Network virtualization is the latest buzzword to hit the IT
circles. It's meant to ease the task of managing a large heterogeneous network
by providing you a single point of control. In network virtualization, all
services and servers are treated as a single pool of resources which can be
rearranged and redeployed in real-time to meet changing user requirements. This
would help reduce network complexity, thereby lowering system downtime and
reducing the cost of network management.
A lot of tasks that were done manually by network managers
can be handled automatically after network virtualization. Currently, there's
no predefined standard for this new trend, due to which different vendors have
interpreted it differently. Here, we delve into some of those interpretations.
|
Virtual IP address
Virtual IP Address (VIPA) is a technology used in failover and load
balancing of a network connection. It adds a protection layer to a network
connection. It assigns a virtual IP address to an existing interface, so if the
system is unavailable, then the virtual IP address takes over the network
connection and automatically restores the connections between different servers.
VIPA is configured on a TCP/IP stack rather than a physical
adapter, and is therefore not linked with any particular endpoint device. A
virtual IP address is configure designated with multiple paths on the TCP/IP
stack, as a result it automatically switches to alternate path in case of
connection failure.
This eliminates hardware and communication media from
becoming points of failure for many connections. VIPA automatically takes over
and allows a Virtual IP address to automatically move to a stack where an
existing suitable application instance is already active and allows the
application to serve the users.
Further still, you can even configure a Dynamic Virtual IP
Address (DVIPA) for an application server. This can allow applications to create
and activate virtual IP, so that it can switch from one Logical Partitioning (LPAR)
to another one in case of failure.
Hipersockets
This is a technology that's specific to IBM's zSeries servers. Instead of
having multiple servers running their own applications for web, database
transactions, application, etc, everything is consolidated into a single zSeries
server and run in a virtual environment.
Prior to consolidation, all servers would have their own
physical network connections and you would need multiple routers and switches to
connect them together.
After consolidation, this external infrastructure of
network cards, cables, switches, and routers is not required. All communication
between the various virtual servers happens inside the zSeries server itself.
There are several advantages to this approach. One, since the zSeries server's
internal bus is used, there's literally zero latency, so the communication
between various virtual machines is much faster.
Since all the network connections are virtual, there can be
automatic failover between them. So if your business application's network
interface fails, it would automatically failover to another virtual connection.
All this leads to a more simplified infrastructure.
Virtual Ethernet
A virtual Ethernet interface is a fake Ethernet device, which is a replica
of a physical Ethernet device. This will respond like a normal Ethernet for
another IP address than the normal IP address of the physical Ethernet interface
of a machine. Therefore, it can have several IP addresses for single physical
Ethernet interface.
For example, these days Ethernet interfaces come with
integrated VLAN. This allows you to create a virtual LAN on virtual Ethernet
interfaces. This technology is also used to connect branch offices to their
corporate office.
Nortel's virtual Ethernet solution allows organizations to
cost-effectively scale and transparently extend their Ethernet LANs across a
wide area network (WAN), making the WAN and LAN appear as a single Ethernet
network.
As you can see, there are several interpretations of
network virtualization, largely due to a lack of open standards. It therefore
becomes quite difficult to determine what to choose. Some work is happening on
this front, and hopefully we should have something very soon.
Virtual LAN
This is another network virtualization technology, which acts like a normal
LAN and devices connected on it can be segregated into groups of different
logical LAN networks. However, all the devices are connected physically on a
same segment.
This allows administrator to divide LAN into virtual
segment without using a separate switch. Here, clients and servers may be
placed anywhere on a network, but they are grouped together using VLAN
technology. This also prevents broadcast traffic as it sends broadcast data to
devices within the VLAN.
VLANs are configured using Media Access Control (MAC)
addresses of the device. If a device is moved from one port to another on the
switch, the VLAN management software recognizes it and automatically
reconfigures it into its appropriate VLAN without changing the MAC address or
the IP address of the node.
It uses 802.1Q specification method for adding VLAN group
information into ethernet frames. Some VLAN softwares not only manage all the
VLAN groups but also allow you to create virtual routers with in the VLANs. So
that you can interconnect different VLANs together.
For example, the various servers and clients
can be added to separate groups which in turn can communicate with each
other through virtual routers. This technology is now available with all managed
switches.
Virtual Private Network
This is another virtualization technology, which allows you to interconnect
your branch offices over a public network, with your existing infrastructure. A
VPN ensures that data that is sent between the two endpoints of a connection
remains secure.
In this setup, people outside your network can be part of
your network from a public network such as Internet and one can access any
service running on your network from anywhere.
These days VPN appliances are available, which connect you
to a corporate network via public IP and the users can access that network
by logging in using a VPN client. It may be slow for the client depending on the
connectivity speed, but the client can avail all the services from the corporate
network.
Sanjay Majumder