09-07-2023, 05:28 AM
Virtual networks power cloud computing, VPNs and virtual LANs
A computer network as we usually visualize it involves various cables (Ethernet, fiber optic, coaxial) connecting to appliances like routers and switches, which direct data packets where they need to go.
The rise of Wi-Fi and cellular data networks have replaced some of those wires with wireless signals, but even radio waves are in the realm of the physical, and they connect back to cell towers or Wi-Fi access points.
In the seven-layer OSI network reference model, all of that network equipment, processing, and communication occupies the lowest three layers: Level 3 (the network), Level 2 (the data link), and Level 1 (the physical layer).
In a virtual network, all of that activity takes place in software.
Virtual networks may exist entirely within a single physical machine – a server. Or they may constitute an abstraction layer running on top of a physical network, whose configuration and topography may be quite different from that of the virtual network.
Building a virtual network is a complex undertaking, but the benefits are enormous: networks can be reconfigured simply by changing a file, rather than through laborious physical labor that might involve crawling through ductwork.
How does a virtual network work?
To understand how a virtual network works, let's start with a related and somewhat more familiar concept: a virtual machine. Most of us are familiar with VMs, which makes it possible to run multiple application instances on one physical machine.
[ REGISTER NOW for the security event of the year! CSO50 Conference + Awards, October 2-4 ]
These VMs don't really "know" that they're virtual; all the system calls and other communication that they would normally have with the underlying hardware is intercepted by a software layer called a hypervisor. The hypervisor juggles requests from multiple VMs running on the same machine to make the most efficient use of the underlying hardware resources.
A VM and can even translate instructions across hardware platforms, so that a VM could, for instance, run on an x86 machine even though it's been designed for ARM processors. The hypervisor is able to return the results that the VM expects to receive from the hardware.
A virtual network is based on the same principles. Software is configured to emulate a network with the specific topography desired by its administrators. As is the case with VMs, a virtual network is able to do its magic because the operating systems and applications communicating with it don't know (or care) whether or not they're talking to a real switch or a virtual switch (vSwitch).
They just send out packets marked with certain network routing information in their headers and expect to receive similar packets in return. Because that sort of communication is standardized, it's easy to build software that can emulate how a physical network card, switch, or router would behave, and indeed tools like Open vSwitch can run either on a hypervisor or as the control stack for physical networking hardware.
Once the hypervisor has these packets, it has to figure out how to route them to their destination, just like physical network hardware would. The difference is that the hypervisor must translate information about the software-defined virtual network—the one that our computer "thinks" it's attached to—to information about the actual underlying physical environment.
A computer might think that it's sending a packet to another computer on the same local area network, but in reality the two machines might be in different countries—or might be two virtual machines running on the same server.
The hypervisor will often solve this problem by enclosing the packet inside another packet that has different routing information in its header, and then handing that packet over to physical networking infrastructure. Once that packet arrives at its destination, the exterior packet is stripped away; the system that receives the packet will perceive it as having arrived via the virtual network, not the actual physical network that it traversed.
It goes without saying that implementing a virtual network takes quite a bit work and ingenuity. Why go through the trouble? A description of the different types of virtual networks will provide a sense of the real-world scenarios where they're useful.
Types of virtual networks
One important distinction is between internal and external virtual networks. An internal virtual network is used to connect multiple VMs running on the same server. In this case, the hypervisor doesn't need to encapsulate network packets and send them out across a real network; it just figures out which VM they're intended for and delivers them.
It might seem odd to use protocols developed for computer-to-computer communications as a means for two processes running on the same physical hardware to communicate. But remember, one of the benefits of virtualization is that you can run multiple out-of-the-box operating systems as entirely separate and self-contained processes on the same server.
Using standard networking packets and protocols for this purpose, along with their associated security infrastructure, means that these VMs can run and communicate with each other without modification.
External virtual networks, on the other hand, involve separate physical computers (or a mix of VMs and physical machines). In this scenario, machines are connected by traditional physical networking equipment (including connections over the open internet), but the network administrator will create a virtual network topology that's different from the underlying physical one.
There are three classes of virtual network, which could be internal or external:
A Virtual Private Network (VPN) is the simplest form of virtual network. The most common scenario consists of a single computer connecting over the open internet to a local corporate network. From the perspective of that computer and other computers it interacts with, the computer is part of the LAN once the VPN is established, even though it's remote.
A Virtual Local Area Network (VLAN) is more complex: it consists of an entire local area network defined virtually. A VLAN can be created by dividing a single physical LAN into multiple VLANs, or combining physically separate LANs into a single VLAN.
A Virtual Extensible Local Area Network (VXLAN) is a souped up version of a VLAN, which allows large LANs to be subdivided into many more separate VLANs, and also makes it easier to migrate VMs without interrupting services, both of which are key for cloud infrastructure.
Advantages and benefits of virtual networks
Virtual networking is an absolute necessity when you have multiple VMs running on the same hardware—a common scenario in cloud computing. Creating VLANs and VXLANs atop existing physical networks, meanwhile, allows admins to restructure networks to meet their needs quickly — and often, in the era of infrastructure as code, automatically. This would be difficult or impossible to do by manually rebuilding physical networks.
The advantages of virtual networking include:
Reducing the cost and maintenance involved with physical networking hardware.
Streamlining network administration by centralizing and automating control.
Offering more flexible and fine-grained network configuration options.
