Virtual Networking – CompTIA Network+ N10-007 – 2.4

Now that we’ve virtualized the data center, what happens to the network? In this video, you’ll learn about network virtualization deployment strategies.

<< Previous Video: Advanced Networking Devices Next: Network Storage >>

Virtualization has drastically changed to our modern data centers. We used to have data centers that may have 100 individual servers in them, and of course, all of those individual servers were all connected together with enterprise switches and we connected all of the separate VLANs together with enterprise routers. And of course, there was redundancy, so we always had multiple switches and multiple routers to ensure there was up time to these services.

And then we virtualized the data center. We removed those 100 physical devices and created them all virtually within one single large physical system. So now that all of these servers are living in this virtual world, how do we provide switching and routing services for all of those networks and all of those VLANs? Of course, all of those hundreds of servers that are now virtualized will still need to be able to communicate to the physical world.

The component that provides this link between the virtual world and the physical world is the hypervisor. You might also hear this referred to as the Virtual Machine Manager. This is the component that manages the entire virtual platform for all of those virtual servers. If you’re running a virtual machine on your existing desktop, you may want to be sure that the hypervisor is using a CPU that could support virtualization within the hardware of the CPU. Intel calls this VT for virtualization technology, and AMD calls it AMDV for the virtualization.

This hypervisor is the component in this virtual system that is maintaining all of these virtual CPUs to all of these devices. It’s allowing you to set up separate networking components, and it can provide security for all of these virtual machines. There are a lot of different options for networking when you get into the virtual world. A lot of these hypervisors will have their own internal network, so they can communicate to all of the local VMs without ever using an external network.

You could also use a shared address to communicate outside of the virtual machine. So there might be a single Ethernet card on this virtual machine platform and the hundreds of VMs that are inside of this device will use that single IP address associated with that interface as the connection to the outside world. This effectively is performing a network address translation function to be able to use and share that single IP address.

You can also configure a virtual machine to have its own IP address rather than sharing a single natted address. This would be a bridged network address, and it will allow the VM to have its own unique addressing. And some virtual machines can be configured with a private address that doesn’t communicate to anyone. This is very common to do if you’re setting up a virtual machine in a test environment.

But now that all of these servers have been put into a virtual environment, we can also build out switches and routers in this virtual environment as well. In this scenario, I’ve got a dotted line around this virtual world that we’ve created with these hundreds of different servers inside of it. And of course, there is a link to the outside world that eventually will connect to a physical switch. Inside of this virtual world, I built out a couple of virtual switches that are connecting to these virtual servers, and I’ve also got a virtual router that’s able to route between these different networks.

Because this is a virtual environment, I can make changes at any time just by making a few mouse clicks. These virtual switches and virtual routers are all software that’s running in this virtual environment. So if I’d like to put a back end process for this server that happens to have a separate database server, I can simply add a different virtual switch and now I’ve got a way for this server to communicate on the back end to a separate database.

Just as I’ve added virtual networking components, I can also add virtual security components. I could add a virtual firewall. So I can have a firewall protecting all of the data that’s going in and out of this virtual world. I can also bring the security down to a port level and add multiple virtual firewalls, so I’m able to have a very specific security policy for every single link that’s going in and out of every server in this virtual environment.

There are certainly advantages and disadvantages to all of these different configurations. But when you’re working with a virtual environment, you have the flexibility to build the environment exactly with the resources and requirements that you need.