The Datacenter Networking Challenge
Current network architectures are rigid, complex and create a costly barrier to realizing the full agility organizations expect from Private Clouds. Limitations of physical networks tie an increasingly pooled dynamic virtual world back to inflexible, dedicated hardware, creating artificial barriers to optimizing network architecture and capacity utilization.
While a virtual machine can be provisioned in a matter of minutes, “surrounding “ that VM with all the necessary network and security services still takes days. This is because the current network and security operations remain dependent on manual provisioning of VLANS and dedicated physical appliances with fragmented management interfaces.
As a result, current network and security architectures not only reduce efficiency, but also limit the ability of enterprises to rapidly deploy, move, scale and protect applications and data based on business needs.
VMware Software Defined Networking (SDN), available today, helps solve the data center networking challenge. VMware SDN virtualizes the network and creates logical networks that meet the agility, performance and scale requirements of virtualized applications and data.
With VMware SDN, virtual networks can be programmatically provisioned, attached to workloads and placed, moved or scaled on demand anywhere in the data center or even across multiple data centers. What’s more, the provisioning and operations of network and security services provides an open framework to integrate 3rd party hardware or software services. The result is dramatically simplified operations, efficient resource utilization and greater agility to scale in response to business needs, delivered through an integrated and extensible platform.
VXLAN – Solving the Datacenter Network Challenge
As IT organizations to move to a converged infrastructure and service-oriented model, many are finding that current data center networking architectures are a limiting factor. VLAN-based switching models have a long history, but suffer from the following challenges in the data center:
- Inflexibility: VLAN and switching boundaries are not flexible nor easily extensible. As requirements grow or shrink, compute and storage resources need to be allocated without major operational overhead.
- Operationally Inefficient Fault Tolerance: High-availability technologies such as VMware Fault Tolerance work best with “flat” Layer 2 networks, but creating and managing this architecture can be operationally difficult, especially at scale.
- VLAN and IP Address Management Limitations: IP address maintenance and VLAN limits become challenges as the data center scales, particularly when strong isolation is required or in service provider environments.
To solve this challenge, VMware, in partnership with leading networking and silicon vendors including Cisco Systems, has created the VXLAN technology. VXLAN is a method for “floating” virtual domains on top of a common networking and virtualization infrastructure. By leveraging industry-standard Ethernet technology, large numbers of virtual domains can be created above an existing network, with complete isolation from each other and the underlying network.
VXLAN offers the following benefits:
- Flexibility: Datacenter server and storage utilization and flexibility is maximized through the support of “stretched clusters” that cross switching and pod boundaries
- Streamlined Network Operations: VXLAN runs on standard Layer 3 IP networks, eliminating the need to build and manage a large Layer 2 underlying transport layer.
- Investment Protection: VXLAN runs over standard switching hardware, with no need for software upgrades or special code versions on the switches.
As VMware and other vendors introduce VXLAN based solutions, organizations can begin to take advantage of new levels of data center automation, agility, and efficiency.
Building Logical Networks with VXLAN
VXLAN provides the capability to create isolated, multi-tenant broadcast domains across data center fabrics and enables customer to create elastic, logical networks that span physical network boundaries.
The first step in creating these logical networks is to abstract and pool the networking resources. Just as vSphere abstracted compute capacity from the server hardware to create virtual pools of resources that can be consumed as a service, Virtual Distributed Switch (VDS) and VXLAN abstract the network into a generalized pool of network capacity and separate the consumption of these services from the underlying physical infrastructure. This pool can span physical boundaries, optimizing compute resource utilization across clusters, pods and even geographically separated datacenters. The unified pool of network capacity can then be optimally segmented into logical networks directly attached to specific applications.
How it Works
VXLAN works by creating Layer 2 logical networks that are encapsulated in standard Layer 3 IP packets. A "Segment ID" in every frame differentiates the VXLAN logical networks from each other without any need for VLAN tags. This allows very large numbers of isolated Layer 2 VXLAN networks to co-exist on a common Layer 3 infrastructure.
In the vSphere architecture the encapsulation is performed between the virtual NIC of the guest VM and the logical port on the virtual switch. This makes VXLAN transparent to both the guest VMs and the underlying Layer 3 network. Gateway services between VXLAN and non-VXLAN hosts (e.g. a physical server or the Internet router) are performed by VMware's VMware vCloud Networking and Security Edge gateway appliance. The Edge gateway translates VXLAN segment IDs to VLAN IDs, so that non-VXLAN hosts can communicate with VXLAN virtual servers.