Solutions for Deploying Server Virtualization in...

WHITE PAPER

Copyright © 2010, Juniper Networks, Inc. 1

SOLUTIONS FOR DEPLOYING SERVER VIRTUALIZATION IN DATA CENTER NETWORKS

2 Copyright © 2010, Juniper Networks, Inc.

WHITE PAPER - Opportunities and Challenges with the Convergence of Data Center Networks

Table of Contents

Executive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

What is Server Virtualization?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Why Is Server Virtualization Growing? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Network Problems Attributed to Server Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Scale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Simplified Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Juniper Networks—Comprehensive Solutions for Server Virtualization Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Speed: Collapsing Layers and Reducing Complexity with Virtual Chassis Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Scalability: Using Virtual Chassis Technology to Support Live Server Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Security: Consistent Policies for the Physical and Virtual Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Switching: Reducing Demands on Physical Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

How Does VEPA Work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

How Does Junos Space Virtual Control Work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Appendix A: Juniper Virtual Server Networking Solution in a Nutshell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14About Juniper Networks

14

Table of Figures

Figure 1: Virtualized server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Figure 2: Network view of virtual machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Figure 3: Multi-tenancy breaks the one server, one OS, one application rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Figure 4: VM mobility means that applications and their operating systems are no longer persistently bound to

a single physical server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Figure 5: The “5 Ss” required for supporting server virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Figure 6: EX4200 Virtual Chassis technology eliminates the need for an extra hop. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Figure 7: Scaling VM motion across any two servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Figure 8: Altor VF (virtual firewall) and the SRX Series secure the VMs inside the physical server and when VMs

move within the network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Figure 9: VEPA components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Figure 10: Consistent management of the physical and virtual network from Junos Space Virtual Control . . . . . . . . . . . . . . . . . . 12

Figure 11: Junos Space Virtual Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12



Executive Summary

Server virtualization has become one of the most deployed technologies in data centers today due to its ability to reduce costs,

increase resource utilization, and improve IT responsiveness and flexibility without making significant infrastructure changes.

In spite of its benefits, however, server virtualization also imposes certain requirements on the data center network.

These can be summarized as the need for improvement in five key areas: speed, scalability, security, switching, and

management simplification.

Introduction

This white paper discusses the challenges facing IT organizations planning to deploy server virtualization technology in data

center networks, and it describes how to address these challenges with solutions from Juniper Networks®.

What is Server Virtualization?

Server virtualization is a method of running multiple independent virtual operating systems on a single physical server. The

server administrator uses a software application called a hypervisor to divide one physical server into multiple isolated virtual

environments called virtual machines, or VMs. Each VM shares the physical resources of the host system, including the CPU,

memory, network interface card (NIC), and disk, as shown in Figure 1.

Figure 1: Virtualized server

From a network perspective, virtualized servers look exactly like multiple servers connected to a single physical port. Each VM

gets assigned a virtual media access control (MAC) address, and traffic from each VM appears to emanate from a different

virtual NIC (VNIC) card (see Figure 2).

To manage intra-server traffic between VMs, the hypervisor includes a software-based switch called a virtual switch. A virtual

switch works much like a physical Ethernet switch; it detects which VMs are logically connected to each of its virtual ports

and uses that information to forward traffic to the correct destination. A virtual switch can be connected to physical switches

using Ethernet adapters, also referred to as uplink adapters, to merge virtual networks with physical networks. This is similar

to connecting physical switches to create a larger network. However, although virtual switches work much like physical

switches, they do not have the same level of advanced functionality.

Application Application

Operating System Operating System

Hypervisor Virtualization Layer

Intel Architecture

CPU Memory NIC Disk



Figure 2: Network view of virtual machines

Why Is Server Virtualization Growing?

Server virtualization delivers a rapid ROI, and is by far the most popular and widely deployed of all virtualization technologies.

According to IDC, 39 percent of businesses surveyed have already deployed server virtualization technology, while 54 percent

are in the process and another 5 percent are in the evaluation stage. In a survey of 2,600 technology decision makers in

the U.S. and Europe, Forrester Consulting found that 53 percent of enterprises and 54 percent of small and medium-sized

businesses have either implemented x86 server virtualization technology or will within the next 12 months.

