The term network virtualization can mean different things to different people. Despite the different interpretations, many of the inherent benefits and deployment mechanisms of network virtualization are the same. Yet, the driving factors behind moving toward a virtualized network can vary based on business need and the location of virtualized network components within a corporate network.
For enterprises, the key benefits of network virtualization include the following:
- improved network traffic performance and bandwidth efficiencies;
- better security controls;
- hardware cost savings;
- enhanced scalability connections;
- software-defined intelligence; and
- centralized network management and configuration control.
To reap these benefits, enterprises need to evaluate where and how they can implement network virtualization. Let's explore some examples of network virtualization use cases, how network virtualization is implemented into different parts of an infrastructure, and the benefits and drawbacks of each deployment.
Network virtualization in the LAN
Network virtualization within the LAN has been commonplace in the enterprise for several decades. Virtual LANs (VLANs) have been widely adopted since the 1990s. Initially, this was because enterprises needed to break up a network into multiple broadcast domains so it could run more efficiently. Since that time, however, the use of VLANs has expanded to address both quality of service (QoS) and cybersecurity issues.
From a QoS perspective, VLANs categorize users and traffic from which QoS policy can be attached. Traffic tagged with a specific VLAN can have QoS priorities inserted into the packet. This marking dictates whether the packets should be transmitted or queued for transmission, enabling higher-priority traffic to go first. Ultimately, the use of VLANs with QoS enables mission-critical data to flow as normal during times of congestion across the LAN.
VLANs can also help separate communications from a cybersecurity perspective. Access control lists can be configured and applied to a VLAN that permits or denies inbound/outbound access between itself and devices residing in other VLANs. This is a simple access control mechanism that's helpful when network firewalls are not available.
Network virtualization in the data center
The network location that makes the most use of network virtualization is the data center. It's here where administrators can best use advanced software-defined network functions to enhance performance, scalability and security.
By placing network security services as close as possible to an application workload, policy can be implemented at the OS or hypervisor level to restrict communications via Layers 4 to 7 firewalls and integrate cybersecurity tools, including intrusion prevention and defense systems and network sandboxing. Placing these services here eliminates much of the need to hairpin traffic through various physical security appliances, which can introduce network bottlenecks and unnecessary latency.
Scalability is another huge benefit offered through network virtualization. Because connectivity to logical networks can be expanded through software-defined virtualized network interfaces, there's no longer a concern about running out of physical network appliance ports inside a data center. Instead, as long as sufficient compute and memory resources are allocated to virtual network functions, connectivity is unlimited for all practical purposes.
Network virtualization in the WAN
Lately, the use of network virtualization in WAN deployments has been a relatively hot topic thanks to the introduction of software-defined WAN (SD-WAN). These SD-WAN technologies decouple networking intelligence from physical hardware, which enables improved scalability and unified control and policy enforcement over multiple WAN links.
At its core, SD-WAN is the use of virtualized software resources that establish remote access connections over long distances using service provider transport, such as MPLS, leased lines, cellular or internet broadband. Additionally, SD-WAN incorporates traffic steering intelligence for WAN communications that have two or more paths to a remote destination.
The two major drivers of virtualizing the WAN via SD-WAN technologies are performance and cost savings. Performance can be gained using the intelligence built into the platform that can identify outages or areas of congestion along one WAN path -- and then have the traffic rerouted across the more stable and lower-latency alternative path. This built-in traffic intelligence can significantly improve application performance for users in remote locations.
The cost savings benefit of SD-WAN occurs when the business feels comfortable enough to trust the performance routing intelligence of SD-WAN. In turn, IT leaders may opt to use lower-cost internet broadband links more, reducing the overall number of expensive MPLS/leased lines required to serve a remote site.
Finally, a more recent trend of SD-WAN -- and the intelligent virtualized network services that come with the technology -- is to combine it with public cloud and edge connectivity. This architecture eliminates much of the network hairpinning found in traditional WAN deployments and instead can direct traffic straight to cloud or edge resources, producing even more network performance gains.