Network Virtualization

Definition:
Network Virtualization (NV) is the process of combining hardware and software network
resources and network functionality into a single, software-based administrative entity
called a virtual network.
It abstracts physical network resources like switches, routers, and network links and allows
multiple virtual networks to run on a shared physical infrastructure.

"It enables the creation of multiple logical (virtual) networks, each with its own topology,
traffic policies, and security settings, on a common physical network."

Network Virtualization Architecture

1. Infrastructure Providers (Bottom Layer)

• Own and manage the physical network infrastructure such as routers, switches, fiber
links, servers, etc.
• They provide raw network resources to higher layers.
• Examples: Telecom companies, data centers, ISPs.

2. Virtual Network Provider

• Acts as an intermediary between infrastructure and operators.
• Leases physical resources from infrastructure providers.
• Uses virtualization techniques to create virtual network components (e.g., virtual
switches, routers, links).
• Packages these into logical units to be further customized by virtual network
operators.

3. Virtual Network Operators

• Build customized virtual networks on top of the virtual infrastructure provided.
• Handle network policies, routing, addressing schemes, etc.
• Add services like security, load balancing, and QoS (Quality of Service).

4. Service Provider
• Provides network services directly to users.
• May aggregate or resell services from multiple virtual network operators.
• Responsible for managing user accounts, billing, service-level agreements (SLAs), and
user experience.

5. Virtual Network Users (Top Layer)

• The end users who consume network services.
• Could be individuals, organizations, or applications using virtualized networks for
communication and data transfer.

Key Features:
• Separation of physical and logical network resources.
• Improved network flexibility, scalability, and efficiency.
• Centralized management using software-defined controls.
• Enables multi-tenancy and network isolation.

Need for Network Virtualization:

• Rapid provisioning of network services.
• Efficient resource utilization.
• Enhanced network security and isolation.
 • Facilitates cloud computing and multi-tenant environments.

Types of Network Virtualization:

Network Virtualization can be broadly categorized into two types:

1. External Network Virtualization

Definition:
Combines multiple physical networks into a single virtual network or splits a single physical
network into multiple logical networks.

Used for:
• Data centers
• Enterprise networks
• WANs (Wide Area Networks)

Techniques:
• VLAN (Virtual LAN)
• VPN (Virtual Private Network)
• VXLAN (Virtual Extensible LAN)

Diagram:
+-----------------------------+
| Physical Network |
| [Switches] [Routers] |
+-----------------------------+
↓ Virtualization
+-----------------------------+
| Virtual Network Layer |
| VLAN-10 VLAN-20 VLAN-30|
+-----------------------------+

2. Internal Network Virtualization

 Definition:
Creates virtual networks within a single system using virtualization techniques.

Used for:
• Virtual Machines (VMs) within a server
• Virtual NICs (vNICs)
• Hypervisors

Techniques:
• Virtual Switches
• vNICs
• Software-defined network components

Diagram:
+----------------------------------+
| Physical Server |
| +-------------+ +-------------+ |
| | VM1 | | VM2 ||
| | vNIC 1 | | vNIC 2 | |
| +------+------+ +------+------| |
| ↓ ↓ |
| Virtual Switch / Bridge |
+----------------------------------+

Advanced Concept: SDN + NFV

• Software-Defined Networking (SDN): Separates control plane and data plane,
providing centralized control.
• Network Function Virtualization (NFV): Virtualizes entire network services (e.g.,
firewalls, load balancers).

Advantages of Network Virtualization:

• Flexibility and Agility

 • Cost-effective (reduces hardware dependence)

• Enhanced security and isolation

• Easy scalability

• 🛠 Better testing and deployment environments

Disadvantages:

• Complex to manage and troubleshoot

• Performance overhead (due to abstraction layers)

• Potential security risks if not configured properly

Types of Network Virtualization Tools and Their Functionalities

Introduction:

Network Virtualization Tools are software platforms and technologies used to create, manage, and
optimize virtual networks. These tools allow multiple virtual networks to run on the same physical
hardware, enabling better resource utilization, flexibility, scalability, and network automation.

