Network virtualization is the process of combininghardware network resources and software network resources into a single administrativeunit. The goal of networkvirtualization is to provide systems and users with efficient, controlled,and secure sharing of the networking resources.
The end product of network virtualization is the virtual network.Virtual networks are classified into two broad types, external and internal. External virtual networks consist of several local networks thatare administered by software as a single entity. The building blocks of classicexternal virtual networks are switch hardware and VLAN software technology.Examples of external virtual networks include large corporate networks anddata centers.
An internal virtual network consists of one systemusing virtual machines or zones that are configured over at least one pseudo-networkinterface. These containers can communicate with each other as though on thesame local network, providing a virtual network on a single host. The buildingblocks of the virtual network are virtual network interface cardsor virtual NICs (VNICs) and virtual switches. Solaris network virtualizationprovides the internal virtual network solution.
You can combine networking resources to configure both internal andexternal virtual networks. For example, you can configure individual systemswith internal virtual networks onto LANs that are part of a large, externalvirtual network. The network configurations that are described in this partinclude examples of combined internal and external virtual networks.
Types of Containers for Network Virtualization onthe Solaris OS
You can use several different types of virtual containers in a SolarisOS-based virtual network. These containers include machines and zones. A virtual machine is a container with its own kernel and IP protocolstack. A zone is a container that provides an isolated environment for runningapplications.
Sun xVM Virtual Machines
SunTM xVM is virtual machine technologythat enables you to create multiple instances of an operating system on theinterfaces of a single x86–based system. The Sun xVM hypervisor controlsthe allocation and operation of the domains. For more information on xVM,refer to Introduction to the Sun xVM Hypervisor. xVM is based on the OpenSource XEN hypervisor, which is described on the xen.org website.
Non-Global Zones and Exclusive IP Zones
Though not true virtual machines, zones are light weight applicationenvironments that share a host's kernel and IP stack. You can configure exclusiveIP instances for a non-global zone, which provides that zone with its own,exclusive TCP/IP protocol stack. Both standard non-global zones and exclusiveIP zones can be configured on a Solaris-based virtual network. For basic informationabout zones, refer to Chapter 16, Introduction to Solaris Zones, in System Administration Guide: Virtualization Using the Solaris Operating System.
LDOMs Virtual Machines
The Libvert for LDOMs (Logical Domains) software provides a hypervisorand set of commands that enable you to set up and administer logical domainson a Solaris OS-based virtual network. Each logical domain can run an instanceof an operating system to enable multiple operating systems on the same computer.For information on LDOMs, refer to the Logical Domains (LDoms) 1.0.1 Administration Guide.
Parts of the Internal Virtual Network
An internal virtual network built on the Solaris OS contains the followingparts:
At least one network interface card, or NIC.
A virtual NIC, or VNIC, which is configured on top of thenetwork interface
A virtual switch, which is configured at the same time asthe first VNIC on the interface.
A container, such as a zone or virtual machine , which isconfigured on top of the VNIC.
The next figure shows these parts and how they fit together on a singlesystem.
Figure9–1 VNIC Configuration for a Single Interface
The figure shows a single system with one NIC. The NIC is configuredwith three VNICs. Each VNIC supports a single zone. Therefore, Zone 1, Zone2, and Zone 3 are configured over VNIC 1, VNIC 2, and VNIC 3, respectfully.The three VNICs are virtually connected to one virtual switch. This switchprovides the connection between the VNICs and the physical NIC upon whichthe VNICs are built. The physical interface provides the system with its externalnetwork connection.
Alternatively, you can create a virtual network based on the etherstub.Etherstubs are purely software and do not require a network interface as thebasis for the virtual network.
A VNIC is a virtual network device with the samedata-link interface as a physical interface. You configure VNICs on top ofa physical interface. For the current list of physical interfaces that supportVNICs, refer to the NetworkVirtualization and Resource Control FAQ. You can configure up to 900VNICs on a single physical interface. When VNICs are configured, they behavelike physical NICs. In addition, the system's resources treat VNICs as ifthey were physical NICs.
Each VNIC is implicitly connected to a virtual switch thatcorresponds to the physical interface. The virtual switch provides the sameconnectivity between VNICs on a virtual network that switch hardware providesfor the systems connected to a switch's ports.
In accordance with Ethernet design, if a switch port receives an outgoingpacket from the host connected to that port, that packet cannot go to a destinationon the same port. This design is a drawback for systems that are configuredwith zones or virtual machines. Without network virtualization, outgoingpackets from a virtual machine or a zone with an exclusive stack cannot bepassed to another virtual machine or zone on the same system. The outgoingpackets go through a switch port out onto the external network. The incomingpackets cannot reach their destination zone or virtual machine because thepackets cannot return through the same port as they were sent. Therefore,when virtual machines and zones on the same system need to communicate, adata path between the containers must open on the local machine. Virtual switchesprovide these containers with the method to pass packets.
How Data Travels Through a Virtual Network
Figure9–1 illustrates asimple VNIC configuration for a virtual network on a single system.
When the virtual network is configured, a zone sends traffic to an externalhost in the same fashion as a system without a virtual network. Traffic flowsfrom the zone, through the VNIC to the virtual switch, and then to the physicalinterface, which sends the data out onto the network.
But what happens if one zone on a virtual network wants to send packetsto another zone on the virtual network, given the previously mentioned Ethernetrestrictions? As shown in Figure9–1,suppose Zone 1 needs to send traffic to Zone 3? In this case packets passfrom Zone 1 through its dedicated VNIC 1. The traffic then flows through thevirtual switch to VNIC 3. VNIC 3 then passes the traffic to Zone 3. The trafficnever leaves the system, and therefore never violates the Ethernet restrictions.
Who Should Implement Virtual Networks?
If you need to consolidate resources on Sun servers, consider implementingVNICs and virtual networks. Consolidators at ISPs, telecommunications companies,and large financial institutions can use the following network virtualizationfeatures to improve the performance of their servers and networks.
NIC hardware, including the powerful new interfaces that supporthardware rings
Multiple MAC addresses for the VNICs
The large amount of bandwidth provided by newer interfaces
You can replace many systems with a single system that implements runningmultiple zones or virtual machines, without significantly losing separation,security, and flexibility.
