Network Virtualization

This section looks at the important area of network virtualization. One immediate difficulty is that this term is
defined differently in a number of academic and industry publications. So we begin by defining some terms,
based on definitions in ITU-T Y.3011 (Framework of Network Virtualization for Future Networks, January
2012):
Physical resource: In the context of networking, physical resources include the following: network devices,
such as routers, switches, and firewalls; and communication links, including wire and wireless. Hosts such as
cloud servers may also be considered as physical network resources.
Logical resource: An independently manageable partition of a physical resource, which inherits the same
characteristics as the physical resource and whose capability is bound to the capability of the physical resource.
An example is a named partition of disk memory.
Virtual resource: An abstraction of a physical or logical resource, which may have different characteristics
from the physical or logical resource and whose capability may be not bound to the capability of the physical or
logical resource. As examples, virtual machines (VMs) may be moved dynamically, VPN topologies can be
altered dynamically, and access control restrictions may be imposed on a resource.
Virtual network: A network composed of multiple virtual resources (that is, a collection of virtual nodes and
virtual links) that is logically isolated from other virtual networks. Y.3011 refers to a virtual network as a
logically isolated network partition (LINP).
Network virtualization (NV): A technology that enables the creation of logically isolated virtual networks
over shared physical networks so that heterogeneous collections of multiple virtual networks can
simultaneously coexist over the shared physical networks. This includes the aggregation of multiple resources
in a provider and appearing as a single resource.
NV is a far broader concept than VPNs, which only provide traffic isolation, or VLANs, which provide a basic
form of topology management. NV implies full administrative control for customizing virtual networks both in
terms of the physical resources used and the functionalities provided by the virtual networks.
The virtual network presents an abstracted network view whose virtual resources provide users with services
similar to those provided by physical networks. Because the virtual resources are software defined, the manager
or administrator of a virtual network potentially has a great deal of flexibility in altering topologies, moving
resources, and changing the properties and service of various resources. In addition, virtual network users can
include not only users of services or applications but also service providers. For example, a cloud service
provider can quickly add new services or expanded coverage by leasing virtual networks as needed.
A Simplified Example
To get some feel for the concepts involved in network virtualization, adapted from the ebook Software Defined
Networking—A Definitive Guide [KUMA13], shows a network consisting of three servers and five switches.
One server is a trusted platform with a secure operating system that hosts firewall software. All the servers run a
hypervisor (virtual machine monitor) enabling them to support multiple VMs. The resources for one enterprise
(Enterprise 1) are hosted across the servers and consist of three VMs (VM1a, VM1b, and VM1c) on physical
server 1, two VMs (VM1d and VM1e) on physical server 2, and firewall 1 on physical server 3. The virtual
switches are used to set up any desired connectivity between the VMs across the servers through the physical
switches. The physical switches provide the connectivity between the physical servers. Each enterprise network
is layered as a separate virtual network on top of the physical network. Thus, the virtual network for Enterprise
1 by a dashed circle and labeled VN1. The labeled circle VN2 indicates another virtual network.
Simple Network with Virtual Machines Assigned to Different Administrative Groups
At the bottom are the physical resources, managed across one or more administrative domains. The servers are
logically partitioned to support multiple VMs. This includes, at least, a partitioning of memory, but may also
include a partitioning of the pool of I/O and communications ports and even of the processors or cores of the
server. There is then an abstraction function that maps these physical and logical resources into virtual
resources. This type of abstraction could be enabled by SDN and NFV functionality, and is managed by
software at the virtual resource level.

Levels of Abstraction for Network Virtualization

Another abstraction function is used to create network views organized as distinct virtual networks. Each virtual
network is managed by a separate virtual network management function.
Because resources are defined in software, network virtualization provides a great deal of flexibility, as this
example suggests. The manager of virtual network 1 may specify certain QoS requirements for traffic between
VMs attached to switch 1 and VMs attached to switch 2, and may specify firewall rules for traffic external to
the virtual network. These specification must ultimately be translated into forwarding rules configured on the
physical switches and filtering rules on the physical firewall. Because it is all done in software and without the
need for the virtual network manager to understand the physical topology and physical suite of servers, changes
are easily implemented.
Network Virtualization Architecture
An excellent overview of the many elements that contribute to an NV environment is provided by the
conceptual architecture defined in Y.3011. The architecture depicts NV as consisting of four levels:

Conceptual Architecture of Network Virtualization (Y.3011)

Physical resources
Virtual resources
Virtual networks
Services
A single physical resource can be shared among multiple virtual resources. In turn, each LINP (virtual network)
consists of multiple virtual resources and provides a set of services to users.
Various management and control functions are performed at each level, not necessarily by the same provider.
There are management functions associated with each physical network and its associated resources. A virtual
resource manager (VRM) manages a pool of virtual resources created from the physical resources. A VRM
interacts with physical network managers (PNMs) to obtain resource commitments. The VRM constructs
LINPs, and an LINP manager is allocated to each LINP.
Physical resource management manages physical resources and may create multiple logical resources that have
the same characteristics as physical resources. Physical and logical resources are available to the virtual
resource management at the interface between physical and virtual layers. The virtual resource management
abstracts from the physical and logical resources to create virtual resources. It can also construct a virtual
resource that combines other virtual resources. Virtual network management can build VNs on multiple virtual
resources that are provided by the virtual resource management. Once a VN is created, the VN management
starts to manage its own VN.

FIGURE 9.12 Network Virtualization Resource Hierarchical Model

Benefits of Network Virtualization
A 2014 survey [SDNC14] by SDxCentral of 220 organizations, including network service providers, small and
medium-size businesses (SMB), large enterprises, and cloud service providers, reported the following benefits
of NV (see Figure 9.13):

FIGURE 9.13 Reported Benefits of Network Virtualization

Flexibility: NV enables the network to be quickly moved, provisioned, and scaled to meet the ever-changing
needs of virtualized compute and storage infrastructures.
Operational cost savings: Virtualization of the infrastructure streamlines the operational processes and
equipment used to manage the network. Similarly, base software can be unified and more easily supported, with
a single unified infrastructure to manage services. This unified infrastructure also allows for automation and
orchestration within and between different services and components. From a single set of management
components, administrators can coordinate resource availability and automate the procedures necessary to make
services available, reducing the need for human operators to manage the process and reducing the potential for
error.
Agility: Modifications to the network’s topology or how traffic is handled can be tried in different ways,
without needing to modify the existing physical networks.
Scalability: A virtual network can be rapidly scaled to respond to shifting demands by adding or removing
physical resources from the pool of available resources.
 Capital cost savings: A virtualized deployment can reduce the number of devices needed, providing capital
as well as operational costs savings.
Rapid service provisioning/time to market: Physical resources can be allocated to virtual networks on
demand, so that within an enterprise resources can be quickly shifted as demand by different users or
applications changes. From a user perspective, resources can be acquired and released to minimize utilization
demand on the system. New services require minimal training and can be deployed with minimal disruption to
the network infrastructure.
Equipment consolidation: NV enables the more efficient use of network resources, thus allowing for
consolidating equipment purchases to fewer, more off-the-shelf products.