
2/30

2 N E T W O R K E V O L U T I O N , A P R I L 2 0 1 3

After Much Talk, Network VirtualizationFinally Becomes Reality

Almost five years ago, I set out to

write a story about network virtualization.

I knew almost nothing about the topic, andater a lot o research, I basically ended up

understanding it just as little.

At the time, Cisco Vice President Marie

Hattar sat with me in the basement o the

Javits Center in New York City or an hour

trying to explain the uture o network vir-

tualizationthe intelligent network, the

application-aware network, the exible

network.

The problem was, the technology wasnt

truly in action yet, so I had a hard time

comprehending it. I kept asking, How is

this any dierent than using VLANs?

And Hattar nally gave up and oered me

the amiliar, oh-you-poor-dear look thattech reporters oten get when we hit a wall.

All these years later, the promise o net-

work virtualization is nally becoming a

reality. We are starting to see the use o

dynamic, exible network virtualization

platorms that allow virtual network seg-

ments to be automated and provisioned on

demand along with compute and storage

or a whole new approach to data center

networking.

I wasnt so wrong back then in asking

about VLANs. Ater all, they are virtual

Dynamic virtual

network

provisioning is

nally coming

to lie.

EDITORS DESK

HYBRID CLOUD NETWORKING

FALLS SHORT, BUT NOT FOR LONGINTEGRATING PHYSICAL

AND VIRTUAL NETWORKS

OVERLAYS MAY BE THE BEST PATH

FORWARD FOR NETWORKING


3/30


instances or segments o a network. The

problem was, they were just as static as

the underlying physical network, and they

were limited in number. Thats all begin-

ning to change and thats a big part o net-

work virtualization.

Weve gured out protocols, such as VX-

LAN and NVGRE, to create network tun-nels or sotware overlays that allow or

thousands o VLANs to be provisioned

dynamically. Using these protocols, there

will be multiple paths to

network sotware over-

lays and virtualization, as

we uncover in the eature,

Overlays Enable Virtual

Network Abstractions.

It was the swit up-

take o server virtualiza-

tion that orced network

engineers to create dynamic virtual net-

works inside the stack in order to route

virtual machines. Now its time to connect

those virtual networks to physical inra-

structure outside the stack. In his eature,

Integrating Virtual and Physical Net-

works, tech journalist David Geers ex-

plores multiple methods to bring networkvirtualization outside o the stack.

As engineers learn to bridge physical and

virtual networks, network virtualization

and sotware overlays will play a key role in

networking hybrid clouds or total orches-

tration. The cover story, Hybrid Cloud

Networking Falls Short, But Not or Long,

explains how a combination o sotware-

dened networking, network virtualization

platorms and orchestration tools will soon

enable engineers to manage two disparate

clouds as one.

EDITORS DESK






Network virtualization and

software overlays will play

a key role in networking hybrid

clouds for total orchestration.


4/30


Looking back on my quest all those years

ago, i I had been a bit switer, I probably

could have gleaned a lot o this rom what

Hattar was trying to explain to me. Ater

all, Cisco had much o this in its sights then.

And even now, hardware vendors includ-

ing Cisco, Arista and Juniper have enticing

strategies or network programmability

and virtualization, alongside startups like

Big Switch and Embrane. It will be inter-

esting to see how they bring these tech-

nologies to lie and to market in the coming

year. n

Rivka Gewirtz Little

Executive Editor, Networking Media Group

EDITORS DESK







5/30


Hybrid Cloud Networking

Hybrid CloudNetworking

Falls Short, ButNot for Long

BY SHAMUS MCGILLICUDDY AND RIVKA GEWIRTZ LITTLE

Its the networks ault that

there isnt total orchestration

reaching across hybrid cloud

resources. But change is on

the horizon.

When it comes to the hybrid cloud,

enterprises live in a world o parallel play

where some applications live in the pub-

lic cloud while others reside saely in the

on-premises cloud. Yet the two are barely

interconnected.

This scenario alls ar short o the

promise o a hybrid cloud wherevirtual

machines (VMs) could be provisioned, mi-

grated and managed as one across multiple

sets o data center resources. And in large

part, its the network that stands in the way.

EDITORS DESK





http://searchcloudcomputing.techtarget.com/definition/hybrid-cloudhttp://searchservervirtualization.techtarget.com/definition/virtual-machinehttp://searchservervirtualization.techtarget.com/definition/virtual-machinehttp://searchservervirtualization.techtarget.com/definition/virtual-machinehttp://searchservervirtualization.techtarget.com/definition/virtual-machinehttp://searchcloudcomputing.techtarget.com/definition/hybrid-cloud


6/30


You can create dynamic network inra-

structures within [a hosted cloud] environ-

ment, and you can create dynamic internal

network inrastructures, but they have to

stay within those environments, said Eric

Hanselman, chie analyst at 451 Research.

Binding a dynamic network in the hosted

cloud to the on-premises data center be-comes complicated.

The problem starts with plain old phys-

icsor the speed o light. Once you break

up tiered applications and place the di-

erent elements ar away rom each in dis-

persed data centers, latency becomes an

issue. Requesting more bre in the ground

or capacity is not only costly, but takes too

long in a world o dynamic provisioning.

In addition, companies struggle to

stretch network services, like rewalling

and load balancing, across disparate sets o

resources. Then theres the issue o man-

aging two separate sets o IP ranges that

would have to be combined to enable au-

tomated VM provisioning and migration

across clouds.

Yet with so many more cloud providers

oering hostedvirtual private clouds, and

enterprises realizing they needed distrib-uted computing, both are seeking answers.

These solutions will likely emerge in a

combination o sotware-dened network-

ing (SDN), network virtualization and ex-

panded orchestration tools.

Hybrid Cloud Networking:

Connectivity Is Immature

Network connectivity or hybrid cloud in-

rastructure is still immature and can be

expensive.

Network

connectivity

for hybrid

cloud infra-

structure is

still immature

and can be

expensive.

