VMware's Network Virtualization Poses Huge Threat to Data Center Switch Fabric Vendors

Introduction:

Milin Desai, Director, Product Management at VMware, presented his company’s views on network virtualization, its advantages, current and future products at a late day VMUG session on May 1, 2013 in Santa Clara, CA.

The talk on Network Virtualization was in the context of a Software Designed Data Center (SD-DC), where all intra-structure (compute, storage, networking, security, etc) is virtualized and delivered as a service. In this scenario, control of all DC equipment is via VMware software running in commodity x-86 based servers.

Discussion:

The physical DC network was positioned as a bottleneck and barrier to realization of the SD-DC. In particular, the network was said to have  many weaknesses:

  • Slow provisioning of new applications and services
  • Limited placement of workloads (which are dependent on network connectivity/availability and/or security constraints)
  • Limited mobility of apps (due to phyical constraints)
  • Hardware dependent on type of server (which is inflexible)
  • Intensive operations (to maintain or change the network)

In sharp contrast, these limitations disappear when using network virtualization (to be defined later in this article):

  • Programmatic provisioning
  • Place any workload anywhere (e.g. on any physical infrastructure)
  • Decouple applications and services from physical hardware
  • Operationally efficient
  • Pool resources; notion of “logical compartmentalization”

Milin said that “With network virtualization, only IP hardware (i.e. IP switch fabrics operating at L3 using merchant silicon) is needed for the physical network. Such a ‘logical network’ auto-extends or contracts when a workload moves.” It is also “operationally ready with admin visibility,” he added.

But hey, what’s network virtualization, anyway? Really!


Definition of Network Virtualization:

As Milan did not clearly define “network virtualization” we picked this description from many on the web:

“Network virtualization is a process of abstraction which separates logical network behavior from the underlying physical network resources. Network virtualization allows network aggregation and provisioning, combining different physical networks into a single virtual network, or breaking a physical network into multiple virtual networks that are isolated from each other.”

Network virtualization lends itself to cost savings, efficiency, security and flexibility — four key benefits for any client. “The whole point of everything we’re doing with virtualization is to get more utilization out of hardware,” said Dave Sobel, CEO of Evolve Technologies, a solution provider headquartered in Fairfax, Va. In physical environments, adding switch ports requires cabling, connections and configuration — along with the investment in physical switch ports. In a virtual environment, logical switch ports are created and abstracted from the underlying physical ports. This allows more “virtual” switch ports to be added and “connected” (or directed) to other logical switch ports quickly and without having to commit real ports or cable them together in the data center.

VMware’s Scott Lowe has another point of view. He wrote in an email: “”Increasing the utilization of physical network hardware (i.e., consolidation) is not a key driver for network virtualization, as it was with server virtualization. The real value is in the agility and flexibility that it brings to customers’ data center networks.”


More benefits of network virtualization:

Let’s suppose that the client required a separate network for iSCSI traffic, application development or some other business purpose. Traditionally this would require the creation (and expense) of a different physical network, but network virtualization would allow a new logical network to be created and configured using the same physical hardware. The new network could be isolated from other virtual networks even though it’s using the same physical cables, switches, routers and other devices. This ensures security between virtual networks. Further, the new network could be created, configured and managed with few (if any) changes to the physical network.

This kind of flexibility is impossible with physical networks. “When we are out of ports in a physical switch we need to buy another one,” said Carlos E. Vargas, lead analyst at Exelon Corp., an energy company in Chicago. “In the virtual world we just change the size of our switch and reboot the virtual host and we are back in business.”


Instead of a precise definition, Milo Desai explained network virtualization in terms of what functions it accomplishes:

  • Decouples virtual and physical spaces- no hardware dependencies (because physical network hardware is reduced to IP switching/packet forwarding engines)
  • Accomodates logical network changes without disturbing the host server
  • Automates network operations, e.g. provisioning, adding ports, reconfiguration, etc

VMware network virtualization software implementations (to be described later) do away with L2 VLANs entirely and operates at the IP Layer (L3). It provides functions such as: IP switching with SLAs, Routing and IP addressing, firewall, and load balancing in software running on commodity compute (x86 based) servers.

The physical network below the network virtualization layer only needs to provide IP network layer connectivity.  Potentially, this functionality could be provided by simple, low cost “IP packet forwarding engines” built using merchant silicon.  The physical network hardware is responsible for all of the functionality necessary to construct and maintain a resilient L3 fabric, including the use of IP routing protocols such as BGP or OSPF to enable Equal Cost Multipathing (ECMP). All of the functionality required for provisioning and managing workloads—building logical L2 domains, IP addressing, NAT, firewalling, and load balancing—run in network virtualization software on any x86-based compute server.


