Virtual network appliances: benefits and drawbacks

A while ago I decided to figure out how well various vendors support virtualized networking (one of the answers: some of the solutions don’t scale) and what can be done with virtual network appliances (I was pleasantly surprised by F5’s BIG-IP LTM VE and Vyatta). You’ll find some of my other thoughts on this subject in the Virtual network appliances: Benefits and drawbacks article published by SearchNetworking.

Recent posts in the same categories

7 comments:

  1. Yandy 21 April 2011 16:26
    Biggest issue I've had with any Virtual Network appliance (by issue, I mean opinion), is the software driven part.. goes back to be too CPU dependent. I just don't see how that scales very well in large environments... but either way, I haven't read the SearchNetworking link, (need to register).. a thought
  2. John P 21 April 2011 17:17
    We just purchased a company that runs vyatta hardware. Definitely does not scale well. The configuration appears convoluted (personal preference).

    We were creating a GRE IPSEC tunnel back to another campus and you had to run a few scripts (that we didn't know existed) before the tunnel would properly come up. A Cisco being on one end and a Vyatta on the other.
  3. Ivan Pepelnjak 21 April 2011 20:45
    Yeah, that's my biggest grudge as well. You get what you pay for.

    CPU-based processing might not be bad in some cases (WAF, load balancing) where you can't do much in ASIC anyway. Routing on a VM is a total waste of resources (VMware tends to disagree :-P )
  4. Ivan Pepelnjak 21 April 2011 20:46
    I just did the basic config and it was OK. Maybe my expectations were low enough.
  5. Manju 21 April 2011 23:00
    Didn't have chance to read searchnetworking.com as well cuz of registration requirement ( lazy ).

    Not all the special purpose chips ( nitrox cavium , regex engine, 1588 ) are virtualized for hypervisor to share with virtual machines ( guilty of only verifying this for VMWare vSphere ). So its really difficult to leverage these resources for a virtual appliance. Unfortunately lot of network services I know ( e.g firewall, APM with DPI capabilities ) require these special chips.
  6. Chris Marino 26 April 2011 15:59
    "If virtualization enables servers to be spun up and down on demand for cost efficiency and agility, wouldn't it make sense to implement virtual network components too?" Not to me....

    I think the whole idea of 'virtualizing network appliances' is a temporary solution to the broader problem of 'virtualizing the network'. The problems of performance and scalability you point out are only part of the problem. If you start moving workloads around suddenly you've got to consider where your network devices are running?? How crazy is that?
  7. Ivan Pepelnjak 26 April 2011 20:35
    Ideally, I would agree with you. Going a step further, after moving to PaaS, we won't need server virtualization any more.

    However, in real-life circumstances, virtualized network appliances are sometimes the lesser evil (although they do make for interesting traffic flows).
Add comment
Home
Sidebar