Main Types of Network Virtualization Tools:

Network virtualization tools can be categorized based on the layers they work on and their
functionalities.

1. Virtual LAN (VLAN)

Functionality:

• Divides a physical network into multiple logical LANs.

• Provides isolation between broadcast domains.

• Useful for segmenting networks based on departments or security levels.

Diagram:

+-----------+ +-----------+

| VLAN 10 | | VLAN 20 |
| HR Dept | | IT Dept |

+-----------+ +-----------+

↓ Shared Physical Switch ↓

+--------------------------------+

| Physical Network |

+--------------------------------+

2. Virtual Private Network (VPN)

Functionality:

• Creates a secure tunnel over a public network.

• Ensures privacy, encryption, and remote access.

• Commonly used for connecting remote employees or branch offices.

Diagram:

[Client] --- Encrypted Tunnel --- [VPN Server]

↘ ↙

Internet (Public Network)

3. VXLAN (Virtual Extensible LAN)

Functionality:

• Overcomes VLAN scalability limitations by using a 24-bit identifier (up to 16 million

segments).

• Encapsulates Layer 2 Ethernet frames into UDP packets for Layer 3 networks.

• Used in cloud data centers and large-scale environments.

Diagram:

[VM1 - VXLAN 5001] → Encapsulation → IP Network → Decapsulation → [VM2 - VXLAN 5001]

4. Virtual Switches (vSwitches)

Functionality:

• Software-based switch inside a virtualized environment (e.g., VMware, Hyper-V).

• Connects virtual machines (VMs) internally or with the external network.

• Supports switching, filtering, and monitoring of VM traffic.

 Diagram:

+----------+ +----------+

| VM1 | | VM2 |

| vNIC | | vNIC |

+----+-----+ +----+-----+

| |

| Virtual Switch (vSwitch)

|__________|___________

Physical NIC to Network

5. SDN Controllers (Software-Defined Networking)

Functionality:

• Separates the control plane from the data plane.

• Centralized management of traffic flow, routing, and security policies.

• Communicates with devices via OpenFlow or REST APIs.

Diagram:

+---------------------+

| SDN Controller |

+---------------------+

↓ ↓ ↓

[Switch] [Router] [Firewall]

Physical Infrastructure

6. Network Function Virtualization (NFV)

Functionality:

• Virtualizes entire network functions such as:

o Firewalls

o Load balancers

o IDS/IPS

• Replaces dedicated hardware appliances with virtual machines.

 Diagram:

+------------+ +----------------+ +---------------+

| Virtual FW | -> | Virtual Load | -> | Virtual Router|

| | | Balancer | | |

+------------+ +----------------+ +---------------+

7. Hypervisor Network Tools (VMware NSX, Microsoft Hyper-V, etc.)

Functionality:

• Integrated with virtualization platforms.

• Provides micro-segmentation, distributed switching, and routing inside VMs.

• Examples:

o VMware NSX: Complete network virtualization and security platform.

o Microsoft Hyper-V Virtual Switch: Layer-2 virtual switch for Windows Servers.

8. Open vSwitch (OVS)

Functionality:

• Open-source multilayer virtual switch.

• Designed for SDN environments and integrates with OpenStack, Kubernetes.

• Supports VLANs, VXLANs, GRE tunnels, QoS.

Conclusion:

Network Virtualization Tools are critical in modern cloud, enterprise, and telecom networks. Each
tool has specific roles in enhancing:

• Security

• Scalability

• Network automation

• Cost-efficiency

Understanding and using the right tool for the right scenario ensures better network performance
and agility.
 VLAN Architecture – Detailed Explanation with Diagram

Introduction to VLAN (Virtual Local Area Network):

A VLAN is a logical grouping of devices in a LAN, irrespective of their physical location, that
communicate as if they are on the same physical network.

