Top Operational Challenges of Network Virtualization

The trend of virtualization is one of the most powerful forces in technology. Using data abstraction and control, the functions of compute, networking, and storage are being virtualized to create a more flexible software platform for delivering digital workloads and services to customers.

The vision is that, eventually, nearly all digital and computing services will be controlled by open and compatible software interfaces, automating the orchestration of resources behind the scenes – often from the cloud. Ordering up and controlling services ranging from cloud computing to virtual private networks will be as easy as pushing the buttons on your TV remote.

This virtualized infrastructure is bringing enormous benefits to the technology world, but nobody said it was easy. This massive, worldwide migration of control from the physical to the virtual is a complicated process. Decades of procurement, administration, and business processes are being changed.

The No. 1 focus of IT management is virtualization. In Protiviti’s “2015 IT Priorities Survey,” 86% of those surveyed labeled it a “significant priority.” This survey had more than 1,000 respondents including CIOs, IT vice presidents, and IT directors. The second highest priorities were security related, with 83% citing virus and advanced threat eradication as a significant priority; data breach and privacy laws also came in at 83%.

All of these issues are connected, of course. Security and virtualization go hand-and-hand in the cloud (see “Why Security Is a Leading Network Virtualization Driver”). In the legacy, physical world of computing, resources could be cordoned off by physical or software firewalls. But as the world’s computing power is migrated to the cloud and connected to the Internet, security must become more virtual as well.

Computing power has been transformed by server virtualization and the cloud model. The next step is to extend that to network virtualization (NV). In our recent “2015 Special Report: Network Virtualization in the Data Center,” our research and user survey generated a lot of information about the operational challenges of NV. Below are the some of top operational challenges that IT managers should watch out for in their shift to NV.

Scalability

When asked to identify the top two attributes organizations are looking for from NV solutions, scalability got a majority vote in our research – from 51% of those polled. Some NV solution may have performance challenges when the control planes reach their limits or when the data plane replicates broadcast, unknown unicast, or multicast traffic across the physical fabric. Vendors are working to overcome these limitations, but whether the solutions can scale to support large cloud environments with tens of thousands of physical servers is yet to be seen.

Openness of Solution

In our survey of the top two attributes of NV, openness and interoperability came in second at 39%, which speaks to the heterogeneous nature of most organizations and their need to ensure the solutions work together.

Look for NV solutions that support standard protocols to improve compatibility with other network elements. VXLANis the most popular encapsulation protocol today. On the direct-fabric programming side of the equation, the OpenFlow protocol is the most prevalent southbound protocol supported by switches, enabling the NV solution to have a wider reach. Cisco’s proprietary ACI has also experienced strong market adoption.

Usability and Manageability

Ease of implementation and performance came in at 36% and 35%, respectively, in our survey of most important attributes. Usability and manageability are key considerations. The control and management panels for these solutions have to accommodate tens of thousands or hundreds of thousands of networks (perhaps millions in the near future). This unprecedented scaling presents a new challenge for user interfaces.

Hypervisor Compatibility

Another version of openness: Virtualization customers need to make careful distinctions among the many hypervisor solutions out there and determine whether they work together. Some solutions are marked “compatible” with the hypervisor, but they might be using a virtual switch instance running in a virtual machine (VM). This is true with VMware’s ESXi, which today restricts choices of virtual switches to its built-in version or limited partners. These issues are being solved with more workarounds, however, and non-VMware vendors are beginning to improve VM performance issues.

Network Model

Choosing the network model can have huge architectural implications. Look for a mature NV solution that provides a network model that helps visualize and define the topology – including Layer 2, Layer 3, routing, gateways, Layer 4-7 chaining, and so on. The more complex the environment, the more critical the model is to ensuring it is working properly.

Physical Switch Compatibility

NV solutions try to operate primarily within the virtual domain, but most still require some integration with the physical infrastructure. The availability and performance of physical-to-virtual gateways is critical. For NV solutions using VXLAN, there is an increasing number of switches that can act as hardware VTEPs (VXLAN termination endpoints) to facilitate these boundary transitions at wire-speed.

High Availability

Many networks are jitter- or latency-sensitive, such as those supporting streaming media, voice, or critical apps (e.g., financial and medical), where the presence of QoS support (Layer 2/Layer 3) can be helpful. In such environments, NV solutions based on direct-fabric programming may be able to provide better QoS control than pure overlay solutions.

Visibility and Analytics

Visibility is critical for network troubleshooting and management. The ability to look into overlay tunnels and understand how they traverse a particular physical path is key to optimizing the network’s performance.