EDITORS DESK





http://searchcloudapplications.techtarget.com/definition/virtual-private-cloud-VPChttp://searchcloudapplications.techtarget.com/definition/cloud-orchestratorhttp://searchcloudapplications.techtarget.com/definition/cloud-orchestratorhttp://searchcloudapplications.techtarget.com/definition/virtual-private-cloud-VPC


7/30


Most enterprises connect into the hosted

cloud over Layer 3 using either anIP VPN

or MPLS connection, but both require

heavy liting and can be costly.

A lot o cloud providers have various

VPN technologies, but you need someone

to help set that up, said Bob Plankers, a vir-

tualization and cloud architect at the Uni-versity o Wisconsin at Madison.

Providers typically charge an enterprise

to establish and maintain the connection,

and the enterprise will need engineering

resources to maintain its own end o the

tunnel.

Additionally, VPN-based hybrid cloud

networks can also become a bottleneck on a

global WAN.

I they are public-acing Web systems,

a VPN may not be too much o a drawback

because [users] are accessing them through

the public cloud, said Jason Edelman, a

senior solutions architect at Presidio.

But or internal enterprise applications,

the VPN can become complex. I you have

our or ve sites in an enterprise that have

access to a system in the public cloud, and

that public cloud is building a VPN tunnel

to a corporate head-endVPN concentra-tor, then all our o your other sites have

to go through corporate and then through

the Internet to the VPN tunnel. So you lose

that any-to-any [architecture], Edelman

added.

An enterprise could avoid the bottlenecks

by establishing a ull mesh VPN network

with the cloud provider, but that arrange-

ment will add complexity to the network,

and the enterprise will be paying or mul-

tiple VPN connections with its cloud pro-

vider, he said.

EDITORS DESK





http://searchenterprisewan.techtarget.com/feature/MPLS-vs-Ethernet-Which-WAN-connectivity-option-is-besthttp://searchenterprisewan.techtarget.com/feature/MPLS-vs-Ethernet-Which-WAN-connectivity-option-is-besthttp://searchnetworking.techtarget.com/tutorial/Cloud-computing-network-primerhttp://searchnetworking.techtarget.com/tutorial/Cloud-computing-network-primerhttp://searchnetworking.techtarget.com/answer/How-does-the-VPN-concentrator-workhttp://searchnetworking.techtarget.com/answer/How-does-the-VPN-concentrator-workhttp://searchnetworking.techtarget.com/answer/How-does-the-VPN-concentrator-workhttp://searchnetworking.techtarget.com/answer/How-does-the-VPN-concentrator-workhttp://searchnetworking.techtarget.com/tutorial/Cloud-computing-network-primerhttp://searchnetworking.techtarget.com/tutorial/Cloud-computing-network-primerhttp://searchenterprisewan.techtarget.com/feature/MPLS-vs-Ethernet-Which-WAN-connectivity-option-is-besthttp://searchenterprisewan.techtarget.com/feature/MPLS-vs-Ethernet-Which-WAN-connectivity-option-is-best


8/30


Some enterprises with deep pockets

can bypass VPNs and try direct Layer 3

peering to a provider. I was talking to

a large customer last week who was doing

a one-o scenario or [high perormance

computing], Edelman said. Theyre going

to peer directly to a cloud provider leverag-

ing BGP.

Extending Services

Across Hybrid Cloud Networks

Z Gallerie, a Los Angeles-based urniture

retail chain, uses a typical example o

whats possible with hybrid cloud network-

ing. It hosts its customer-acing website in

a Virtual Private Cloud (VPC) on Amazon

Web Services while maintaining its enter-

prise systems in both a traditional private

data center and a hosted private cloud.

Z Gallerie wanted to integrate its Amazon

VPC into its corporate network to connect

its enterprise resource planning (ERP) and

point o sale systems with its website.

We needed one single, unied network

so we could work seamlessly [between

those systems], said Howard Kolodny, vice

president o IT at Z Gallierie. We wantedto integrate our rewall and VPN con-

centrator between our public and private

clouds to provide a pathway to move data

between systems securely and easily.

Z Gallerie, however, is a Cisco shop and

Amazon does not support Cisco rewalls

and routers natively. Kolodny turned to

virtual routing and VPN technology rom

Vyatta, a company recently acquired by

Brocade. The Vyatta technology, which is

billed as an alternative to a Cisco ASR 1000,

is supported natively by Amazon and was

EDITORS DESK





http://searchtelecom.techtarget.com/definition/BGPhttp://searchnetworking.techtarget.com/news/2240170288/Brocade-Vyatta-deal-Enhanced-virtualization-networking-not-quite-SDNhttp://searchnetworking.techtarget.com/news/2240170288/Brocade-Vyatta-deal-Enhanced-virtualization-networking-not-quite-SDNhttp://searchnetworking.techtarget.com/news/2240170288/Brocade-Vyatta-deal-Enhanced-virtualization-networking-not-quite-SDNhttp://searchnetworking.techtarget.com/news/2240170288/Brocade-Vyatta-deal-Enhanced-virtualization-networking-not-quite-SDNhttp://searchtelecom.techtarget.com/definition/BGP


9/30


able to establish the necessary VPN tunnel

with Kolodnys Cisco inrastructure.

With Vyattas technology, Kolodny was

able to get the VPN between his private

and public cloud resources up and running.

Now it just runs, he said.

Cisco is launching a sotware-based

Cloud Services Router (CSR) 1000v thatwill eventually work in Amazon and Micro-

sots Azure cloud. But Z Galleries expe-

rience with unsupported rewalls points

directly to the challenges

enterprises ace with hy-

brid cloud networking.

Establishing network con-

nections between public

and private clouds, and

maintaining consistent

network policies and

Layer 4 through 7 services

in both environments, isnt easy when

cloud providers dont always support an en-

terprises vendor o choice.

Were just starting to see tools come out

that can help manage both sides o things

simultaneously, said Plankers o the Uni-

versity o Wisconsin. Extending security

controls and networking [rom private topublic cloud] is a big problem. It depends

on the cloud provider and what technolo-

gies they might have installed to enable

people. Its a pretty immature space right

now.

Cloud provider Tier3 is one o these com-

panies. Its enterprise customers can create

MPLS VPN connections into the hosted

cloud rom their own enterprise clouds and

then establish an isolated VLAN to route

trafc back and orth that is protected by

their own rewalls and policy. Through a

Cisco is launching a software-based Cloud Services Router

1000v that will eventually work

in Amazon and Microsofts

Azure cloud.