Several issues are driving the rapid adoption of server virtualization in today’s enterprise and small and medium-sized

businesses.

• Low server utilization: Most workloads today run anywhere from 5 to 25 percent of capacity. By grouping several of these

workloads on a single server, more efficient resource utilization can be achieved.

• Business continuity: Because it inherently increases high availability, fault tolerance, and disaster recovery, server

virtualization improves business continuity.

• Performance improvements of x86 servers: The performance of x86-based systems has improved dramatically over the

past several years, making these solutions—which have largely replaced mainframes in the data center due to their low up-

front costs—a viable choice for server virtualization.

• Dynamic resource scheduling: Server virtualization enables workloads to be automatically redistributed in real time to

avoid load spikes. Using the live migration feature of the hypervisor, resource scheduling software can move a running VM

(without interruption) to a server with more available resources, or it can spin up additional instances to assist with the

load, allowing business processes to complete uninterrupted.

Internet

Physical NIC

VNIC 1 VNIC 2

ExternalSwitch

VNIC 3

VirtualMachine

1

VirtualMachine

2

VirtualMachine

3

System

Virtual Switch



Network Problems Attributed to Server Virtualization

While server virtualization clearly has its benefits, it also poses some unique challenges by introducing two new concepts to

the data center network: multi-tenancy and VM mobility.

• Multi-tenancy: Until recently, data center networks were designed under the assumption that each end node was

connected to an access port on a switch which in turn connected to a server running a single image—that is, a single

instance of an operating system and a single instance of a given application. With server virtualization, however, this is no

longer true, since a single server can run multiple VMs with different operating systems and support multiple applications.

This introduces the need for more sophisticated traffic isolation, policy management, and network configuration

capabilities on a per–VM basis (see Figure 3).

Figure 3: Multi-tenancy breaks the one server, one OS, one application rule.

• VM mobility: In legacy data centers, applications and operating systems are installed on, and typically remain associated

with, a single physical device. With server virtualization and live server migration (for example, vMotion for VMware),

applications and their associated operating systems are no longer persistently bound to a specific physical server (see

Figure 4).

Figure 4: VM mobility means that applications and their operating systems are no longer persistently bound to a single physical server.

OSApp

App

Hardware

OSApp

AppApp

Hypervisor Hypervisor

Hypervisor Hypervisor

App

App App

App App

App

Hardware

GUEST OS

Hardware

AFTER

OSApp

AppHardware

BEFORE

GUEST OS

GUEST OS

Virtual Infrastructure



To overcome the issues posed by multi-tenancy and VM mobility, networks must address five specific challenges in order

to support server virtualization (summarized as “5 Ss”): speed, scale, security, switching, and simplified management (see

Figure 5). Each of these challenges is described below.

Figure 5: The “5 Ss” required for supporting server virtualization

Speed

When VMs migrate to a different server location, their network and security profiles must move along with them. To achieve

this without interrupting business operations, the network must deliver very high performance and sufficient cross-sectional

bandwidth.

Scale

Traffic for a particular application is usually carried on a certain VLAN. Server virtualization, however, complicates matters in

terms of scalability. As the number of VMs multiplies, and as the frequency of VM migration increases, the network needs to

support scalability in two different ways:

1. It must be able to support more VLANs and their associated tables (such as for VLAN-based security, quality of service,

etc.) in the networking devices.

2. Since VM migration requires Layer 2 adjacency between the source and destination servers, the larger the L2 adjacency

pool, the larger the number of servers that can participate in live server migration. Since Layer 2 adjacency requires the

same VLAN to be present at the source and destination, the network must allow VLANs to span multiple servers in a single

data center, or even span multiple data centers.

In an ideal network, the physical location of the server should be irrelevant to the server administrator—whether the VM

is moving to an adjacent rack, to the end of a row, or to a completely different data center, the VM migration should be

seamless and transparent.

