Network virtualization is defined as the separation of a network’s hardware and software capabilities, under a software-defined networking (SDN) approach that enables much faster provisioning of resources, more streamlined network administration, and easier delivery of virtual, cloud, and SaaS applications to end users across the WAN.
In effect, network virtualization simulates network hardware resources in software, typically in the form of a network overlay such as a Citrix SD-WAN. Network services are decoupled from the physical hardware such as routers, switches, firewalls and other supporting infrastructure they ran on. This shift allows for more flexible, secure, and rapid provisioning, plus dynamic and programmatic network management.
More specifically, network virtualization simplifies life for network administrators by making it easier to move workloads and modify policies and applications, as well as avoid complex and time-consuming reconfigurations when performing these tasks. Meanwhile, end users gain more scalable, reliable, and secure app access.
Network virtualization is the output of network virtualization software, which simulates the presence of physical hardware, such as routers, switches, load balancers, and firewalls. In other words, a network virtualization implementation may virtualize components spanning multiple layers of the Open Systems Interconnection Model, including ones at Layer 2 (switches) and Layer 4 and beyond (load balancers, firewalls, etc.). In an SD-WAN solution, for instance, administrators use a management tool to manage the virtual appliances and the overall network.
By simulating these types of hardware within software, network virtualization software produces a network that combines virtualized representations of underlying hardware and software into a single, cohesive administrative unit. The virtualized resources may be hosted inside of virtual machines (VMs) or containers and run on top of off-the-shelf commercial x86 hardware to reduce costs.
Network virtualization software ensures the right network services are coupled with each VM- or container-based workload, in accordance with currently defined policies. Services are dynamically attached to new workloads or carried alongside existing ones as they move across the network, while police change themselves can be quickly rolled out to applicable infrastructure without any reconfiguration.
Network virtualization is closely related to SDN, SD-WAN (itself a subtype of SDN), and network functions virtualization (NFV). SDN refers to programmable networks with separated control and forwarding planes, while NFV is the virtualization of key functions like firewalling and load balancing. As for SD-WAN, it is an example of the types of network overlays achievable with network virtualization.
The end result of network virtualization — i.e., a fully operational and consistently policy-driven virtual network — is independent of the equipment beneath it. For example, network virtualization is frequently implemented as a network overlay, such as an SD-WAN. The advanced services and features of an SD-WAN exist within software on the control plane, which has been separated from the forwarding plane of the underlying physical network.
That forwarding plane utilizes the Internet Protocol suite to handle the virtual network’s packets. Meanwhile, the SD-WAN’s separate control plane is centralized in software to allow for the remote management of networking and security policies, along with provisioning and configuration across the entire WAN. This setup allows for rapid and dynamic application delivery to end users, whether they’re accessing on-prem or cloud applications.
Moreover, network administrators may perform network provisioning and related tasks without having to actually touch any of the physical infrastructure in question, saving valuable time and also enabling greater network agility for adapting to ever-evolving technical and business requirements. Citrix SDN and SD-WAN help harness the power of network virtualization for digital transformation, via optimized delivery of virtual, cloud and SaaS applications.
There are two broad categories of network virtualization: External and internal network virtualization.
In external network virtualization, multiple physical networks are aggregated into one software-based administrative entity for enhanced efficiency and more practical management. External network virtualization relies upon network switching hardware and virtual local area network (VLAN) solutions to create a VLAN. In this VLAN, hosts attached to different physical LANs can communicate as if they were all in the same broadcast domain. This form of network virtualization is common in data centers and in large corporate networks. Alternatively, a VLAN may separate systems on the same physical network into smaller virtual networks.
This type of network virtualization entails creating an emulated network within software, namely inside of an operating system (OS) partition. Essentially, the guest VMs within an OS partition may communicate with each other via a network-like architecture, by virtue of a virtual network interface, a shared interface between guest(s) and host paired with Network Address Translation, or another means. Internal network virtualization is useful for isolating applications for added security. Solutions that implement it are sometimes marketed as “network-in-a-box” offerings by their vendors.
Overall, network virtualization can take many possible forms.
Although standard VLAN technology remains vital and widely used, its limited 12-bit structure has prompted the creation of more technically advanced alternatives, especially as complex multi-tenant cloud computing environments become more common. Cloud architectures rely upon multiple types of virtualization to create centralized, network-accessible resource pools that can be quickly provisioned and scaled. Network virtualization in particular provides the agility to deliver cloud-based services to software-defined data centers and to the network edge.
The successors to VLAN include virtual extensible LANs (VXLANs), which can be deployed in SD-WANs; the 24-bit network virtualization using generic routing encapsulation (NVGRE); the 64-bit stateless transport tunneling (STT); and generic network virtualization encapsulation (GENEVE), a standard that does not define any particular configuration and specs for the control plane and as such is highly extensible and flexible across environments.
Once implemented, network virtualization delivers higher levels of speed, automation, and administrative efficiency than achievable with only a physical network, for example a traditional hub-and-spoke WAN. These advantages translate into concrete operational benefits for enterprise businesses and for service providers, including but not limited to:
By abstracting resources away from physical network hardware, network virtualization simplifies the processes for scaling and evolving a network to meet changing needs. Keeping up with demand for virtual, cloud, and SaaS applications requires an agile network environment — one that’s dynamic and flexible in how it creates and distributes resources. Toward this goal, network virtualization reduces provisioning times from days or weeks to just minutes and also makes the network more programmable and adaptable. For example, an SD-WAN overlay provides an always-on network that dynamically steers traffic from data centers, branches, clouds and SaaS over multiple possible types of network transport, all from within software.
Virtual networks are easier to manage than their physical counterparts. Instead of needing to manually reconfigure potentially multiple pieces of physical infrastructure in response to even a single policy or service change, network administrators can rely on automation throughout the virtual network overlays now in place. VM-based workloads can move through the network without any reconfiguration for true application mobility across environments. Likewise, new branches that are added to an SD-WAN can be automatically provisioned (a process known as zero-touch provisioning) with the correct policies and updated via a centralized administrator console — no on-site visit required.
Network virtualization is a key addition to data center security. It provides isolation between the physical network itself and the virtual network overlay, as well as between different virtual networks. Isolation helps enforce the principle of least privilege in network security, under which users and workloads only get access to the resources they require for their legitimate purposes. Plus, network virtualization allows for the aggregation and management of network security services at scale. Citrix SD-WAN Orchestrator illustrates this use case, as it seamlessly connects the SD-WAN implementation to cloud-based security gateways during provisioning to protect network traffic under a zero trust security model without compromising the user experience.
Network virtualization is a significant opportunity for both enterprise businesses and for service providers. Enterprises have gravitated toward network virtualization as a way to increase their operational agility, modernize their security practices, and reliably move applications across their network. The combination of network virtualization with Citrix Virtual Apps and Desktops is a ensures that end users have access to the software they need, when and where they need it.
Service providers also benefit from network virtualization, which alongside SDN and NFV is an important component of their modernization strategies. As service providers look to support new technologies and use cases, ranging from the Internet of Things to the deployment of faster wireless networking standards, network virtualization offers much-needed flexibility and scalability along the way.