Virtual network appliances: benefits and drawbacks

A while ago I decided to figure out how well various vendors support virtualized networking (one of the answers: some of the solutions don’t scale) and what can be done with virtual network appliances (I was pleasantly surprised by F5’s BIG-IP LTM VE and Vyatta). You’ll find some of my other thoughts on this subject in the Virtual network appliances: Benefits and drawbacks article published by SearchNetworking.


  1. Biggest issue I've had with any Virtual Network appliance (by issue, I mean opinion), is the software driven part.. goes back to be too CPU dependent. I just don't see how that scales very well in large environments... but either way, I haven't read the SearchNetworking link, (need to register).. a thought
  2. We just purchased a company that runs vyatta hardware. Definitely does not scale well. The configuration appears convoluted (personal preference).

    We were creating a GRE IPSEC tunnel back to another campus and you had to run a few scripts (that we didn't know existed) before the tunnel would properly come up. A Cisco being on one end and a Vyatta on the other.
  3. Yeah, that's my biggest grudge as well. You get what you pay for.

    CPU-based processing might not be bad in some cases (WAF, load balancing) where you can't do much in ASIC anyway. Routing on a VM is a total waste of resources (VMware tends to disagree :-P )
  4. I just did the basic config and it was OK. Maybe my expectations were low enough.
  5. Didn't have chance to read as well cuz of registration requirement ( lazy ).

    Not all the special purpose chips ( nitrox cavium , regex engine, 1588 ) are virtualized for hypervisor to share with virtual machines ( guilty of only verifying this for VMWare vSphere ). So its really difficult to leverage these resources for a virtual appliance. Unfortunately lot of network services I know ( e.g firewall, APM with DPI capabilities ) require these special chips.
  6. "If virtualization enables servers to be spun up and down on demand for cost efficiency and agility, wouldn't it make sense to implement virtual network components too?" Not to me....

    I think the whole idea of 'virtualizing network appliances' is a temporary solution to the broader problem of 'virtualizing the network'. The problems of performance and scalability you point out are only part of the problem. If you start moving workloads around suddenly you've got to consider where your network devices are running?? How crazy is that?
  7. Ideally, I would agree with you. Going a step further, after moving to PaaS, we won't need server virtualization any more.

    However, in real-life circumstances, virtualized network appliances are sometimes the lesser evil (although they do make for interesting traffic flows).
Add comment