When you virtualize your servers, what happens to the network? In this video, you’ll learn about network virtualization and the fundamentals of software defined networking.
<< Previous: Unified Communication TechnologiesNext: Storage Area Networks >>
Let’s talk about virtualization. But let’s do it from a network perspective. We probably have all worked, now, with some type of virtualization of hardware. Our web servers and our database servers and our file servers are all running in these virtual environments these days. We’ve taken these very large server farms with hundreds of devices, and we’ve collapsed them down to run inside of one piece of hardware.
Generally, when we have devices that are all separated, we have them all connected to very large enterprise switches and routers and other networking devices. And there’s usually redundancy in there, as well. We might have multiple switches. And our servers might be connected to both of those. That way, if either of those switches goes down, we still have connectivity to the rest of the network.
So the projects in place today have been taking those physical devices and migrating them into a virtual world. Well, when you do that, and take 100 different devices, and now run them as 100 virtual devices, now, the network, of course, needs to change. You’ve had this enterprise network that now has been collapsed into a virtual environment. So let’s look at some network diagrams and some configurations that show what a virtual network might look like inside of one of these environments.
This is, effectively, the after picture, once we’ve taken our physical world and we’ve collapsed it into a virtual environment. We still, of course, have a physical switch on the outside of the virtual network, because it all has to connect somehow back to the physical network. But everything inside this dotted line you can think of being on one piece of hardware. And we have all of these virtualized devices that are running inside of this one massive computer.
So there might be multiple servers inside of that. And there also may be virtual switches inside of that. These are virtualized devices. They’re effectively switches that are running in software that have almost all of the same capabilities of our physical devices. We can connect up multiple VLANs. We can assign port configurations. We’ve got a lot of flexibility. In fact, when you need another virtual switch, you simply build another virtual switch. You don’t need a physical device. This gives you a lot of flexibility for building the network exactly the way you’d like it.
There’s also virtual routers in these environments, as well. So if you need to route between these different environments, you certainly can. So you can take everything that was in that physical network, collapse it into a virtual world, and, in some cases, make your network more resilient and more flexible by adding these virtual components.
Let’s take this idea of flexible networking in a virtual environment and see how this would work. Let’s say that we have a server. We’ll pick the one here at the top. And let’s say that we’d like to create a virtual environment that is private just for this server. So one of the things that we can do is go into our virtual environment, and we can decide to add a virtual switch into this mix. And then, that virtual switch will connect one other server, as well. Notice this server’s not connected to any of the other devices on the network. We’ve really made both of these devices local to each other by simply configuring and adding a virtual switch and adding another virtual server.
All of this, of course, is done in software. It can be done with a couple clicks of the mouse. You type a few things into the keyboard, and you now have brand-new virtual devices that you can use to perform any of your computing functions.
Since we’re talking about virtualization and how it applies to the network world, let’s also apply a little bit of security into this mix. We have the virtual switches and the virtual routers. It just makes sense that you would also have a virtual firewall. This is a firewall that’s running the same software, has many of the same capabilities of a physical device. But it’s running inside of this virtual environment. In this particular case, we place the virtual firewall at the ingress and egress point to the physical world. Everything inside the virtual environment can continue to communicate without any firewall in between, but only when we leave the virtual world are we passing through the firewall, so that we can then examine the information and determine if we allow or deny any of that network communication.
Obviously, many environments are much more secure. They need much more granularity. You almost need to have firewalls everywhere. And since this is a virtual environment, you can do exactly that. Click a few buttons, and you’re now connecting all of these devices, and separating them with a virtual firewall between every single one of them. This is becoming an increasingly common configuration, especially since we’re now so focused on providing security in the core of our network. And we’re able to set very granular controls for every single device. The server up here may have a completely different security posture than this server down here. So we can configure our firewalls in very different ways that fit exactly the role that they need to play.
This flexibility of a virtualized network that has virtualized servers and switches and routers is one that leads us right into something called Software Defined Networking, or SDN. In that previous example, everything inside of that box was managed, controlled, built, and removed, all in software. There was no additional physical component to any of those routers or firewalls or switches. In those particular devices, there are two planes of operation. We’ve broken out the functionality into these two categories.
One is the control plane. The control plane is the part of the device that manages what’s going on inside of it. It is the piece that we see when we connect to the device and perform management functions. It handles a lot of the administrative tasks for that device. It’s the piece of the device that’s doing the logging and the management.
Then, there is the data plane. The data plane is the one really doing the work. It’s the part that’s really doing the switching, or really doing the routing, or actually doing the firewalling. It is the part that’s most concerned with the overall operation of that particular component.
There are a number of characteristics associated with Software Defined Networking. One of these is that it is directly programmable. And it goes back to this separation between the control plane and the data plane. When we make configuration changes to the device, that’s different than the part of the device that’s actually doing the forwarding of data back and forth.
Another characteristic is that it is very agile. You can make changes. You can add devices, remove devices, and completely change the network layout, all in real time. If you need a new firewall, you click a button, and the new firewall appears. When you need to make changes to the network infrastructure, you drag a few lines, you click a button, and now, the network is completely reconfigured. This is, obviously, very different than the world we lived in with the physical devices on our network.
Another important part of SDN is that it is managed from a central source. If you need to understand what’s happening on your SDN, it all needs to be right in front of you. We often call this a single pane of glass. We don’t have to go to a lot of different places and look at a lot of different command lines or management devices. We can go to one single front end and understand exactly what’s happening on the network.
Another important characteristic of Software Defined Networking is that it can be completely automated. And this is an important part of having a network that is very agile, that can change at a moment’s notice, is that you, as a human being, don’t necessarily need to be there. If there is a new deployment of a database server, then it makes sense that the database server would be connected to the segment associated with those database components. And in that segment, there may be standard firewall configurations for each database server. So when the database server is deployed, automatically, behind the scenes, your Software Defined Network can also deploy the correct switch configurations, add it to the correct VLAN, deploy a virtual firewall right next to it, and have everything up and running automatically, without any type of human intervention.
An important characteristic of Software Defined Networking is that the platform itself is very open. You’re not locked into any particular vendor’s implementation. And that means that you can build an SDN that’s exactly the way you need it to work. And you have complete control over its operation.