Network virtualization software, similar to how hypervisors allow physical compute to be abstracted into virtual machines without making any changes to the physical compute, allows physical networking to be abstracted into virtual networks without making any changes to the physical network.
“Oh, so VLANs then.”
Not quite. While a VLAN is a “virtual local area network”, creation of a VLAN requires configuration of the underlying physical network. Network virtualization software allows the creation of network segments that are managed, maintained, and operate entirely in software, allowing networks to be created and destroyed without ever needing to change the configuration on the physical routers and switches.
VMWare’s network virtualization platform is called VMWare NSX®1. Per the VMWare NSX Datasheet: “VMWare NSX® is the network virtualization and security platform that enables VMware’s cloud networking solution with a software-defined approach to networking that extends across data centers, clouds and application frameworks.”
Nutanix’s network virtualization platform is called Flow Virtual Networking. Per Nutanix: “Flow Virtual Networking for AHV virtualization brings virtual private cloud (VPC), virtual public cloud and other advanced virtual networking constructs together to bridge traditional and cloud-native network models. The use of a software defined approach simplifies the infrastructure and removes the need for costly hardware segmentation solutions or more complex and static physical network architectures.”
In practical terms, both of these are doing the same thing: adding a virtualization layer on the network as well as the compute using software that manages the network in ways that were previously exclusively the domain of physical switches and routers. This is done through a process called network encapsulation.
As far why we need it, the simple, short answer is: Network virtualization allows for fast, easy, scalable network design that doesn’t require making any changes to the underlying routers and switches. For example, DevOps teams can push a button and build out an entire copy of their production network for testing application changes, and the physical network doesn’t know or care!
Network devices are commonly broken down into three layers or planes: management, control, and data. Network virtualization software follows the same paradigm. When you install NX-OS or IOS-XE or Arista EOS or Juniper JunOS, you are not installing one monolithic piece of software. They contain services and subsystems that handle their individual parts and interact with others. The same goes for VMWare NSX or Nutanix Flow. These planes generally break down as such:
- Management Plane – The user interface, either GUI, CLI, or API used to display the current configuration and state or input new configuration.
- Control Plane – The logic that takes all the individual pieces of configuration, determines how they interact, determines the full active configuration, and programs the hardware that actually processes data.
- Data Plane – The part responsible for processing and handling traffic according to the “rules” of the full configuration. On hardware, this is generally the ASICs.
Each part is generally very specialized and good at its own role and terrible to useless at the others. And, like traditional networking, the concepts and rules of layer 2 (switching) and layer 3 (routing) still apply to NSX and Flow. We will break both NSX and Flow down into their component layers, and how they handle switching (layer-2), routing (layer-3), and security.
But first, we need to understand Network Encapsulation, as this is the technology at the core of both offerings.
- A quick disclaimer: There are two technologies referred to as NSX, and they are quite different. Lightedge uses the current version, which was previously called NSX-T and is now just called NSX. Everything in this material relates to the current iteration. The prior iteration was originally called VMWare NSX and is now called NSX-V, uses many similar terms but is an entirely different platform which has since been discontinued. When doing any reading on your own, ensure you are reading about the correct version. ↩︎
Stephen Martin | stephenmartin.io 