In the same way that a traditional hypervisor can offer up a modular, replicable set of virtual server resources (including OS, CPU slice, network interfaces), a network hypervisor is a modular abstraction of reusable network services to assemble a flexible data center or cloud infrastructure. Sounds interesting so far, but what does the network hypervisor actually do?
The first function is to allow organizations to pre-define and replicate the modular network containers that abstract a rigid underlying network infrastructure from the needs of individual applications and services. An example of a network container might be defined to include individual components such as logical VM ports, load balancer and firewall. This logical network environment can be assigned and isolated to a particular tenant to provide the network services a particular application needs and where the application VMs can be placed. The figure below shows how some modular, pre-defined containers can be nested and plugged together to offer customized services for a particular tenant. A small number of defined containers can be replicated and plugged together in a large number of permutations to address a wide range of application requirements.
These flexible, pre-defined containers can be device agnostic, just like their server counterparts, and help provide security and quality of service through tenant isolation, as well as application resiliency. During the application and VM provisioning process, the defined network containers advertise their capabilities and are deployed along with the VM in the proper locations. Just like the VMs they are aligned with, the network containers are location-independent and handle all the changes required during VM-mobility, ensuring that the application has the same network services in the new location. Obviously this goes well beyond just the layer 2 and 3 networking services, through to the layer 4-7 application services like load balancing, WAN optimization, and security as mentioned earlier.
Cisco OverDrive is our Network Hypervisor product and we are using it to great success to enable customers to define, build and deploy flexible, cloud-based infrastructures that can automate the deployment of a wide range of virtual applications. As new VMs come online, the OverDrive Network Hypervisor defines and deploys the network access and security models across all required infrastructure devices (routers, switches, firewalls) as needed, to deliver the cloud service to the defined end users. The entire process is completed in seconds and can include the setup and deployment of network routes, VPNs, VLANs, and ACLs, the deployment of security certificates, the configuring of firewall rules and DNS entries, all defined through the business policy and deployed automatically without any chance of command-line mistakes by overtaxed network engineers that may introduce security gaps.
In the coming weeks, I hope to build on this network hypervisor concept and show how OverDrive can be connected to other cloud orchestration systems to automate workflows for the entire application and server provisioning process. In the meantime, for more information, I would suggest starting here.