a specific server or device in real time and is independently secured. With these combined resources, distinct network tunnels or segments can be provisioned, each with unique routing and management policies. Network virtualization is intended to improve productivity and efficiency by performing tasks automatically, allowing files, images and programs to be centrally managed from a single physical site. Storage media, like hard drives and tape drivers, for example, can be easily added or reassigned, and storage space can be shared or reallocated among the servers as well. Network virtualization is said to be particularly effective in networks that experience sudden and unforeseen data surges and capacity-hungry applications.
- Virtual switch. A virtual switch (vSwitch) is a software instance of a physical switch that allows virtual machines (VM) to communicate with one another. Essentially, vSwitches manage and route traffic in a virtual environment. Each virtual host must connect to a vSwitch in the same way a physical host must be connected to a physical switch. Similar to a physical Ethernet switch, a vSwitch not only forwards data packets, it intelligently directs communication on the network by inspecting packets before forwarding. A vSwitch can be included in a server's hardware as part of its firmware, but some vendors have embedded vSwitches directly into their hypervisors. Virtual switching has not traditionally been designed to present visibility of the virtual network to network engineers, but third-party tools, such as the Cisco Nexus 1000v, aim to change that. Additionally, as virtual switching comes under control of SDN environments, network pros will have more direct visibility and management capability.
- Overlay network. An overlay network is a software construct that lives on the edges of a physical network and consists of virtual switches that reside on the virtualized servers. These switches are used to create an abstracted, virtual network on top of the underlying physical infrastructure. An overlay network relies on a network control plane to handle virtual switching on the server hosts, similar to a physical network. These control planes can either use traditional network protocols or they can rely on a software-defined networking controller. One example of an SDN overlay is Big Switch's Big Virtual Switch, which uses OpenFlow-enabled virtual switches at the server access layer of a network to create a virtual network on top of an existing physical network. Then the network overlay tunnels make it possible to build a software-defined network on top of physical infrastructure that doesn't explicitly support SDN.
- Network hypervisor. A network hypervisor is a tool that provides an abstraction layer of a network, allowing engineers to provision virtual network components and tenants or paths that are completely independent of the underlying physical network. The network hypervisor should do for network virtualization what a server hypervisor does for server virtualization -- enable guest applications and operating systems regardless of changes in the underlying infrastructure. With this abstraction layer intact, the network hypervisor should also provide visibility and manageability of virtual resources to support dynamic provisioning of virtual networks and related virtual machine migration. As network virtualization solutions grow, many are looking to incorporate them into an overall software-defined networking (SDN) architecture. Using SDN, and incorporating a network hypervisor into an SDN architecture, will help make the network both flexible and manageable enough for Infrastructure as a Service (IaaS) and virtual resource provisioning.
- VXLAN. A Virtual Extensible LAN (VXLAN)is a proposed encapsulation or tunneling protocol for running an overlay network on existing Layer 3 infrastructure. VXLAN is said to make it easier for network engineers to scale out a cloud computing environment while isolating cloud apps and tenants. Traditionally, network engineers have used virtual LANs (VLANs) to isolate apps and tenants in a cloud computing environment, but VLAN specifications only allows for up to 4,096 network IDs to be assigned at any given time. The primary goal of VXLAN is to extend the virtual LAN (VLAN) address space by assigning a 24-bit segment ID and increasing the number of available IDs to 16 million. VXLAN can potentially allow network engineers to migrate virtual machines across long distances and play an important role in software-defined networking (SDN). To implement SDN using VXLAN, administrators can use existing hardware and software -- a feature that makes the technology financially valuable.
- OpenStack Quantam API. OpenStack Quantum is a cloud networking controller and Networking as a Service project within the OpenStack cloud computing initiative. It includes a set of application program interfaces (APIs), plug-ins and authentication/authorization control software that enable interoperability and orchestration of network devices and technologies within IaaS environments. The core Quantum API includes support for Layer 2 networking and IP address management, as well as an extension for a Layer 3 router construct that enables routing between Layer 2 networks and gateways to external networks. Quantum includes a growing list of plug-ins that enable interoperability with various commercial and open source network technologies.
- Multi-tenant networks. Multi-tenant network architecture allows the physical network to be divided into smaller, isolated logical networks. Like tenants in an apartment complex, multi-tenant networks share the physical networking gear but operate using their own distinct management and security policy, preventing spillover or visibility between the segments. While the capability to separate networks into logical units has been available for some time through the use of VLANs, virtualized data centers and cloud computing concepts have brought multi-tenancy back to the attention of network administrators. There are a few approaches to isolating network traffic in a multi-tenant network, including defining virtual switches, like Cisco's Nexus 1000v or the open source Open vSwitch for each application. VMs connect to the physical network by linking to virtual Ethernet adapters and virtual switches. Then, these connect to physical Ethernet adapters and switches. Virtual switches manage the movement of VMs and also aid in the provisioning and management of VLANs in the data center network. Network architects create network segments or tenants musing these switches and in some cases using a centralized SDN controller. Multi-tenancy is often used within cloud networks so that networks can be created for specific sets of data and/or applications.
- Network functions virtualization. Network functions virtualization, or NFV, is an initiative to virtualize network functions that were previously carried out by proprietary, dedicated hardware. The concept is still being developed by the ETSI Industry Specification Group (ISG) for Network Functions Virtualization and was first presented by a group of network service providers at the SDN and OpenFlow World Congress in October 2012. The goal of NFV is to decrease the amount of proprietary hardware that is needed to launch and operate network services -- network functions previously done by routers, firewalls, load balancers and other hardware would instead be hosted on VMs. If it's successfully developed and implemented, NFV will revolutionize how networks are built, managed and used to create services. It's unlikely that virtual hosts will totally displace network equipment, but the high-value portion of network services could be made into a series of interoperating, cloud-hosted components.
- NVGRE. Network Virtualization using Generic Routing Encapsulation, or NVGRE, is an overlay or tunnelling protocol for network virtualization. Using the encapsulation protocol, engineers can create a large amount of virtual LANs for subnets that extend across dispersed data centers on Layers 2 and 3. Its purpose is to enable multi-tenant and load-balanced networks to be shared across on-premises and cloud environments. The NVGRE specification was proposed by Microsoft, Intel, HP, and Dell, and it competes with another encapsulation method, VXLAN. Key capabilities of NVGRE include identifying a 24-bit Tenant Network Identifier (TNI) to address problems associated with the multi-tenant network. It also uses a Generic Routing Encapsulation (GRE) to create an isolated virtual Layer 2 network that could be confined to a single physical Layer 2 network or extend across subnet boundaries.
- Nexus 1000v. The Cisco Nexus 1000v is a Cisco Nexus Operating System (NX-OS) switch that's rendered fully in software and provides visibility and management inside the virtual stack, enabling distinct network tenants composed of physical and virtual networking resources. The switch enables a network team to monitor, manage and troubleshoot both the physical and virtual networks with Cisco commands and tools. The switch is programmable and is based on IEEE 802.1Q switching technology. It used a control-path API to communicate with the data plane. This allows administrators who use non-Cisco physical network components to use the 1000v to handle virtual network management.