The network team is being bombarded with configuration requests that can take days or weeks to handle, but luckily several approaches are emerging that promise to increase network agility, chief among them Network Virtualization (NV), Network Functions Virtualization (NFV), and Software Defined Networking (SDN).
The alphabet soup may seem overwhelming at first, but each of these approaches is trying to solve different subsets of the macro issue of network mobility. In this article we'll examine how NV, NFV and SDN differ and how each moves us down the path toward programmable networks.
Enterprise networking administrators can't keep up with requests for network changes. There needs to be a way to automate the network to improve IT's responsiveness to change. In this use case, we are typically trying to solve one problem: How do I move VMs across different logical domains? Network virtualization literally tries to create logical segments in an existing network by dividing the network logically at the flow level (it is similar to partitioning a hard drive).
NV is an overlay; it's a tunnel. Rather than physically connecting two domains in a network, NV creates a tunnel through the existing network to connect two domains. NV is valuable because it saves administrators from having to physically wire up each new domain connection, especially for virtual machines that get created. This is useful because administrators don't have to change what they have already done. They get a new way to virtualize their infrastructure and make changes on top of an existing infrastructure.
NV runs on high-performance x86 platforms. The goal is to allow people to move VMs independently of their existing infrastructure and not have to reconfigure the network. Nicera (now VMware) is one vendor selling NV equipment. NV is for anybody who's using virtual machine technology.
Network Functions Virtualization
If NV offers the capability to create tunnels through a network and use per-flow service thinking, the next step is to put a service on a tunnel. NFV is virtualizing Layer 4-7 functions such as firewall or IDPS, or even load balancing (application delivery controllers).
If administrators can set up a VM by pointing and clicking, why can't they turn up a firewall or IDS/IPS in the same way? This is what NFV enables. NFV uses best practices as base policies and configurations for different network elements. If you have a specific tunnel you're punching through the infrastructure, you can add a firewall or IDS/IPS to just that tunnel. The popular functions for this are firewalls and IDS/IPS systems from companies like PLUMgrid or Embrane.
NFV runs on high-performance x86 platforms, and it enables users to turn up functions on selected tunnels in the network. The goal is to allow people to create a service profile for a VM, or flow, and leverage x86 muscle to build an abstraction on top of the network (the tunnel) and then build virtual services on that specific logical environment. Once in place, NFV saves a lot of time on manual provisioning and training.
Sign up for CIO Asia eNewsletters.