How network virtualization works
Network virtualization uses abstraction to isolate applications and resources from the physical infrastructure. Benefits include faster provisioning, agility and operational efficiency.
Network virtualization works by abstracting and isolating network applications and services from the underlying network hardware devices and physical infrastructure.
The overall concept of virtualization is to abstract hardware through software control. Servers have employed VMs for decades, enabling software tools to provision and manage compute hardware. The move to network virtualization shares this fundamental principle by using a framework of virtualization software to abstract network services and resources.
Network virtualization provides software control over the network environment, enabling network administrators to configure and manage network resources and services without touching the physical networking hardware. By using network virtualization to decouple network hardware from the logical network and network traffic running over it, admins can quickly perform a range of network tasks and manage network operations that would otherwise require time-consuming, error-prone manual reconfiguration.
Network virtualization enables the following scenarios:
- Two or more physical networks can be combined into a single virtual network.
- A physical network can be provisioned into separate independent virtual networks.
- VMs can connect or migrate across domains without network reconfiguration.
Network virtualization that occurs between server endpoints is called external network virtualization. VMs that exist on a given server, however, can communicate on the server using a simulated network within the server itself, which is called internal network virtualization.
How network virtualization works
The central element of network virtualization is the network hypervisor. The hypervisor provides the essential abstraction layer along with monitoring and management capabilities. Administrators can use these capabilities to create, provision and manage virtual networks through software. Because software drives the behaviors of network virtualization, admins can invoke operations manually, or a program can implement them using orchestration and automation mechanisms, which enable virtual networks to be created and controlled automatically.
The network virtualization layer identifies all the underlying physical network hardware elements, including switches, routers, firewalls, load balancers and VPNs. Network virtualization then creates virtual, or logical, representations of those elements, with the ability to pool, provision and associate any of the elements to create a logical network. The underlying hardware remains to provide an IP-based packet forwarding platform.
The network virtualization layer handles all network and security services. Those services can be easily associated with individual workloads, such as containers or VMs. Networking and security policies can be defined for each workload.
Network virtualization supports high flexibility and intelligence. For example, if admins migrate a workload from one host to another, network virtualization enables all the workload's associated network services and security policies to migrate to the new host. Similarly, when new workloads are deployed -- i.e., new instances are added -- to scale an application, the network services and security policies are automatically applied. This kind of behavior saves time, reduces errors and lends itself to the kinds of automation needed for software-defined data centers and cloud operations.
What drives network virtualization adoption?
The principal driver behind network virtualization technology is the importance of time.
A traditional network installs, interconnects and configures gear into a fixed, or static, infrastructure. This traditional approach works, but it lacks the necessary flexibility and observability. New application deployments, changing business needs and everyday troubleshooting -- such as locating simple network security vulnerabilities -- could require weeks of granular work and testing at the hardware level. In terms of observability, it can be difficult to oversee the performance or behavior of traditional static networks without additional network monitoring tools.
Virtualizing the network changes all this, abstracting physical hardware devices into virtual entities that can be configured and associated through software. Network administrators can easily define a virtual network; associate services, such as virtualized applications, virtual firewalls and virtual load balancers; restrict traffic; and implement security rules -- all within a matter of minutes and entirely remotely. Admins can implement needed changes with equal ease. Monitoring and observation can take place at the network virtualization layer as virtualized network components are created and associated.
Finally, network virtualization extends the concepts and benefits of virtualization from servers throughout the data center and the distributed enterprise. The software-based nature of virtualization supports programmatic operations using automation and orchestration to provision and recover IT resources.
Network virtualization hardware and software components
Network virtualization works using software platforms, such as the following:
- Cisco Enterprise Network Functions Virtualization
- Hyper-V Network Virtualization (HNV)
- OpenStack
- oVirt, an open source platform
- VMware NSX
Network admins deploy a proven virtualization platform to support virtualization and isolation of network traffic between servers connected across a physical network. As a result, admins typically deploy network virtualization software to every data center server.
For example, consider the following five principal components of network virtualization involved in Microsoft Windows Server:
- Windows Azure Pack for Windows Server offers a portal for creating and managing virtual networks.
- Virtual Machine Manager provides centralized management of the virtual network.
- Microsoft Network Controller offers automation to manage, configure, monitor and troubleshoot the virtual network.
- HNV provides the mechanism needed to virtualize network traffic.
