Lippis Report 189: A New, Easier and Low-Cost Approach to Network Virtualization Emerges from Cisco

Network virtualization design or the ability to divide a physical network into multiple logical networks, each with unique attributes, has grown in popularity. IT business leaders have searched for ways to segment their network, providing different and isolated characteristics for different user groups. Network virtualization is very popular in healthcare, education, travel and other industries, but has been too expensive and complex for the broader market to implement, until now. Network virtualization can be implemented via VRF- (or virtual routing forwarding) lite, MPLS, and now with Cisco’s new Easy Virtual Network, all of which, by the way, are far easier to manage and much lower cost than building overlay networks. In this Lippis Report Research Note, we explore network virtualization approaches in campus networking for segmentation or isolation of groups and its simplification properties.

The Emergence Of A Virtualization Stack For Cloud Ready Data Centers

Visit the Link

There are multiple drivers to virtualize an enterprise network.
From a business point of view, network virtualization addresses regulatory compliance and security, and simplifies infrastructure consolidation, thanks to mergers and acquisition of two concerns. For example, in financial services, regulators require separation of commercial investment banking from other bank operations. Airports need to support multiple airlines and airport businesses, such as restaurants and kiosks located in terminals, each with different network requirements. A more general-purpose example is network virtualization enabling IP video surveillance flow access being limited to only select staff, providing security of surveillance video access.

Alcatel-Lucent OmniSwitchTM 6900-X40

Visit the Link

To design a virtualized network, a number of standards and best practices have been developed. Service providers utilize MPLS to virtualize networks due to its capabilities and scale but this approach is best for very large corporations and service providers, thanks to its cost. VRF-lite or VPN routing/forwarding is a simpler and lower cost alternative to network virtualization but still too complex to deploy, thanks to multiple lines of code required to configure routers/switches, which is implemented hop-by-hop. To bring the benefits of network virtualization to more corporations, Cisco has launched a new option called Easy Virtual Network or EVN that promises to simplify the configuration and management process making network virtualization a more broadly-available network design option. EVN is supported across the ASR 1000, Catalyst 6500 with Supervisor 2T and Catalyst 4500 with Supervisor 7E with more platforms to come.

Building an Intelligent Mobile Edge Network

Listen to the Podcast

What Is Network Virtualization?

Before we dive into EVN, a quick definition of network virtualization is in order. Most IT leaders are familiar with server virtualization, where a single server may support 10, 20 or 30 virtual machines. Consider a DHCP server that may demonstrate relatively low CPU or memory utilization; in effect, it’s not fully utilizing this computing resource. To take advantage of that computing resource, IT would start stacking virtual servers with virtual machines on the physical server, adding applications until CPU and memory are utilized. Network virtualization does the same. Rather than keeping all network topology information such as subnets that are being routed and switched in one global flat routing table, Cisco is enabling the creations of multiple routing tables that are logically separated. But a network administrator may share physical routes within the routing table to create unique separate logical networks.

Cisco Simplifies Network Virtualization via Easy Virtual Network

Listen to the Podcast

These logical networks share one physical network and select shared resources too. For example, assume a network operator creates separate networks for two departments, but he/she doesn’t want to buy two separate DHCP servers. The network operator can configure the DHCP server address to be shared between the two logical networks, but all other assets are separated/isolated. User groups in one virtual network do not talk to user groups in another virtual network.

IBM On A Smart Network Fabric

Listen to the Podcast

Network virtualization uses the same routing protocols that are already deployed, such as BGP, EIGRP, OSPF, etc., providing the same functionality with the same terms of access lists. In short, network virtualization—like server virtualization—increases the utilization or utility of an invested infrastructure. Just like multiple VMs are layered on top of a single physical server, multiple virtual networks can be layered onto a single network infrastructure by thin slicing the routing table, creating multiple instances.

