VXLAN itself supplies pseudo-VLAN functions that reside wholly within the hypervisor, using network switching as basically a dumb transport, with the hypervisor peeling away the encapsulation and shuttling traffic securely along virtual LANs. Microsoft's Hyper-V does something similar using GRE. Essentially, this abstraction reduces the actual network to a flat Layer 2 foundation, with the hypervisors handling everything else.
To frame this, consider that it's now possible to plug a bunch of physical hosts and storage into a switch that has a default configuration with every port on the same VLAN. Then, by configuring VXLANs, firewalls, and load balancers within VMware vSphere, you can create dozens of networks connecting hundreds of VMs, all without touching the switching configuration. In fact, that switch could have a live Internet connection fed into it on one port and all security elements handled at the hypervisor level. An entire data center built with only a single switch, a bunch of storage, and a pile of physical hosts -- this is VMware's software-defined data center (SDDC).
A new kind of isolation
The upshot of all this: The role of the network administrator is changing. It's heading in the direction of controlling a subset of the virtualization platform's configuration and away from the traditional work of modifying switches, routers, and firewalls. How will network admins take to the new waters? One hurdle is that the new approach flies in the face of what we now consider to be networking best practices.
Physical separation of untrusted networks has been the rule almost from the beginning, though it's been waning in recent years. Moving to an architecture such as VMware's SDDC dispenses with those boundaries altogether. VMware, Microsoft, and others betting on the virtualization of networks will need to build trust -- lots of it -- among technologists who are historically wary of deviations from known and trusted paths. It's an approach that will take much time and evidence to be fully accepted, but I have little doubt it will eventually become the way at some point in the future, for better or worse.
That will leave IT in a position where literally everything in the data center is virtual: the servers, the storage, the network, the applications, the desktops, the whole shebang. They'll all be controlled from a central console and managed more or less as a single entity. There's much to like about this scenario, but there's much work to do to make it real -- and even more to make it acceptable to the majority of IT shops around the world.
Sign up for CIO Asia eNewsletters.