It helps in segregating broadcast domains, enhancing security, simplifying management, and

improving performance.

Why VLAN is Needed:

Without VLANs:

• All devices in a LAN are in a single broadcast domain.

• High broadcast traffic reduces efficiency.

• Lack of segmentation = weak security and poor management.

With VLANs:

• Each VLAN is a separate broadcast domain.

• Devices in one VLAN cannot directly communicate with another without a router.

• Provides logical segmentation of the network.

Key Components of VLAN Architecture:

Component Description

Switch Supports VLANs and handles data forwarding.

VLAN ID Unique identifier assigned to each VLAN (range: 1 to 4094).

Access Port Belongs to a single VLAN; connects end devices like PCs and printers.

Trunk Port Carries traffic for multiple VLANs between switches using tagging.

VLAN Tagging Uses IEEE 802.1Q to add VLAN ID in Ethernet frame for trunk ports.

Router/Layer 3 Switch Used for inter-VLAN communication.

 Types of VLAN

1. Default VLAN

• Every switch port is initially part of the default VLAN, which is usually VLAN 1.

• Used for basic communication when the switch is first initialized.

• Cannot be deleted or renamed on most switches.

2. Data VLAN (User VLAN)

• Carries user-generated traffic (e.g., emails, web browsing).

• Most commonly configured VLAN type.

• Used to segregate traffic based on departments like HR, Sales, IT.

Example:
VLAN 10 - HR Department
VLAN 20 - IT Department

3. Voice VLAN

• Special VLAN used to carry VoIP (Voice over IP) traffic.

• Ensures high priority, low latency, and reliable communication.

• Supports Quality of Service (QoS).

Example: VLAN 50 – IP Phones

4. Management VLAN

• Used to remotely manage network devices like switches and routers.

• Provides access for protocols like Telnet, SSH, SNMP.

• Isolated from user traffic for better security.

Example: VLAN 99 – Network Admins only

5. Native VLAN

• Used for untagged traffic on trunk ports.

• On Cisco switches, the default native VLAN is VLAN 1.

• Best practice is to assign a non-default VLAN as native for security.

 6. Private VLAN (PVLAN)

• Subdivision of a VLAN into smaller isolated groups.

• Used in data centers and cloud hosting.

• Types within PVLAN:

o Promiscuous – can talk to all.

o Isolated – can only talk to promiscuous.

o Community – can talk to each other and promiscuous.

Types of VLANs Based on Configuration

1. Port-Based VLAN (Static VLAN):

• VLAN is assigned to a specific port on the switch.

• Devices connected to that port automatically become part of the VLAN.

• Most common and simple to configure.

Easy to manage
Not flexible – if a device moves to another port, VLAN settings must be updated

2. MAC-Based VLAN:

• VLAN is assigned based on the MAC address of the device.

• Regardless of which port the device connects to, it will be in the same VLAN.

• Useful in dynamic environments like campuses or mobile users.

Device mobility
Complex to configure and manage

3. Protocol-Based VLAN:

• VLAN is assigned based on the protocol type (e.g., IP, IPX, AppleTalk).

• Traffic is grouped by Layer 3 protocols.

• Suitable for multi-protocol networks.

Supports legacy or specialized systems

Not commonly used in modern IP-only networks
4. Policy-Based VLAN (Dynamic VLAN):

• VLANs are assigned using policies, based on username, time, device type, etc.

• Often managed via a RADIUS server (e.g., using Cisco’s VLAN Management Policy Server -
VMPS).

Highly flexible and automated

Requires extra infrastructure and configuration

5. Voice VLAN:

• Special VLAN designed to carry VoIP traffic.

• Ensures low latency, high QoS for voice communication.

• Configured separately from data VLANs.

