Network virtualization

Last updated

In computing, network virtualization is the process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network. Network virtualization involves platform virtualization, often combined with resource virtualization.

Contents

Network virtualization is categorized as either external virtualization, combining many networks or parts of networks into a virtual unit, or internal virtualization, providing network-like functionality to software containers on a single network server.

In software testing, software developers use network virtualization to test software which are under development in a simulation of the network environments in which the software is intended to operate. As a component of application performance engineering, network virtualization enables developers to emulate connections between applications, services, dependencies, and end users in a test environment without having to physically test the software on all possible hardware or system software. The validity of the test depends on the accuracy of the network virtualization in emulating real hardware and operating systems.

Components

Various equipment and software vendors offer network virtualization by combining any of the following:

External virtualization

External network virtualization combines or subdivides one or more local area networks (LANs) into virtual networks to improve a large network's or data center's efficiency. A virtual local area network (VLAN) and network switch comprise the key components. Using this technology, a system administrator can configure systems physically attached to the same local network into separate virtual networks. Conversely, an administrator can combine systems on separate local area networks (LANs) into a single VLAN spanning segments of a large network.

External network virtualization is envisioned to be placed in the middle of the network stack and help integrating different architectures proposed for next generation networks. [1]

Internal virtualization

Internal network virtualization configures a single system with software containers, such as Xen hypervisor control programs, or pseudo-interfaces, such as a VNIC, to emulate a physical network with software. This can improve a single system's efficiency by isolating applications to separate containers or pseudo-interfaces. [2]

Examples

Citrix and Vyatta have built a virtual network protocol stack combining Vyatta's routing, firewall, and VPN functions with Citrix's Netscaler load balancer, branch repeater wide area network (WAN) optimization, and secure sockets layer VPN.

OpenSolaris network virtualization provides a so-called "network in a box" (see OpenSolaris Network Virtualization and Resource Control).

Microsoft Virtual Server uses virtual machines to make a "network in a box" for x86 systems. These containers can run different operating systems, such as Microsoft Windows or Linux, either associated with or independent of a specific network interface controller (NIC).

Use in testing

Network virtualization may be used in application development and testing to mimic real-world hardware and system software. In application performance engineering, network virtualization enables emulation of connections between applications, services, dependencies, and end users for software testing.

Wireless network virtualization

Wireless network virtualization can have a very broad scope ranging from spectrum sharing, infrastructure virtualization, to air interface virtualization. Similar to wired network virtualization, in which physical infrastructure owned by one or more providers can be shared among multiple service providers, wireless network virtualization needs the physical wireless infrastructure and radio resources to be abstracted and isolated to a number of virtual resources, which then can be offered to different service providers. In other words, virtualization, regardless of wired or wireless networks, can be considered as a process splitting the entire network system. However, the distinctive properties of the wireless environment, in terms of time-various channels, attenuation, mobility, broadcast, etc., make the problem more complicated. Furthermore, wireless network virtualization depends on specific access technologies, and wireless network contains much more access technologies compared to wired network virtualization and each access technology has its particular characteristics, which makes convergence, sharing and abstraction difficult to achieve. Therefore, it may be inaccurate to consider wireless network virtualization as a subset of network virtualization. [3]

Performance

Until 1 Gbit/s networks, network virtualization was not suffering from the overhead of the software layers or hypervisor layers providing the interconnects. With the rise of high bandwidth, 10 Gbit/s and beyond, the rates of packets exceed the capabilities of processing of the networking stacks.[ citation needed ] In order to keep offering high throughput processing, some combinations of software and hardware helpers are deployed in the so-called "network in a box" associated with either a hardware-dependent network interface controller (NIC) using SRIOV extensions of the hypervisor or either using a fast path technology between the NIC and the payloads (virtual machines or containers).

For example, in case of Openstack, network is provided by Neutron which leverages many features from the Linux kernel for networking: iptables, iproute2, L2 bridge, L3 routing or OVS. Since the Linux kernel cannot sustain the 10G packet rate[ citation needed ], then some bypass technologies for a fast path are used. The main bypass technologies are either based on a limited set of features such as Open vSwitch (OVS) with its DPDK user space implementation or based on a full feature and offload of Linux processing such as 6WIND virtual accelerator.