Cloud Computing Advantages in the Public Sector

Get the White Paper

Multiple Network Virtualization Options

VRF-lite and MPLS provide network virtualization at scale. Some corporations have thin sliced their routing table to create hundreds of different routing instances or what is called VRFs or virtual routing forwarding instances. MPLS-based virtualized networks can scale to hundreds, whereas VRF-lite starts to be cumbersome around 12, thanks to manual configuration of routing instances. EVN can support 32 virtual networks, which is about the level most enterprise IT leaders want to segment their networks. What’s most popular is creating virtual networks for a guest wireless network, building management equipment network, user traffic and video surveillance network. The key factor in choosing VRF-lite, MPLS or EVN is scale or the number of virtual networks plus operational cost associated with configuration and management.

Learn the Methodology for IPv6 Success

Get the White Paper

Easy Virtual Network

EVN is the next step beyond VRF-lite, which has been plagued by manual configuration and being cumbersome at scale as the number of VRF instances or different segments increase. EVN addresses this configuration and management complexity or overhead of network virtualization. In EVN, Cisco has simplified the Command Line Interface or CLI commands much like it did for VLANs with VTP or VLAN Trunking Protocol. VTP reduces VLAN administration in a switched network. When a new VLAN is configured on one VTP server, the VLAN is distributed through all switches in the domain. This reduces the need to configure the same VLAN on every switch.

Embedded DWDM and Distance Extension Solution

Get the White Paper

Just like VTP simplified the configuration of VLANs, so too does EVN for network virtualization. With a single command, Cisco’s Catalyst 6500s automatically provision the virtual networks on the core interfaces rather than manually configuring every virtual link. Imagine a network of 50 devices where every device has four neighbors; before EVN, the network administrator would configure each virtual network manually. With EVN, configuration is centralized and distributed to each interface on the core routers.

A Massive 40GbE Test Report on the Extreme Networks BlackDiamond® X8Data Center Switch

Get the White Paper

EVN simplifies the network virtualization configuration process. In addition, EVN simplifies network virtualization manageability and troubleshooting with what is called “routing context” command mode that allows network operations to specify a specific virtual network and issue several EXEC commands to that virtual network. Routing context reduces repetitive entering of VRF names for multiple EXEC commands. All the standard routing commands are much easier to use with routing context such as “show ip route,” “ping,” “telenet,” “traceroute,” etc.

Sharing a network service to multiple virtual networks such as an email server, internet access, DNS, video, a DHCP server, etc., is important and needs to be simple. EVN eliminates the complexity of creating sharing services that was achieved through importing and exporting routes between virtual networks using Border Gateway Protocol (BGP) commands, such as route target, route export, etc. EVN improves shared services with “route replication,” which allows each virtual network to have direct access to a shared Routing Information Base (RIB) in each virtual network.

EVN Deployment

EVN is supported on several Cisco platforms and is backward compatible with VRF-lite. In fact, a Catalyst 6500 supports EVN, VRF-lite and MPLS simultaneously, thanks to a common definition of Virtual Routing Instance between EVN, MPLS and VRF-lite. In addition, commands are common among the three approaches as they share a VRF definition.

In the event that a corporate network had deployed additional products in addition to the ones listed above and do not support EVN, then a hybrid VRF-Lite and EVN strategy can be implemented. As more Cisco products are equipped with EVN, a large EVN virtual network can be created until EVN is the only virtual network protocol in use, if that is a goal.

EVN is the preferred method to deploy a virtual network where IT leaders are seeking to provide traffic separation and path isolation on a shared network infrastructure. As EVN uses existing VRF-lite technology to simplify layer 3 network virtualization, improved shared services support and enhance management, troubleshooting and usability…the two interoperate. Most network operations groups will start deploying virtual networks by building a single VRF and start populating it with a department or service such as guest access. Once network operations confidence in EVN is high, additional virtual networks can be created to segment, isolate and create unique user groups as business process dictates.

For those interested in the benefits associated with virtual network’s isolation attributes, we recommend piloting EVN to gain skills and confidence. Having network virtualization, as a network design option, will come in handy as traffic separation requirements emerge, either through a merger or acquisition, regulation or increasing the utilization of the network asset.

Leave a Reply