Applications of Virtual Networking (text)
by
Sasha Shkrebets
—
last modified
Mar 06, 2023 01:16 PM
We are continuing our discussion of network virtualization
and in this lecture we will look at various
examples of network virtualization and how it has
been applied to solve problems in real world networks.
We'll look at three broad applications of virtual networking.
Welcome back.
We are continuing our discussion of network virtualization
and in this lecture we will look at various
examples of network virtualization and how it has
been applied to solve problems in real world networks.
We'll look at three broad applications of virtual networking.
We will first look at how virtual
networking has enabled experimentation on production networks.
And in particular how it allows
researchers to run virtual experimental infrastructure
in parallel with production networks on
the same underlying physical network infrastructure.
We'll also look at how virtual networking enables
rapid deployment and development of new network services.
And in particular, how it allows operators
to deploy services independently from the underlying
vendor hardware.
Finally, we'll look at how virtual networking
enables the dynamic scaling of resources by
exposing the abstraction of a logical network
that is distinct from the underlying physical resources.
So let's first look at how
virtual networking enables experimentation of production networks.
So, historically, network researchers have designed new network protocols
or architectures and they'd like to evaluate or test them.
Now, there are various approaches to doing so.
One could run the new protocol or architecture in a
simulator, or test it in an emulator like VINI or Emulab.
But, when it comes to actually deploying that new
architectural protocol in production, researchers
have historically hit a roadblock.
And there's a bit of a catch-22 situation.
In order to prove or show that that protocol or architecture
works in production, they need to deploy it on a production network.
But, of course, it's experimental.
So, no operator would take that experimental protocol or architecture
and want to run that on production traffic with real users.
So, ideally, we'd have something that lets that researcher
deploy that experimental infrastructure in parallel with the production network.
And, that's effectively what a piece of software called FlowVisor does.
FlowVisor basically virtualizes network control by letting
experimental traffic run in parallel on the production
network with the real user, and real production traffic.
So the idea here is that a user, Doug for example, might have many
different types of network traffic, and many different applications.
Such as, voice over IP, web, gaming and so forth.
And that user might be willing to let researchers
run experimental protocols or architectures on some subset of
the traffic, particularly if the traffic is not as critical.
So what FlowVisor allows Doug to do, is specify some subset of the traffic
that he is willing to let run over that experimental network control.
Now this virtualization is achieved using a concept called flow space.
The idea here, is basically that some subset of
traffic flows, based on IP address, port, and so
forth, might be specified as being controlled by an experimental network
controller, as opposed to the production network controller.
We'll talk a lot more about virtualization of network control when
we discuss the nuts and bolts of SDN control in later modules.
A second application for network virtualization
is the deployment of new services.
Now one particular platform that allows
this is Nicira's network virtualization platform.
And the idea here, is that the platform provides
an abstraction layer between hosts and the underlying network.
So, hosts essentially see their version of a virtual
network that's running potentially independently of other virtual networks.
And the provisioning of these virtual networks
is all managed by a distributed controller.
So you can see, again, the potential connection
between software defined networks and network virtualization here in
this particular application because a controller might be managing
the provisioning and configuration of those virtual network resources.
So, various applications for the network
virtualization platform include dynamic workload placement.
For example, suppose you are a very large data center operator and you have
multiple tenants running applications or services on
the servers and switches in that data center.
If you are that operator, you need some kind of platform
to allow for the creation of isolated virtual networks, for each tenant.
Each tenant needs the appearance of running on their own dedicated
infrastructure that's isolated and separate from other tenants.
Technology that allows for the creation and
management of separate virtual networks makes this possible.
By contrast, imagine if you did not have network virtualization.
Each tenant would effectively have to deploy
their own resources, their own servers and switches.
And the pool of physical resources that support those services,
applications and tenants couldn't be reused as demands change.
Another application for network virtualization is the
enforcement of dynamic security policies.
So, by creating the appearance of a single logical
network, a network operator then has the opportunity to
specify a central higher level security policy that can
be managed based on what the logical network looks like.
As opposed to having to manage each firewall and switch independently.
A third application for virtual networking is the dynamic scaling of resources.
So, here's an example that shows that.
Suppose that you're an enterprise network and you have a particular set
of resources that you've allocated for the tasks that you need to perform.
Well, depending on various circumstances, such as a sudden fluctuation in demand
disaster and so forth, you might suddenly need additional resources.
Now, if you didn't have network virtualization, you'd
need to go out and buy those resources yourself.
But instead, what you might do is use something like Amazon's Virtual Private
Cloud to dynamically provision and configure additional resources on demand.
This application offers many benefits, including the ability to
dynamically scale the resources that are available to you based on demand.
The Virtual Private Cloud effectively allows each customer to
define their own network, address space and so forth.
And actually connect it to the physical
network that they already have, typically using
a virtual private network between the Amazon
Virtual Private Cloud and their existing data center.
There are various additional benefits and
applications to this type of virtual networking
application, including the ability to say,
for example, potentially recover from a disaster.
Or, outsource the management of some of your network resources to a third party.
There are many other examples of network virtualization.
One class of virtual networks, which we've already discussed,
are those that support virtual networks in the wide area.
So there are a variety of classes of wide area virtual
networks, some that support network experimentation such as VINI and GENI.
Some that support value added services like CABO, and
some that support multiple control
infrastructures like the Tempest architecture.
Another type of virtual network that's becoming increasingly
popular is the virtual network in a box.
And the idea here is that there is often the need to dynamically
slice the resources on a single server and connect those virtual
machines, on a single server, to the network or to each other.
And various commercial offerings of a virtual network in a box are available.
Finally, another class of network virtualization that's gaining
some traction is something called network functions virtualization.
And the idea here is essentially the unification of middle box function.
Presently, network operators have to purchase a variety of middle boxes, such
as firewalls, load balancers, deep packet inspection boxes, and so forth.
And the idea behind network functions virtualization is,
let's suppose instead that we had a distributed compute
pool where we could dynamically install many of
those functions as software potentially running in virtual machines.
And then network them together using existing virtual network technology
such as that which we've discussed in this and other lessons.
So, in summary, there are many applications of virtual networking.
Virtual networking can support experimental deployments.
It can provide isolation to different
tenants running on a shared infrastructure.
It can allow dynamic reuse of resources from
a common pool, as well as dynamic scaling.
And it can also allow for easier management of those logical resources.