See also

Related Research Articles

A virtual private network (VPN) is a mechanism for creating a secure connection between a computing device and a computer network, or between two networks, using an insecure communication medium such as the public Internet.

In computer networking, promiscuous mode is a mode for a wired network interface controller (NIC) or wireless network interface controller (WNIC) that causes the controller to pass all traffic it receives to the central processing unit (CPU) rather than passing only the frames that the controller is specifically programmed to receive. This mode is normally used for packet sniffing that takes place on a router or on a computer connected to a wired network or one being part of a wireless LAN. Interfaces are placed into promiscuous mode by software bridges often used with hardware virtualization.

The Intelligent Platform Management Interface (IPMI) is a set of computer interface specifications for an autonomous computer subsystem that provides management and monitoring capabilities independently of the host system's CPU, firmware and operating system. IPMI defines a set of interfaces used by system administrators for out-of-band management of computer systems and monitoring of their operation. For example, IPMI provides a way to manage a computer that may be powered off or otherwise unresponsive by using a network connection to the hardware rather than to an operating system or login shell. Another use case may be installing a custom operating system remotely. Without IPMI, installing a custom operating system may require an administrator to be physically present near the computer, insert a DVD or a USB flash drive containing the OS installer and complete the installation process using a monitor and a keyboard. Using IPMI, an administrator can mount an ISO image, simulate an installer DVD, and perform the installation remotely.

<span class="mw-page-title-main">Link aggregation</span> Using multiple network connections in parallel to increase capacity and reliability

In computer networking, link aggregation is the combining of multiple network connections in parallel by any of several methods. Link aggregation increases total throughput beyond what a single connection could sustain, and provides redundancy where all but one of the physical links may fail without losing connectivity. A link aggregation group (LAG) is the combined collection of physical ports.

<span class="mw-page-title-main">Computer network</span> Network that allows computers to share resources and communicate with each other

A computer network is a set of computers sharing resources located on or provided by network nodes. Computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are made up of telecommunication network technologies based on physically wired, optical, and wireless radio-frequency methods that may be arranged in a variety of network topologies.

The following is a timeline of virtualization development. In computing, virtualization is the use of a computer to simulate another computer. Through virtualization, a host simulates a guest by exposing virtual hardware devices, which may be done through software or by allowing access to a physical device connected to the machine.

Desktop virtualization is a software technology that separates the desktop environment and associated application software from the physical client device that is used to access it.

<span class="mw-page-title-main">VMware ESXi</span> Enterprise-class, type-1 hypervisor for deploying and serving virtual computers

VMware ESXi is an enterprise-class, type-1 hypervisor developed by VMware, a subsidiary of Broadcom, for deploying and serving virtual computers. As a type-1 hypervisor, ESXi is not a software application that is installed on an operating system (OS); instead, it includes and integrates vital OS components, such as a kernel.

Split tunneling is a computer networking concept which allows a user to access dissimilar security domains like a public network and a local area network or wide area network at the same time, using the same or different network connections. This connection state is usually facilitated through the simultaneous use of a LAN network interface controller (NIC), radio NIC, Wireless LAN (WLAN) NIC, and VPN client software application without the benefit of an access control.

<span class="mw-page-title-main">Computer appliance</span> Dedicated computer system

A computer appliance is a computer system with a combination of hardware, software, or firmware that is specifically designed to provide a particular computing resource. Such devices became known as appliances because of the similarity in role or management to a home appliance, which are generally closed and sealed, and are not serviceable by the user or owner. The hardware and software are delivered as an integrated product and may even be pre-configured before delivery to a customer, to provide a turn-key solution for a particular application. Unlike general purpose computers, appliances are generally not designed to allow the customers to change the software and the underlying operating system, or to flexibly reconfigure the hardware.

Infrastructure as a service (IaaS) is a cloud computing service model by means of which computing resources are supplied by a cloud services provider. The IaaS vendor provides the storage, network, servers, and virtualization. This service enables users to free themselves from maintaining an on-premises data center. The IaaS provider is hosting these resources in either the public cloud, the private cloud, or the hybrid cloud.

