Network Virtualization

Monitor and manage entire services and resources running on your enterprise network through virtualization

Monday, May 08, 2006

Print

Comment

Email

Digg

Del.icio.us

Reddit

Twitter

Network virtualization is the latest buzzword to hit the IT circles. It's meant to ease the task of managing a large heterogeneous network by providing you a single point of control. In network virtualization, all services and servers are treated as a single pool of resources which can be rearranged and redeployed in real-time to meet changing user requirements. This would help reduce network complexity, thereby lowering system downtime and reducing the cost of network management.

A lot of tasks that were done manually by network managers can be handled automatically after network virtualization. Currently, there's no predefined standard for this new trend, due to which different vendors have interpreted it differently. Here, we delve into some of those interpretations.

Virtual IP address 
Virtual IP Address (VIPA) is a technology used in failover and load balancing of a network connection. It adds a protection layer to a network connection. It assigns a virtual IP address to an existing interface, so if the system is unavailable, then the virtual IP address takes over the network connection and automatically restores the connections between different servers.

VIPA is configured on a TCP/IP stack rather than a physical adapter, and is therefore not linked with any particular endpoint device. A virtual IP address is configure designated with multiple paths on the TCP/IP stack, as a result it automatically switches to alternate path in case of connection failure.

This eliminates hardware and communication media from becoming points of failure for many connections. VIPA automatically takes over and allows a Virtual IP address to automatically move to a stack where an existing suitable application instance is already active and allows the application to serve the users.

Further still, you can even configure a Dynamic Virtual IP Address (DVIPA) for an application server. This can allow applications to create and activate virtual IP, so that it can switch from one Logical Partitioning (LPAR) to another one in case of failure. 

Hipersockets 
This is a technology that's specific to IBM's zSeries servers. Instead of having multiple servers running their own applications for web, database transactions, application, etc, everything is consolidated into a single zSeries server and run in a virtual environment.

Prior to consolidation, all servers would have their own physical network connections and you would need multiple routers and switches to connect them together.

After consolidation, this external infrastructure of network cards, cables, switches, and routers is not required. All communication between the various virtual servers happens inside the zSeries server itself. There are several advantages to this approach. One, since the zSeries server's internal bus is used, there's literally zero latency, so the communication between various virtual machines is much faster.

Since all the network connections are virtual, there can be automatic failover between them. So if your business application's network interface fails, it would automatically failover to another virtual connection. All this leads to a more simplified infrastructure.

Virtual Ethernet 
A virtual Ethernet interface is a fake Ethernet device, which is a replica of a physical Ethernet device. This will respond like a normal Ethernet for another IP address than the normal IP address of the physical Ethernet interface of a machine. Therefore, it can have several IP addresses for single physical Ethernet interface.

For example, these days Ethernet interfaces come with integrated VLAN. This allows you to create a virtual LAN on virtual Ethernet interfaces. This technology is also used to connect branch offices to their corporate office.

Nortel's virtual Ethernet solution allows organizations to cost-effectively scale and transparently extend their Ethernet LANs across a wide area network (WAN), making the WAN and LAN appear as a single Ethernet network.

As you can see, there are several interpretations of network virtualization, largely due to a lack of open standards. It therefore becomes quite difficult to determine what to choose. Some work is happening on this front, and hopefully we should have something very soon.

Virtual LAN
This is another network virtualization technology, which acts like a normal LAN and devices connected on it can be segregated into groups of different logical LAN networks. However, all the devices are connected physically on a same segment.

This allows administrator to divide LAN into virtual segment without using a separate switch.  Here, clients and servers may be placed anywhere on a network, but they are grouped together using VLAN technology. This also prevents broadcast traffic as it sends broadcast data to devices within the VLAN. 

VLANs are configured using Media Access Control (MAC) addresses of the device. If a device is moved from one port to another on the switch, the VLAN management software recognizes it and automatically reconfigures it into its appropriate VLAN without changing the MAC address or the IP address of the node.

It uses 802.1Q specification method for adding VLAN group information into ethernet frames. Some VLAN softwares not only manage all the VLAN groups but also allow you to create virtual routers with in the VLANs. So that you can interconnect different VLANs together.

For example, the   various servers and clients can be  added to separate groups which in turn can communicate with each other through virtual routers. This technology is now available with all managed switches.

Virtual Private Network  
This is another virtualization technology, which allows you to interconnect your branch offices over a public network, with your existing infrastructure. A VPN ensures that data that is sent between the two endpoints of a connection remains secure.

In this setup, people outside your network can be part of your network from a public network such as Internet and one can access any service running on your network from anywhere.

These days VPN appliances are available, which connect you to  a corporate network via public IP and the users can access that network by logging in using a VPN client. It may be slow for the client depending on the connectivity speed, but the client can avail all the services from the corporate network.

Sanjay Majumder

Page(s)   1