Feeds

VMware, Cisco stretch virtual LANs across the heavens

VXLAN virtualizes Layer 3 networks

Beginner's guide to SSL certificates

VMworld 2011 VMware and Cisco have teamed up with a quartet of fellow industry heavyweights to attack a vexing virtual-network configuration problem by proposing a solution that takes its inspiration from – of all places – cell phones.

VMware has long since figured out how to teleport virtual machines around a network of servers using its vMotion live migration, and the company now includes vMotion for Storage with its new vSphere 5.0 hypervisor stack, allowing for data to be moved closer to virtual machines as they flit around. But the network itself remains rigid and often requires manual reconfiguration, which defeats the purpose of having a cloud manage itself.

VMware was out there on the forefront of virtual switching with the inclusion of its own virtual switch in earlier implementations of the vSphere stack. Networking giant Cisco Systems created its own Nexus 1000V virtual switch for network admins who want to work with the same Cisco IOS switch operating system and related management tools.

But these virtual switches only work within the confines of a single rack or blade server chassis, not across the entire data center network. Xsigo Systems has come up with its own way around the virtual LAN reconfiguration problem, and some other switch makers have made their switches VM-aware to minimize the amount of tweaking network admins need to do as VMs migrate.

But proprietary solutions can lead to madness, so VMware and Cisco want everyone to cope with the VLAN reconfiguration problem in a standardized way. That's why they've hooked up with Arista Networks, Emulex, Broadcom, and Intel to propose that we all adopt something they're calling Virtual Extensible LAN, or VXLAN for short.

VMware VXLAN

VXLAN: Calling all VMs

During his VXLAN tech preview at VMworld in Las Vegas, VMware CTO Steve Herrod said that the technology borrows a metaphor from telephone networks.

In the old days, he said, before cell phones came along, your phone number wasn't just something that identified you, it was also something that identified where you were. And the problem with an IP address on a local area network is that it has also been used to code both identity and location on the network.

What we need to do, Herrod said, and what VMware and Cisco are proposing to do with VXLAN, is to break the linkage between location and identity with IP numbers, just like cell phone networks do with our phone number.

"This is one of the largest steps in the virtualization journey we started on years ago," Herrod said in his keynote, adding that VXLAN works by encapsulating Layer 2 packets in the Layer 3 part of the IP network. The upshot, he said, was that vMotion would work without having to manually reassign IP addresses if a VM was assigned a location on the server network out of reach of its original virtual switch.

In a blog post, Herrod wrote that the VXLAN approach will encapsulate MAC addresses inside of UDP, providing an abstracted Layer 2 network for the VMs to link to. In essence, VXLAN turns Layer 3 networks into a kind of hypervisor for Layer 2 networks, "allowing VMs to communicate with each other using a transparent overlay scheme over physical networks that could span Layer 3 boundaries," he wrote.

And because this is a virtualized Layer 3 network, you can separate out Layer 2 networks and do so programmatically and on the fly - just like virtual servers are spun up and down atop a server virtualization hypervisor today.

One of the problems is that networks top out at 4,094 VLANs, and a compute cloud with thousands of servers and tens of thousands of VMs will easily smack up against this ceiling. Virtual server clouds want a Layer 2 network to span the entire data center, or even perhaps span multiple data centers or out to public clouds, allowing a VM to easily move across network boundaries.

VMware will be adding VXLAN technologies to its Distributed Virtual Switch at the heart of the vSphere stack, as well as in its vSwitch virtual switch and network I/O controls inside of the hypervisor. Herrod wrote that Cisco plans to implement VXLAN with its Nexus 1000V virtual switch as well, and that "other partners will soon announce their approach".

To help get other networking providers on board with VXLAN, VMware and Cisco have put out a draft specification with the Internet Engineering Task Force to get the standards process rolling. "To achieve its full potential, VXLAN must be adopted across the industry, and we’re committed to helping this happen in an open and standards-compliant way," Herrod wrote.

According to the IETF spec, the Layer 2 overlay for Layer 3 networks does so in segments that are given a 24-bit segment identification called the VXLAN Network Identifier, or VNI. This 24-bit ID allows up to 16 million VXLAN segments to coexist on the same network administration domain. The beauty of this scheme is that the VM is totally unaware that it is not just talking using the same MAC addresses and Layer 2 networks it has in the past. ®

Security for virtualized datacentres

More from The Register

next story
It's Big, it's Blue... it's simply FABLESS! IBM's chip-free future
Or why the reversal of globalisation ain't gonna 'appen
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Bitcasa bins $10-a-month Infinite storage offer
Firm cites 'low demand' plus 'abusers'
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
CAGE MATCH: Microsoft, Dell open co-located bit barns in Oz
Whole new species of XaaS spawning in the antipodes
Microsoft and Dell’s cloud in a box: Instant Azure for the data centre
A less painful way to run Microsoft’s private cloud
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.