Opinion:

In VMware’s implementation, the physical Data Center network is composed of low cost IP data forwarding hardware (i.e. L3 switch fabric using merchant silicon). If that’s the case, than profit margins of the legacy switch fabric vendors (Cisco, HP, Dell, Juniper, Brocade, etc) will decline precipitously and they are in danger of being replaced by even lower cost network equipment made by Taiwanese and Chinese contract manufacturers.

Not wanting to be so disruptive as to put legacy DC switch fabric vendors out of business, two representatives of VMware said that they believe the “physical DC network will become more network virtualization aware” by including new functionality (yet to be defined).

Other Voices:

From IEEE Discussion list member Victor Grado, “Network Virtualization might be a threat to Data Center network equipment vendors, in much the same way that open source software (e.g. Open Daylight) for software-defined anything and related approaches represents a threat to VMware (and already does, witness Amazon, Google, Facebook, etc, not using VMware).”

One former Cisco employee told me at the VMUG reception that indeed, VMware’s network virtualization was a threat to Cisco’s dominance of the Data Center Switch market. He also said that the two companies are no longer co-operating closely as they did for years.

Tom Nolle on Virtual Networking’s Dirty Operations Secret wrote:

Huawei seems to be projecting a future where network equipment takes a smaller piece of the infrastructure budget—IT and software getting a growing chunk.  Genband seems to be envisioning a UC/UCC space that’s also mostly in as-a-service software form, and they’re also touting NFV principles.  It would seem that the industry is increasingly accepting the transition to a “soft” network.

The challenge for “the industry” is that it’s probably not true that a simple substitution of hosted functionality for dedicated devices would cut operator costs enough to alter the long-term industry profit dynamic.”


VMware’s Virtual Switch- “the starting point for Network Virtualization”

Milo began this discussion by noting that virtual server access ports now exceed the number of physical server access ports deployed in the data center. The former is growing @ 32% CAGR, while the latter is growing at less than half that at a 15% CAGR. Source: Crehan Research Inc.

The attributes of VMware’s vSphere Distributed Switch (VDS) are as follows:

  • Unified network virtualization management independent of physical fabric
  • Manage a Data Center wide switch vs. individual switches per host
  • vMotion aware so that statistics and policies follow the VM, simplifying debugging and troubleshooting
  • Advanced traffic management features such as load-based teaming (LBT) and Network I/O Control (NIOC)
  • Monitoring and Troubleshooting features, including NetFlow and port mirroring

Deployed since 2007, this product is being used by Navisite, eBay and Rackspace, among other companies.

VMWare’s NSX-Network Virtualization platform for Data Centers:

The two VMware network virtualization software products under the NSX platform are:
1. VCloud Networking & Security-shipping now.

Three use cases of VCloud were presented:

  • Datacenter automation
  • Self Service IT
  • Large scale, multi-tenant cloud

2.  NVP (from Nicira acquisiton)- can do logical networking without using IP Multi-cast. Now in version 3.1, NVP has been publicly and commercially available for quite some time as per this press release:

VMware plans to merge the company’s homegrown vCloud Networking and Security product line with the NVP technology that it acquired from Nicira. This new single-product family will be called VMware NSX. It will be based on a common technology foundation that works across multiple hypervisors and cloud management systems beyond those from VMware.


Next up:  Diagram(s) with description of VMWare’s network virtualization interfacing with L3 switch fabrics, ETSI NFV reference architecture and Intel SDN/NFV reference design concepts.


References from the VMUG-Silicon Valley meeting of May 1, 2013:

The Software Defined Datacenter

A_Guide_to_vSphere_Distributed_Switch_Deployments

Complete list of VMUG-Silicon Valley presentions:

……………………………………………………………………………………………………….

Other References:

The Software Defined Datacenter (EMC & VMware Strategic Forum- March 2013)

http://cto.vmware.com/network-virtualization-in-the-software-defined-data-center/

SDN vs. network virtualization: Q&A with VMware’s Martin Casado

http://searchsdn.techtarget.com/news/2240183487/SDN-vs-network-virtualization-QA-with-VMwares-Martin-Casado

Virtual Network Design Guide

Click to access Virtual-Network-Design-Guide.pdf

VMware vCloud Networking 
http://www.vmware.com/resources/techresources/10331

Click to access VMware-vCloud-Networking-Poster.pdf

VMware Announces VMware NSX in a Move Towards SDDC

http://www.tomsitpro.com/articles/virtualization-software_defined_datacenter-sdn-networking-vcloud,1-965.html

 

 

 

0 thoughts on “VMware's Network Virtualization Poses Huge Threat to Data Center Switch Fabric Vendors

  1. Excellent VMUG session summary and explanation of network virtualization. How is VMware’s version of network virtualization related and/or aligned with ETSI NFV?

