Network Transformation Through Virtualization

NETWORK TRANSFORMATION THROUGH VIRTUALIZATIONTheresa Zix, Vice President, Information TechnologyHerman Choi, Network ArchitectArt Center College of DesignArt Center Intro2 Locations in Pasadena, CA4 Groups of Design StudyIndustrial, Communication, Design Sciences, Arts & Media Size1,500 Students + 3,000 in Public Programs450 Faculty + 250 Staff

(South Campus Picture)

(Students Working Picture)

Original Network (2004)Large Flat NetworkNo BoundariesProne to Broadcast Storms and Network LoopsNo Physical Infrastructure RedundancyInefficient Use of Equipment and Cabling Infrastructure

Initial ConcernsLack of ScalabilityNo room for growth and expansionLack of ResiliencyAvailability was the issueLack of SecurityFree-for-All environment

What is Virtualization?Abstraction of physical computing resourcesSingle physical computing resource appears as multiple logical resourcesMultiple physical computing resources appear as a single logical resource

Solution (2005-2008)Implemented Network VirtualizationAllowed networks to be implemented without physical constraintsNo longer constrained by legacy physical networksGained flexibility and reliability through efficient use of resources

Original Scalability IssuesLegacy network equipment limited scalability and expandabilityDeployed multiple physical switches dedicated for different departmentsToo many switches deployedInefficient use of power and infrastructure

Solutions For Scalability Issues (2005)Virtual LANs (VLANs)Instead of multiple switches, deployed only one switchAllocated ports on one switch to specific networksLowered power consumptionUsed infrastructure more efficiently

Solutions For Scalability Issues (2005)Virtual Trunking ProtocolsAllowed use of multiple VLANs to share common physical linksSupported legacy non-routable applicationsExtended flexibility of network

Solutions For Scalability Issues (2005)Virtual Etherchannel LinksPorts can be combined and bonded together to increase bandwidth capacity and utilization

Solutions For Scalability Issues (2005)VLAN and Virtual Trunking Protocols were extended to the wireless infrastructureSimple wireless APs can only support one SSID wireless networkVLANs allowed different SSIDs to propagate across fewer APs

Solutions For Scalability Issues (2006)Virtual Security DevicesLegacy security devices only performed one function per physical boxSplit into multiple logical security devicesFirewall servicesVPN servicesIntrusion Detection services

Solutions For Scalability Issues (2008)Virtual Application Load-BalancingLegacy load-balancers only worked on one networkSplit into multiple logical load-balancers

Original Resiliency IssuesOriginal network did not have redundant network backbone or fiber uplink connectionsRouting gateway functionalities were limited to a single routing device

Solutions For Resiliency Issues (2005)Spanning-Tree ProtocolsUsed redundant uplinks to be simultaneously activeMultiple uplinks can now be utilized more efficiently

Solutions For Resiliency Issues (2005)Virtual Routing Redundancy ProtocolsLegacy routing were constrained to physical interfaces and single routing devicesRouting gateway functionality can be spread across multiple routers

Original Security IssuesOriginally had a large flat networkOne large broadcast domainHighly unstableEverybody could see one anotherEasy for viruses and worms to propagateNo containment or isolation

Solutions For Security Issues (2005)VLANs used to create isolated networksDramatically decreased size of broadcast domainPrivate VLANs can be created to restrict communication between hosts within the same network

Solutions For Security Issues (2008)Use of Access Control Lists to restrict communication between VLANs - Difficult to scale and maintainFuture Direction - Virtual Routing and ForwardingCreate virtual isolated paths within the same network - Internal VPNVirtual routers within one physical router

Maintain Network VirtualizationNeed Monitoring and VisibilityMonitor CPU and Memory UtilizationMonitor Bandwidth UtilizationMonitor Virtual Routing StatesMonitor Virtual Spanning-Tree StatesSNMP Preferably version 3Logging Monitor Incidents and Errors

Server VirtualizationHot Topic NowadaysMultiple operating systems or server instances deployed across multiple physical serversExamples of virtualization softwareVMWareCitrix XenMicrosoftParallels Virtuozzo

Benefits of Server VirtualizationGreater flexibility and scalabilityIncreases reliability and availabilityMore efficient use of hardware resourcesSounds great! Whats the problem? What does this have to do with the network?

Server Virtualization IssuesNetwork Utilization and Capacity ChangesOne server not tied to just one physical NICImagine 10 virtual machines sharing the same physical NICVirtualization software may only load-balance based on CPU and memory utilization

Server Virtualization IssuesSecurity Management ChangesBy default, all virtual machines can see one anotherPrivate VLANsHost-based FirewallsHost-based Intrusion DetectionSoftware-based solutions

Server Virtualization IssuesNetwork Design ChangesNot just a regular server connectionNetworking has been extended from network switches to virtual switches inside each serverSame Network Virtualization concepts

What Does the Future Hold?More visibility and monitoring requiredMore emphasis on network design and deployment of virtual machinesPossible IT Culture Change - Your network and system engineers must work more closely togetherSimilar to network and voice convergence Merge technical skills

Thank You

Art Center College of Designwww.artcenter.edu

Theresa Zixtheresa.zix@artcenter.edu(626) 396-2477

Herman Choiherman.choi@artcenter.edu(626) 396-2256