Welcome back. We are continuing our discussion of network virtualization and in this lecture we will look at various examples of network virtualization and how it has been applied to solve problems in real world networks. We'll look at three broad applications of virtual networking. We will first look at how virtual networking has enabled experimentation on production networks. And in particular how it allows researchers to run virtual experimental infrastructure in parallel with production networks on the same underlying physical network infrastructure. We'll also look at how virtual networking enables rapid deployment and development of new network services. And in particular, how it allows operators to deploy services independently from the underlying vendor hardware. Finally, we'll look at how virtual networking enables the dynamic scaling of resources by exposing the abstraction of a logical network that is distinct from the underlying physical resources. So let's first look at how virtual networking enables experimentation of production networks. So, historically, network researchers have designed new network protocols or architectures and they'd like to evaluate or test them. Now, there are various approaches to doing so. One could run the new protocol or architecture in a simulator, or test it in an emulator like VINI or Emulab. But, when it comes to actually deploying that new architectural protocol in production, researchers have historically hit a roadblock. And there's a bit of a catch-22 situation. In order to prove or show that that protocol or architecture works in production, they need to deploy it on a production network. But, of course, it's experimental. So, no operator would take that experimental protocol or architecture and want to run that on production traffic with real users. So, ideally, we'd have something that lets that researcher deploy that experimental infrastructure in parallel with the production network. And, that's effectively what a piece of software called FlowVisor does. FlowVisor basically virtualizes network control by letting experimental traffic run in parallel on the production network with the real user, and real production traffic. So the idea here is that a user, Doug for example, might have many different types of network traffic, and many different applications. Such as, voice over IP, web, gaming and so forth. And that user might be willing to let researchers run experimental protocols or architectures on some subset of the traffic, particularly if the traffic is not as critical. So what FlowVisor allows Doug to do, is specify some subset of the traffic that he is willing to let run over that experimental network control. Now this virtualization is achieved using a concept called flow space. The idea here, is basically that some subset of traffic flows, based on IP address, port, and so forth, might be specified as being controlled by an experimental network controller, as opposed to the production network controller. We'll talk a lot more about virtualization of network control when we discuss the nuts and bolts of SDN control in later modules. A second application for network virtualization is the deployment of new services. Now one particular platform that allows this is Nicira's network virtualization platform. And the idea here, is that the platform provides an abstraction layer between hosts and the underlying network. So, hosts essentially see their version of a virtual network that's running potentially independently of other virtual networks. And the provisioning of these virtual networks is all managed by a distributed controller. So you can see, again, the potential connection between software defined networks and network virtualization here in this particular application because a controller might be managing the provisioning and configuration of those virtual network resources. So, various applications for the network virtualization platform include dynamic workload placement. For example, suppose you are a very large data center operator and you have multiple tenants running applications or services on the servers and switches in that data center. If you are that operator, you need some kind of platform to allow for the creation of isolated virtual networks, for each tenant. Each tenant needs the appearance of running on their own dedicated infrastructure that's isolated and separate from other tenants. Technology that allows for the creation and management of separate virtual networks makes this possible. By contrast, imagine if you did not have network virtualization. Each tenant would effectively have to deploy their own resources, their own servers and switches. And the pool of physical resources that support those services, applications and tenants couldn't be reused as demands change. Another application for network virtualization is the enforcement of dynamic security policies. So, by creating the appearance of a single logical network, a network operator then has the opportunity to specify a central higher level security policy that can be managed based on what the logical network looks like. As opposed to having to manage each firewall and switch independently. A third application for virtual networking is the dynamic scaling of resources. So, here's an example that shows that. Suppose that you're an enterprise network and you have a particular set of resources that you've allocated for the tasks that you need to perform. Well, depending on various circumstances, such as a sudden fluctuation in demand disaster and so forth, you might suddenly need additional resources. Now, if you didn't have network virtualization, you'd need to go out and buy those resources yourself. But instead, what you might do is use something like Amazon's Virtual Private Cloud to dynamically provision and configure additional resources on demand. This application offers many benefits, including the ability to dynamically scale the resources that are available to you based on demand. The Virtual Private Cloud effectively allows each customer to define their own network, address space and so forth. And actually connect it to the physical network that they already have, typically using a virtual private network between the Amazon Virtual Private Cloud and their existing data center. There are various additional benefits and applications to this type of virtual networking application, including the ability to say, for example, potentially recover from a disaster. Or, outsource the management of some of your network resources to a third party. There are many other examples of network virtualization. One class of virtual networks, which we've already discussed, are those that support virtual networks in the wide area. So there are a variety of classes of wide area virtual networks, some that support network experimentation such as VINI and GENI. Some that support value added services like CABO, and some that support multiple control infrastructures like the Tempest architecture. Another type of virtual network that's becoming increasingly popular is the virtual network in a box. And the idea here is that there is often the need to dynamically slice the resources on a single server and connect those virtual machines, on a single server, to the network or to each other. And various commercial offerings of a virtual network in a box are available. Finally, another class of network virtualization that's gaining some traction is something called network functions virtualization. And the idea here is essentially the unification of middle box function. Presently, network operators have to purchase a variety of middle boxes, such as firewalls, load balancers, deep packet inspection boxes, and so forth. And the idea behind network functions virtualization is, let's suppose instead that we had a distributed compute pool where we could dynamically install many of those functions as software potentially running in virtual machines. And then network them together using existing virtual network technology such as that which we've discussed in this and other lessons. So, in summary, there are many applications of virtual networking. Virtual networking can support experimental deployments. It can provide isolation to different tenants running on a shared infrastructure. It can allow dynamic reuse of resources from a common pool, as well as dynamic scaling. And it can also allow for easier management of those logical resources.