EDITORS DESK





http://searchnetworking.techtarget.com/news/2240175970/Networking-outlook-Controllers-Layer-4-7-will-roil-SDN-2013-markethttp://searchnetworking.techtarget.com/news/2240175970/Networking-outlook-Controllers-Layer-4-7-will-roil-SDN-2013-market


10/30


simple user interace, they can apply these

policies to VMs and resources inside the

hosted cloud.

They can actually extend core services

or identity management, said Jared Wray,

Tier3 CTO. Through Tier3s interace, cus-

tomers have visibility o resources in both

public and private clouds, which helpsthem apply policy.

Stretching Layer 2 Across

Hybrid Cloud Networks

Integrating network services is one thing,

but i the true promise o the hybrid cloud

is to enable provisioning and migration o

VMs across clouds using a single orchestra-

tion system, it will take an extended Layer

2. A shared Layer 2 network will mean

that both sets o cloud resources could be

managed as a single IP range. The problem

is, the technology to do this, doesnt quite

exist yet.

But NTT, which provides a ully dynamic

sotware-dened network inside its virtual

private clouds, sees the technology very

close on the horizon.

In NTTs virtual private cloud, sotware-dened networking (SDN) and OpenFlow

give users an interace to provision net-

work segmentation on demand. The NTT

cloud has VMware hypervisors that are

controlled byVMwares vCloud Direc-

tor. But NTT also runs NECs OpenFlow

switches and controllers to enable dynamic

network provisioning.

Through the customer portal, an engi-

neer would dene dierent network seg-

ments and create the virtual machines,

deciding which network segments to place

EDITORS DESK





http://searchvmware.techtarget.com/tip/VMware-vCloud-Director-101http://searchvmware.techtarget.com/tip/VMware-vCloud-Director-101http://searchvmware.techtarget.com/tip/VMware-vCloud-Director-101http://searchvmware.techtarget.com/tip/VMware-vCloud-Director-101


11/30

1 1 N E T W O R K E V O L U T I O N , A P R I L 2 0 1 3

them on, said Len Padilla, senior director

o technology at NTT. Then they would

connect them directly to rewalls and load

balancers.

NTTs homegrown orchestration system

ties all o these resources together and then

eeds connectivity into Cisco Catalyst 6500

series switches that sit on the edges o thevirtual data center and connect out to the

enterprises VPN. Everything in the net-

work can be automated all the way until it

reaches the outside connection.

The next step is to let those [outside]

connections be manipulated, said Padilla.

We are looking at giving customers one

pipe that connects them to the NTT net-

work, but within that, being able to estab-

lish virtual network segments. Then they

can come in through the portal and cong-

ure an IPSec tunnel.

Once NTTs network is extended into the

enterprise data center, NTT will enable us-

ers to establish overlay networks, which

will allow them to use a single IP address-

ing scheme or the VMs in both data cen-

ters, he said.

Currently, NTTs orchestration system

makes sure that everything is going outon the right VLAN once it hits the Cisco

switches at the edge. The company has even

been able to customize individual use cases

where this process is automated, but the

next step is getting that to happen in a stan-

dardized way, Padilla explained.

As these edge and core and backbone

switches become SDN awarewhether

thats with OpenFlow or notwe will strip

away pieces o the control sotware we have

built and replace it, he said.

Ciscos new Nexus 1000v Intercloud

EDITORS DESK







12/30


sotware will enable Layer 2 overlays be-

tween public and private cloud inrastruc-

ture when it is available later this year.

Nicira, the SDN and network virtualization

startup acquired by VMware, appears to

be working on a similar solution, Edelman

noted. Many engineers also believe that

tunneling protocols like VXLAN could ex-tend Layer 2 domains into the public cloud

i the protocols requirements or mul-

ticast networks are eliminated in uture

iterations.

In Hybrid Cloud Networking, Getting

Smarter about Application Placement

In early hybrid cloud scenarios, many en-

terprises looked to divide tiered applica-

tions between public and private clouds.

The goal was to host the tiers that required

rapid scaling in the cloud, while placing

static, core components like database serv-

ers in the enterprise data center.

When people say the word workload,

they usually are thinking about a single vir-

tual machine, said Dante Malagrino, CEO

and co-ounder o Embrane, a developer o

SDN services appliances. In reality, cus-tomers IT organizations think in terms o

applications a combination o multiple

virtual machines interconnected by net-

work segments and secured by rewalls

and accelerated by load balancers. Split-

ting those segments across public and pri-

vate clouds can cause countless problems,

including the inability to extend rewall

and load-balancing policy across disparate

IP schemes.

So some enterprises are approaching

the hybrid cloud dierently. Rather than

EDITORS DESK





http://searchnetworking.techtarget.com/news/2240160098/VMware-acquires-network-virtualization-vendor-Nicira-for-12Bhttp://searchnetworking.techtarget.com/news/2240160098/VMware-acquires-network-virtualization-vendor-Nicira-for-12Bhttp://searchnetworking.techtarget.com/news/2240160098/VMware-acquires-network-virtualization-vendor-Nicira-for-12Bhttp://searchnetworking.techtarget.com/news/2240160098/VMware-acquires-network-virtualization-vendor-Nicira-for-12B


13/30


splitting application tiers across public

and private inrastructure, they choose to

migrate an entire application to the cloud,

leaving only small but necessary hooks to

the applications within the private cloud,

such as authentication and authorization

systems.

I you have 10,000 applications, its moreinteresting to think about migrating 100

applications into the cloud because you

want to ree resources or

more mission-critical ap-

plications in your data

center, versus splitting

your applications in hal,

said Marco De Benedetto,

CTO and co-ounder o

Embrane.

In those cases, De Bene-

detto said the enterprise

can ree up internal resources or the criti-

cal applications that have much stricter

service level agreements (SLAs).

Application Replication

in the Hybrid Cloud

Other enterprises choose to place appli-cation replications in the hosted cloud to

tackle the problem o distance and latency,

or simply to provide redundancy.

You could have one instance o an ap-

plication that runs in your own data center

and one that runs in [a hosted environ-

ment], said Hanselman. Then you dont

have to build a second data center. This

buys you a separate location where you

have the same operational capability.