Networking requirements for supporting Server Virtualization:

Speed

Security

Scale

Switching

Simplified Management



Security

While there are tools that provide visibility into traffic carried over physical networking devices, the virtual ports inside servers

remain mysterious and invisible, with virtually no way to identify interactions between VMs. This lack of visibility makes

securing the virtual environment a huge challenge.

Say, for example, a VM workload controlled by Health Insurance Portability and Accountability Act (HIPAA) is communicating

with a non-HIPAA VM workload. While this would create severe compliance issues, the network or security administrator

would never know, since the traffic may not exit the physical server.

Furthermore, since VM-to-VM traffic inside the host effectively occurs on a private LAN, it is virtually impossible to inspect or

protect traffic inside this “dead zone.” Securing mobile VMs is a tremendous challenge, since there is no guarantee of “where”

information may reside at any given time.

What’s needed is a set of virtualized security controls such as virtual sniffers and virtual firewalls—essentially the same types

of tools available to secure physical servers, but designed for monitoring and securing the “invisible” virtual networks that

exist within servers.

Switching

Since server virtualization requires local switching between different VMs within the same server, it effectively “pushes”

the network access layer inside the servers themselves. To provide this functionality, hypervisor vendors currently include

a software-based virtual switch along with their hypervisor software. However, there are two specific problems with this

implementation:

1. Since the virtual switch is implemented in software, it lacks the performance, features, and scalability of physical

switches—attributes that are increasingly important as server virtualization grows in popularity.

2. When a VM is moved, administrators must manually ensure that the virtual switches on both originating and target hosts,

as well as the upstream physical access-layer ports, are consistently configured so that the migration can take place

without breaking network policies or basic connectivity.

In order to keep pace with the demands imposed by server virtualization, what’s required is an open (hypervisor and server

agnostic) method for equipping virtual switches with the same features available on physical switches for scalable, high-

performance VM-to-VM communications.

Simplified Management

Server virtualization blurs the lines between storage, network, and security technologies, causing a shift in traditional roles

and responsibilities for IT departments. For instance, server administrators need to manage the “virtual” network while

network administrators manage the physical network. The introduction of virtual switches adds a new set of network

elements to configure and manage, and since network administrators often lack access to the virtual switch itself,

maintaining a consistent view of the network becomes a tremendous challenge.

Since VMs move between servers, this limits the agility and automation required to dynamically provision a network.

Different tools are needed to manage different parts of the network and provide a consistent view of the entire data center

network, both physical and virtual.



Juniper Networks—Comprehensive Solutions for Server Virtualization Environments

Juniper Networks delivers solutions today that address the challenges of speed, scalability, security, switching, and simplified

management in virtualized server environments.

Speed: Collapsing Layers and Reducing Complexity with Virtual Chassis Technology

Juniper Networks Data Center Infrastructure Solutions simplify data center network and security design in a fundamental

way by collapsing the multiple switching tiers present in traditional architectures. This simplified network design requires

fewer devices and interconnections, leading to improved efficiencies in space, power, and cooling. Above all, this simplified

network architecture significantly improves the performance of the data center network with server virtualization.

Juniper’s unique Virtual Chassis technology, in which up to 10 Juniper Networks EX4200 Ethernet Switch devices can be

interconnected and managed as a single, logical device supporting up to 480 ports, is just one such example of how Juniper

solutions can consolidate network tiers while improving performance. A high capacity, 128 gigabits per second (Gbps) Virtual

Chassis backplane connects the physical switches. This configuration significantly reduces the number of links required to

ensure network connection redundancy, while reducing or eliminating the need for Spanning Tree Protocol (STP) in the data

center access layer. Server-to-server traffic as well as VM migration is carried over this same high-speed Virtual Chassis path.

A single EX4200 Virtual Chassis instance would allow literally thousands of VMs to move freely over the Virtual Chassis

backplane, rather than traveling through the aggregation or core layers in the network (see Figure 6).

Figure 6: EX4200 Virtual Chassis technology eliminates the need for an extra hop.

Juniper also has two platforms for providing 10GbE access in a top-of-rack form factor: the Juniper Networks EX2500

Ethernet Switch and EX4500 Ethernet Switch. These two switch lines feature extremely low latency to facilitate

communication between VMs in two different servers, as well as for VM migration. In addition, the EX4500 platform is

designed to support the Virtual Chassis technology available on the EX4200 switches, bringing the same highly scalable, low

latency performance to 10GbE servers.

