This post originally appeared on bradhedlund.com, Brad is an experienced networking professional in VMware’s Networking and Security Business Unit, specializing in network virtualization and data center fabrics.
Data centers exist for the sole purpose to deploy applications. Applications that automate business processes, serve customers better, enter new markets … you get the idea. It’s all about the Apps.
Applications are composed with both Compute and Network resources. It doesn’t make sense to have one without the other; a symbiotic relationship. And for the last decade, one half of that relationship (Compute) has been light years ahead of the other (Network). Compute and Network is a symbiotic relationship lacking any symmetry.
For example, it’s possible to deploy (virtual servers) the Compute of an application within seconds, through powerful automation enabled by software on general purpose hardware — Server Virtualization. The virtual network, on the other hand, is still provisioned manually, on specialized hardware, with keyboards and CLIs. Meanwhile the application deployment drags on for days, weeks, or longer, until the network is finally ready.
Server virtualization also enabled Compute with awesomeness like mobility, snapshots, and push button disaster recovery — to name a few. The network, on the other hand, doesn’t have the same capabilities. There is no mobility – the network configuration is anchored to hardware. Snapshots of the application’s network architecture is next to impossible because the network configuration state is spread across a multitude of disparate network devices (physical and virtual). And recreating the application’s network architecture at a second data center (disaster recovery) is a house of cards (at best), if not impossible, without the same automation, untethered mobility, and snapshots. The Compute portion of the application, with all of its virtualization capabilities, is held back from reaching its full potential, anchored to the non-virtualized network.
Network Virtualization is a solution with products that bring symmetry to the symbiotic relationship of Compute & Network. With network virtualization, the application’s virtual Network is provisioned in lock step with virtual Compute, with the same level of speed, automation, and mobility. With compute and network working in symmetry, through Server & Network Virtualization, compute and network are deployed together – rather than one waiting for the other. Applications are fully decoupled, with fully automated provisioning, and truly mobile.
What is Virtualization?
Virtualization is the basic act of decoupling an infrastructure service from the physical assets on which that service operates. The service we want to consume (such as Compute, or Network) is not described on, identified by, or strictly associated to any physical asset. Instead, the service is described in a data structure, and exists entirely in a software abstraction layer reproducing the service on any physical resource running the virtualization software. The lifecycle, identity, location, and configuration attributes of the service exists in software with API interfaces, thereby unlocking the full potential of automated provisioning.
The canonical example is Server Virtualization, where the familiar attributes of a physical server are decoupled and reproduced in virtualization software (hypervisor) as vCPU, vRAM, vNIC, etc., and assembled in any arbitrary combination producing a unique virtual server in seconds.
The same type of decoupling and automation enabled by server virtualization is made available to the virtual network with Network Virtualization.
What is the Network?
Virtual machines supporting the application often require network connectivity (switching and routing) to other virtual machines and the outside word (WAN/Internet) with security and load balancing. The first network device virtual machines are attached to is a software virtual switch on the hypervisor. The “network” we want to virtualize is the complete L2-L7 services viewed by the virtual machines, and all of the network configuration state necessary to deploy the application’s network architecture (n-tier, etc). The network relevant to the virtual machines is sometimes more specifically referred to as the virtual network.
Virtual servers have been fully decoupled from physical servers by server virtualization. The virtual network, on the other hand, has not been fully decoupled from the physical network. Because of this, the configuration necessary to provision an application’s virtual network must be carefully engineered across many physical and virtual switches, and L4-L7 service appliances. Despite the best efforts of server virtualization, the *application* is still coupled to hardware.
With Network Virtualization, the goal is to take all of the network services, features, and configuration necessary to provision the application’s virtual network (VLANs, VRFs, Firewall rules, Load Balancer pools & VIPs, IPAM, Routing, isolation, multi-tenancy, etc.) – take all of those features, decouple it from the physical network, and move it into a virtualization software layer for the express purpose of automation.
With the virtual network fully decoupled, the physical network configuration is simplified to provide packet forwarding service from one hypervisor to the next. The implementation details of physical packet forwarding are separated from, and not complicated by, the virtual network. Both the virtual and physical network can evolve independently. The virtual network features and capabilities evolve at software release cycle speeds (months). The physical network packet forwarding evolves at hardware release cycle speeds (years).
Packet forwarding is not the point of friction in provisioning applications. Current generation physical switches do this quite well with dense line-rate 10/40/100G silicon and standard IP protocols (OSPF, BGP). Packet forwarding is not the problem. The problem addressed by network virtualization is the manual deployment of network policy, features, and services constructing the network architecture viewed by application’s compute resources (virtual machines).
Network Virtualization
Network Virtualization reproduces the L2-L7 network services necessary to deploy the application’s virtual network at the same software virtualization layer hosting the application’s virtual machines – the hypervisor kernel and its programmable virtual switch. Similar to how server virtualization reproduces vCPU, vRAM, and vNIC – Network Virtualization software reproduces Logical switches, Logical routers (L2-L3), Logical Load Balancers, Logical Firewalls (L4-L7), and more, assembled in any arbitrary topology, thereby presenting the virtual compute a complete L2-L7 virtual network topology.
All of the feature configuration necessary to provision the application’s virtual network can now be provisioned at the software virtual switch layer through APIs. No CLI configuration per application is necessary in the physical network. The physical network provides the common packet forwarding substrate. The programmable software virtual switch layer provides the complete virtual network feature set for each application, with isolation and multi-tenancy.
With Network Virtualization the virtual network is entirely provisioned in software, by software, with APIs, at the same speed and agility and in lock step with server virtualization. The same software tools already provisioning the application’s virtual machines can simultaneously provision both compute and network together (with templates), and subsequently validate the complete application architecture — compute and network together.
Next, rather than just taking snapshots of virtual machines, take a snapshot of the complete application architecture (compute and network) and ship a copy off to a disaster recovery site – on standby for push button recovery. The application’s network is finally equally mobile and running as fast as the compute.
Network Virtualization makes sense because of Server Virtualization. Compute and Network, a symbiotic relationship deployed in synchronization, with symmetry.
It’s a no-brainer.
Cheers,
Brad
Comments
0 Comments have been added so far