When network virtualization is insufficient to solve the problem

When network virtualization is insufficient to solve the problem

Consultant Glen Kemp shared a case where a customer re-evaluated the benefits of network virtualization after encountering a platform Bug.

Iteration of any new technology or existing technology will make events faster, cheaper, or less costly. Server virtualization will certainly produce these results, and network virtualization is attracting more and more attention. However, some of the latest projects prove that this is not necessarily the case of virtualization.

Based on my experience as a security and IT consultant, I have seen some customers purchase security virtualization products following the trend and integrate many services into one platform. This significantly reduces power supply and maintenance costs. All of this is good: the chorus sang a song in an invisible place, telling people how new technologies make life better.

However, it does not apply to some situations-at least at the beginning is not suitable.

This is what I want to talk about. In this example, a customer encountered a serious platform Bug shortly after using the virtualization framework. The details of the problem are not important, but they have a great impact. Before virtualization, the impact of such problems was limited, but the cascade failure of the Sharing Platform caused the interruption of many business units. This problem is difficult to fix. It requires several patches to ensure stable operation of the platform. However, the losses have been fixed. For management, their trust in network Virtualization has completely vanished. As a result, they proposed a comprehensive network update, and I started to participate in the project. This plan completely replaces the platform and gradually reduces the Organization's dependence on the shared physical infrastructure.

This is not the first time I witnessed the occurrence of similar projects. I have seen several cases. The customer chooses to return from the virtual network function (VNF) to a more conventional network design. On the surface, running VNF on a distributed cluster can achieve expected cost savings. However, I found that it also significantly increases the complexity of the system, especially in monitoring and management.

Otherwise, the virtualization system may affect other operations.

All virtualization cores have a compromise. Users can only mitigate its impact, but cannot completely eliminate it. Virtualization systems share physical resources. Even with resource protection, scheduling, and other "soft" controls, virtualization systems still have a negative impact on each other. In many cases, they do not interfere with each other. As long as appropriate system management is available, many systems can share the same hardware. For most end users, sharing resources can reduce operating costs.

Server, network, and security Virtualization Technologies share a critical point: the software systems that every node (vswitch or virtual instance) has. It may be a hypervisor, a shared control panel, or a cluster protocol. The running of Network/Server/security components depends on these services. This is not a problem because they are completely reliable before reaching the critical point.

Remember the two unchanging facts of IT operations: bugs and patches (after all, people will die and have to pay taxes ). If you are lucky, the root cause and impact of the problem will be fixed. Hardware and software vendors will improve products in subsequent upgrades and automatic recovery, but sometimes these processes will inevitably encounter errors. In the above case, the problem was traced and found to be caused by memory leakage-any vendor may (and indeed) have such a problem. However, we had to implement the Decision-Making plan even though we had to make a decision at the upper level.

Change a virtual link to a physical link

The short-term impact of network migration is foreseeable: a large number of copper wires and racks are required to re-convert virtual links into physical links. In addition to these major engineering problems, there are also many parallel flows that can be used for fragmented parts. After the replacement is completed, the total capacity of the infrastructure will actually increase as the "technical level develops. However, with more processors and interfaces, it is more difficult to track traffic through the infrastructure.

In a virtualized environment, a cluster is usually equivalent to a management interface. In a physical environment, the deployment of dozens of different management interfaces forms a huge management challenge. Although some element management tools can be used to create policies that span the physical infrastructure, they cannot completely solve all management problems. For example, if the administrator makes a slight modification to the Role-Based Access Control, requests will be sent to 80 devices. To solve these template problems, using automated tools is a natural method. However, since the management of the Organization has abandoned "mature" technologies such as virtualization, we can imagine their attitude towards NetOps-style system management (not very good ).

At the same time, there are some small problems that replace the user's big problems. The customer chooses to fight against 100 ponies, rather than one pony. There is no doubt that the company is on the opposite direction after giving up the benefits of network virtualization; but in this case, availability is overwhelming (almost) all other problems. In fact, people do not have to fear giving up virtualization, but they also need some perseverance. Moreover, people must exercise restraint, accept the fact that many hardware and software are idle, and then ride on the pony to meet the challenge.