Introduction to Network Virtualization
In this article
Network virtualization (NV) is the software-based implementation of networking services. These services include Internet protocol (IP) routing, packet switching, traffic load balancing, and packet filtering. Before the existence of network virtualization, particular networking services were only available in dedicated hardware devices such as switches, routers, load balancers, and firewalls.
There are many benefits to the use of network virtualization. It allows multiple networks to exist together on a single physical network infrastructure. Conversely, virtual LANs (VLANs) segment a physical network into multiple logical networks, thus decoupling network topologies from its underlying physical infrastructure. Both these network virtualization capabilities demonstrate its efficient use of resources and how it increases the flexibility of network design and deployment.
Network Functions Virtualization (NFV) replaces physical network devices with virtual services. These services perform the same functions as physical network devices. Virtual Machine Manager (VMM) can manage these services from the hypervisor.
While virtual networks seem to be the best choice for upgrading existing networking infrastructure, we must not forget about the hardware needed along with other aspects of network virtualization. Let's discuss the advantages and disadvantages of a virtual network and its physical counterpart.
Advantages of virtual networks:
- Scalability: Virtual networks can be easily scaled up or down to meet changing needs without purchasing or installing new hardware.
- Flexibility: Virtual networks are modified rapidly and efficiently to meet the needs of various applications and users.
- Cost-effectiveness: Virtual networks are often less expensive to set up and maintain than physical networks, as they do not require the purchase of physical hardware.
- Improved security: Virtual networks can be isolated from one another and can have specific security policies and configurations applied to them.
Disadvantages of virtual networks:
- Performance: Virtual networks can have performance limitations compared to physical networks, particularly in network latency and bandwidth.
- Dependence on underlying infrastructure: Virtual networks depend on the underlying physical infrastructure and hardware, so if there is a problem with this infrastructure, it can affect the virtual network.
- Complexity: Virtual networks can be more complex to manage and maintain than physical networks, as they require expertise in both virtualization and networking.
Advantages of physical networks:
- Reliability: Physical networks are often more reliable than virtual networks, as they do not rely on the underlying infrastructure.
- Better performance: Physical networks can offer better performance and lower latency than virtual networks.
- Physical security: Physical networks can be physically secured to prevent unauthorized access.
Disadvantages of physical networks:
- Cost: Physical networks can be more expensive to set up and maintain than virtual networks, as they require purchasing physical hardware.
- Scalability: Physical networks can be challenging to scale up or down to meet changing needs, as it often requires purchasing new hardware.
- Maintenance: Physical networks require regular maintenance and upgrades, which can be time-consuming and expensive.
We will review the essential networking components from two of the most common virtualization vendor platforms, VMware vSphere and Microsoft Hyper-V.
VMware basic virtual networking components
- A virtual network interface card (vNIC) allows the virtual machine (VM) to gain access to a network. It is also known as a virtual network adapter. More than one vNIC can be attached to a VM, allowing the VM to access more than one network. These virtual adapters emulate the capabilities of their physical counterparts. They are assigned Media Access Control (MAC) addresses and have configurable speeds. Each vNIC must have an Internet Protocol (IP) configuration to communicate with other devices on the network.
- The Port Group is the virtual container vNICs connect to assign specific OSI Layer 2 network rules to the group of vNICs. Port group configurations include VLAN assignment and behavior, MAC address security, traffic shaping, and NIC teaming and failover. One VM accesses multiple networks by having vNICs in numerous port groups. The port group is attached to a virtual switch (vSwitch).
- The virtual switch (vSwitch) sends traffic between its attached port groups and other network ports, which may be physical or virtual layer two ports. The vSwitch allows communication between VMs within its attached port groups and those outside the vSwitch. Like the port group, the vSwitch can also be configured to secure network traffic, shape traffic, and have network port redundancy and failover.
- Uplinks are the physical network adapter ports for the host machine of the hypervisor. Individual uplinks can be grouped to form certain types of redundancy or failover. Uplinks are put in groups to implement teaming protocols such as Link Aggregation Groups (LAGs).
The mapping between port groups and uplinks happens at the vSwitch level. Suppose no mapping exists for the port group to send network traffic to an uplink or a network outside the hypervisor. In that case, virtual machines on the same port group within a hypervisor can only communicate with each other and not with an external network.
Virtual switch architecture
Distributed port group and virtual distributed switches
Port groups and vSwitches, in their simplest form, exist as one entity per hypervisor. A multi-hypervisor environment manager, for example, VMware's virtual center (vCenter), allows for the distribution of port groups and vSwitches among hypervisors. A distributed port group enables VMs to be in the same port group but on different hypervisors. A distributed port group connects to a virtual distributed switch (vDS). These distributed virtual devices allow for more effortless scalability and consistent rules.
Microsoft's Hyper-V hypervisor has the option of three virtual switch types and two virtual network adapter types. Hyper-V Manager or the Hyper-V module for Windows PowerShell can configure these options.
Hyper-V virtual switch types:
- An external virtual switch binds to a physical network adapter to connect to a wired, physical network.
- The internal virtual switch has connectivity only to VMs running on the host with this virtual switch and between the VMs and the host itself.
- A private virtual switch is the same as the internal virtual switch except that the connection between the VMs on the switch and the host does not exist.
Hyper-V virtual network adapter types:
- Hyper-V specific network adapter is designed for Hyper-V and must include the driver in Hyper-V integration services. This adapter offers faster network speeds. The exception to its use is if you need to boot to the network or are running a guest operating system that the driver does not support.
- A legacy network adapter is mainly used for booting to a network and for generation 1 VMs.
Network virtualization has many advantages and use cases but relies on an underlying hardware-based infrastructure. Many factors, including complexity, maintenance, and cost, determine the decision to use virtualized network services. The use of more advanced virtual network devices, such as virtual routers and firewalls, will also require more powerful underlying hardware. Determining the best solution requires experience in both virtualization and networking.