What is a virtual network and why virtual networks are preserved

What is a virtual network and why virtual networks are preserved

A virtual network may exist entirely within a single physical machine—a server. Or they may form an abstraction layer that runs on top of the physical network, whose configuration and topology may be completely different from the virtual network.

The computer network we usually imagine involves various cables (Ethernet, fiber optic, coax) connected to devices such as routers and switches that direct packets of data where they need to go.

The rise of Wi-Fi and cellular data networks has replaced some of those wires with wireless signals, but even radio waves are in the physical realm, connecting back to cell towers or Wi-Fi access points.

In the seven-layer OSI networking reference model, all network devices, processing, and communications occupy the three lowest layers: Layer 3 (Network), Layer 2 (Data Link), and Layer 1 (Physical Layer).

In a virtual network, all of these activities take place in software.

A virtual network may exist entirely within a single physical machine—a server. Or they may form an abstraction layer that runs on top of the physical network, whose configuration and topology may be completely different from the virtual network.

Building a virtual network is complex work, but the benefits are huge: the network can be reconfigured by simply changing files, rather than through laborious manual labor that may involve crawling through ductwork.

How do virtual networks work?

To understand how virtual networking works, let's start with a related and more familiar concept: the virtual machine (VM). Most of us are familiar with virtual machines, which make it possible to run multiple instances of an application on a single physical machine.

These virtual machines don't really "know" that they're virtual; all system calls and other communications they typically make with the underlying hardware are intercepted by a layer of software called a hypervisor. The hypervisor handles requests from multiple virtual machines running on the same machine to make the most efficient use of the underlying hardware resources.

The VM can even translate instructions across hardware platforms so that the VM can run on an x86 machine even though it was designed for an ARM processor. The hypervisor can return what the VM expects to receive from the hardware.

Virtual networks are based on the same principles. The software is configured to simulate a network with the specific terrain desired by the administrator. Like VMs, virtual networks work their magic because the operating systems and applications communicating with them don't know (or care) whether they're talking to a real switch or a virtual switch (vSwitch).

They simply send packets with specific network routing information in the header and expect to receive similar packets in return. Because this communication is standardized, it's easy to build software that can emulate the behavior of a physical NIC, switch, or router, and tools like Open vSwitch can indeed run on top of a hypervisor as well as a control stack for physical network hardware.

Once the hypervisor has those packets, it has to figure out how to route them to their destination, just like physical network hardware. The difference is that the hypervisor must translate information about the software-defined virtual network (the network our computer "thinks" it's connected to) into information about the actual underlying physical environment.

One computer might think it's sending a packet to another computer on the same LAN, but the two computers might actually be in different countries—or it might be two virtual machines running on the same server.

Hypervisors typically work around this by encapsulating the packet within another packet with different routing information in the header, and handing that packet off to the physical network infrastructure. Once that packet reaches its destination, the outer packet is stripped; the system receiving the packet will think it arrived over the virtual network, not the actual physical network it traversed.

Needless to say, implementing a virtual network requires a lot of work and ingenuity. Why go through all this trouble? A description of the different types of virtual networks will provide a sense of the real-world scenarios in which they are useful.

Types of virtual networks

An important distinction is between internal and external virtual networks. Internal virtual networks are used to connect multiple virtual machines running on the same server. In this case, the hypervisor doesn't need to encapsulate network packets and send them to the real network; it just figures out which virtual machine they apply to and delivers them.

It might seem odd to use a protocol developed for computer-to-computer communication as a way for two processes running on the same physical hardware to communicate. But remember, one of the benefits of virtualization is that you can run multiple out-of-the-box operating systems as completely separate and independent processes on the same server.

The use of standard network packets and protocols for this purpose, along with their associated security infrastructure, means that these VMs can run and communicate with each other without modification.

External virtual networks, on the other hand, involve individual physical computers (or a hybrid of VMs and physical machines). In this case, machines are connected through traditional physical network devices (including connections through the open Internet), but network administrators will create a virtual network topology that is distinct from the underlying physical network topology.

There are three types of virtual networks, which can be internal or external:

  • A Virtual Private Network (VPN) is the simplest form of virtual networking. The most common scenario is a computer connected to a local corporate network through the open Internet. From the perspective of that computer and the other computers it interacts with, once the VPN is established, that computer is part of the LAN, even if it is remote.
  • A virtual local area network (VLAN) is more complex: it consists of an entire local area network defined virtually. VLANs can be created by dividing a single physical LAN into multiple VLANs or combining physically separate LANs into a single VLAN.
  • Virtual Extensible LAN (VXLAN) is an enhanced version of VLAN that allows large LANs to be subdivided into more independent VLANs and also makes it easier to migrate VMs without service interruption, both of which are key to the cloud infrastructure.

Advantages and Benefits of Virtual Networks

Virtual networking is an absolute must when you're running multiple virtual machines on the same hardware -- a common scenario in cloud computing. At the same time, creating VLANs and VXLANs on top of existing physical networks enables administrators to quickly reconfigure networks to meet their needs—and often, automatically in the infrastructure-as-code era. This is difficult or impossible to do by manually rebuilding the physical network.

Advantages of virtual networks include:

  • Reduce costs and maintenance associated with physical network hardware.
  • Simplify network management with centralized and automated control.
  • Provides more flexible and fine-grained network configuration options.

These benefits help improve IT productivity and reduce management costs, which is a big reason virtual networks are preserved.