Comparison Table:

Type Basis Advantage Limitation

Port-Based VLAN Switch Port Simple to configure Not flexible if devices move

Difficult to manage large

MAC-Based VLAN MAC Address Mobility across ports
networks

Protocol-Based Supports multi-protocol

Layer 3 Protocol Rare in IP-only networks
VLAN traffic

User/Device
Policy-Based VLAN Dynamic & scalable Needs external server setup
Policies

Voice VLAN VoIP Traffic Optimized for voice Specific to VoIP only

VLAN Architecture Diagram:

pgsql

CopyEdit

+-------------------+

| Router |

| (Inter-VLAN) |

+--------+----------+

|
 +-----+------+

| Switch | ← Trunk Port (Carries multiple VLANs)

VLAN 10 ---| |--- VLAN 20

(HR Dept) +-------------+ (Finance Dept)

| | |

PC1 (HR) PC2 (HR) PC3 (Finance)

Access Ports Access Ports Access Ports

VLAN 10 VLAN 10 VLAN 20

How VLAN Works:

1. Each port on a switch is assigned to a specific VLAN.

2. Devices connected to the same VLAN can communicate directly.

3. Traffic between different VLANs is routed via a Layer 3 device.

4. 802.1Q tagging is used on trunk links to carry multiple VLANs.

5. Reduces broadcast traffic by keeping it within the VLAN.

Advantages of VLAN Architecture:

• Security – Devices in different VLANs can’t talk without a router.

• Improved Performance – Limits broadcast domains.

• Simplified Management – Logical grouping of users.

• Flexibility – Devices can be grouped by function, not location.

 Basic Components and Architecture of WAN Virtualization

Introduction to WAN Virtualization:

WAN Virtualization refers to the abstraction and pooling of multiple Wide Area Network (WAN)
links into a single virtual network. It improves bandwidth utilization, reduces costs, increases
reliability, and ensures better performance for enterprise networks.

This is commonly implemented using technologies like SD-WAN (Software Defined WAN).

Why WAN Virtualization?

Traditional WANs:

• Rely on costly MPLS links.

• Lack agility and flexibility.

• Cannot efficiently handle modern cloud-based apps.

WAN Virtualization:

• Aggregates multiple connections (MPLS, broadband, LTE, etc.).

• Creates a virtual overlay network.

• Centralized control and intelligent routing.

Basic Components of WAN Virtualization:

Component Function

Edge Devices (CPE) Devices at branch/remote offices that perform virtualization.

WAN Links Physical connections like MPLS, 4G/5G, DSL, Broadband, etc.

Virtual Overlay Network Logical network built over physical WAN links.

SD-WAN Controller Central management entity that monitors and controls routing decisions.

Orchestrator Provides configuration, monitoring, and policy enforcement.

Virtual Tunnels Secure tunnels (IPsec/GRE) between sites for data transmission.

Architecture of WAN Virtualization:

1. Physical Layer (Underlay Network):

• Comprises all physical WAN links (e.g., MPLS, LTE, broadband).

• Responsible for basic connectivity.

2. Virtual Layer (Overlay Network):

• Uses encapsulation protocols to create virtual tunnels.

• Abstracts underlying connections into a single logical path.

3. Control Plane:

• Managed by SD-WAN controllers.

• Handles routing decisions, network policies, QoS, and failover.

4. Management Plane:

• Managed by orchestrators.

• Provides centralized monitoring, analytics, and reporting.

Architecture Diagram:
 Key Features and Benefits:

Feature Benefit

Bandwidth Aggregation Combines multiple links for better utilization

Failover & Redundancy Ensures high availability

Traffic Steering Routes traffic based on application priority

Centralized Control Easy configuration and policy management

End-to-End Encryption Enhanced security over public networks

Application Awareness Improves performance by recognizing app types

Use Cases of WAN Virtualization:

• Multi-branch Enterprises – connect remote offices securely and efficiently.

• Cloud Access Optimization – better performance for apps like Office 365, Zoom, etc.

• Hybrid WAN Deployment – combine MPLS with cheaper broadband/LTE links.

