4ARCTIC

Virtualization Techniques

Chapter 3:

Network Virtualization
1
Chapter Content

▪ Sec 1: Introduction to Network Virtualization

▪ Sec 2 : VLANs & VPN

▪ Sec 3 : Overlay Networks

▪ Sec 4 : Active & Programmable Networks

2
Introduction to network

virtualization
3
Definitions

Virtual Networks:

▪ A virtual network (VN) is a collection of virtual nodes and virtual links. Essentially, a virtual network is
a subset of the underlying physical network resources.

▪ A network environment supporting virtualization

allows the coexistence of multiple virtual networks
on the same physical substrate.

4
Definitions (..)
Network virtualization:
▪ Network virtualization is defined by the decoupling of the roles of the traditional Internet
Service Providers (ISPs) into two independent entities :
▪ Infrastructure providers: manage the physical infrastructure,

▪ Service providers: create virtual networks by aggregating resources from multiple infrastructure
providers and offer end-to-end services.

▪ The NV creates multiple logical virtual networks having separate control and data plane.

▪ It simulates network functionality as a "virtual instance" that can be loaded on standard

platforms. Physical devices are responsible for packet transmission, while network
intelligence is provided by software.

5
Need for network virtualization

▪ Internet is almost ossified

▪ Lots of band-aids and makeshift solutions (e.g. overlays)

▪ Hard to come up with a one-size-fits-all architecture

▪ Almost impossible to predict what future might unleash

▪ Why not create an all-sizes-fit-into-one instead!

▪ Open and scalable architecture independent from hardware

▪ Testbed for future networking architectures and protocols

▪ Network provisioning time need to be reduced

6
Need for NV (..)
1. Sharing the network

▪ Different controllers for different users/traffic

▪ Multiple administrative groups (Exp : Different departments on a campus)
▪ Multiple customers (Tenants in a shared data center, Researchers on a shared infrastructure)
▪ Experiments vs. operational network (Support research without breaking real services )
▪ Expanding a network’s footprint (Lease components in another carrier’s network)
▪ Multiple services or applications in one domain

7
Need for NV (..)
2. Abstract the Topology

▪ Partial deployment
▪ Tunnel through components you don’t control
▪ Simplicity
▪ Hide inessential details, churn, migration, …
▪ Privacy
▪ Hide internal details of the network
▪ Scalability
▪ Present a smaller topology and fewer events
▪ Experimentation
▪ Try topologies that don’t really exist

8
Architecture
Business Model:

9
Architecture (..)

10
Benefits of NV
▪ Rapid innovation: network services now delivered at software speeds

▪ New forms of network control: API to NV controller allows creation and management of virtual
networks under software control

▪ Snapshot, rollback etc.

▪ Vendor choice: decoupled networking services from underlying hardware

▪ Simplified programming: expose abstractions that make sense to programmers

▪ Simplified operations: network state managed like a VM – provision centrally in SW, snapshot,
rollback, etc.
11
NV Design Goals
▪ In order to materialize network virtualization, each of these design criteria should be fulfilled.

▪ Flexibility
▪ Manageability
▪ Scalability
▪ Isolation
▪ Stability and convergence
▪ Programmability
▪ Heterogeneity
▪ Legacy support

12
NV types
▪ Four main types of VNEs:

▪ VLANs – Virtual Local Area Networks

▪ VPNs – Virtual Private Networks

▪ Overlay Networks

▪ Active and Programmable Networks

13
VLAN & VPN
14
VLANs
▪ A virtual local area network (VLAN) is a group of logically networked hosts with a single
broadcast domain regardless of their physical connectivity.

▪ VLANs provide elevated levels of isolation. So multiple partition can be created, allowing for
multiple VLANs to co-exist

15
VLAN as Network virtualization example
▪ Multiple VLANs can be created by logically by a layer 2 segmentation

Multiple Networks on the same infrastructure

▪ Each user can only communicate with other users within the same VLAN

Isolation

▪ We can create VLANs using equipment from different vendors

Independent from hardware

16
VPN Definition
▪ A VPN is an assembly of private networks connected to each other but are isolated from
public networks (e.g., the Internet).

▪ Organizations deploy VPNs to connect their offices in geographically distant locations,

while individuals who work from their home use a VPN to access internal infrastructure.

▪ Datagrams are sent across the global Internet in an encrypted format.

17
Types of VPN
▪ There are two basic VPN types:

▪ Remote Access VPN:

▪ Allows a user to connect to a private network and access its services and resources
remotely.

▪ Site – to – Site VPN (Router-to-Router VPN):

▪ Is mostly used in the corporates to interconnect offices in different geographical

locations.

▪ Multiple offices of the same company: Intranet based VPN.

▪ Companies connect to the office of another company: Extranet based VPN.

18
VPN as Network virtualization example

▪ Multiple VPNs can be created on the top of one or more network infrastructure
(or Internet)

Multiple Networks on the same infrastructure

▪ Communication is secured from public Internet traffic

Isolation

19
Overlay Networks
20
What is overlay network ?
▪ An overlay network is a logical network built on top of one or more existing physical networks.

▪ Nodes in the overlay are connected by virtual or logical links, each of which corresponds to a path,
or many physical links, in the underlying network.

▪ Example of overlay network :

▪ IP over SONET over Optical

▪ Many peer to peer networks (over Internet)

21
VXLAN definition
▪ One of the proposed protocols is the Virtual eXtensible LAN (VxLAN) proposed in RFC 7348. It
encapsulates Ethernet frames in a UDP datagram.

