More and more organizations use network virtualization in their data centers to simplify their network management, while others hope to run a complete software-defined data center.
A software-defined network enables admins to use software rather than hardware to configure a network. In the case of VMware and Microsoft, admins configure the network in the hypervisor. Network virtualization lays the foundation for software-defined networking, or SDN, as administrators can automate the creation of networking configurations using a single software platform.
For example, network admins typically define a virtual LAN via physical switches and a hypervisor then connects VMs into virtual LANs, or VLANs. But with SDN, the hypervisor defines the VLAN and transports virtual network data over the physical network with an encapsulation technology. This is ideal for Layer 2 traffic, but similar software-based functionality exists for routing Layer 3 traffic within the hypervisor instead of in physical routers.
The customer base for network virtualization consists mainly of large enterprises and cloud providers. Larger data centers benefit most from features such as distributed firewalls when running just a handful of servers.
VMware NSX and Microsoft Hyper-V network virtualization features
Both VMware and Microsoft entered the network virtualization market around 2012, when VMware acquired Nicira. This led to the development of the NSX product. Microsoft first introduced network virtualization in Windows Server 2012.
VMware has shipped different products since then, but today, NSX-T covers everything it offers for network virtualization. NSX-T supports both vSphere and KVM as hypervisors and also integrates with Kubernetes and OpenShift for containerized workloads. NSX-T offers network virtualization at Layers 2 and 3 and provides security with a distributed firewall and other virtualized network functions, such as a load balancer or VPN.
Microsoft provides network virtualization in Hyper-V with Windows Server 2016 and 2019. With this feature, workloads on Hyper-V can connect to virtualized Layer 2 networks and traffic is routed between virtual networks in Hyper-V or to and from the physical network via gateways. Microsoft introduced a distributed firewall to its feature set with the release of Windows Server 2016. Other networking features, such as a VPN and load balancing, that have been available in Windows Server are also part of the SDN stack.
Users can deploy VMware NSX-T as a virtual appliance on their vSphere or KVM hypervisors. High-availability customers should deploy three of these to avoid having a single point of failure. And while the data plane keeps operating because it's part of the hypervisors, the management and control plane functionality can become compromised when a single appliance is unavailable. From the central web management console, all necessary software components are deployed on hypervisors, so there's no need to modify the VMs to work with NSX-T.
When it comes to connecting physical servers, NSX-T also enables admins to install Geneve -- the generic network virtualization and encapsulation technology used on hypervisors, physical Windows or Linux servers -- and makes them part of the virtualized network. Changes to the physical network are limited to a one-time increase of the Ethernet maximum transmission unit (MTU) size to 1,600, with 1,700 recently becoming the new norm for future-proofing environments. For connectivity to the physical network, NSX-T uses edge VMs or edge physical servers for both Layer 2 bridging and Layer 3 routing. For routing, NSX-T supports equal-cost multipath routing (ECMP) for increased bandwidth and availability.
Admins can enable the Hyper-V Network Virtualization role on Hyper-V hosts. Microsoft also offers a Network Controller role that admins can run in a VM that's running on a Hyper-V host. Admins should run three of these VMs on three hosts. After enabling SDN, they can enable an SDN load balancer for these three machines. This network controller enables admins to centrally configure network virtualization features. To use either Virtual Extensible LAN, or VLAN, or Network Virtualization using Generic Routing Encapsulation, or NVGRE, for encapsulation, Microsoft writes in its documentation to configure the physical network with an MTU size of 9,234 bytes.
VMware NSX vs. Microsoft Hyper-V: The verdict
VMware supports a broader scope of servers and workloads compared to Microsoft. Additionally, in terms of routing capabilities to allow for tenant and service provider routing via tier 1 and tier 0 gateways, VMware offers a larger tool set for admins to use and provides better scalability for north-south routing to and from the physical network. In terms of east-west routing between VMs, both VMware and Microsoft use distributed routing on their hypervisors, which scales that routing performance linearly with the number of hosts.
Regarding security, both VMware and Microsoft support a distributed firewall, but many third parties have integrated their security offerings for intrusion detection and prevention and virus protection into the NSX-T Data Center product.
Product choice largely depends on which hypervisor platform the organization runs. If an organization already has vSphere in place, NSX-T may be a more natural choice. But for organizations that have Hyper-V broadly implemented, Hyper-V network virtualization may be the more logical candidate. For those environments that still need to choose a hypervisor platform, VMware NSX-T Data Center covers a broader part of the network virtualization and network function virtualization field. This is especially true when integration with physical workloads is important and containerized workloads are part of the environment or future plans.