Overview of Network Virtualization

Network virtualization is the process of combining hardware network resources and software network resources into a single administrative unit. The goal of network virtualization is to provide systems and users with efficient, controlled, and secure sharing of the networking resources.

The end product of network virtualization is the virtual network. Virtual networks are classified into two broad types, external and internal. External virtual networks consist of several local networks that are administered by software as a single entity. The building blocks of classic external virtual networks are switch hardware and virtual local area network (VLAN) software technology. Examples of external virtual networks include large corporate networks and data centers.

This book focuses on the internal virtual network. An internal virtual network consists of one system using virtual machines or zones whose network interfaces are configured over at least one physical NIC. Those network interfaces are called virtual network interface cards or virtual NICs (VNICs). These containers can communicate with each other as though they were on the same local network, effectively becoming a virtual network on a single host.

A special type of internal virtual network is the private virtual network. Private virtual networks are different from virtual private networks (VPNs). VPN software creates a secure point-to-point link between two endpoint systems. The private virtual network is a virtual network on a system that cannot be accessed by external systems. The isolation of this internal network from other external systems is achieved by configuring VNICs over etherstubs. Etherstubs are described in the following section.

You can combine networking resources to configure both internal and external virtual networks. For example, you can configure individual systems with internal virtual networks onto LANs that are part of a large, external virtual network.

Components of Network Virtualization

The following are the basic components of network virtualization in Oracle Solaris:

• Virtual network interface cards (VNICs)

• Virtual switches

• Etherstubs

VNICs are virtual network devices with the same datalink interfaces as a physical NIC. You configure VNICs over an underlying datalink. When VNICs are configured, they behave like physical NICs. In addition, the system's resources treat VNICs as if they were physical NICs. A VNIC has an automatically generated MAC address. Depending on the network interface in use, you can explicitly assign to a VNIC a MAC address other than this default address, as described in the dladm(1M) man page.

For the current list of physical interfaces that support VNICs, refer to the Network Virtualization and Resource Control FAQ.

When you create a VNIC, a virtual switch is automatically created. In accordance with Ethernet design, if a switch port receives an outgoing packet from the host connected to that port, that packet cannot go to a destination on the same port. This design is a drawback for systems that are configured with virtual networks because the virtual networks share the same NIC. The outgoing packets go through a switch port out onto the external network. The incoming packets cannot reach their destination zone because the packets cannot return through the same port that they were sent through. Virtual switches provide these zones with a method to pass packets. The virtual switch opens a data path for the virtual networks to communicate with one another.

Etherstubs are pseudo Ethernet NICs. You can create VNICs over etherstubs instead of over physical links. VNICs over an etherstub become independent of the physical NICs on the system. With etherstubs, you can construct a private virtual network that is isolated both from the other virtual networks on the system and from the external network. For example, if you want to create a network environment whose access is limited only to your company developers and not to the network at large, etherstubs can be used to create such an environment.

Etherstubs and VNICs are only a part of the virtualization features of Oracle Solaris. You typically use these components with Oracle Solaris Zones. By assigning VNICs or etherstubs for use by zones, you can create a network within a single system. For information about zones, see Oracle Solaris 11.1 Administration: Oracle Solaris Zones, Oracle Solaris 10 Zones, and Resource Management.

By combining these components and deploying them with zones, you can have networks within a system similar to the following figure.

Figure 1-1 VNIC Configuration for a Single Interface

Figure 1-1 shows a single system with one NIC. The NIC is configured with three VNICs. Each VNIC supports a single zone. Zone 1, Zone 2, and Zone 3 constitute the virtual networks within the single system. The zones communicate with each other and with the external network by using their respective VNICs. In turn, the three VNICs connect to the underlying physical NIC through the virtual switch. The function of the virtual switch is equivalent to the connectivity that an external switch provides for the systems that are connected to the switch's ports.

When a virtual network is configured, a zone sends traffic to an external host in the same way as a system without a virtual network. Traffic flows from the zone, through the VNIC to the virtual switch, and then to the physical interface, which sends the data to the network.

The zones can also exchange traffic with one another inside the system. For example, packets pass from Zone 1 through its dedicated VNIC 1. The traffic then flows through the virtual switch to VNIC 3. VNIC 3 then passes the traffic to Zone 3. The traffic never leaves the system, and therefore never violates the Ethernet restrictions.

Alternatively, you can create a virtual network based on the etherstub. Etherstubs are entirely software based and do not require a network interface as the basis for the virtual network.

Who Should Implement Virtual Networks?

If you need to consolidate resources on Oracle's Sun servers, consider implementing VNICs and virtual networks. Consolidators at ISPs, telecommunications companies, and large financial institutions can use the following network virtualization features to improve the performance of their servers and networks.

• NIC hardware, including the powerful new interfaces that support hardware rings

• Multiple MAC addresses for the VNICs

• The substantial bandwidth provided by newer interfaces

You can replace many systems with a single system that has multiple zones or virtual machines, without significantly losing separation, security, and flexibility.

For a demonstration of the benefits of network virtualization, see Consolidating the Data Center With Network Virtualization.

Commands for Configuring Virtualization Components

To create VNICs, use the dladm create-vnic command.

# dladm create-vnic -l link [-v vid] vnic

-l link

Refers to the name of the datalink over which the VNIC is configured.

-v vid

Refers to the VLAN ID for the VNIC if you want to create the VNIC as a VLAN. This option is not required. To configure a VNIC with a VLAN ID, see How to Configure VNICs With VLAN IDs. For more information about VLANs, see Chapter 3, Working With VLANs, in Managing Oracle Solaris 11.1 Network Performance.

vnic

Refers to the name of the VNIC.

You can create only one VNIC at a time over a datalink. As datalinks, VNICs have link properties that you can further configure as needed. Datalink Properties for Resource Control lists some of these properties for managing the use of network resources in the system.

To create etherstubs, use the dladm create-ether command.

# dladm create-ether etherstub

Creating VNICs or etherstubs are only preliminary steps in configuring virtual networks. To use these components to create virtual networks on your system, see Chapter 2, Creating and Administering Virtual Networks in Oracle Solaris.