Before digging deeper, let’s first define what is a virtualized network.
A computer network is a system of interconnected computing devices (hosts, endpoints) that can communicate and share resources with one another. Traditionally, computer networking is realized by connecting hosts through physical devices such as hubs (OSI layer 1), switches (OSI layer 2) and routers (OSI layer 3). From this definition, we can infer that a virtualized network is a computer networking where the network capabilities (routing, commuting, securing) are abstracting logically through some pieces of programs. A virtualized network platform is a software-based system where networks functions are independent of the underlying physical hardware allowing independent virtual networks to share the same physical infrastructure. A virtual network appliance will simply emulates (software-based) functionalities of a physical network appliances such as firewalls, routers, switches…
To break this down in a more tangible fashion, let’s consider these three virtual network solutions: Open vSwitch (emulation of network functionalities), Hyper-V (virtualized network platform), and VMware NSX (virtualized network platform).
1. Capabilities and Features
Open vSwitch is a transversal technology that can be configured on both a physical server and on a virtualized network platform such as Hyper-V to manage network traffic. Aside from the basic switching functionalities, the core capabilities of Open vSwitch include network segmentation (with VLANs) which groups devices based on their security requirements, QoS, and its advanced network automation with OpenFlow to boost the network performances. Some key features include tunneling with protocols like VXLAN, GRE which stretch layer 2 encapsulation across layer 3. This isolation enhances the network security and facilitates its management.
Hyper-V Network, on the other hand, provide capabilities such as external / internal virtual switch which binds the physical NIC to a VM allowing it to communicate and share resources with devices on the physical network or isolate the VMs from the physical network. Better, Hyper-V also has a private virtual switch which completely isolate the VMs connected to that switch from any other network. Hyper-V encapsulates data packets using NVGRE or VXLAN to create overlay network on top of the physical network, adding to the security features such as NAT, virtual switch port access control lists or VLANs.
Finally, VMware NSX is designed with security in mind (including switches, routers, firewalls, load balancers) for multi-cloud networking allowing powerful automation for software-defined data center (SDDC) and offering key features such as micro-segmentation, distributed firewall, IDS/IPS, and VPN.
2. Cost
Open vSwitch is quite zero cost as the technology is licensed under the open source Apache 2 license, the same consideration goes for Hyper-V as it is included into any MS Windows server or can be downloaded for free. However, VMware is priced separately from the vSphere hypervisor based on a per-CPU or per-licensing model.
3. Interoperability
All three solutions we discussed can be integrated with other proprietary / open-source virtualization platforms and cloud service providers.
4. My overall impression of the platforms / appliances?
Open vSwitch and Hyper-V can be easily configured, though Hyper-V is limited by its very proprietary nature. Both offer powerful security features in a virtualized infrastructure. For a comprehensive infrastructure setup, VMware NSX is by far the most suitable solution as it provides extensive features and is built with ongoing security in mind.
Hubert YAKPE TROLINDO
Cybersecurity enthusiast
Credits
https://www.geeksforgeeks.org/computer-networks/basics-computer-networking/
https://cloudification.io/cloud-blog/open-vswitch-ovs-what-is-it-and-how-does-open-virtual-switch-work/#:~:text=In%20Datacenter%20Networking%2C%20OVS%20connects,provide%20centralized%20control%20and%20automation.
https://www.vmware.com/topics/network-virtualization
https://www.tigera.io/learn/guides/microsegmentation/microsegmentation-vmware/
https://docs.openvswitch.org/en/latest/faq/vlan/
https://cloud.google.com/network-connectivity/docs/interconnect/how-to/dedicated/creating-vlan-attachments
Leave a Reply