In this introduction to network overlays, Keith Townsend explains what they are, what solutions they solve, and what challenges they present for IT pros.
Software-defined networking has been of extreme interest in the non-tech enterprise ever since VMware purchased Nicira. Nicira's technology now powers VMware's NSX network hypervisor. Similar software vendors including Nuage Networks and open source solutions such as OpenContrail have also seen a rise in interest. The promise of software products in this space enable private and hybrid cloud in the enterprise data center. Network virtualization uses network overlays to provide highly flexible network services without replacing the existing data center fabric.
What are network overlays?
Network overlays are not a new concept within the networking industry or even the enterprise data center.
One of the staple wide area network technologies in the industry is MPLS, which is a network overlay protocol. Carriers and some large enterprises use MPLS to provide dynamic connections over a physical network. The network overlay concept within commercial SDN solutions is very similar to MPLS. The point is to decouple the logical network from the physical underlay, which provides flexibility in creating new services.
What is network virtualization?
Similar to the way server hypervisors such as KVM, VMware, and Xen abstract and decouple the operating system instance from the underlying hardware, network virtualization decouples logical network devices from the physical network. Normally a network hypervisor runs in the kernel of the server hypervisor. A virtual switch is a simple example; a virtual switch provides layer 2 connectivity for all of the virtual machines loaded on a single hypervisor.
While this basic virtual switch is technically network virtualization, there's a higher level of complexity needed to create an overlay. In its most basic form, a virtual switch looks like any other physical switch to the rest of the data center fabric. For example, VLAN information is shared between the physical and virtual switches. The concept of virtual switches is enhanced by all the major hypervisors via the conception of the distributed switch.
Distributed switches are not confined by the barrier of a single hypervisor. It is a logical concept that extends across multiple hypervisors. In short, virtual machines on separate hypervisors can appear to be on the same logical switch. Again, the network is integrated with the physical network with VLAN information still shared between the distributed switch and the physical switches. When you add layer 3 capability to the virtual network devices, things get interesting.
By creating virtualized network devices with layer 3 capability, the reliance on the underlying physical network to provide layer 3 transport disappears. Network managers can create complex virtual networks that ride atop of the physical network. Additional value is added by providing a management interface that integrates with cloud management platforms and orchestration software. In theory, the entire data center can be created within one service provider, and either extended or moved to a different data center without regard to the underlying physical network.
Challenges with network overlays
The common challenge cited with overlays is the perceived complexity of managing two networks. There's now a virtual network that can consist of hundreds of layer 2 and layer 3 devices that ride atop of the physical network.
There is also the challenge of troubleshooting performance issues that arise within the virtual network that may be caused by the physical underlay. It takes a great deal of knowledge to understand where the physical network ends and the virtual network begins when it comes to troubleshooting. It gets a bit more complex when looking to provide connectivity between physical legacy applications and hosts that reside on the virtualized network.
Hypervisor support can also be a challenge. Since network virtualization hypervisors reside in the kernel of the hypervisor, the hypervisor vendor must provide support for the network platform. Physical SDN solutions function independently of the underlying hypervisor platform. VMware's NSX is an example of this challenge; NSX supports vSphere and open source hypervisors that use Open vSwitch, but it doesn't support Microsoft's Hyper-V directly.
Network overlays are a great way to solve the challenge of providing the agility in provisioning network resources in a private cloud. It is also a compelling solution for an enterprise that's heavily virtualized and looking to add management flexibility to its virtual infrastructure.
Network overlays powered by network virtualization is not for every organization. Organizations that have a heavy reliance on non-virtual workloads or non-supported hypervisors should investigate solutions from companies such as Cisco and Plexxi.