BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
The principal benefit of virtualization is the ability to gather physical computing resources into logical pools, which can then be provisioned and managed for individual workloads. The logical resources that are presented to workloads are abstracted from the underlying hardware. Virtualization has worked well on individual servers, abstracting CPUs, memory, storage and network I/O. Virtualization has also made inroads into the network layer, separating switches and routers to allow the creation of logical network entities called virtual LANs. Administrators can break up a physical network into multiple external logical (virtual) networks – such as virtual private networks – or combine physical network segments to create a single logical network. Similarly, network virtualization can exist internally within a virtualized server, allowing virtual machines to exchange data without having to traverse the physical LAN. This reduces overhead on the LAN and speeds data exchange between interrelated or interdependent virtual machines on the same server.
However, traditional network virtualization installs and runs on individual servers, relying on compatible network switches, routers and other network hardware to function – there is no virtualization layer (software) running on the greater network itself. VMware is taking a new approach to network virtualization by increasing the level of direct control over the behavior of traffic in a virtualized network with the introduction of NSX.
NSX builds on an existing foundation of virtualized servers (and virtual machines) and introduces a control server designed to establish and manage the virtual networks within the physical network. The NSX controller talks to an NSX layer that is installed on network servers to interact with the virtual switch that is part of every hypervisor. This comprehensive insight into all of the virtual machines (VMs) and services allows the controller to organize, optimize and manage traffic between VMs across the network without regard for the actual physical switches, routers or other LAN devices. Gateways connect non-virtualized host systems and APIs at the controller and support outside service requests from higher-level cloud management tools or other software.
By comparison, software-defined networking (SDN) is less about virtualization and more about network management. Normal network devices, like switches, include a control plane that makes decisions about how traffic is handled and forwarded along with circuitry on a data plane that actually moves the traffic. Both planes are typically in the same box, and each box on the network functions independently. Unfortunately, the independent traffic handling/forwarding decisions made by each box are not always the most efficient decisions.
SDN seeks to improve traffic handling efficiency by separating the control plane from the data plane. In effect, the system that decides how the traffic should flow becomes different from the device that actually moves the traffic. SDN creates a centralized controller that can program each traffic-handling device. Since the centralized controller (the new control plane) can now see all of the traffic-handling devices (data planes) in the network, it can optimize the flow of traffic across the entire network and improve network efficiency. The new controller uses protocols like OpenFlow to communicate with the data plane devices. This is not virtualization in the popular sense, but is often perceived as virtualization because the data planes are basically independent from the new control plane.