Feature Story

The Next Big Leap: Virtualization-Aware Networks

By Graham Smith

Server virtualization has proven to be a revolutionary solution for improving utilization rates of physical servers, providing a cost-effective means of implementing disaster recovery and fueling innovation by making compute resources flexible and moveable.

As the workload on the physical servers increases, virtual machines can be migrated to available servers to ensure that service level agreements and response times are met. When workloads decrease, the VMs can be migrated for consolidation to fewer servers and allow the unused servers to be powered down to save energy and cost. Virtualization can also improve the availability of applications, because virtual machines can quickly be restarted on new hardware if physical servers fail. VMs can also be simply migrated ahead of time when servers need to be shut down for service or upgrades. As a result, companies have turned to server virtualization to maximize resources.

However, the increase in virtualization comes at the price of additional complexity and overhead. Current networking switches are not aware of virtual machines, and this exposes the risk of service outage and security breaches due to incorrect network configurations. Lack of support for virtual machines with different networking requirements and migration of virtual machines without guaranteed performance and security prevents virtualization from achieving its potential for rapid scale-out, highly available dynamic data centers.

To fully realize the benefits of virtualization, companies need to enable what is commonly called multi-tenancy to allow virtual machines with different application, security and networking requirements to share physical resources and enable the dynamic movement of virtual machines while protecting security and maintaining accessibility on the network.

Virtual switches (vSwitches) are software network switches that provide the initial switching layer for virtual machines. They forward packets from virtual adapters in the virtual machines to other VMs on the same physical server or into the physical network via uplink adapters. Some vSwitches provide Layer 2, as well as some Layer 3, switching and can assign network attributes for VMs such as VLANs and traffic shaping.

Virtual machine migration refers to the mobility of VMs within the virtual environment. This can be in response to events or conditions based on sets of predefined criteria, such as:

  • when a VM should move from one location to another in a scheduled fashion;
  • when a VM should be replicated (cloned) in another location in a scheduled fashion;
  • when a VM should be able to move from one location to another in an unscheduled fashion; and
  • when a VM should be replicated (cloned) in another location in an unscheduled fashion.

With the above set of policies, the server administrator is able to define a coherent set of rules that provide both the ability to adapt to changing workloads and to respond to and recover from catastrophic events in both virtual and physical environments. For many services, changes in demand are generally regular and therefore predictable. Such expected changes can be anticipated and automated with a set of rules that allows the administrator to allocate demand to pools of available resources (such as CPU cycles, or memory) on platforms (servers) that have the lowest utilization.

When a VM experiences very high workloads, its performance could be negatively impacted unless it can be migrated to other available resources. For data centers to quickly migrate busy virtual machines requires that the network is configured correctly to avoid security or access issues.

To truly exploit the benefits of server virtualization, data centers need to enable the dynamic and automatic movement of virtual machines while protecting their security and maintaining accessibility. Conventional network switches are not aware of virtual machines, and this creates security and availability issues for both server and network administrators as they try to fully exploit the value of virtualization and manage this new environment. To further the virtualization evolution, network vendors need to provide products that:

  • are virtual machine-aware;
  • provide network configurations at a virtual port level, rather than just at the physical port;
  • track the mobility of virtual machines across data centers and into the cloud; and
  • automatically reconfigure the network as virtual machines move.

Vendors are responding to the challenge of making networks virtual machine-aware with differing approaches. For example, Cisco (News - Alert) provides its Nexus 1000V, which operates as a replacement to the VMware vSwitch and requires Cisco switches that implement proprietary packet tagging to transfer the vSwitch’s network traffic for handling by the physical switch. It’s an approach that only works with the most expensive versions of VMware and requires an overhaul of the existing networking environment.

The IEEE (News - Alert) 802.1Qbg working group is working on the virtual Ethernet port aggregator, better known as VEPA, as well as other related technologies, such as Ethernet virtual bridging, There are more than two dozen contributors to this standards effort, such as BLADE Network Technologies, Cisco, Dell, EMC (News - Alert), HP and IBM.

BLADE’s solution called VMready makes the network virtual machine-aware. The approach extends the concept of virtualization into the network, allowing network polices to be configured for virtual ports (v-ports), rather than just for physical ports. Each virtual machine can be assigned unique networking parameters such as security ACLs, QoS, and VLANs.

VMready automatically synchronizes with virtual machine managers such as VMware’s vCenter. This automatic configuration simplifies administrative tasks and reduces the chance of error due to misconfigurations. VMready also tracks the mobility of virtual machines across the data center and automatically reconfigures the network in real-time as the virtual machines move.

For server and network administrators, VMready, which is switch-resident software for BLADE’s embedded and top-of-rack switches, greatly simplifies management by ensuring that consistent network policies are enforced regardless of a virtual machine’s physical location. VMready’s ability to automatically move the networking polices of VMs during live migrations empowers customers to create truly dynamic data centers.

VMready also:

  • prevents security breaches and service outages that can be caused by improper network configuration;
  • maximizes the benefits of virtualization while eliminating the exposure to error that exists in traditional networking environments;
  • provides administrators the visibility they need to measure and troubleshoot network traffic per virtual machine;
  • solves issues in managing virtual machines and provides the simplicity, flexibility, and power needed to enable dynamic data centers;
  • enables administrators to configure the network parameters of virtual machines and track them as they migrate with an open-standards based solution;
  • reduces complexity by requiring no additional server software or changes to hypervisors or virtual machines; and
  • helps create energy-efficient, cost-effective data centers that allow enterprise applications to perform with the highest availability and performance. IT

Graham Smith is the director of product management for BLADE Network Technologies (www.bladenetwork.net).