When using this strategy, it is important

to ensure that the data source is consistent

EDITORS DESK






If you have 10,000 applications,

its more interesting to thinkabout migrating 100 applications

into the cloud.

Marco De Benedetto,

CTO and co-founder, Embrane


14/30


in dierent environments, and that can be

a challenge, said George Reese, CTO at en-

Stratus, a provider o cloud inrastructure

management tools. In some cases, even i

the data cant be as equally consistent, en-

terprises take the chance to avoid latency.

Using an orchestration system that pro-

vides visibility into available resources inprivate and hosted clouds allows enter-

prises to account or geography, available

capacity and even the need or ailover

when doing VM provisioning.

We get visibility into what exists, and we

use our own automation logic to construct

network pathways to talk to virtual ma-

chines and monitor them. I we detect ail-

ure in one part, we can bring up resources

[somewhere else] so we can move data

around, said Reese.Nevertheless, Reese has high hopes or

deeper levels o hybrid cloud integration

that wont involve taking such risks. n

EDITORS DESK







15/30


In order to make networks

fexible enough to support

cloud orchestration, engineers

have to bridge physical and

virtual inrastructures?

Now that virtualization has taken

hold in the data center, engineers have

pushed the network into the virtual stack

in order to route virtual machine (VM)

trafc. But as virtual networks prolierate,

network and server pros are orced to nd

ways to better integrate virtual and physi-

cal inrastructures.

This integration is essential to the or-

chestration and automation o VM provi-

sioning and migration. Virtual networks

route trafc between VMs in the stack, but

Network Integration

IntegratingPhysical and

VirtualNetworks

BY DAVID GEER

EDITORS DESK







16/30


it takes physical networks to connect these

virtual environments to the outside world

and to interconnect data centers.

I the promise o automation and orches-

tration is the uid provisioning and migra-

tion o VMs, virtual and physical networks

have to be just as exible, and manual net-

work conguration or VMs wont remainan option. Whats more, engineers must be

able to move VMs across both virtual and

physical networks with their security and

management policies intact. All o this re-

quires communication between physical

and virtual networks.

Many Virtual Switching

Strategies Emerge

The process o bridging physical and virtual

networks starts withvirtual switches that

provide visibility inside thevirtualization

stack.

Both VMware and Microsot have virtual

switches built into their hypervisors, the

vSphere Virtual Distributed Switch and the

Hyper-V Virtual Switch, which provide vis-

ibility and make orwarding decisions.

Until recentlybeore these switcheswere improvedthe virtualization team

had to ask the networking team to create

VLANs with Quality o Service (QoS) poli-

cies and to allot bandwidth or new VMs,

according to Justin Giardina, chie technol-

ogy ofcer o Iland, a cloud provider and

VMware customer. Once the network team

provisioned these resources, they couldnt

share administration o these networks

with the virtualization team.

One o the best things to come out o

VMwares technology or the distributed

EDITORS DESK





http://searchcloudapplications.techtarget.com/definition/cloud-orchestratorhttp://searchcloudapplications.techtarget.com/definition/cloud-orchestratorhttp://searchcloudprovider.techtarget.com/definition/cloud-provisioninghttp://searchservervirtualization.techtarget.com/definition/virtual-switchhttp://searchservervirtualization.techtarget.com/definition/virtualization-stackhttp://searchservervirtualization.techtarget.com/definition/virtualization-stackhttp://searchnetworking.techtarget.com/tip/vSphere-vSwitch-primer-Design-considerationshttp://searchservervirtualization.techtarget.com/tip/The-extensible-Hyper-V-virtual-switch-Finally-catching-up-to-VMwarehttp://searchnetworking.techtarget.com/tutorial/VLAN-guide-for-networking-professionalshttp://searchunifiedcommunications.techtarget.com/definition/QoS-Quality-of-Servicehttp://searchunifiedcommunications.techtarget.com/definition/QoS-Quality-of-Servicehttp://searchnetworking.techtarget.com/tutorial/VLAN-guide-for-networking-professionalshttp://searchservervirtualization.techtarget.com/tip/The-extensible-Hyper-V-virtual-switch-Finally-catching-up-to-VMwarehttp://searchnetworking.techtarget.com/tip/vSphere-vSwitch-primer-Design-considerationshttp://searchservervirtualization.techtarget.com/definition/virtualization-stackhttp://searchservervirtualization.techtarget.com/definition/virtualization-stackhttp://searchservervirtualization.techtarget.com/definition/virtual-switchhttp://searchcloudprovider.techtarget.com/definition/cloud-provisioninghttp://searchcloudapplications.techtarget.com/definition/cloud-orchestratorhttp://searchcloudapplications.techtarget.com/definition/cloud-orchestrator


17/30


virtual switch is the ability to pass down

administration capabilities to the virtual-

ization engineer while keeping the physical

network visible to the networking team as

well, said Giardina.

But VMwares approach to switching let

network pros without the ability to ap-

ply their networking skills to the virtualnetwork. To address this, Cisco launched

the Nexus 1000v, which provides visibil-

ity into the stack, but also more network-

ing control. The 1000v replaces switching

in VMware or Microsots hypervisors and

extends trafc and security policy across

virtual networks and VM paths. It also en-

ables deep network monitoring and analy-

sis within the virtual environment, with

eatures like Switch Port Analyzer (SPAN),

Encapsulated Remote SPAN (ERSPAN),

NetFlow, packet capture/analysis, and

DHCP/IGMPv3 snooping.

Arista Networks took a dierent ap-

proach to expanding networking capabili-

ties in the virtual environment, integrated

its EOS operating system with VMwares

vSphere environment, thereby extending

its own network programmability eatures

into the virtual network.

SDN and Overlays for Physical

and Virtual Network Bridging

Part o the goal o orchestration and auto-

mation is to enable cloud networks with au-

tomated provisioning o multiple distinct

virtual network segments. The idea o these

multi-tenant networks is to be able to turn

up network segments on demand to sup-

port VM provisioning and migration.