    1. Excellent question! Have asked VMware to reply, but they’ve chosen not to as of this time.
      One obvious difference is that VMware’s NV software modules are proprietary to that company, whereas ETSI NFV Industry Specification Group is an open standards body with no proprietary functionality permitted. All IPR must be declared.
      ETSI NFV home page is at: http://portal.etsi.org/portal/server.pt/community/NFV/367
      List of members at: http://portal.etsi.org/NFV/NFV_List_members.asp
      “Non-proprietary white paper authored by network operators” at: http://portal.etsi.org/NFV/NFV_White_Paper.pdf

      The ETSI whitepaper states: “Network Functions Virtualisation (NFV) goals can be achieved using non-SDN mechanisms, relying on the techniques currently in use in many data centres. But approaches relying on the separation of the control and data forwarding planes as proposed by SDN can enhance performance, simplify compatibility with existing deployments and facilitate operation and maintenance procedures. NFV is able to support SDN by providing the infrastructure upon which SDN software can be run. Furthermore, NFV aligns closely with the SDN objectives to use commodity servers and switches.”

    1. Thanks Ken, but it’s way too early to write a book about either Network Virtualization or SDN!
      What the two technologies have in common is that they both usurp all the intelligence from the switch/routers deployed in a data center, campus, or telco network. That’s a huge change and a very serious threat to the switch/router vendors who are now re-positioning their products for the software defined data center and cloud networking.

  2. My first thoughts on this very interesting development (my POV is that of a PHY-wireless type):
    1–Thanks to Alan for the good summary.
    2–If the claims of virtualization are true over a desirable scale of network capacities, then two huge benefits will accrue…the relief of having minimal physical changes in L1 especially cables, ports and boxes, the immortality of x86 chips, and miniaturization of DCs, possibly even for the very small business.
    3–Competitive wars are apparently breaking out in this virtualization space, and this will no doubt clarify truth from hype. “Winners” will be hard to predict, unless, of course, there is a truly dominant breakthrough. But as I read Alan’s summary, there will be or already is a clash between VM and Open Daylight.
    4–Let the games begin!

    1. The clash will likely be between any network virtualization standard and the ONF- which is standardizing all aspects of “pure” SDN. Meanwhile, OpenDaylight consortium is creating open source software for Open Flow based SDN. There deosn’t seem to be an open source version of network virtualization to challenge VMware’s software.

      And who knows what will come out of ETSI NFV which only had their 1st meeting this January!
      Thanks for a terrific article and relevant comments!

    1. Data plane portion of SDN/NF will be implemented in silicon within “data forwarding engines.” But by DEFINITION, the control plane will be implemented in software on off the shelf compute servers!

  3. Alan, there are several versions of virtualization within networking.
    There’s virtualization via tunneling (or overlays).
    Some folks consider the vSwitch as network virtualization.
    Others merge these first two to talk of a virtualized network interface for an application (or its O/S), insulating it from the physical network (akin to what server virtualization does for server hardware).
    Then there’s NFV – virtualization of specific network functions by moving them out of purpose-built gear into VMs on generic servers.

    Each type has its own motivations and purposes.

    I think Scott Lowe was rebutting Dave Sobel’s take on the purpose of network virtualization. Dave seems to think a vSwitch fits in to provide the network virtualization part in a DC where the goal is to increase and maximize VM use per server to bring down overall hardware costs. Maximizing VM use per server helps drive increased traffic to/from each server and hence through all the network hardware.
    Scott’s right that being agile and flexible to deal with dynamic VMs comes before dealing with optimal use of hardware. You won’t even get to the latter if you don’t deal with the former first. Plus, I don’t think overlays by themselves ensure optimal traffic distribution through the physical network.

    1. Ashwin, your comment is spot on. Virtualization within networking is not new (and not unique to VMware), but what is new (IMHO) is bringing the right abstraction to bear so that we can change the operational model. By leveraging all the techniques you mention (tunneling/encapsulation, a virtual switch at the edge, a decoupling of the control plane and the data plane, and virtualized network services a la NFV), users can actually change the way networks are provisioned and configured. Network virtualization isn’t about consolidation, it’s about the speed at which businesses can provision new services and respond to the market.

Leave a Reply

Your email address will not be published. Required fields are marked *

I accept that my given data and my IP address is sent to a server in the USA only for the purpose of spam prevention through the Akismet program.More information on Akismet and GDPR.

This site uses Akismet to reduce spam. Learn how your comment data is processed.