The network team is being bombarded with configuration requests that can take days or weeks to handle, but luckily several approaches are emerging that promise to increase network agility, chief among them Network Virtualization (NV), Network Functions Virtualization (NFV), and Software Defined Networking (SDN).
The alphabet soup may seem overwhelming at first, but each of these approaches is trying to solve different subsets of the macro issue of network mobility. In this article we’ll examine how NV, NFV and SDN differ and how each moves us down the path toward programmable networks.
Network Virtualisation
Enterprise networking administrators can’t keep up with requests for network changes. There needs to be a way to automate the network to improve IT’s responsiveness to change. In this use case, we are typically trying to solve one problem: How do I move VMs across different logical domains? Network virtualisation literally tries to create logical segments in an existing network by dividing the network logically at the flow level (it is similar to partitioning a hard drive).
NV is an overlay; it’s a tunnel. Rather than physically connecting two domains in a network, NV creates a tunnel through the existing network to connect two domains. NV is valuable because it saves administrators from having to physically wire up each new domain connection, especially for virtual machines that get created. This is useful because administrators don’t have to change what they have already done. They get a new way to virtualise their infrastructure and make changes on top of an existing infrastructure.
NV runs on high-performance x86 platforms. The goal is to allow people to move VMs independently of their existing infrastructure and not have to reconfigure the network. Nicera (now VMware) is one vendor selling NV equipment. NV is for anybody who’s using virtual machine technology.
Network Functions Virtualisation
If NV offers the capability to create tunnels through a network and use per-flow service thinking, the next step is to put a service on a tunnel. NFV is virtualising Layer 4-7 functions such as firewall or IDPS, or even load balancing (application delivery controllers).
If administrators can set up a VM by pointing and clicking, why can’t they turn up a firewall or IDS/IPS in the same way? This is what NFV enables. NFV uses best practices as base policies and configurations for different network elements. If you have a specific tunnel you’re punching through the infrastructure, you can add a firewall or IDS/IPS to just that tunnel. The popular functions for this are firewalls and IDS/IPS systems from companies like PLUMgrid or Embrane.
NFV runs on high-performance x86 platforms, and it enables users to turn up functions on selected tunnels in the network. The goal is to allow people to create a service profile for a VM, or flow, and leverage x86 muscle to build an abstraction on top of the network (the tunnel) and then build virtual services on that specific logical environment. Once in place, NFV saves a lot of time on manual provisioning and training.
NFV also reduces the need to overprovision: rather than buying big firewall or IDS/IPS boxes that can handle a whole network, the customer can buy functions for the specific tunnels that need them. This reduces initial Capex, but the operational gains are the real advantage. NFV can be thought of as a parallel to VMware, with a few boxes running a lot of virtual servers, and a point and click provisioning system.
Customers understand the difference between NV and NFV, but they may not want to go to two different vendors to get them. That’s why VMware now offers NV and NFV security functions in VMware NSX.
Software Defined Networking
SDN uses canned processes to provision the network. For example, instead of building a network tap using an appliance, users should be able to program the network when they want to build a tap.
SDN makes the network programmable by separating the control plane (telling the network what goes where) from the data plane (sending packets to specific destinations). It relies on switches that can be programmed through an SDN controller using an industry standard control protocol, such as OpenFlow.
While NV and NFV add virtual tunnels and functions to the physical network, SDN changes the physical network, and therefore is really a new externally driven means to provision and manage the network. A use case may involve moving a large “elephant flow” from a 1G port to a 10G port, or aggregation of lot of “mice flows” to one 1G port. SDN is implemented on network switches, rather than x86 servers. BigSwitch and Pica8 are examples of companies selling SDN-related products.
All three types of technology are designed to address mobility and agility. We need to find a way to program the network, and there are different approaches to that: NV, NFV, and SDN.
NV and NFV can work on existing networks because they reside on servers and interact with “groomed” traffic sent to them; SDN requires a new network construct where the data and control planes are separate.