Many enterprises are looking to use

EDITORS DESK





http://searchnetworking.techtarget.com/tip/Cisco-Nexus-1000v-virtual-network-switch-Virtual-network-managementhttp://searchnetworking.techtarget.com/tip/Cisco-Nexus-1000v-virtual-network-switch-Virtual-network-managementhttp://searchnetworking.techtarget.com/news/1366090/Virtual-network-switches-add-scalability-to-server-virtualizationhttp://searchnetworking.techtarget.com/news/1366090/Virtual-network-switches-add-scalability-to-server-virtualizationhttp://searchnetworking.techtarget.com/news/1366090/Virtual-network-switches-add-scalability-to-server-virtualizationhttp://searchnetworking.techtarget.com/tutorial/Primer-Multi-tenant-network-for-the-private-cloudhttp://searchnetworking.techtarget.com/tutorial/Primer-Multi-tenant-network-for-the-private-cloudhttp://searchnetworking.techtarget.com/news/1366090/Virtual-network-switches-add-scalability-to-server-virtualizationhttp://searchnetworking.techtarget.com/news/1366090/Virtual-network-switches-add-scalability-to-server-virtualizationhttp://searchnetworking.techtarget.com/news/1366090/Virtual-network-switches-add-scalability-to-server-virtualizationhttp://searchnetworking.techtarget.com/tip/Cisco-Nexus-1000v-virtual-network-switch-Virtual-network-managementhttp://searchnetworking.techtarget.com/tip/Cisco-Nexus-1000v-virtual-network-switch-Virtual-network-management


18/30


sotware-dened networking (SDN) con-

trollers combined with distributed virtual

switches to provision network segments

or tunnels and to communicate back to the

underlying physical network.

These network sotware overlays are

used to move trafc between virtual ma-

chines, as well to reach over Layer 2 orLayer 3 physical networks in order to con-

nect servers and interconnect data centers.

VMware relies on theVXLAN standard to

build these overlays, while Microsot uses

NVGRE. To integrate the virtual edge, some

vendors have made it so these controllers

can communicate back to a Layer 2 switch

outside the virtual switching inrastructure

that is used to direct trafc.

The Open vSwitch, which has gained the

most traction next to VMwares vswitch,

has led the way in combining virtual

switching with a centralized controller to

provision and manage overlays, as well as to

more tightly integrate virtual and physical

networks.

The Open vSwitch works with a central-

ized OpenFlow-based controller to manage

distributed virtual switches as one logical

switch. Using the controller, the technol-ogy has a ull view o every component and

node on the virtual network and can direct

individual data ows along with linked net-

work services. The switch and controller

sotware can institute cluster-level net-

work congurations across many servers,

eliminating the need to separately cong-

ure the network or each VM and physical

machine. The switch also enablesVLAN

trunking, visibility via NetFlow, sFlow and

RSPAN.

The technology, which supports

EDITORS DESK





http://whatis.techtarget.com/definition/software-defined-networking-SDNhttp://searchnetworking.techtarget.com/tip/VXLAN-standard-primer-Extended-VLANs-long-distance-VM-migrationhttp://searchnetworking.techtarget.com/tip/NVGRE-standard-primer-More-VLANs-and-isolated-tenants-in-the-cloudhttp://searchnetworking.techtarget.com/tip/NVGRE-standard-primer-More-VLANs-and-isolated-tenants-in-the-cloudhttp://searchnetworking.techtarget.com/news/1517251/Open-vSwitch-Can-you-use-an-open-source-distributed-virtual-switchhttp://whatis.techtarget.com/definition/SDN-controller-software-defined-networking-controllerhttp://searchnetworking.techtarget.com/tip/vSphere-VLAN-Understanding-8021Q-VLAN-tagginghttp://searchnetworking.techtarget.com/tip/vSphere-VLAN-Understanding-8021Q-VLAN-tagginghttp://searchnetworking.techtarget.com/tip/vSphere-VLAN-Understanding-8021Q-VLAN-tagginghttp://searchnetworking.techtarget.com/tip/vSphere-VLAN-Understanding-8021Q-VLAN-tagginghttp://whatis.techtarget.com/definition/SDN-controller-software-defined-networking-controllerhttp://searchnetworking.techtarget.com/news/1517251/Open-vSwitch-Can-you-use-an-open-source-distributed-virtual-switchhttp://searchnetworking.techtarget.com/tip/NVGRE-standard-primer-More-VLANs-and-isolated-tenants-in-the-cloudhttp://searchnetworking.techtarget.com/tip/NVGRE-standard-primer-More-VLANs-and-isolated-tenants-in-the-cloudhttp://searchnetworking.techtarget.com/tip/VXLAN-standard-primer-Extended-VLANs-long-distance-VM-migrationhttp://whatis.techtarget.com/definition/software-defined-networking-SDN


19/30


XenServer, Virtual Box, KVM environ-

ments, was largely initiated by Nicira

Networks, which has since been acquired

by VMware. VMware maintains that it

will continue Niciras support o Open

vSwitch.

IBM, Big Switch and NEC have also

launched virtual switching technology thatuses SDN with centralized controllers to

gain a broader view o both physical and

virtual resources, as well as to provision

network segments on demand. In these

strategies, an OpenFlow controller man-

ages ows within the overlay network, but

also communicates out to the physical

network.

IBM oers the Distributed Virtual

Switch 5000v, which lives on a VMware

hypervisor and creates tunnels between

endpoints across the underlying network

inrastructure. IBM has its own virtual net-

work overlay strategy, using distributed vir-

tual switches deployed on hypervisor hosts

to create tunnels between endpoints across

the underlying network inrastructure.

NECs ProgrammableFlow 1000 vswitch,

which works in a Microsot environment,

also combines an OpenFlowcontroller andvirtual switches. Together, the technol-

ogy maps all o the VMs and enables net-

work provisioning or migration, making

sure QoS and ACL policy can be applied

throughout.

Similarly, BigSwitchs Big Virtual Switch,

works with the Big Network Controller, to

gain a view o the entire virtual and physi-

cal network and to provision network seg-

ments on demand, applying and managing

orwarding policy across virtual and physi-

cal environments.

