As many of you know, or newcomers to IT see, we love our acronyms. For whatever reason, IT is littered with two, three or four letter acronyms. SDN seems to have accelerated this phenomenon. As this title suggests I will describe SDN, NV and NFV in this blog. All of them in our opinion (at Pica8) are software driven schemes that will forever change the way we think about service and application delivery. Each is a different approach to network programmability. Let’s look into the latest acronyms.
Network Virtualization (NV)
NV is for anybody who’s using virtual machine technology. One data center challenge is to move VMs across different logical domains. NV attacks this problem. NV creates logical segments in an existing network by dividing the network at the flow level (similar to partitioning a hard drive). The goal is to allow people to move VMs independently of their existing infrastructure and not have to reconfigure the network.
NV is an overlay. Rather than physically connecting two domains in a network, NV creates a tunnel through the existing network to connect two domains. NV saves administrators from having to physically wire up each new domain connection, especially for virtual machines. With NV, administrators don’t have to change what they have already done: they get a new way to virtualize their infrastructure and make changes on top of an existing infrastructure.
NV runs on high-performance x86 platforms.
Network Functions Virtualization (NFV)
If NV offers the capability to create tunnels through a network and use per-flow service thinking, NFV puts network services on those tunnels. NFV virtualizes Layer 4-7 functions such as firewall or IDPS, or even load balancing (application delivery controllers) and applies them to specific tunnels created by NV.
The question NFV answers is this: If administrators can set up a VM by pointing and clicking, why can’t they turn up a firewall or IDS/IPS in the same way? If you have a specific tunnel you’re punching through the infrastructure, you can add a firewall or IDS/IPS to just that tunnel. The goal is to allow people to create a service profile for a VM, or flow, and leverage x86 muscle to build an abstraction on top of the network (the tunnel) and then build virtual services on that specific logical environment. Once in place, NFV saves a lot of time on manual provisioning and training.
NFV also reduces the need to overprovision: rather than buying big firewall or IDS/IPS boxes that can handle a whole network, the customer can buy functions for the specific tunnels that need them. This reduces initial CapEx, but the operational gains are the real advantage. NFV can be thought of as a parallel to VMware, with a few boxes running a lot of virtual servers, and a point and click provisioning system.
NFV runs on high-performance x86 platforms.
Software Defined Networking (SDN)
Rather than virtualizing existing connections and running services on top of them, SDN uses canned processes to provision the network. For example, instead of building a network tap using an appliance, users can use SDN to program the network when they want to build a tap.
SDN makes the network programmable by separating the control plane (telling the network what goes where) from the data plane (sending packets to specific destinations). It relies on switches (rather than on X86 servers) that can be programmed through an SDN controller using an industry standard control protocol like OpenFlow.
While NV and NFV add virtual tunnels and functions to the existing physical network, SDN changes the physical network, and therefore is really a new externally driven means to provision and manage the network. A use case may involve moving a large “elephant flow” from a 1G port to a 10G port, or aggregation of lot of “mice flows” to one 1G port.
To make it short and sweet, NV and NFV are for moving VMs and implementing network services on existing networks, while SDN requires a new network construct where the data and control planes are separate.