Server 1 Rack 1 Server 2 Rack 2

O/S O/S

Hypervisor

Unused

App 1 App 2

O/S O/S

Hypervisor

Unused

App4 App 5

O/S

VM VM VM VM VM

App 3

EX4200 EX4200128Gbps link

Virtual Chassis

Routers/Switches



Scalability: Using Virtual Chassis Technology to Support Live Server Migration

Juniper’s data center architecture is scalable, capable of covering the world’s smallest data centers to the largest with tens of

thousands of applications and virtual machines. Juniper offers a variety of switches to support data center top-of-rack, end-

of-rack, or middle-of- row aggregation and backbone/core deployments. As shown in Figure 7, Juniper’s solutions are location

agnostic, since they enable VM migration in each of the following scenarios.

Figure 7: Scaling VM motion across any two servers

Scenario 1 and 2: Virtual Chassis technology supports low latency, server live migration from server to server in completely

different racks within a data center, and from server to server between data centers in a flat Layer 2 network when these data

centers are within reasonably close proximity.

Scenario 3: Virtual Chassis technology, working in conjunction with standards-based and field-proven technologies such

as MPLS and virtual private LAN service (VPLS), allows the Layer 2 domain to extend across data centers to support VM

migration—even if the data centers are separated by significant distances as shown in Figure 8. VPLS can be set up to allow

specific VLANs to be distributed across two separate data centers. Since VPLS leverages the advantages of MPLS, traffic

engineering can be used to optimally allocate bandwidth for the different departments without the need for dedicated Layer

2 links. Besides traffic engineering, MPLS also offers logical separation between different departments—providing the same

level of privacy that is achieved by using physically separate links.

Security: Consistent Policies for the Physical and Virtual Network

Juniper Networks and Altor Networks have partnered to deliver an integrated solution that combines Juniper’s security

platforms with Altor’s virtual firewall (Altor VF) to secure the end-to-end network.

The Altor VF provides visibility and control over VM traffic and enforces policies at the VM level, while Juniper’s security

platforms—including the Juniper Networks SRX Series Services Gateways, Juniper Networks STRM Series Security Threat

Response Managers, and Juniper Networks Network and Security Manager—secure the physical network. Altor VF also

supports rule-based mirroring of virtual network traffic to the SRX Series devices for consistent policy enforcement.

Integration with NSM and the SRX Series: The integration of Altor VF management server and reporting module available

with Juniper Networks Network and Security Manager enables customers to perform unified management of their physical

and virtual infrastructure within the data center. For example, customers can use NSM to define one set of security policies

that are enforced by both the Altor VF and the SRX Series devices.

Virtual Chassis

Rack to Rack

Layer 2 domain across racksand across data center

Rack A Rack B

Virtual Chassis Extension

Site to Site

Layer 2 domain across fiber connected data centers

Data Center Data Center Cloud Center Cloud Center

Cloud to Cloud

Layer 2 domain acrossvirtual private LAN

VPLS



Figure 8: Altor VF (virtual firewall) and the SRX Series secure the VMs inside the physical server and when VMs move within the network.

Integration with STRM: In addition, Juniper imports analyzer output and logs from the Altor VF into the STRM Series,

allowing consolidated application usage monitoring and compliance reporting, centralized log/event management, and

network-wide threat detection across both the physical and virtual infrastructure.

Switching: Reducing Demands on Physical Servers

As the ratio of VMs to physical servers continues to grow, server-based networking—the software-based virtual switches

embedded in hypervisors for inter-VM communication—are unable to scale sufficiently to keep up with demands. A server

running 30 VMs, for example, would require several virtual switches, VLANs, quality of service (QoS) tags, security zones, etc.,

and all of this processing would impose significant overhead and require a lot more networking functionality for hypervisors.