EDITORS DESK





http://searchnetworking.techtarget.com/feature/IBM-DOVE-Big-Blue-enters-the-network-virtualization-battlegroundhttp://searchnetworking.techtarget.com/feature/IBM-DOVE-Big-Blue-enters-the-network-virtualization-battlegroundhttp://searchsdn.techtarget.com/news/2240177128/NEC-offers-OpenFlow-vswitch-OpenStack-and-IPv6-supporthttp://searchnetworking.techtarget.com/news/2240171125/Big-Switch-Networks-SDN-network-virtualization-an-army-of-partnershttp://searchnetworking.techtarget.com/news/2240171125/Big-Switch-Networks-SDN-network-virtualization-an-army-of-partnershttp://searchsdn.techtarget.com/news/2240177128/NEC-offers-OpenFlow-vswitch-OpenStack-and-IPv6-supporthttp://searchnetworking.techtarget.com/feature/IBM-DOVE-Big-Blue-enters-the-network-virtualization-battlegroundhttp://searchnetworking.techtarget.com/feature/IBM-DOVE-Big-Blue-enters-the-network-virtualization-battleground


20/30


EDITORS DESK






Virtual Switching In ActionMany companies have made headway in integrating

physical and virtual infrastructure. Heres how.

vSphere Meets Cisco Discovery Protocol:Not every

company is ready to move to ull SDN or network virtual-

ization, but there are plenty o measures to take to be surethe virtual and physical worlds are communicating.

Cloud provider Iland, which is primarily a Cisco switch

and router shop, takes advantage oVMwares integration

o the Cisco Discovery Protocol (CDP) Messaging System

into its VMware virtual switches.

When a network team member adds network compo-

nents, creates a VLAN on a physical switch, or works with

MAC addresses, the CDP Messaging System integration

makes these things clear, said Ilands Giardina. When we

bring up a VM, whether we need to make sure it ollows an

IP address policy or a port security policy or a VLAN policy, (Sidebar continues on page 21)

this is all transparent to the hardware side, he said.

Engineers trained on Cisco hardware can easily apply

what they know to the virtualization stack and they can use

this communication to apply virtual network components

and services to network segments.

In the past, we had to deal with multiple rewalls and

multiple routers or each customer. VMware enables us to

spin up iterations o its virtual rewall called the vShieldEdge [a part ovCloud Networking and Security] and still

have transparency at the network layer to administer every-

thing. And now we dont have to provision that extra hard-

ware, Giardina said. This creates savings in time, CAPEX,

person hours, and training. We can virtualize everything

and the only cost is the monthly recurring cost to run the

existing gear, Giardina said.

Rackforce Uses Cisco Nexus 1000v: For Rackorce, a pro-

vider o data center services, Ciscos Nexus 1000v virtual
http://pubs.vmware.com/vsphere-51/index.jsp?topic=/com.vmware.vsphere.networking.doc/GUID-21FF6B4F-6651-462D-B955-69C0ADFFC6E6.htmlhttp://pubs.vmware.com/vsphere-51/index.jsp?topic=/com.vmware.vsphere.networking.doc/GUID-21FF6B4F-6651-462D-B955-69C0ADFFC6E6.htmlhttp://searchnetworking.techtarget.com/definition/MAC-addresshttp://www.vmware.com/products/datacenter-virtualization/vcloud-network-security/overview.htmlhttp://www.vmware.com/products/datacenter-virtualization/vcloud-network-security/overview.htmlhttp://searchnetworking.techtarget.com/definition/MAC-addresshttp://pubs.vmware.com/vsphere-51/index.jsp?topic=/com.vmware.vsphere.networking.doc/GUID-21FF6B4F-6651-462D-B955-69C0ADFFC6E6.htmlhttp://pubs.vmware.com/vsphere-51/index.jsp?topic=/com.vmware.vsphere.networking.doc/GUID-21FF6B4F-6651-462D-B955-69C0ADFFC6E6.html


21/30


switch met challenges to integrating the virtual edge. First,

all o Rackorces equipment is dual-homed, using multiple

upstream switch abrics. Rackorce uses IBM blade centers

and Cisco UCS chassis with dual home switching, using

abric A and abric B. VMware did not support two abrics

in an active-active mode when Rackorce was looking or

a vswitch solution. The only way to do that was using theCisco Nexus 1000v with MAC pinning, said Denis Skrin-

niko, director o network at Rackorce, a Cisco customer.

This created an active-active port channel to dierent

abrics without having to rely on the LACP or VPC proto-

cols that were typically used to do multi-chassis link ag-

gregation, but that Cisco UCS and IBM blade center did not

support.

The second challenge or Rackorce was policy en-

orcement. Using the Cisco Nexus 1000v, we identiy and

observe the trac to each VM. I can use SNMP rom the

virtual switch and integrate my existing monitoring tools

to see each VM and the amount o trac it is using, and to

look at the fows and where the trac is going, said Skrin-

niko. This enables end-to-end QoS and policy enorcement.

With the Cisco Nexus 1000v, an engineer can integrate ex-

isting provisioning engines, script the network deployments,

and have a single consistent network conguration rom the

virtual to the physical, Skrinniko explains.

Rackorces existing virtual networking topology usesLayer 2 isolation in which VLANs segment trac in isolated,

secure environments or each tenants trac. We have

hundreds to thousands o VLANs running to each o our

cloud inrastructures. We broke it out into multiple clouds.

We are in the process o deploying a VXLAN overlay using

vCloud Director, said Skrinniko. This will ease scaling or

Rackorces virtual network.

VXLAN is simple to integrate, easy to implement, and

is the most widely supported by the switch vendors we

use, said Skrinniko. The Cisco Nexus 1000v supports

VXLAN. n

EDITORS DESK






(Sidebar continued from page 20)


22/30


The Big Virtual Switch integrates or

communicates at the virtual edge with any

physical switch rom one o Big Switchs

vendor partners, allowing or policy

to stretch across physical and virtual

networks.

Big Switch is promoting its Big Virtual

Switch as a solution that integrates thevirtual edge without undoing the physical

network beneath. Some o the more siloed

solutions that are ocused on network vir-

tualization only, rather than SDN, leave you

an environment where the work o building

the virtual networks can undo the network

engineering underneath, said Dan Hersey,

a network virtualization product manager

at Big Switch.

