Network Virtualization

Terry Slattery
Principal Architect

It seems like the pace of virtualization has recently increased – or perhaps I’m becoming more aware of it.  Cisco announced their Unified Computing System (UCS) earlier this year and the Nexus 7000 last year. Both have significant virtualization components relative to the data center.  Cisco isn’t alone.  Juniper has its own plans, such as making all the Juniper gear in a data center look like one big device.  I think of it as a data center-wide switch stack.

Virtualization is going to have a significant impact on how data centers are operated, monitored, and managed.  What’s obvious are the Vmotion tools to move VM instances among servers.  There are server monitoring and management tools that automatically move VMs to the appropriate hardware platform, depending on the utilization characteristics being used by the VM.  This increases the utilization of fewer pieces of hardware, reducing power and cooling loads.

Think about how network management must operate in this environment.  I’m just starting to think seriously about it and see that there will be some significant changes.  For starters, the Nexus 7000 supports four virtual device contexts (VDCs).  Each VDC is a separate virtual Nexus 7000, supported by a single OS and hardware platform.  The NMS will see these VDCs as separate devices, but they map back to one device.  The default VDC contains the hardware mappings, so it will need to be treated slightly differently.  In essence, VDCs carve one hardware platform into several virtual platforms, each of which can be used in a very different part of the network, such as in a server farm or in a DMZ.

On the other hand, there are things like virtual port channels (VPCs) that make multiple devices look like one physical device for increased reliability. Look for the industry to increase the number of ways that devices can be virtually divided and combined in order to provide flexibility to customers.

Regardless of the mechanism, network management is going to have to adapt to show network administrators how the virutal devices and the physical devices are operating.  When a server hardware platform is repurposed from a server farm to the DMZ, it may need the Nexus 7000 interface to move from one VDC to another VDC.  How is that operation automatically performed when the server VMs move among the platforms?  Add virtual port channels and the problem just became more complex.  The monitoring platform may need to automatically move the Nexus 7000 interface from one administrative domain to another and begin to show the correct interface utilization and characteristics for the new purpose.

And what about monitoring fabric modules and their utilization?  Let’s say that you bought a Nexus 7000 with three fabric modules.  When do you need to add additional modules?  Factors like this will dictate that the monitoring system know more about how the hardware is being used than initially seems evident. I’ve not yet looked at the MIBs for the Nexus 7000 to see what level of detail is available and what analysis should be done on the collected data.

In my view, virtualization is going to drive a lot of network management requirements.  Visibility into the virual environment will become more and more important to the smooth operaton of the network.  It will be interesting to see how long it takes organizations to decide that they really can’t live without good network management and how long it takes the network management industry to create really good tools.



Re-posted with Permission 

NetCraftsmen would like to acknowledge Infoblox for their permission to re-post this article which originally appeared in the Applied Infrastructure blog under


Leave a Reply


Nick Kelly

Cybersecurity Engineer, Cisco

Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.


Virgilio “BONG” dela Cruz Jr.

CCDP, CCNA V, CCNP, Cisco IPS Express Security for AM/EE
Field Solutions Architect, Tech Data

Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.


John Cavanaugh

CCIE #1066, CCDE #20070002, CCAr
Chief Technology Officer, Practice Lead Security Services, NetCraftsmen

John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services.  Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.

He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.