There are a number of ways to overcome the limitations of the embedded virtual software switch. The simplest and most

promising approach, endorsed by Juniper, is an emerging IEEE standard called VEPA (Virtual Ethernet Port Adaptor), which

specifies that switching between VMs be handled by an external physical switch connected to the server. Once approved, the

VEPA standard will be supported on all Juniper Networks switches through a simple software upgrade.

How Does VEPA Work?

VEPA creates a series of “port profiles” with relevant security and network policy settings that can be applied to VMs. When a

VM is instantiated, network frames are forwarded to an adjacent physical network switch, which then applies the appropriate

port profile, either sending the frames back to the virtual network switch or replacing the port profile altogether (see Figure 10).

VM1 VM2 VM3

Network

SRX Series

NSM

STRMEX Series

ALTOR VF

Hypervisor



Figure 9: VEPA components.

Why VEPA?

VEPA is a nondisruptive and cost-effective solution to inter-VM communications. Implementation requires minimal changes

to the software running on the physical switch, not wholesale replacement of the existing networking infrastructure. VEPA

allows virtual switching to be pulled out of the server, improving server performance and increasing the number of VMs

that run on each box. Finally, because VEPA is based on open standards and is server and hypervisor agnostic, customers

have maximum flexibility in deploying server virtualization. VEPA will enable rapid innovation in services for users, as well as

operational consistency, simplicity, and efficiency.

The pending VEPA standard also contains a critical feature known as multicasting. Since many virtual servers contain more

than one virtual network switch, physical switches must be able to identify the virtual switch that routed traffic. While new

hardware may be required to support this advanced feature, the basic VEPA technology can be supported through a simple

software upgrade on the Juniper Networks EX Series Ethernet Switches.

The following table compares the different options available for inter-VM switching.

Table 1: Inter-VM Switching Options

SOFTWARE SWITCH EMBEDDED IN HYPERVISOR

SOFTWARE SWITCH AS AN ADD-ON

NIC-BASED INTER-VM COMMUNICATION

VEPA BASIC* VEPA – ADVANCED (PORT EXTENDER)**

Who does the

switching

Hypervisor vendor Network vendor NIC vendor Network vendor Network vendor

Where switching is

done

Software Software Hardware Hardware Hardware

Feature richness Low High Low High High

Customer time

required to adopt

solution

Low – comes with

hypervisor

Very high – need to

qualify new virtual

switch

High – need

to qualify NIC

capabilities

Low – simple

software upgrade

High – need

to qualify new

switch(es)

Customer cost to

adopt

Low – comes with

hypervisor

High – additional

license

Unknown Free – software

upgrade

High – needs new

hardware

Existing network

compatibility

Yes Yes Yes Yes Unknown

Latency for

switching

Low Low Low Medium Medium

Industry support

(standards-based)

– – – Yes Yes

* Proposal referred to as 802.1qbg

** Proposal referred to as 802.1qbh

Basic VEPA Anatomy and TermsVirtual Machine,

Virtual End Station

Virtual NIC,Virtual Machine NIC

VEPA Port

Physical NIC

VEPA Uplink

VEPA-enabled Port Physical Switch

Apps

OS

Apps

OS

Apps

OS

Apps

OS

Physical Server

VEPA

Apps

OS

Apps

OS

So�ware VEPA

expander



Simplified Management: Consistent Orchestration of Virtual and Physical Networks

To enable consistent configuration and visibility of the virtual and physical network, Juniper’s chosen solution is a web-based

software application called Junos Space Virtual Control.

Residing on Juniper Networks Junos® Space www.juniper.net/us/en/products-services/software/junos-platform/junos-

space/, Juniper’s Orchestration Software platform, the Virtual Control application enables end-to-end network topology,

configuration, and policy management from a single pane of glass. Junos Space Virtual Control dramatically simplifies data

center management, reducing total cost of ownership (TCO) by providing operational consistency and visibility throughout

the network.

Figure 10: Consistent management of the physical and virtual network from Junos Space Virtual Control

Junos Space Virtual Control allows network operators to discover, configure, provision, and monitor a VMware vNetwork

Distributed Switch (vDS) such as a Juniper switch platform. Initially working with VMware hypervisor, Junos Space Virtual

Control is based on an open architecture that will allow easy integration of other hypervisors such as Xen, PowerVM, Hyper-V,

and others in future releases. For more information on Junos Space, please visit http://www.juniper.net/us/en/products-

services/software/junos-platform/junos-space/.

