VMworld 2011 VMware and Cisco have teamed up with a quartet of fellow industry heavyweights to attack a vexing virtual-network configuration problem by proposing a solution that takes its inspiration from – of all places – cell phones.
VMware has long since figured out how to teleport virtual machines around a network of servers using its vMotion live migration, and the company now includes vMotion for Storage with its new vSphere 5.0 hypervisor stack, allowing for data to be moved closer to virtual machines as they flit around. But the network itself remains rigid and often requires manual reconfiguration, which defeats the purpose of having a cloud manage itself.
VMware was out there on the forefront of virtual switching with the inclusion of its own virtual switch in earlier implementations of the vSphere stack. Networking giant Cisco Systems created its own Nexus 1000V virtual switch for network admins who want to work with the same Cisco IOS switch operating system and related management tools.
But these virtual switches only work within the confines of a single rack or blade server chassis, not across the entire data center network. Xsigo Systems has come up with its own way around the virtual LAN reconfiguration problem, and some other switch makers have made their switches VM-aware to minimize the amount of tweaking network admins need to do as VMs migrate.
But proprietary solutions can lead to madness, so VMware and Cisco want everyone to cope with the VLAN reconfiguration problem in a standardized way. That's why they've hooked up with Arista Networks, Emulex, Broadcom, and Intel to propose that we all adopt something they're calling Virtual Extensible LAN, or VXLAN for short.
VXLAN: Calling all VMs
During his VXLAN tech preview at VMworld in Las Vegas, VMware CTO Steve Herrod said that the technology borrows a metaphor from telephone networks.
In the old days, he said, before cell phones came along, your phone number wasn't just something that identified you, it was also something that identified where you were. And the problem with an IP address on a local area network is that it has also been used to code both identity and location on the network.
What we need to do, Herrod said, and what VMware and Cisco are proposing to do with VXLAN, is to break the linkage between location and identity with IP numbers, just like cell phone networks do with our phone number.
"This is one of the largest steps in the virtualization journey we started on years ago," Herrod said in his keynote, adding that VXLAN works by encapsulating Layer 2 packets in the Layer 3 part of the IP network. The upshot, he said, was that vMotion would work without having to manually reassign IP addresses if a VM was assigned a location on the server network out of reach of its original virtual switch.
In a blog post, Herrod wrote that the VXLAN approach will encapsulate MAC addresses inside of UDP, providing an abstracted Layer 2 network for the VMs to link to. In essence, VXLAN turns Layer 3 networks into a kind of hypervisor for Layer 2 networks, "allowing VMs to communicate with each other using a transparent overlay scheme over physical networks that could span Layer 3 boundaries," he wrote.
And because this is a virtualized Layer 3 network, you can separate out Layer 2 networks and do so programmatically and on the fly - just like virtual servers are spun up and down atop a server virtualization hypervisor today.
One of the problems is that networks top out at 4,094 VLANs, and a compute cloud with thousands of servers and tens of thousands of VMs will easily smack up against this ceiling. Virtual server clouds want a Layer 2 network to span the entire data center, or even perhaps span multiple data centers or out to public clouds, allowing a VM to easily move across network boundaries.
VMware will be adding VXLAN technologies to its Distributed Virtual Switch at the heart of the vSphere stack, as well as in its vSwitch virtual switch and network I/O controls inside of the hypervisor. Herrod wrote that Cisco plans to implement VXLAN with its Nexus 1000V virtual switch as well, and that "other partners will soon announce their approach".
To help get other networking providers on board with VXLAN, VMware and Cisco have put out a draft specification with the Internet Engineering Task Force to get the standards process rolling. "To achieve its full potential, VXLAN must be adopted across the industry, and we’re committed to helping this happen in an open and standards-compliant way," Herrod wrote.
According to the IETF spec, the Layer 2 overlay for Layer 3 networks does so in segments that are given a 24-bit segment identification called the VXLAN Network Identifier, or VNI. This 24-bit ID allows up to 16 million VXLAN segments to coexist on the same network administration domain. The beauty of this scheme is that the VM is totally unaware that it is not just talking using the same MAC addresses and Layer 2 networks it has in the past. ®