These benefits all help boost IT productivity and lower administrative costs, which is a big reason why virtual networking is here to stay
A computer network as we usually visualize it involves various cables (Ethernet, fiber optic, coaxial) connecting to appliances like routers and switches, which direct data packets where they need to go.
The rise of Wi-Fi and cellular data networks have replaced some of those wires with wireless signals, but even radio waves are in the realm of the physical, and they connect back to cell towers or Wi-Fi access points.
In the seven-layer OSI network reference model, all of that network equipment, processing, and communication occupies the lowest three layers: Level 3 (the network), Level 2 (the data link), and Level 1 (the physical layer).
In a virtual network, all of that activity takes place in software.
Virtual networks may exist entirely within a single physical machine – a server. Or they may constitute an abstraction layer running on top of a physical network, whose configuration and topography may be quite different from that of the virtual network.
Building a virtual network is a complex undertaking, but the benefits are enormous: networks can be reconfigured simply by changing a file, rather than through laborious physical labor that might involve crawling through ductwork.
How does a virtual network work?
To understand how a virtual network works, let's start with a related and somewhat more familiar concept: a virtual machine. Most of us are familiar with VMs, which makes it possible to run multiple application instances on one physical machine.
[ REGISTER NOW for the security event of the year! CSO50 Conference + Awards, October 2-4 ]
These VMs don't really "know" that they're virtual; all the system calls and other communication that they would normally have with the underlying hardware is intercepted by a software layer called a hypervisor. The hypervisor juggles requests from multiple VMs running on the same machine to make the most efficient use of the underlying hardware resources.
A VM and can even translate instructions across hardware platforms, so that a VM could, for instance, run on an x86 machine even though it's been designed for ARM processors. The hypervisor is able to return the results that the VM expects to receive from the hardware.
A virtual network is based on the same principles. Software is configured to emulate a network with the specific topography desired by its administrators. As is the case with VMs, a virtual network is able to do its magic because the operating systems and applications communicating with it don't know (or care) whether or not they're talking to a real switch or a virtual switch (vSwitch).
They just send out packets marked with certain network routing information in their headers and expect to receive similar packets in return. Because that sort of communication is standardized, it's easy to build software that can emulate how a physical network card, switch, or router would behave, and indeed tools like Open vSwitch can run either on a hypervisor or as the control stack for physical networking hardware.
Once the hypervisor has these packets, it has to figure out how to route them to their destination, just like physical network hardware would. The difference is that the hypervisor must translate information about the software-defined virtual network—the one that our computer "thinks" it's attached to—to information about the actual underlying physical environment.
A computer might think that it's sending a packet to another computer on the same local area network, but in reality the two machines might be in different countries—or might be two virtual machines running on the same server.
The hypervisor will often solve this problem by enclosing the packet inside another packet that has different routing information in its header, and then handing that packet over to physical networking infrastructure. Once that packet arrives at its destination, the exterior packet is stripped away; the system that receives the packet will perceive it as having arrived via the virtual network, not the actual physical network that it traversed.
It goes without saying that implementing a virtual network takes quite a bit work and ingenuity. Why go through the trouble? A description of the different types of virtual networks will provide a sense of the real-world scenarios where they're useful.
Types of virtual networks
One important distinction is between internal and external virtual networks. An internal virtual network is used to connect multiple VMs running on the same server. In this case, the hypervisor doesn't need to encapsulate network packets and send them out across a real network; it just figures out which VM they're intended for and delivers them.
It might seem odd to use protocols developed for computer-to-computer communications as a means for two processes running on the same physical hardware to communicate. But remember, one of the benefits of virtualization is that you can run multiple out-of-the-box operating systems as entirely separate and self-contained processes on the same server.
Using standard networking packets and protocols for this purpose, along with their associated security infrastructure, means that these VMs can run and communicate with each other without modification.
External virtual networks, on the other hand, involve separate physical computers (or a mix of VMs and physical machines). In this scenario, machines are connected by traditional physical networking equipment (including connections over the open internet), but the network administrator will create a virtual network topology that's different from the underlying physical one.
There are three classes of virtual network, which could be internal or external:
A Virtual Private Network (VPN) is the simplest form of virtual network. The most common scenario consists of a single computer connecting over the open internet to a local corporate network. From the perspective of that computer and other computers it interacts with, the computer is part of the LAN once the VPN is established, even though it's remote.
A Virtual Local Area Network (VLAN) is more complex: it consists of an entire local area network defined virtually. A VLAN can be created by dividing a single physical LAN into multiple VLANs, or combining physically separate LANs into a single VLAN.
A Virtual Extensible Local Area Network (VXLAN) is a souped up version of a VLAN, which allows large LANs to be subdivided into many more separate VLANs, and also makes it easier to migrate VMs without interrupting services, both of which are key for cloud infrastructure.
Advantages and benefits of virtual networks
Virtual networking is an absolute necessity when you have multiple VMs running on the same hardware—a common scenario in cloud computing. Creating VLANs and VXLANs atop existing physical networks, meanwhile, allows admins to restructure networks to meet their needs quickly — and often, in the era of infrastructure as code, automatically. This would be difficult or impossible to do by manually rebuilding physical networks.
The advantages of virtual networking include:
Reducing the cost and maintenance involved with physical networking hardware.
Streamlining network administration by centralizing and automating control.
Offering more flexible and fine-grained network configuration options.
These benefits all help boost IT productivity and lower administrative costs, which is a big reason why virtual networking is here to stay