▪ Originally, this solution has been proposed to facilitate the interconnection of cloud servers that are
based on virtualization.

▪ Each VM on a physical machine is identified by a 24-bit VxLAN network identifier, named VNI.

▪ The hypervisor of each server manages the encapsulation and de-encapsulation of the frames
contained in the VxLANs (VTEP: VxLAN Tunnel EndPoint).

22
VXLAN Architecture

23
VXLAN Encapsulation

24
VXLAN Scenario

25
VXLAN Benefits
▪ High scalability:

▪ From 4096 VLAN ID (12 bits) to 16Millions VNID (VXLAN Network Identifier).

▪ Better utilization of network paths relying on L3 routing.

▪ Interesting that this is supported by software switches too (Open vSwitch)

26
Active & Programmable

networks
27
Promise

28
What is programmable networks ?
▪ Programmable networks research was motivated by the need to create, deploy, and
manage novel services on the fly in response to user demands.

▪ Are programmable networks VNEs ?

▪ Maybe not directly, but programmability can ensure the coexistence of multiple
networks.

29
Approaches
▪ Two approaches are proposed to implement the concept

▪ Approach 1 :

▪ Make a clear distinction between transport, control, and management planes that
constitute programmable networks and emphasizes on QoS guarantees.

▪ Approach 2 :

▪ Promote dynamic deployment of new services at runtime within the confinement of

existing networks. Routers or switches in these networks can perform customized
computations based on the contents of the active packets and can also modify them.
30
SDN
31
What is SDN ?
▪ Software-Defined Networking (SDN) is an emerging architecture that is dynamic, manageable, cost-
effective, and adaptable, making it ideal for the high-bandwidth, dynamic nature of today's
applications.

▪ This architecture decouples the network control and forwarding functions enabling the network
control to become directly programmable and the underlying infrastructure to be abstracted for
applications and network services.

▪ In an SDN scenario, the rules governing the handling of packets reach the switch from a controller,
an application that runs on a server. The switch then queries the controller for rules about packet
management.

32
SDN architecture

33
SDN layers
▪ Infrastructure layer: it is the foundation layer consists of both physical and virtual
network devices such as switches and routers. All the network devices will implement
OpenFlow protocol to implement traffic forwarding rules.

▪ Control layer: This layer consists of a centralized control plane that is decoupled from
the physical infrastructure to provide centralized global view to entire network. The layer
will use OpenFlow protocol to communicate with below layer i.e. infrastructure layer.

▪ Application layer: it consists of network services, application and orchestration tools that
are used to interact with control layer. It provide an open interface to communicate with
other layers in the architecture.

34
OpenFlow Protocol
▪ OpenFlow introduced by the McKeown group at Stanford University
(2008)

▪ The OpenFlow protocol defines

▪ A standardized API and communication method between the external controller
and OpenFlow process on the networking device
▪ The use of ‘Flow-tables’ held on the networking device which are populated by
the external controller which are used for matching and forwarding packets
35
OpenFlow components
▪ Two components :
▪ OpenFlow controller
▪ Controls one or more switches
▪ Computes paths, maintains state,
formulates flows and programs
OpenFlow Switches

▪ OpenFlow Switch
▪ Receives commands (flow entries,
queries) from the OpenFlow controller
in order to populate entries in the
flow-table
▪ Holds the flow-table in volatile memory 36
NFV
37
NFV – Network Function Virtualization
▪ NFV (Network Function Virtualization) is an approach consisting of performing certain network
functions, traditionally done on dedicated hardware, on x86 servers.

▪ Completely implemented, NFV reduces the amount of proprietary hardware needed to launch
and operate network services.

▪ Its purpose is to separate the network functions from dedicated hardware devices - such as
routers, firewalls, and load balancers - to host the services they provide on virtual machines
(VMs, Virtual Machines).

38
What network function to virtualize ?

▪ First, mobile network devices :

switches, routers, HLR, SGSN,
GGSN, CGSN, RNC, SGW, PGW,
MME ..

39
NFV vs Traditional Networks

40
Why we need NFV ?
▪ Virtualization: Use network resource without
▪ worrying about where it is physically located,
▪ how much it is, how it is organized, etc.
▪ Orchestration: Manage thousands of devices
▪ Programmable: Should be able to change behavior on the fly.
▪ Dynamic Scaling: Should be able to change size, quantity
▪ Automation
▪ Visibility: Monitor resources, connectivity
▪ Performance: Optimize network device utilization
▪ Multi-tenancy
▪ Service Integration
▪ Openness: Full choice of Modular plug-ins 41
Global architecture

42
Global architecture (NFVI, VNF, Mano)

▪ The NFV Infrastructure (NFVI) consists of physical networking, computing

and storage resources. These resources can be geographically distributed
and exposed as a common networking/NFV infrastructure.
▪ Virtualized Network Functions (VNFs) are software implementations or
virtualization of network functions (NFs) that are deployed on virtual
resources such as VM.
▪ NFV Management and Orchestration functions provide the necessary tools
for operating the virtualized infrastructure, managing the life cycle of the
VNFs and orchestrating virtual infrastructure and network functions to
compose value-added end-to-end network services.

43
 WS : Network Virtualization
Building and configuring a simple SDN architecture using Mininet

46