What is network virtualization?

Network virtualization is defined as the separation of a network’s hardware and software capabilities, under a software-defined networking (SDN) approach that enables much faster provisioning of resources, more streamlined network administration, and easier delivery of virtual, cloud, and SaaS applications to end users across the WAN

In effect, network virtualization simulates network hardware resources in software, typically in the form of a network overlay. Network services are decoupled from the physical hardware such as routers, switches, firewalls, and other supporting infrastructure they ran on. This shift allows for more flexible, secure, and rapid provisioning, plus dynamic and programmatic network management.

More specifically, network virtualization simplifies life for network administrators by making it easier to move workloads and modify policies and applications, as well as avoid complex and time-consuming reconfigurations when performing these tasks. Meanwhile, end users gain more scalable, reliable, and secure app access.

Explore additional network virtualization topics: 

How does network virtualization work?

Network virtualization is the output of network virtualization software, which simulates the presence of physical hardware, such as routers, switches, load balancers, and firewalls. In other words, a network virtualization implementation may virtualize components spanning multiple layers of the Open Systems Interconnection Model, including ones at Layer 2 (switches) and Layer 4 and beyond (load balancers, firewalls, etc.). In an SD-WAN solution, for instance, administrators use a management tool to manage the virtual appliances and the overall network.

By simulating these types of hardware within software, network virtualization software produces a network that combines virtualized representations of underlying hardware and software into a single, cohesive administrative unit. The virtualized resources may be hosted inside of virtual machines (VMs) or containers and run on top of off-the-shelf commercial x86 hardware to reduce costs.

Network virtualization software ensures the right network services are coupled with each VM- or container-based workload, in accordance with currently defined policies. Services are dynamically attached to new workloads or carried alongside existing ones as they move across the network, while police change themselves can be quickly rolled out to applicable infrastructure without any reconfiguration.

Network virtualization is closely related to SDN, SD-WAN (itself a subtype of SDN), and network functions virtualization (NFV). SDN refers to programmable networks with separated control and forwarding planes, while NFV is the virtualization of key functions like firewalling and load balancing. As for SD-WAN, it is an example of the types of network overlays achievable with network virtualization.

What are the different types of network virtualization?

There are two broad categories of network virtualization: External and internal network virtualization.

External network virtualization

In external network virtualization, multiple physical networks are aggregated into one software-based administrative entity for enhanced efficiency and more practical management. External network virtualization relies on network switching hardware and virtual local area network (VLAN) solutions to create a VLAN. In this VLAN, hosts attached to different physical LANs can communicate as if they were all in the same broadcast domain. This form of network virtualization is common in datacenters and in large corporate networks. Alternatively, a VLAN may separate systems on the same physical network into smaller virtual networks.

Internal network virtualization

This type of network virtualization entails creating an emulated network within software, namely inside of an operating system (OS) partition. Essentially, the guest VMs within an OS partition may communicate with each other via a network-like architecture, by virtue of a virtual network interface, a shared interface between guest(s) and host paired with Network Address Translation, or another means. Internal network virtualization is useful for isolating applications for added security. Solutions that implement it are sometimes marketed as “network-in-a-box” offerings by their vendors.

Overall, network virtualization can take many possible forms.

Although standard VLAN technology remains vital and widely used, its limited 12-bit structure has prompted the creation of more technically advanced alternatives, especially as complex multi-tenant cloud computing environments become more common. Cloud architectures rely upon multiple types of virtualization to create centralized, network-accessible resource pools that can be quickly provisioned and scaled. Network virtualization in particular provides the agility to deliver cloud-based services to software-defined data centers and to the network edge.

The successors to VLAN include virtual extensible LANs (VXLANs), which can be deployed in SD-WANs; the 24-bit network virtualization using generic routing encapsulation (NVGRE); the 64-bit stateless transport tunneling (STT); and generic network virtualization encapsulation (GENEVE), a standard that does not define any particular configuration and specs for the control plane and as such is highly extensible and flexible across environments.

What are the benefits of network virtualization?

Once implemented, network virtualization delivers higher levels of speed, automation, and administrative efficiency than achievable with only a physical network, for example a traditional hub-and-spoke WAN. These advantages translate into concrete operational benefits for enterprise businesses and for service providers, including but not limited to:

Superior network agility and application delivery: By abstracting resources away from physical network hardware, network virtualization simplifies the processes for scaling and evolving a network to meet changing needs. Keeping up with demand for virtual, cloud, and SaaS applications requires an agile network environment—one that’s dynamic and flexible in how it creates and distributes resources. Toward this goal, network virtualization reduces provisioning times from days or weeks to just minutes and also makes the network more programmable and adaptable. For example, an SD-WAN overlay provides an always-on network that dynamically steers traffic from datacenters, branches, clouds, and SaaS over multiple possible types of network transport, all from within software.

Streamlined network administration and management: Virtual networks are easier to manage than their physical counterparts. Instead of needing to manually reconfigure potentially multiple pieces of physical infrastructure in response to even a single policy or service change, network administrators can rely on automation throughout the virtual network overlays now in place. VM-based workloads can move through the network without any reconfiguration for true application mobility across environments. Likewise, new branches that are added to an SD-WAN can be automatically provisioned (a process known as zero-touch provisioning) with the correct policies and updated via a centralized administrator console—no on-site visit required.

Stronger security: Network virtualization is a key addition to datacenter security. It provides isolation between the physical network itself and the virtual network overlay, as well as between different virtual networks. Isolation helps enforce the principle of least privilege in network security, under which users and workloads only get access to the resources they require for their legitimate purposes. Plus, network virtualization allows for the aggregation and management of network security services at scale. Citrix SD-WAN Orchestrator illustrates this use case, as it seamlessly connects the SD-WAN implementation to cloud-based security gateways during provisioning to protect network traffic under a zero trust security model without compromising the user experience.

Citrix solutions for network virtualization

Network virtualization is a significant opportunity for both enterprise businesses and for service providers. Enterprises have gravitated toward network virtualization as a way to increase their operational agility, modernize their security practices, and reliably move applications across their network. The combination of network virtualization with Citrix DaaS ensures that end users have access to the software they need, when and where they need it.

Service providers also benefit from network virtualization, which alongside SDN and NFV is an important component of their modernization strategies. As service providers look to support new technologies and use cases, ranging from the Internet of Things to the deployment of faster wireless networking standards, network virtualization offers much-needed flexibility and scalability along the way.