Virtual network appliances: benefits and drawbacks

A while ago I decided to figure out how well various vendors support virtualized networking (one of the answers: some of the solutions don’t scale) and what can be done with virtual network appliances (I was pleasantly surprised by F5’s BIG-IP LTM VE and Vyatta). You’ll find some of my other thoughts on this subject in the Virtual network appliances: Benefits and drawbacks article published by SearchNetworking.

7 comments:

  1. Biggest issue I've had with any Virtual Network appliance (by issue, I mean opinion), is the software driven part.. goes back to be too CPU dependent. I just don't see how that scales very well in large environments... but either way, I haven't read the SearchNetworking link, (need to register).. a thought

    ReplyDelete
  2. We just purchased a company that runs vyatta hardware. Definitely does not scale well. The configuration appears convoluted (personal preference).

    We were creating a GRE IPSEC tunnel back to another campus and you had to run a few scripts (that we didn't know existed) before the tunnel would properly come up. A Cisco being on one end and a Vyatta on the other.

    ReplyDelete
  3. Ivan Pepelnjak21 April, 2011 20:45

    Yeah, that's my biggest grudge as well. You get what you pay for.

    CPU-based processing might not be bad in some cases (WAF, load balancing) where you can't do much in ASIC anyway. Routing on a VM is a total waste of resources (VMware tends to disagree :-P )

    ReplyDelete
  4. Ivan Pepelnjak21 April, 2011 20:46

    I just did the basic config and it was OK. Maybe my expectations were low enough.

    ReplyDelete
  5. Didn't have chance to read searchnetworking.com as well cuz of registration requirement ( lazy ).

    Not all the special purpose chips ( nitrox cavium , regex engine, 1588 ) are virtualized for hypervisor to share with virtual machines ( guilty of only verifying this for VMWare vSphere ). So its really difficult to leverage these resources for a virtual appliance. Unfortunately lot of network services I know ( e.g firewall, APM with DPI capabilities ) require these special chips.

    ReplyDelete
  6. "If virtualization enables servers to be spun up and down on demand for cost efficiency and agility, wouldn't it make sense to implement virtual network components too?" Not to me....

    I think the whole idea of 'virtualizing network appliances' is a temporary solution to the broader problem of 'virtualizing the network'. The problems of performance and scalability you point out are only part of the problem. If you start moving workloads around suddenly you've got to consider where your network devices are running?? How crazy is that?

    ReplyDelete
  7. Ivan Pepelnjak26 April, 2011 20:35

    Ideally, I would agree with you. Going a step further, after moving to PaaS, we won't need server virtualization any more.

    However, in real-life circumstances, virtualized network appliances are sometimes the lesser evil (although they do make for interesting traffic flows).

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.