What are virtual networks and why they are here to stay

The computer networks we typically imagine involve various cables (Ethernet, fiber optic, coaxial) connected to devices like routers and switches that direct packets of data to where they need to go.

The rise of Wi-Fi and cellular data networks has replaced some of those wires with wireless signals, but even radio waves are in the physical realm, connecting back to cell towers or Wi-Fi access points.

In the seven-layer OSI network reference model, all network devices, processing, and communications occupy the lowest three layers: Layer 3 (Network), Layer 2 (Data Link), and Layer 1 (Physical).

In a virtual network, all of this activity happens in software.

Virtual networks might exist entirely within a single physical machine—a server. Or they might constitute an abstraction layer that runs on top of the physical network, which might have a completely different configuration and topology than the virtual network.

Building a virtual network is a complex undertaking, but the benefits are huge: Reconfiguring a network is done simply by changing a file, rather than through laborious manual labor that might involve crawling through ductwork.

How does virtual networking work?

To understand how virtual networking works, let's start with a related and more familiar concept: a virtual machine (VM). Most of us are familiar with virtual machines, which make it possible to run multiple instances of an application on a single physical machine.

These virtual machines don't really "know" that they are virtual; all of the system calls and other communications they normally make with the underlying hardware are intercepted by a layer of software called a hypervisor. The hypervisor handles requests from multiple virtual machines running on the same machine to make the most efficient use of the underlying hardware resources.

The VM can even translate instructions across hardware platforms, so that a VM can run on an x86 machine even if it was designed for an ARM processor. The hypervisor can return the results that the VM expects to receive from the hardware.

Virtual networks are based on the same principle. Software is configured to emulate a network with the specific topography desired by the administrator. Like VMs, virtual networks are able to work their magic because the operating systems and applications that communicate with them don't know (or care) whether they are talking to a real switch or a virtual switch (vSwitch).

They simply send packets with specific network routing information in the header and expect to receive similar packets in return. Because this communication is standardized, it is easy to build software that can emulate the behavior of a physical network card, switch, or router, and tools like Open vSwitch can indeed run on a hypervisor or as a control stack for physical network hardware.

Once the hypervisor has those packets, it has to figure out how to route them to their destination, just like physical network hardware. The difference is that the hypervisor has to translate information about the software-defined virtual network (the network our computer "thinks" it's connected to) into information about the actual underlying physical environment.

One computer may think it is sending a packet to another computer on the same local area network, but in reality the two computers may be located in different countries—or they may be two virtual machines running on the same server.

The hypervisor typically solves this problem by encapsulating the packet in another packet with different routing information in the header, and then hands that packet off to the physical network infrastructure. Once that packet reaches its destination, the outer packet is stripped off; the system receiving the packet will think it arrived via the virtual network, not the actual physical network it traversed.

Needless to say, implementing a virtual network requires a lot of work and ingenuity. Why go through the trouble? Descriptions of the different types of virtual networks will provide a sense of real-world scenarios where they are useful.

Types of virtual networks

An important distinction is between internal and external virtual networks. Internal virtual networks are used to connect multiple virtual machines running on the same server. In this case, the hypervisor does not need to encapsulate network packets and send them to the real network; it just figures out which virtual machine they are for and delivers them.

It may seem odd to use a protocol developed for computer-to-computer communication as a way for two processes running on the same physical hardware to communicate. But remember, one of the benefits of virtualization is that you can run multiple operating systems out of the box on the same server as completely separate and independent processes.

The use of standard network packets and protocols for this purpose, and their associated security infrastructure, means that these VMs can run and communicate with each other without modification.

On the other hand, an external virtual network involves separate physical computers (or a mix of VMs and physical machines). In this case, the machines are connected via traditional physical network equipment (including connections over the open Internet), but the network administrator will create a virtual network topology that is different from the underlying physical network topology.

Virtual networks are divided into three categories and can be either internal or external:

• A Virtual Private Network (VPN) is the simplest form of virtual networking. The most common scenario is a computer connected to a local corporate network over the open Internet. From the perspective of that computer and the other computers that interact with it, once the VPN is established, the computer is part of the LAN, even if it is remote.
• A virtual local area network (VLAN) is more complex: it consists of an entire local area network that is virtually defined. VLANs can be created by dividing a single physical LAN into multiple VLANs or by combining physically separate LANs into a single VLAN.
• Virtual Extensible LAN (VXLAN) is an enhancement of VLAN that allows large LANs to be segmented into more independent VLANs and also makes it easier to migrate VMs without service interruption, both of which are critical infrastructure for the cloud.

Advantages and benefits of virtual networks

Virtual networks are absolutely necessary when you run multiple virtual machines on the same hardware—a common scenario in cloud computing. At the same time, creating VLANs and VXLANs on top of existing physical networks enables administrators to quickly restructure networks to suit their needs—and often automatically in the age of infrastructure as code. This is difficult or impossible to do by manually rebuilding a physical network.

The benefits of virtual networks include:

• Reduce costs and maintenance associated with physical network hardware.
• Simplify network management with centralized and automated control.
• Provides more flexible and fine-grained network configuration options.

These benefits all help increase IT productivity and reduce management costs, which is a big reason why virtual networks are here to stay.