Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

IBM DOVE: Big Blue enters the network virtualization battleground

Look out Nicira and Big Switch, IBM is developing a network virtualization strategy that relies on its own virtual network overlay technology.

IBM is developing its own network virtualization strategy that will go head-to-head with solutions from VMware and Big Switch Networks.

IBM's virtual network overlay technology, called Distributed Overlay Virtual Ethernet (DOVE), will let engineers abstract the physical network infrastructure from hypervisor hosts, so they can make network changes in software rather than hardware. These network instances will better manage and support virtual machines as they migrate within and between data centers.

VMware is using its VXLAN tunneling protocol to develop network overlay capabilities within  the vCloud product suite. The company has also acquired Nicira, giving it two network overlay solutions. Big Switch and start-up Midokura also offer versions of the same technology.

Like these other virtual network overlays, DOVE relies on distributed virtual switches deployed on hypervisor hosts to create tunnels between endpoints across the underlying network infrastructure.

IBM has a created its own distributed virtual switch, the DVS 5000v, and a homegrown tunneling protocol that uses the VXLAN frame format. The current version of DOVE works only with vSphere, but IBM plans to add support for other hypervisors, including KVM and Microsoft Hyper-V, according to Rakesh Saha, director of product management at IBM.

IBM DOVE: A VXLAN alternative

Although the IBM DOVE tunneling protocol is homegrown, its use of the VXLAN frame format for encapsulation means that it can take advantage of any underlying network hardware that supports VXLAN, Saha said. This hardware support will be important for management, security and troubleshooting of DOVE traffic across the physical network. Also, like VXLAN, DOVE increases the number of VLANs available in a subnet from 4,000 to more than 16 million, allowing for increased scalability of cloud environments.

But DOVE differs from VXLAN in its ability to create an overlay without requiring the physical infrastructure to operate in multicast. VXLAN requires multicast, which many network engineers are reluctant to implement, especially over data center interconnects.

"Most enterprises and almost no service providers run multicast today. It's never been widely deployed because there hasn't been an application need for it. There are issues of scaling. Multicast has an impact on router performance," said Eric Hanselman, research director with 451 Research.

The IBM DOVE architecture

DOVE's architecture consists of three components: the DOVE controller, the DOVE service appliance and the DOVE switches deployed on the hypervisor hosts. These components are typical in most virtual network overlays. The gateway operates like a router, providing connectivity to legacy environments and across WAN links for data center interconnects.

More on virtual network overlay technology

Arista and Cisco emphasize programmable networks instead of overlays

VXLAN gateways dominate networking stage at VMworld

IETF specs for network overlays

In most network overlays the controller operates as a centralized control plane that defines and orchestrates network traffic between endpoints, much like in OpenFlow-based software-defined networks. IBM has not revealed a great deal of information about the DOVE control plane. According to an Ethernet Summit presentation by IBM System Networking CTO Renato Recio, DOVE has a split control plane. An entity called the DOVE Controller, which resides on a server, is responsible for a portion of the DOVE control plane and for performance management. The DOVE switches (the DVS 5000v) on the hypervisor hosts are responsible for the rest of the control plane functions in DOVE. However, it remains unclear how the control plane is divided between these two components.

Nick Lippis, principal of research firm Lippis Enterprises, believes that IBM is partnering with another company for most of its DOVE controller functionality, but he believes that the company should have "a contoller of their own."

"It's a very important component to deliver this solution. If you don't have that piece in the middle, you're just assuming it's going to happen [correctly]."

But routing may prove to be the most important part of virtual network overlays, according to Brent Salisbury, network architect at the University of Kentucky, who has been evaluating DOVE and other virtual network overlay technologies. He says most vendors have glossed over the details of routing. "You'll have to talk to the legacy network to do things like security," he said. "Applying policies to applications -- you can't really do that in Layer 2 today unless you're purely doing it in your hypervisor. A lot of firewalls have all the traffic getting punted north-south. You have to hit a Layer 3 gateway somewhere. But how is that going to scale?"

IBM Dove: Big Blue's edge

The virtual network overlay market is getting relatively crowded given how new it is. VMware's acquisition of Nicira establishes a major player in the market, while other startups like Big Switch and Midokura have garnered some buzz. Cisco has many of the building blocks for a network overlay solution, including VXLAN support in its own Nexus 1000v distributed virtual switch. So why is IBM jumping into this nascent market?

For starters, DOVE could prove attractive to enterprises that are already IBM shops.

"Our [university] hospital is about 100% IBM in our new data center" and it depends on VMware hypervisors, Salisbury said. "“They need software to orchestrate all this. For an existing IBM customer [DOVE] is absolutely a possibility."

IBM's fluency with enterprise applications could also add value to DOVE. Network overlay and software defined networking vendors have started focusing on so-called northbound APIs as a way to integrate networks more tightly with the enterprise applications -- like business intelligence and finance -- that consume their resources. IBM is trying to consolidate its expertise to move in this direction, too. 

The company's recent rollout of its PureSystems integrated infrastructure products includes built-in "Patterns of Expertise" for application deployments. These application service patterns simplify how infrastructure is configured and optimized for the delivery of enterprise applications like business intelligence. IBM believes that the integration of software defined networking and network overlays like DOVE can extend this application expertise.

"[DOVE] is an enabler for networking to become more dynamic. The real value is to enable applications to use the network in a more dynamic way. Our focus from the very beginning has been to keep and make DOVE a part of an entirely integrated system and we're working with IBM partners to make that happen," IBM's Saha said.

This goal is the holy grail of software defined networking and virtual network overlays, according to Hanselman of 451 Research. "The idea that applications should be able to cause the appropriate network resources to get spun up when [applications] get instantiated -- a lot of that requires management integration with the underlying infrastructure layers," he said. "DOVE gives you the overlay capability that spans virtual and physical in ways that are a little simpler than VXLAN. If there were management integration that could leverage that that [overlay], that is something that would have real value."

Let us know what you think about the story; email: Shamus McGillicuddy, News Director

This was last published in September 2012

Dig Deeper on SDN network virtualization

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchNetworking

SearchEnterpriseWAN

SearchCloudProvider

SearchUnifiedCommunications

SearchSecurity

SearchDataCenter

Close