Overlay strategies in which the control-

ler doesnt talk to the physical network can

lead to network conicts, along with com-

plexities in debugging and troubleshooting,

he said. These overlay networks requiresotware gateways and processing serv-

ers that cannot be congured without du-

plicating the underlying physical network

control plane conguration. This leads to

increased costs and troubleshooting com-

plexity, Hersey said. n

EDITORS DESK







23/30

23 S D N G E T S R E A L

Vendors VMware, Big Switch,

Cisco, and others are working

to come up with the winning

overlay approach to creating

virtual network abstractions.

The network must virtualize, and over-

lay networks may be the best path available.

The demand or network virtualization is

prompted by the cloud provider communi-

tys quest or a new way to manage, orches-

trate and automate network management.

Traditional networks just cant keep pace

with the clouds requirements or agility,

exibility and manageability.

In an eort to evolve, the networking in-

dustry is virtualizing networks to give them

properties similar to server virtualization.

Overlay Networks

Overlays MayBe the Best Path

Forward forNetworking

BY SALLY JOHNSON

EDITORS DESK







24/30


This network virtualization involves net-

works being decoupled rom hardware,

with the exibility o virtualization and

quick provisioning speeds.

One way to decouple networks is to cre-

ate a virtual network abstraction. Just like

server virtualization provided a virtual

machine abstraction rom x86 hardware,networks can provide virtual network ab-

stractions with the same properties and

operational simplicity.

How can you create virtual network ab-

stractions? This is where overlay networks

come into play.

Role of Overlays

in Network Virtualization

An overlay is essentially a sotware con-

struct that lives around the edges o a

physical network. Typically this overlay

consists o virtual switches that reside on

the virtualized servers connected to the

edges o a data center network. The overlay

network relies on a network control plane

to handle virtual switching on the server

hosts, much like a physical network does.

Depending on the vendor, these controlplanes can use traditional network proto-

cols, or they can rely on a sotware-dened

networking (SDN) controller.

Network operators can decouple net-

works rom the physical inrastructure

with overlay networks by introducing a

new addressing layer.

I you use overlays to do network vir-

tualization, when a virtual machine (VM)

sends a packet, this packet lives in an ad-

dress space thats totally virtual, explained

Martin Casado, Nicira co-ounder and now

EDITORS DESK





http://searchnetworking.techtarget.com/news/2240174517/Why-Nicira-abandoned-OpenFlow-hardware-controlhttp://searchnetworking.techtarget.com/news/2240174517/Why-Nicira-abandoned-OpenFlow-hardware-controlhttp://searchnetworking.techtarget.com/news/2240174517/Why-Nicira-abandoned-OpenFlow-hardware-controlhttp://searchnetworking.techtarget.com/news/2240174517/Why-Nicira-abandoned-OpenFlow-hardware-control


25/30


VMwares chie architect or networking.

But the overlay adds a header to the out-

side o the packet, and thats in the physical

world. So i you look at the packet on the

wire, it has a virtual address space on the

inside and the physical address space on

the outside.

This enables virtual networks to have di-erent service properties than the physical

networks. Using a very simple L3 abric,

I can build a complex L2, L3, with access

control lists (ACLs), virtual network. And

this, in turn, makes it possible to use sim-

ple-to-manage physical hardware to reim-

plement much o networking in sotware at

the edge, said Casado.

Overlay networks arent new. Wireless

local area networks (LANs) have long ex-

isted as overlays on campus networks. And

virtual private networks (VPNs) establish

overlays on wide area networks ( WANs).

The new part is bringing the overlay to

the entire network and into the data cen-

ter networkat scale and without adding

complexity to the overall deployment,

said Andrew Harding, senior director o

product marketing at Big Switch Networks.

This delivers not only dramatic cost eec-tiveness, but also dramatic improvement

in managing, deploying and maintaining a

data center network.

For overlays to be successul, engineers

need to ocus on the big picture. The ad-

vent o tunneling protocols like VXLAN,

NVGRE and STT has led many people to

ocus too heavily on protocols rather than

architecture.

Tunneling protocols are just mecha-

nisms, but providing the overlay and the

overall virtualization are the important

EDITORS DESK







26/30


parts o the story, according to Brad Case-

more, IDC research director o Datacenter

Networks. In the long run, the industry

will support whichever tunneling protocol

makes the most sensepossibly even all o

them. The bigger story is what overlays are

capable o doing and how this supports net-

work virtualization.

A Look at the Main

Overlay Approaches

Vendors including VMware, Big Switch,

Midokura, IBM and Cisco are all develop-

ing overlay network technologies. Heres a

look at the vendors whose overlay products

have been on the market longest: VMware-

Nicira, Big Switch, and Cisco.

SDN vendors are oering control-

ler-based network overlays, in which a

controller tells vswitches what to do via

tunneling protocols. Cisco and some others

are using a more old-school approach with

a virtual switchthe Nexus 1000vthat

operates like one o its physical switches

and replaces the native virtual switches

embedded in sotware rom VMware.

One o the most signicant dierencesin approaches is the degree to which its

considered a sotware-only solution or is a

solution that involves a hardware element,

noted Casemore.

n VMwares Nicira Network Virtual-

ization Platform. Last year, VMware

acquired Nicira and its Network Virtual-

ization Platorm (NVP) sotware solution,

which can create an intelligent abstraction

layer between virtualized hosts and an ex-

isting physical network. NVP is managed by

EDITORS DESK





http://searchnetworking.techtarget.com/news/2240166952/Midokura-network-virtualization-Layer-2-7-services-OpenStackhttp://searchnetworking.techtarget.com/feature/IBM-DOVE-Big-Blue-enters-the-network-virtualization-battlegroundhttp://nicira.com/en/network-virtualization-platformhttp://nicira.com/en/network-virtualization-platformhttp://nicira.com/en/network-virtualization-platformhttp://nicira.com/en/network-virtualization-platformhttp://searchnetworking.techtarget.com/feature/IBM-DOVE-Big-Blue-enters-the-network-virtualization-battlegroundhttp://searchnetworking.techtarget.com/news/2240166952/Midokura-network-virtualization-Layer-2-7-services-OpenStack


27/30


a distributed controller system.

