Applications of Virtual Networking (text)

by Sasha Shkrebets — last modified Mar 06, 2023 01:16 PM

We are continuing our discussion of network virtualization and in this lecture we will look at various examples of network virtualization and how it has been applied to solve problems in real world networks. We'll look at three broad applications of virtual networking.

Welcome back.

We are continuing our discussion of network virtualization

and in this lecture we will look at various

examples of network virtualization and how it has

been applied to solve problems in real world networks.

We'll look at three broad applications of virtual networking.

We will first look at how virtual

networking has enabled experimentation on production networks.

And in particular how it allows

researchers to run virtual experimental infrastructure

in parallel with production networks on

the same underlying physical network infrastructure.

We'll also look at how virtual networking enables

rapid deployment and development of new network services.

And in particular, how it allows operators

to deploy services independently from the underlying

vendor hardware.

Finally, we'll look at how virtual networking

enables the dynamic scaling of resources by

exposing the abstraction of a logical network

that is distinct from the underlying physical resources.

So let's first look at how

virtual networking enables experimentation of production networks.

So, historically, network researchers have designed new network protocols

or architectures and they'd like to evaluate or test them.

Now, there are various approaches to doing so.

One could run the new protocol or architecture in a

simulator, or test it in an emulator like VINI or Emulab.

But, when it comes to actually deploying that new

architectural protocol in production, researchers

have historically hit a roadblock.

And there's a bit of a catch-22 situation.

In order to prove or show that that protocol or architecture

works in production, they need to deploy it on a production network.

But, of course, it's experimental.

So, no operator would take that experimental protocol or architecture

and want to run that on production traffic with real users.

So, ideally, we'd have something that lets that researcher

deploy that experimental infrastructure in parallel with the production network.

And, that's effectively what a piece of software called FlowVisor does.

FlowVisor basically virtualizes network control by letting

experimental traffic run in parallel on the production

network with the real user, and real production traffic.

So the idea here is that a user, Doug for example, might have many

different types of network traffic, and many different applications.

Such as, voice over IP, web, gaming and so forth.

And that user might be willing to let researchers

run experimental protocols or architectures on some subset of

the traffic, particularly if the traffic is not as critical.

So what FlowVisor allows Doug to do, is specify some subset of the traffic

that he is willing to let run over that experimental network control.

Now this virtualization is achieved using a concept called flow space.

The idea here, is basically that some subset of

traffic flows, based on IP address, port, and so

forth, might be specified as being controlled by an experimental network

controller, as opposed to the production network controller.

We'll talk a lot more about virtualization of network control when

we discuss the nuts and bolts of SDN control in later modules.

A second application for network virtualization

is the deployment of new services.

Now one particular platform that allows

this is Nicira's network virtualization platform.

And the idea here, is that the platform provides

an abstraction layer between hosts and the underlying network.

So, hosts essentially see their version of a virtual

network that's running potentially independently of other virtual networks.

And the provisioning of these virtual networks

is all managed by a distributed controller.

So you can see, again, the potential connection

between software defined networks and network virtualization here in

this particular application because a controller might be managing

the provisioning and configuration of those virtual network resources.

So, various applications for the network

virtualization platform include dynamic workload placement.

For example, suppose you are a very large data center operator and you have

multiple tenants running applications or services on

the servers and switches in that data center.

If you are that operator, you need some kind of platform

to allow for the creation of isolated virtual networks, for each tenant.

Each tenant needs the appearance of running on their own dedicated

infrastructure that's isolated and separate from other tenants.

Technology that allows for the creation and

management of separate virtual networks makes this possible.

By contrast, imagine if you did not have network virtualization.

Each tenant would effectively have to deploy

their own resources, their own servers and switches.

And the pool of physical resources that support those services,

applications and tenants couldn't be reused as demands change.

Another application for network virtualization is the

enforcement of dynamic security policies.

So, by creating the appearance of a single logical

network, a network operator then has the opportunity to

specify a central higher level security policy that can

be managed based on what the logical network looks like.

As opposed to having to manage each firewall and switch independently.

A third application for virtual networking is the dynamic scaling of resources.

So, here's an example that shows that.

Suppose that you're an enterprise network and you have a particular set

of resources that you've allocated for the tasks that you need to perform.

Well, depending on various circumstances, such as a sudden fluctuation in demand

disaster and so forth, you might suddenly need additional resources.

Now, if you didn't have network virtualization, you'd

need to go out and buy those resources yourself.

But instead, what you might do is use something like Amazon's Virtual Private

Cloud to dynamically provision and configure additional resources on demand.

This application offers many benefits, including the ability to

dynamically scale the resources that are available to you based on demand.

The Virtual Private Cloud effectively allows each customer to

define their own network, address space and so forth.

And actually connect it to the physical

network that they already have, typically using

a virtual private network between the Amazon

Virtual Private Cloud and their existing data center.

There are various additional benefits and

applications to this type of virtual networking

application, including the ability to say,

for example, potentially recover from a disaster.

Or, outsource the management of some of your network resources to a third party.

There are many other examples of network virtualization.

One class of virtual networks, which we've already discussed,

are those that support virtual networks in the wide area.

So there are a variety of classes of wide area virtual

networks, some that support network experimentation such as VINI and GENI.

Some that support value added services like CABO, and

some that support multiple control

infrastructures like the Tempest architecture.

Another type of virtual network that's becoming increasingly

popular is the virtual network in a box.

And the idea here is that there is often the need to dynamically

slice the resources on a single server and connect those virtual

machines, on a single server, to the network or to each other.

And various commercial offerings of a virtual network in a box are available.

Finally, another class of network virtualization that's gaining

some traction is something called network functions virtualization.

And the idea here is essentially the unification of middle box function.

Presently, network operators have to purchase a variety of middle boxes, such

as firewalls, load balancers, deep packet inspection boxes, and so forth.

And the idea behind network functions virtualization is,

let's suppose instead that we had a distributed compute

pool where we could dynamically install many of

those functions as software potentially running in virtual machines.

And then network them together using existing virtual network technology

such as that which we've discussed in this and other lessons.

So, in summary, there are many applications of virtual networking.

Virtual networking can support experimental deployments.

It can provide isolation to different

tenants running on a shared infrastructure.

It can allow dynamic reuse of resources from

a common pool, as well as dynamic scaling.

And it can also allow for easier management of those logical resources.