Conclusion:

WAN Virtualization, especially through SD-WAN, transforms traditional wide area networking by
offering cost-effective, reliable, and high-performance connectivity. It enables organizations to
adapt to the demands of cloud computing, remote work, and digital transformation with flexibility
and control.

Comparison between WAN and VLAN

Introduction:

• WAN (Wide Area Network) and VLAN (Virtual Local Area Network) are both types of
network technologies, but they serve different purposes.

• WAN connects devices over large geographical distances, while VLAN logically segments a
local network into multiple sub-networks.

What is WAN?

• WAN is a telecommunication network that extends over a large geographic area, such as
cities, countries, or even continents.

• Example: The Internet is the largest WAN.

 Example:

An MNC like TCS connects its Chennai, Bangalore, and Hyderabad offices using WAN.

What is VLAN?

• VLAN is a logical segmentation of a physical LAN, allowing devices to communicate as if

they are on the same network, even if they are not physically located together.

• Example: Separating HR and Finance departments in an office into different VLANs.

Detailed Comparison Table:

Feature WAN VLAN

Full Form Wide Area Network Virtual Local Area Network

Connects networks across Logically divides a LAN into smaller

Purpose
cities/countries networks

Geographical Covers large areas (inter- Limited to LAN scope (within

Scope city/international) buildings/offices)

Expensive due to leased lines, routers, Cost-effective – uses existing LAN

Cost
maintenance infrastructure

Slower compared to LAN/VLAN due to

Speed High speed – within local network
long distances

Less secure – uses public network, More secure – restricted to internal

Security
needs encryption network segments

Device
Routers, leased lines, satellites, etc. Managed switches, VLAN tags
Connection

Complex – involves ISPs, routing, Simple – configured on switches via

Configuration
firewalls port/MAC/policy

Internet, MPLS network connecting VLANs for HR, Finance, IT departments

Example
company branches in the same office

Protocol Used MPLS, PPP, Frame Relay, IP IEEE 802.1Q (VLAN tagging protocol)

Requires third-party service providers Maintained internally by network

Maintenance
(ISPs) administrators

Geographically flexible, not logically Highly flexible for internal segmentation

Flexibility
flexible and policy control
 Diagrammatic Representation:

WAN Example:

[Branch A - Chennai] ----

--> [Head Office - Mumbai]

[Branch B - Bangalore] ----

(Connected via Internet/MPLS)

VLAN Example:

Office LAN:

+-------------+--------------+--------------+

| HR VLAN | Finance VLAN | IT VLAN |

| Port 1–4 | Port 5–8 | Port 9–12 |

+-------------+--------------+--------------+

(Same switch, different VLANs)

Key Takeaways:

• WAN is about physical connectivity across distances.

• VLAN is about logical separation within local networks.

• WAN is external, often managed by ISPs; VLAN is internal, managed within organizations.

Conclusion:

While WANs are vital for connecting different office locations over long distances, VLANs offer
efficient internal network management by segmenting traffic based on departments or roles. Both
are essential in modern enterprise networking – WAN for broad connectivity and VLAN for internal
efficiency, security, and organization.

i) Advantages of Using Virtualization on a Network (5 Marks)

Network virtualization provides several key benefits that improve efficiency, scalability, and
manageability:

1. Improved Resource Utilization

 • Network virtualization consolidates resources, enabling better bandwidth and hardware
usage.

2. Enhanced Network Management

• Centralized control and automation simplify management and policy enforcement.

3. Cost Efficiency

• Reduces the need for physical hardware, saving on installation and maintenance costs.

4. Flexibility & Scalability

• New virtual networks can be created or modified quickly without hardware changes.

5. Increased Security

• Network isolation (e.g., through VLANs) protects sensitive data and minimizes attack
surface.

ii) Three Main Components of Network Virtualization (8 Marks)

Network virtualization typically includes three major components working together to abstract
and manage the physical network infrastructure:

1. Network Hypervisor (or Virtual Network Layer)

• Acts as the core virtualization engine.