Just like VMware created virtual ma-

chines, our ocus now is on creating virtual

networks that are airly completewith L2,

L3 and ACLsand work just like physical

networks, so you can have tens and thou-

sands o isolated virtual networks at scale,

said Casado.NVP reduces provisioning time, one o

the most immediate problems in virtu-

alized data centers. Rather than taking

seven days, it now takes 30 seconds to pro-

vision a network, said

Casado. And were solving

isolation issues and mo-

bility issues. Were solving

immediate customer pain

points, and then well to-

tally change the paradigm.

Next up: new methods o

debugging and security. Well come up with

new methods o operational exibility that

we cant even imagine today. During the

next three to our years, well see network-

ing move into areas we cant even athom

today.

n

Big Switchs Big Virtual Switch. BigSwitchs Big Virtual Switch is an Open-

Flow-based network virtualization applica-

tion that runs at the top o the companys

SDN stack where the northbound API is

located.

Our Big Network Controller, which

is based on the open source Floodlight

Project, is in the middle o the stack and

ties together the physical and virtual net-

works and makes it simple to deploy SDN.

Beneath that, we interace to physical

switches through OpenFlow, said Harding.

Were solving immediate

customer pain points.

Martin Casado,

chief architect for

networking, VMware

EDITORS DESK





http://www.bigswitch.com/products/big-virtual-switch-network-virtualizationhttp://www.bigswitch.com/products/big-virtual-switch-network-virtualization


28/30


Big Switch dynamically segments the

network into tenant or user networks,

through virtual network segments (VNS)

that can support a spectrum o topologies

and use cases within a data centerrom

a pure overlay, a kind o tunnel-only net-

work, to a pure OpenFlow one with physi-

cal switches.A pure overlay works in environments

with a legacy physical network and Open-

Flow-enabled on the virtual switches only,

said Harding. In a pure OpenFlow en-

vironment, which is likely in a new data

center deployment or

a build-out or a spe-

cic application, it has

all the benets o physi-

cal switchesessentially

hardware acceleration o

the network that can work

with virtual switches. Along this virtual

spectrum, we also support hybrid network

virtualization, which is required to inte-

grate physical rewalls and physical appli-

cation delivery controllers.

n Ciscos Nexus 1000v. Cisco has adopted

an open approach toward network virtual-ization and its cloud strategy by providing

customers with a choice o hypervisor and

orchestration stacks, according to Prashant

Gandhi, director o Ciscos Data Center

Group.

The Nexus 1000vis a virtual switch de-

signed to unction much like its physi-

cal switch counterparts in Ciscos Nexus

series o data center switches. Like those

physical switches, the Nexus 1000v relies

on traditional network protocols or its

control plane. It also relies on the VXLAN

The Nexus 1000v relies on

traditional network protocols

for its control plane.

EDITORS DESK





http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9902/qa_c67-556624.htmlhttp://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9902/qa_c67-556624.html


29/30


protocol or added scalability, with the

ability to build bare metal workloads and

physical services through VXLAN-VLAN

unctionality.

Ciscos switch has a modular architec-

ture, with a Virtual Supervisor Module

(VSM) controlling the behavior o multiple

Virtual Ethernet Modules (VEMs). The ar-chitecture is similar to a physical modular

switch. Unlike Big Switch and Nicira, Cisco

recommends a hardware element or the

Nexus 1000v. While the VEMs are embed-

ded on individual hypervisor hosts, Cisco

advocates running the VSM on the Nexus

1010 Virtual Services Appliance or scal-

ability and perormance.

Our Nexus 1000v secure multi-tenant

solution supports customers using many

dierent solutions: VMware ESX, Micro-

sot HyperV, Citrix Xen, and KVM. It also

integrates with many orchestration plat-

orms, including open source OpenStack,

CloudStack, VMware vCloud Director and

Microsots SVCMM platorms, Gandhi

said.Moving orward, exactly how all o the

vendors dierentiate themselves rom

each other will come into clearer ocus.

Not just rom a subjective standpoint, but

also qualitatively in terms o what theyre

oering, how theyre oering it, and how

theyre positioning it. Many o the vendor

strategies are in ux right now, Casemore

said. n

EDITORS DESK







30/30


RIVKA GEWIRTZ LITTLE is the executive edi-

tor or TechTargets Networking Media.

SHAMUS MCGILLICUDDY is the director o

news and eatures or TechTarget Network-

ing Media.

DAVID GEERwrites about security and

enterprise technology or internationaltrade and business publications.

SALLY JOHNSON is the eature writer or

TechTarget Networking Media.

ABOUT THE AUTHORS

Network Evolution

is a SearchNetworking.com e-publication.

Kate Gerwig, Editorial Director

Kara Gattine,Senior Managing Editor

Rivka Gewirtz Little, Executive Editor

Shamus McGillicuddy,News Director

Sally Johnson,Feature Writer

Rachel Shuster,Associate Managing Editor

Linda Koury,Director of Online Design

Neva Maniscalco, Graphic Designer

Doug Olender, Vice President/Group [email protected]

TechTarget , 275 Grove Street, Newton, MA 02466

2013 TechTarget Inc. No part o this publication may be transmitted or repro-

duced in any orm or by any means without written permission rom the pub-

lisher. TechTarget reprints are available throughThe YGS Group.

About TechTarget: TechTarget publishes media or inormation technology pro-

essionals. More than 100 ocused websites enable quick access to a deep store o

news, advice and analysis about the technologies, products and processes crucial

to your job. Our live and virtual events give you direct access to independent ex-

pert commentary and advice. At IT Knowledge Exchange, our social community,

you can get advice and share solutions with peers and experts.

@

WEBSITEVisit us

E-MAIL

Contact us

TWITTERFollow us
http://searchnetworking.techtarget.com/http://-/?-http://-/?-http://-/?-http://searchnetworking.techtarget.com/http://searchnetworking.techtarget.com/mailto:editor%40searchnetworking.com?subject=https://twitter.com/RivkaLittlehttps://twitter.com/RivkaLittlehttps://twitter.com/RivkaLittlemailto:editor%40searchnetworking.com?subject=http://searchnetworking.techtarget.com/http://-/?-http://searchnetworking.techtarget.com/

network evolution april 2013

Documents