Network virtualization -- the focus of this primer -- is one physical network supporting multiple logical networks. From a WAN perspective, this is nothing new; what about MPLS, frame relay, ATM or even packet-switching protocol X.25? What's new is that the underlying drivers for WAN virtualization are changing.
Initially, wide area network virtualization came in the form of multiplexing, which combined data from connectionless and connection-oriented traffic flows while maintaining differentiation; i.e., voice traffic could be discerned from data streams. This integration gave WAN managers the ability to better manage voice and data networks. However, there were still clear distinctions between LAN and WAN traffic.
WANs are now becoming full Data Center Interconnects (DCIs) because they support and separate potentially thousands of VLAN connections -- each supporting a range of applications with varying performance requirements. Server virtualization is the primary driver for this VLAN growth, with currently 93% of organizations participating in Nemertes Research surveys deploying server virtualization.
How does network virtualization aid WAN management?
The good news for the WAN manager is that network virtualization for DCI can simplify WAN management in four key ways:
Network utilization and availability
Virtualization optimizes network utilization. Multiple virtual networks share the same physical connectivity, resulting in higher network utilization. Also, network virtualization increases availability in supporting clustering of devices by making them appear as one device from a network management perspective. This can simplify the WAN architecture and associated WAN management complexity.
With DCI and WAN virtualization, the network appears as dedicated contiguous channels. This is critical from policy, security and performance management perspectives. It gives a network manager the ability to trace a VLAN from server to LAN to WAN to end user while correlating underlying physical infrastructure for troubleshooting and capacity planning. This can dramatically improve mean-time-to-isolate and address network performance and security issues.
Moving to network virtualization reduces the number of physical devices, thus reducing operations and maintenance costs and complexity.
There are three aspects of network virtualization security: access control, path isolation, and services edge management. Access control is implementing authentication and authorization. For example, this might be in the form of a Cisco TACACS+ or a RADIUS server that determines who or what may access a particular VLAN. Path isolation occurs with GRE, MPLS and virtual routing and forwarding (VRF) to isolate one stream of data from another across the WAN. Finally, services edge management is used to isolate application environments and control the interface to storage and computing. These functions extend contiguous security across the WAN in a manageable fashion.
The key to successful attainment of these benefits is close alignment between network operations and network planning. There are multiple approaches to network virtualization for DCI at both Layers 2 and 3 of the network protocol stack, and the right choice must balance the complexity of the implementation with the achievement of WAN management simplification.
About the author:
Ted Ritter is a senior research analyst with Nemertes Research, where he conducts research, advises vendor and end-user clients, develops research reports and delivers strategic seminars. A Certified Information Systems Security Professional (CISSP), Ted leads Nemertes' research on information stewardship, including compliance, risk management, business continuity/disaster recovery, e-discovery and data quality management. He is also one of Nemertes' dedicated experts on cloud computing, virtualization, Internet infrastructure, efficient data centers and green IT.
This was first published in August 2010