When we think of network virtualization, we always think of VLANs but there is much more to network virtualization than just VLANs. Network virtualization is when all of the separate resources of a network are combined, allowing the administrator to share them out amongst the users of the network. Thus, it is a method of combining the available resources in a network by splitting up the available bandwidth into channels, each of which is independent from the others, and each of which can be assigned (or reassigned) to a particular server or device in real time. This allows each user to access all of the network resources from their computer either they are files and folders on the computer, printers or hard drives etc.
The theory behind network virtualization is to take many of the traditional client/server based services and put them "on the network". Certain vendors advertise virtualization and networking as a vehicle for additional services and not just as a way to aggregate and allocate network resources. For example, it's common practice for routers and switches to support security, storage, voice over IP (VoIP), mobility and application delivery.
One network vendor actually has a working card that is inserted into a router. On that card is a fully-functioning Linux server that has a connection to the backbone of the router. On that Linux server, you can install applications like packet sniffers, VoIP, security applications, and many more.
Network virtualization provides an abstraction layer that decouples physical network devices from operating systems, applications and services delivered over the network allowing them to run on a single server or for desktops to run as virtual machines in secure data centers, creating a more agile and efficient infrastructure. This streamlined approach makes the life of the network administrator much easier, and it makes the system seem much less complicated to the human eye than it really is.
Network virtualization is a versatile technology. It allows you to combine multiple networks into a single logical network, parcel a single network into multiple logical networks and even create software-only networks between virtual machines (VMs) on a physical server. Virtual networking typically starts with virtual network software, which is placed outside a virtual server (external) or inside a virtual server, depending on the size and type of the virtualization platform.
Internal network virtualization
Some vendors offer internal network virtualization where a single system is configured with containers, such as a domain, combined with hypervisor control programs or pseudo-interfaces, to create a “network in a box.” This solution improves overall efficiency of a single system by isolating applications to separate containers and/or pseudo interfaces. This approach allows network virtualization to be applied within virtual servers to create synthetic networks between VMs.
In internal network virtualization, virtual network software can emulate network connectivity within the server and allow VMs hosted on that server to exchange data. It might seem trivial, but the isolation that a virtual network provides can be useful. Eliminating the need to pass data on an external network can improve performance and bolster security for associated VMs.
Network virtualization can be implemented at the server or cluster level using hypervisor software -- you can create a virtual network on a single system. The hypervisor provides the abstraction layer that allows different types of internal networks to mimic the physical world.
External network virtualization
Any virtual networking that takes place outside of a virtual server is called external network virtualization. This occurs when one or more physical LANs are combined or subdivided into virtual networks, with the goal of improving the efficiency of a large corporate network or data center. External network virtualization uses virtual network software and involves network switches, network adapters, servers, network storage devices and the Ethernet or Fibre Channel media that interconnects these hardware devices.
Using VLAN and switch technology, the system administrator can configure systems physically attached to the same local network into different virtual networks. Conversely, VLAN technology enables the system administrator to combine systems on separate local networks into a VLAN spanning the segments of a large corporate network.
As you connect multiple systems, the network itself must support virtualization in the routers and switches. This may require the use of managed (or "intelligent") switches also known as Layer 3 switches. These devices run virtualization software modules that abstract the physical switch ports and surrounding network into VLANs. This relationship between hardware and software is leading to convergence. For example, a Layer 3 intelligent switch may be able to run virtualization software from well-known vendors while simultaneously hardware manufacturers are working to embed their technology into several hypervisor network topologies.
Advantages of network virtualization
Network management can be a tedious and time-consuming business for a human administrator but network virtualization is intended to optimize network speed, reliability, flexibility, scalability, and security and it has the reputation of being especially effective in networks that experience sudden, large, and unforeseen surges in usage.
Network virtualization is intended to optimize the manageability and control of physical networks that are shared between multiple applications. The result is a quickly deployable, more reliable service that takes advantage of all the capabilities of the underlying hardware by performing many of the administrative tasks automatically, thereby disguising the true complexity of the network. Files, images, programs, and folders can be centrally managed from a single physical site. Storage media such as hard drives and tape drives can be easily added or reassigned and storage space can be shared or reallocated among the servers.
Cost savings and increased efficiency
In physical environments, adding switch ports requires cabling, connections and configuration -- along with the investment in physical switch ports. In a virtual environment, logical switch ports are created and abstracted from the underlying physical ports. This allows more virtual switch ports to be “added” and "connected" (or directed) to other logical switch ports quickly and without having to commit real ports or cable them together in the data center.
This kind of efficiency is impossible with physical networks. When we are out of ports in a physical switch we need to buy another one but in the virtual world we just change the size of our switch, reboot the virtual host and we are back in business.
Security and flexibility
Suppose you need a separate network for iSCSI traffic, application development or some other business purpose. Traditionally this would require the creation (and expense) of a different physical network, but network virtualization allows for a new logical network to be created and configured using the same physical hardware. The new network can be isolated from other virtual networks even though it's using the same physical cables, switches, routers and other devices. This ensures security between virtual networks. Further, the new network can be created, configured and managed with few (if any) changes to the physical network.
Problems of network virtualization
Regardless of the approach, managing virtual network software can be extremely challenging. It can be difficult, even impossible, to keep track of the multiple services and virtual networks running within the physical LAN. Careful documentation, clear workflow procedures and comprehensive management tools are vital for proper virtual networking management.
Bandwidth is the most obvious consideration when it comes to planning the virtualization of any network. In some cases, the creation of multiple virtual networks is strictly a security play to isolate existing traffic -- usually to meet some compliance-related goal. However, virtual networks are more commonly deployed to improve utilization of the network by supporting additional workloads.
Virtualization itself should add no additional traffic to the network, but the traffic from additional workloads has to be considered as the traffic types on the virtual network. VLANs block broadcast traffic, so applications that rely on broadcast traffic may not work properly.
Bandwidth upgrades may necessitate faster ports (and maybe cabling), but the network switches and routers will also have to be validated for proper virtualization support. For example, the switches will need to run virtualization software along with other software modules.
As more workloads operate on existing hardware, faults and failures will have a greater impact on whole network operation. Therefore it is very important when planning a network virtualization project to identify single points of failure and recommend corrective action to ensure robust operation. For example, critical servers may be configured into a cluster to share processing resources and connectivity. When one element of the cluster fails, the remaining elements take over the processing to keep data flowing. Similarly, redundant switches may be introduced using failover techniques to shift traffic when faults occur.
Network virtualization adds complexity to the operating environment. Each new virtual network makes it more difficult to relate virtual resources back to the underlying physical resources, so limit the number of virtual networks to keep complexity to a minimum. If you create too many VLANs, that network infrastructure will become a nightmare to administer. Any network virtualization project will require virtualization-aware management tools that can create, configure, provision and report on the virtual networks created.