NV vendors tout monitoring and analysis within their solutions, with the ability to analyze traffic trends (throughput, latency) within the solution itself. However, most of these implementations are relatively basic, focusing on data capture. Look for capabilities to mature in the coming months to improve analysis.

These are the most critical issues we found when examining the operational approach to NV.

Network virtualization explained

Server virtualization and storage virtualization have been around for years, allowing additional workloads to operate on existing devices, or pooling and provisioning resources without regard for their physical locations. But virtualization has moved beyond servers and storage systems, extending across the network and reaching all the way to user endpoints. This article explains the ideas behind network virtualization, highlights the main deployment considerations, and notes the major opportunities for solution providers.

What is network virtualization and why is it important to the channel?

Network virtualization is a process of abstraction which separates logical network behavior from the underlying physical network resources. Network virtualization allows network aggregation and provisioning, combining different physical networks into a single virtual network, or breaking a physical network into multiple virtual networks that are isolated from each other. This is sometimes called "external network virtualization." Network virtualization can also be applied within virtual servers to create synthetic networks between virtual machines (VMs); this is often dubbed "internal network virtualization."

"A good example of an external virtual network would be VLAN technology, where many logical networks can be operated on one VLAN-capable switch," said Scott Gorcester, president of Moose Logic, a solution provider located in Bothell, Wash. "Internal virtual networks would be the facilities built into virtual server host software such as Microsoft Hyper-V, Citrix XenServer and VMware products."

Network virtualization lends itself to cost savings, efficiency, security and flexibility -- four key benefits for any client. "The whole point of everything we're doing with virtualization is to get more utilization out of hardware," said Dave Sobel, CEO of Evolve Technologies, a solution provider headquartered in Fairfax, Va. In physical environments, adding switch ports requires cabling, connections and configuration -- along with the investment in physical switch ports. In a virtual environment, logical switch ports are created and abstracted from the underlying physical ports. This allows more "virtual" switch ports to be added and "connected" (or directed) to other logical switch ports quickly and without having to commit real ports or cable them together in the data center.

Suppose that the client required a separate network for iSCSI traffic, application development or some other business purpose. Traditionally this would require the creation (and expense) of a different physical network, but network virtualization would allow a new logical network to be created and configured using the same physical hardware. The new network could be isolated from other virtual networks even though it's using the same physical cables, switches, routers and other devices. This ensures security between virtual networks. Further, the new network could be created, configured and managed with few (if any) changes to the physical network.

This kind of flexibility is impossible with physical networks. "When we are out of ports in a physical switch we need to buy another one," said Carlos E. Vargas, lead analyst at Exelon Corp., an energy company in Chicago. "In the virtual world we just change the size of our switch and reboot the virtual host and we are back in business."

Network virtualization is most effective with other forms of virtualization already in place. "The rub is making sure that we've got all the parts that we need in all the right places," Sobel said. "As you start to virtualize server and storage components, the idea of virtualizing the switches … starts to make more sense," he said, noting that network virtualization is a natural extension to virtual servers and storage.

Early on, network virtualization was the domain of large hosting companies that used the technology to create logical environments for each of their subscribers. Medium-sized to large enterprises are adopting network virtualization to separate networks by business function or geographic location -- often related to compliance obligations. Businesses are also adopting the technology to ensure security between the client and their business partners that require some form of access to the client's network. Small and medium-sized businesses (SMBs) may not be ideal candidates for network virtualization yet. But experts like Sobel predict that rapid adoption of storage and server virtualization, combined with falling prices for powerful networking hardware, may make network virtualization a suitable technology for the SMB by late 2009 or 2010.

What are the hardware and software elements of network virtualization?

Network virtualization can be implemented at the server or cluster level using hypervisor software -- you can create a virtual network on a single system. The hypervisor provides the abstraction layer that allows different types of internal networks to mimic the physical world. Hypervisor products include VMware ESXi, Citrix XenServer 5, Virtual Iron from Virtual Iron Software, Microsoft Hyper-V Server 2008 and the open source VirtualBox.

As you connect multiple systems, the network itself must support virtualization in the routers and switches. This may require the use of managed (or "intelligent") switches -- often termed Layer 3 switches. The switches run virtualization software modules that abstract the physical switch ports and surrounding network into VLANs. Fortunately, VLAN-capable switches are readily available. "VLAN technology is everywhere today, from high-end providers such as Cisco to lower-end/mid-tier vendors such as DLink," Gorcester said.

This relationship between hardware and software is leading to convergence. For example, a Layer 3 intelligent switch may be able to run virtualization software from VMware. Experts point out that vendors are working together to ensure interoperability, which can only help the adoption of virtualization. "Currently, Cisco is working to embed their technology in several hypervisor network topologies," Vargas said. "This will allow Cisco to extend the physical network to the virtual world."