How Does Junos Space Virtual Control Work?

1. vNetwork Distributed Switch (vDS) is created.

2. This is visible from VMware’s centralized management platform called vCenter.

3. VMware provides Web Services APIs to talk to vCenter.

4. Junos Space Virtual Control communicates with vDS using

VMware APIs.

5. Junos Space Virtual Control orchestrates between virtual and

physical network.

Junos SpaceVirtualControl

VMVM

PhysicalNetwork

VirtualNetwork

VMVM



Figure 11: Junos Space Virtual Control

Conclusion

Server virtualization imposes incredible demands on the data center network. First, it creates a new “virtual” network with an

embedded software switch that manages traffic between VMs residing within the physical host servers, adding complexity

and creating disparities between the virtual network and the physical networking devices. Secondly, securing this virtual

environment is a considerable challenge since virtual switches are largely invisible to network and security administrators.

Finally, since VMs are not persistently bound to a specific physical server, scalability of the network infrastructure becomes

an issue.

To satisfy growing demands, the network needs to improve on the five Ss—speed, scalability, security, switching, and

simplified management.

Juniper offers hypervisor and server agnostic solutions that address each of these attributes by embracing open standards

like VEPA, while delivering the simplest possible solution for customers. These Juniper solutions help to clearly define the

roles and responsibilities of different IT groups such as server and network administrators, security architects, and network

managers, preventing issues from slipping through the cracks and minimizing errors caused by poor communication.

Juniper Networks MX Series 3D Universal Edge Routers, EX Series Ethernet Switches, and SRX Series Services Gateways

interoperate with all major hypervisors. And, Juniper innovations like Virtual Chassis technology on the EX Series switches

and VPLS on the MX Series routers represent a distinct advantage that allows seamless migration of virtual machines.

By partnering with best-in-class third-party companies, including hypervisor vendors like VMware and security vendors like

Altor Networks, Juniper can now extend the true value of its proven enterprise solutions beyond the physical network and into

the virtual network. Juniper solutions also offer low latency, high performance, scalability, high availability, and a consistent

orchestration of the physical and virtual network—all of which contribute to making Juniper Networks a leading provider of

solutions for data center server virtualization environments.

vNetwork Distributed Switch(VMware)

Virtual Control

VMwareAPI

vCenter Server(VMware)

4

13

2

SPACE 5

2000349-001-EN April 2010

Copyright 2010 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, JUNOS, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

Printed on recycled paper



Appendix A: Juniper Virtual Server Networking Solution in a Nutshell

Table 2: Juniper Virtual Server Networking Solution

AREA (5 SS) KEY PROBLEM JUNIPER SOLUTION

Speed Lower latency for inter-VM communication and

VM migration

Virtual Chassis on all access switches includes

new 10GbE solutions that reduce latency. STP

free designs increase cross-sectional bandwidth.

Scale Making VLANs and VLAN-based services

omnipresent

Software

Security Securing the VM-VM traffic inside a physical

server

Combination of SRX Series platforms and Altor

Network’s VF (virtual firewall) to secure traffic

inside a physical server and also during VM

migration.

Switching (inter-VM) • Overcoming limitations of software-based

virtual switches

• Blurred responsibilities between server and

network administrators

By implementing VEPA standard on all Juniper

switches, the inter-VM switching is handled by

the physical switch (instead of the software

virtual switch). This increases performance and

features available for the virtual network.

Simplified management Consistent management of the physical and

virtual network to reduce errors and accelerate

deployment

Junos Space Virtual Control, a web-based

application, provides end-to-end orchestration

between the physical and virtual network.

About Juniper Networks

Juniper Networks, Inc. is the leader in high-performance networking. Juniper offers a high-performance network infrastructure

that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single

network. This fuels high-performance businesses. Additional information can be found at www.juniper.net.

Solutions for Deploying Server Virtualization in...

Documents

Transcript of Solutions for Deploying Server Virtualization in...