• Abstracts the physical network into virtual segments.

• Allows creation of isolated virtual networks (overlay networks) over a shared underlay.

Example: VMware NSX, Cisco ACI, Open vSwitch.

2. Virtual Network Functions (VNFs)

• Software-based versions of traditional hardware network functions.

• Includes firewalls, routers, load balancers, etc.

• Deployed on virtual machines or containers instead of dedicated appliances.

Example: vFirewall, vRouter.

3. Management and Orchestration Platform

• Provides centralized management, automation, and policy enforcement.

• Manages network topology, resource allocation, and real-time monitoring.

Example: SDN controllers, NFV orchestrators, VMware vCenter.

 Diagram Suggestion (for exam presentation):

+--------------------------+

| Management Platform |

| (SDN Controller, etc.) |

+-----------+--------------+

+-----------v-------------+

| Network Hypervisor |

| (Virtual Switch, etc.) |

+-----------+-------------+

+-----------v-----------+

| Virtual Network |

| Functions (VNFs) |

+-----------------------+

Network Virtualization in a Business Environment

Introduction:

Network Virtualization (NV) is the process of combining hardware and software network resources
and functionality into a single, software-based administrative entity.
It enables the abstraction and segmentation of a physical network, creating multiple virtual
networks for different applications, users, or departments.

Classification of Network Virtualization:

Network Virtualization can be broadly classified into:

1. External Network Virtualization

• Combines multiple physical networks or parts of networks into a single virtual network.

• Typically used in data centers to connect several LANs into one logical unit.

Examples:
 • VLAN (Virtual LAN)

• VPN (Virtual Private Network)

2. Internal Network Virtualization

• Creates virtual network interfaces within a single system (server or switch).

• Allows different applications or services to communicate over isolated virtual networks

within the same device.

Examples:

• Virtual switches in hypervisors (like vSwitch in VMware)

• Network segmentation for virtual machines.

3. Software-Defined Networking (SDN)

• Separates the control plane from the data plane.

• Offers centralized control through a controller, enabling automated and programmable

networks.

Examples:

• OpenFlow, Cisco ACI, VMware NSX

4. Network Function Virtualization (NFV)

• Virtualizes network services such as routers, firewalls, and load balancers.

• Services are no longer tied to hardware but are deployed as software on virtual machines
or containers.

Examples:

• vFirewall, vRouter, vSwitch

How Network Virtualization Enhances Network Efficiency:

1. Resource Optimization

• Maximizes the use of physical network resources by dynamically allocating bandwidth and
devices.

• Reduces hardware dependency.

 2. Improved Scalability

• New virtual networks and services can be deployed instantly, without physical changes.

• Supports cloud-based and hybrid environments.

3. Faster Deployment and Flexibility

• Virtual networks can be configured, deployed, and adjusted in real-time using

management software.

• No downtime needed for hardware configuration.

4. Cost Efficiency

• Eliminates the need for additional physical infrastructure.

• Reduces power, cooling, and space requirements in data centers.

5. Enhanced Security

• Isolated virtual networks prevent unauthorized access between departments or services.

• Easier to implement firewall policies and security zones.

6. Centralized Management

• Simplifies network administration by using SDN controllers and dashboards.

• Ensures real-time monitoring, analytics, and policy enforcement.

7. High Availability & Disaster Recovery

• Virtualized networks are replicable and portable, ensuring quick recovery during failures.

• Load balancing and fault tolerance become easier to implement.

Example in a Business Setup:

A company uses VLANs to separate its HR, Finance, and IT departments, VPN to connect remote
workers securely, and NFV to deploy firewall and load balancing as software—all managed through
an SDN controller. This setup reduces cost, increases security, and ensures efficient operation.

Conclusion:
Network Virtualization is a game-changer in modern business environments. It not only reduces
operational costs and increases agility, but also enhances network efficiency, scalability, and
control. As businesses move towards cloud computing and remote work, virtualization becomes a
key enabler for digital transformation.