- HNV gateways form the connections between virtual and physical networks.
Consequently, it's generally not necessary to replace network hardware -- such as network adapters, switches and routers -- with other network virtualization-specific hardware because most current network gear supports OSI Layer 2 and Layer 3 capabilities needed to handle a virtualized environment.
It is important to test network virtualization deployments and consider network hardware compatibility before making a commitment to any network virtualization platform.
Network virtualization management tools
Network virtualization platforms typically include some mechanism for network management and monitoring. Organizations may opt to implement additional tools designed to reduce time, enhance automation, improve security through policies and rules, help with scaling, boost observability and reporting, enhance application deployment and so on.
Major network virtualization tools include the following:
- Affirmed Networks' Virtual Evolved Packet Core
- Cisco Application Centric Infrastructure
- Cisco Elastic Services Controller
- ECI's Mercury Network Function Virtualization
- Gigamon GigaVue-VM
- SolarWinds Virtualization Manager
Network virtualization pros and cons
Network virtualization can be a complex technology to understand and implement, so it is critical for potential adopters to consider the tradeoffs involved.
Network virtualization benefits
Network virtualization benefits include the following:
- reduced time to provision and configure a network, sometimes from weeks to minutes;
- greater agility in network scaling or service deployments;
- ability to deploy and operate workloads within the virtualized network without regard for the underlying physical topology;
- significant improvements to operational efficiency through automation and orchestration; and
- enhanced network security within the data center and across the enterprise.
Network virtualization challenges
Although the benefits of network virtualization can be compelling, IT and business leaders should evaluate potential disadvantages before network virtualization adoption. These can include the following:
- It may not be possible to virtualize every element of any network, possibly leaving some devices to operate unvirtualized and unmanaged by the network virtualization platform.
- Tools are not enough to guarantee virtualization success, and businesses may need to adapt policies and processes to fully align all parts of the virtual infrastructure.
- Network devices are treated as services, so it's easy to overlook the traffic load and overwhelm some network devices without capable network traffic monitoring and management in place.
- Physical faults can have unpredictable consequences for virtualized networks, sometimes leading to cascading failures across a virtual network.
- As with VMs, the ease and speed at which virtual networks can be created can sometimes lead to the sprawl of provisioned virtual resources that go unused. Regular monitoring and management reporting are essential to oversee utilization and drive resource recovery.
Network virtualization use cases
Businesses embrace network virtualization for a variety of purposes. Some common uses of network virtualization in business include the following.
Flexibility and efficiency
Network virtualization changes the nature of network configuration, provisioning and management. Traditional time-consuming, manual, hardware-oriented device configurations basically become a matter of setting them up within the network virtualization platform. As a result, admins can conduct networking tasks more quickly, giving them the potential agility to respond quickly to changing business demands, such as scaling an application or tweaking security rules.
Edge computing
As more computing and storage are distributed to edge environments, the need to configure and manage the corresponding networks grows. Network virtualization enables networks and services to be provisioned and managed at remote sites.
Network virtualization also supports the combination of multiple physical networks -- such as small LANs at remote edge sites -- into a single manageable logical network. As a result, administrators can essentially manage the entire business network infrastructure as a common resource.
Automation and orchestration
Traditional network configuration and management rely on high levels of human interaction, which causes errors and delays in network management. Admins can apply the same automation and orchestration techniques used to provision and manage VMs to virtualized networks. These techniques enable high levels of automation and autonomy across the greater data center and business infrastructure. Not only can a new VM be spun up when needed, but network virtualization also includes network resources and services to form more comprehensive and holistic deployment environments.
Security and compliance
Traditional network setup and configuration provide many potential instances for configuration oversights and security mistakes that can compromise network and application security. Network virtualization treats the network as a whole entity and can apply common rules and restrictions across all the services and applications using the virtualized network.
Just as VMs are logically isolated and separately managed, virtualized networks offer logical segmentation that prevents other applications and devices from seeing restricted traffic -- even though everything may use the same physical network devices. Improved security helps bolster the organization's compliance posture.
Disaster recovery and business continuity
Unplanned outages can pose significant threats to an organization's reputation and revenue. Network virtualization provides the ability to provision and configure entire networks through software in a matter of minutes -- often programmatically using policy-driven automation and orchestration technologies. This enables organizations to effectively recreate an existing network at any location and flexibly restore business operations with less risk and cost than traditional disaster recovery efforts.