In this chapter from Network virtualization, authors Victor Moreno and Kumar Reddy define the technical requirements posed by the need to virtualise the network. Based on these requirements, they propose an architectural framework comprised of the functional areas necessary to successfully support concurrent virtual networks over a shared enterprise physical network.
Networks enable users to access services and resources distributed throughout the enterprise. Some of these services and resources are public: those accessed over the Internet, and others that are private and internal to the enterprise. Every enterprise has unique security and service level policies that govern the connectivity to the different services, whether these are public or private.
One of the basic building blocks behind the virtualised network and, in fact, a key driver, is security. An important element of an enterprise's security policy is the definition of a network perimeter. In general, the level of trust inside and outside of the network perimeter differs, with end stations inside the perimeter being generally trusted and any access from outside the perimeter being untrusted by default. Communications between the inside and the outside of the perimeter must happen through a checkpoint. At the checkpoint, firewalls and other security devices ensure all traffic that enters or leaves the enterprise is tightly controlled. Therefore, we refer to the point of entry/exit to/from the enterprise network as the network perimeter.
About Network virtualization:
Today's enterprises have several groups of users with specific needs. The differences between these groups translate into specific network requirements. Within some organisations, these requirements are so dissimilar that the different groups need to be treated as totally separate customers by the enterprise's IT department. As the number of groups increases, keeping them separate and secure is a challenge to IT departments, particularly with the advent of wireless networks, the requirement for enterprise-wide user mobility, and the need for cross-group collaboration with resource sharing on a per-project basis.
Network virtualization provides design guidance for virtualised enterprise networks and arms network architects with the background necessary to make sound technological choices in the face of different business requirements. As a means of introduction, Network virtualization lays out the fundamentals of enterprise network design. The book builds upon these fundamental principles to introduce the different virtualisation methods as the logical evolution of the enterprise network architecture. Detailed descriptions of the technology, design principles, network configurations, and real-world case studies are provided throughout the book, helping readers develop a pragmatic understanding of virtualised enterprise network architectures. Specific examples are included that tailor deployment advice to the small, medium, and large enterprise environment.
Learn how to share network resources and reduce costs while providing secure network services to diverse user communities. Network virtualization presents the business drivers for network virtualisation and the major challenges facing network designers today. This book also shows how to use virtualisation designs with existing applications, such as VoIP and network services, quality of service and multicast. Finally, it provides design alternatives for different real-world deployment scenarios, with configuration examples and case studies.
Excerpted from Network virtualization by Victor Moreno and Kumar Reddy (ISBN-10: 1-58705-248-2; ISBN-13: 978-1-58705-248-4).
Copyright Â© 2006, Cisco Press. All rights reserved.