What planning or upgrades may be needed for network virtualization?

While the hardware and software for network virtualization is readily available, its deployment in the enterprise requires careful planning. Bandwidth is the most obvious consideration. In some cases, the creation of multiple virtual networks is strictly a security play to isolate existing traffic -- usually to meet some compliance-related goal. This is rare, however, and virtual networks are more commonly deployed to improve utilization of the network by supporting additional workloads. Virtualization itself should add no additional traffic to the network, but the traffic from additional workloads has to be considered. Parts of the network (especially the network backbone) may need to be upgraded to 1 Gigabit Ethernet (GbE) or even 10 Gigabit Ethernet. Also consider the traffic types on the virtual network. VLANs block broadcast traffic, so applications that rely on broadcast traffic may not work properly.

Bandwidth upgrades may necessitate faster ports (and maybe cabling), but the network switches and routers will also have to be validated for proper virtualization support. For example, the switches will need to run virtualization software along with other software modules. "You have to make sure that your processors and memory on your switches and routers are able to handle the extra workload that will be placed on them," said Michael S. Wherry, technical architect with Global Hyatt Corp. in Chicago. As an example, Wherry pointed to a recent in-house effort where all routers were evaluated and upgraded as needed to support MPLS (Multi Protocol Label Switching) cloud traffic.

Network virtualization also raises the question of redundancy. As more workloads operate on existing hardware, faults and failures will have a greater impact on your client's operation. Solution providers that are assessing an existing infrastructure or planning a network virtualization project should identify single points of failure and recommend corrective action to ensure robust operation. For example, critical servers may be configured into a cluster to share processing resources and connectivity. When one element of the cluster fails, the remaining elements take over the processing to keep data flowing. Similarly, redundant switches may be introduced using failover techniques to shift traffic when faults occur.

Network virtualization adds complexity to the client's environment. Each new virtual network makes it more difficult to relate virtual resources back to the underlying physical resources, so limit the number of virtual networks to keep complexity to a minimum. "If you create too many VLANs, that network infrastructure will become a nightmare to administer," Vargas said. Any network virtualization project will require virtualization-aware management tools that can create, configure, provision and report on the virtual networks created for your client. Bandwidth monitoring and reporting may also be an important management feature -- not just to ensure smooth operation from a technical standpoint, but also to facilitate accurate chargeback billing to network users (if the client uses a chargeback model).

What are the channel opportunities and trends in network virtualization?

There are revenue opportunities in the initial deployment and setup of a network virtualization project. Clients are running with smaller IT teams -- especially in tightening economic conditions -- so relying on the services of an experienced solution provider is increasingly appealing, even for larger enterprises. "This is not one of those things you want to sit down and try to figure out yourself on the weekend, especially when you're working with compliance," Wherry said.

Beyond the initial installation, solution providers can find recurring revenue opportunities in auditing and regular management. For example, auditing can help verify that the client's environment is still safe and secure, ensuring that the virtualization project has not exposed any resources to unexpected threats.

Experts like Sobel note that network virtualization projects rarely exist in a vacuum, and are most often an extension of previous virtualization initiativesinvolving storage and servers. "I think a network virtualization project doesn't make much sense in its own," Sobel said. "No one would come in and say, 'I want to virtualize your network,' and talk just about virtualizing switches."

Consequently, solution providers can find additional project opportunities extending the virtual environment to other elements of the client's infrastructure. For example, a solution provider may be able to demonstrate a cost savings by proposing a subsequent server virtualization project to consolidate several remaining application servers onto a single platform. In some cases, a solution provider may recommend the reverse -- forestalling a network virtualization project until more elements of the client's infrastructure are virtualized.

Successful virtualization initiatives take planning. "The customer needs to sit down with the solution provider and plan where they want to take their environment in the next three to five years … and start working toward it," Vargas said. Many solution providers choose to plan and implement virtualization initiatives in phases -- often opting to start with nonessential elements of the environment. This minimizes disruption, allowing the client to gain confidence and see value in virtualization before it rolls out to the entire enterprise.

Planning should also involve a perspective on the future network technologies. As more workloads are handled by less hardware, additional network bandwidth must be added. Vargas pointed to unified fabric technology as one near-term development, allowing native storage and network traffic to coexist on the same network. An example of this is Cisco's Nexus 7000 series switching platform, which supports IP and Fibre Channel traffic on the same 10 GbE cable (dubbed Fibre Channel over Ethernet or FCoE). Additional bandwidth should also be available with the continued adoption of 10 GbE and the eventual development of 100 GbE.