<span class="mw-page-title-main">Zeroshell</span> Linux distribution

Zeroshell is a small open-source Linux distribution for servers and embedded systems which aims to provide network services. Its administration relies on a web-based graphical interface; no shell is needed to administer and configure it. Zeroshell is available as Live CD and CompactFlash images, and VMware virtual machines.

A virtual security switch is a software Ethernet switch with embedded security controls within it that runs within virtual environments such as VMware vSphere, Citrix XenDesktop, Microsoft Hyper-V and Virtual Iron. The primary purpose of a virtual security switch is to provide security measures such as isolation, control and content inspection between virtual machines.

In computing, virtualization or virtualisation in British English is the act of creating a virtual version of something at the same abstraction level, including virtual computer hardware platforms, storage devices, and computer network resources.

A virtual firewall (VF) is a network firewall service or appliance running entirely within a virtualized environment and which provides the usual packet filtering and monitoring provided via a physical network firewall. The VF can be realized as a traditional software firewall on a guest virtual machine already running, a purpose-built virtual security appliance designed with virtual network security in mind, a virtual switch with additional security capabilities, or a managed kernel process running within the host hypervisor.

CloudStack is open-source Infrastructure-as-a-Service cloud computing software for creating, managing, and deploying infrastructure cloud services. It uses existing hypervisor platforms for virtualization, such as KVM, VMware vSphere, including ESXi and vCenter, XenServer/XCP and XCP-ng. In addition to its own API, CloudStack also supports the Amazon Web Services (AWS) API and the Open Cloud Computing Interface from the Open Grid Forum.

The Data Plane Development Kit (DPDK) is an open source software project managed by the Linux Foundation. It provides a set of data plane libraries and network interface controller polling-mode drivers for offloading TCP packet processing from the operating system kernel to processes running in user space. This offloading achieves higher computing efficiency and higher packet throughput than is possible using the interrupt-driven processing provided in the kernel.

Distributed Overlay Virtual Ethernet (DOVE) is a tunneling and virtualization technology for computer networks, created and backed by IBM. DOVE allows creation of network virtualization layers for deploying, controlling, and managing multiple independent and isolated network applications over a shared physical network infrastructure.

<span class="mw-page-title-main">Open vSwitch</span> Virtual network switch

Open vSwitch, sometimes abbreviated as OVS, is an open-source implementation of a distributed virtual multilayer switch. The main purpose of Open vSwitch is to provide a switching stack for hardware virtualization environments, while supporting multiple protocols and standards used in computer networks.

<span class="mw-page-title-main">Endian Firewall</span> Linux distribution

Endian Firewall is an open-source router, firewall and gateway security Linux distribution developed by the South Tyrolean company Endian. The product is available as either free software, commercial software with guaranteed support services, or as a hardware appliance.

References

  1. P. Martinez-Julia, A. F. Skarmeta, A. Galis. "Towards a Secure Network Virtualization Architecture for the Future Internet" Future Internet Assembly, 2013, doi : 10.1007/978-3-642-38082-2_12.
  2. A. Galis, S. Clayman, A. Fischer, A. Paler, Y. Al-Hazmi, H. De Meer, A. Cheniour, O. Mornard, J. Patrick Gelas and L. Lefevre, et al. "Future Internet Management Platforms for Network Virtualisation and Service Clouds"- ServiceWave 2010, December 2010, http://servicewave.eu/2010/joint-demonstration-evening/ Archived 2014-07-31 at the Wayback Machine and in "Towards A Service-Based Internet" Lecture Notes in Computer Science, 2010, Volume 6481/2010, 235-237, doi : 10.1007/978-3-642-17694-4_39
  3. Liang, C.; Yu, F. R. (2015). "Wireless Network Virtualization: A Survey, Some Research Issues and Challenges". IEEE Communications Surveys and Tutorials. 17 (1): 358–380. doi:10.1109/COMST.2014.2352118. S2CID   14838118.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.