What Is Network Virtualization?
Network virtualization is to simulate multiple logical networks on one physical network.
- At present, the more common network virtualization applications include virtual local area networks, that is, VLANs, virtual private networks, VPNs, and virtual network devices.
- The VLAN shown in Figure 1 means that the administrator can logically divide different users in the same physical local area network into different broadcast domains according to the actual application requirements, thus realizing the VLAN. Each VLAN is equivalent to an independent local area network. Computer users in the same VLAN can be interconnected and interoperable, while computer users in different VLANs cannot be interconnected and interoperable directly. Computer interconnection between different VLANs can be achieved only by configuring routing and other technical means.
- We know that the characteristics of the local area network are that the computers inside are interconnected. It can be seen from the user's perspective that the simulated logical network and physical network are exactly the same in experience.
- The web-based approach to virtualization is
- Virtual Private Network VPN "Virtual Private Network". VPN is defined as establishing a temporary, secure connection through a public network (usually the Internet), and is a secure and stable tunnel through a chaotic public network. Using this tunnel can encrypt the data several times to achieve the purpose of using the Internet safely. A virtual private network is an extension of an enterprise intranet. Virtual private network can help remote users, company branches, business partners and suppliers to establish a trusted and secure connection with the company's intranet, and is used to cost-effectively connect to the secure extranet virtual private network of business partners and users. VPN mainly uses tunnel technology, encryption and decryption technology, key management technology and user and device identity authentication technology.
Network virtualization capabilities
- VPN can provide functions: firewall function, authentication, encryption, tunneling.
- A VPN can be connected to the Internet through a special encrypted communication protocol, and a proprietary communication line is established between two or more corporate intranets located in different places. It is like setting up a dedicated line, like through a secure tunnel. Reach the destination without paying for the construction of the tunnel, but it does not need to actually lay physical lines such as optical cables. This is like going to a telecommunications bureau to apply for a dedicated line, but there is no need to pay for the laying of the line, nor to purchase hardware equipment such as routers. VPN technology was originally one of the important technologies of routers. VPN functions are supported in switches, firewall devices or Windows 2000 and above operating systems. In a word, the core of VPN is to use public networks to establish virtual private networks.
Common protocols for network virtualization
- Commonly used virtual private network protocols are:
- IPSec: IPsec (abbreviation IP Security) is a standard for protecting IP protocol secure communication. It mainly encrypts and authenticates IP protocol packets.
- IPsec as a protocol family (a series of interrelated protocols) consists of the following parts:
- (1) Protocol for protecting packet flow;
- (2) A key exchange protocol used to establish these secure packet flows.
- The former is divided into two parts: the encapsulated security payload (ESP) of the encrypted packet stream and the less-used authentication header (AH). The authentication header provides authentication for the packet stream and guarantees its message integrity, but does not provide confidentiality. So far, the IKE protocol is the only key exchange protocol that has been developed.
- PPTP: Point to Point Tunneling Protocol-A protocol for establishing an IP virtual private network (VPN) tunnel on the Internet. The main content is to establish a multi-protocol secure virtual private network communication method on the Internet.
- L2F: Layer 2 Forwarding
- L2TP: Layer 2 Tunneling Protocol
- GRE: Layer 3 Tunneling Protocol of VPN
- OpenVPN: OpenVPN uses the OpenSSL library to encrypt data and control information: It uses OpenSSL's encryption and authentication functions, which means that it can use any algorithm supported by OpenSSL. It provides optional packet HMAC capabilities to improve connection security. In addition, OpenSSL's hardware acceleration can also improve its performance.
- MPLS VPN combines tunneling technology and routing technology in one, absorbs the advantages of QoS guarantee based on virtual circuit VPN, and overcomes the shortcomings they have not solved. MPLS networking has excellent flexibility and scalability. Users only need one line to access the MPLS network to implement direct communication between any nodes. It can also implement star, full mesh, and any other Formal logical topology
How to use network virtualization
- I. Application for opening a portable network account
- The enterprise applies to the operator for leasing a number of accounts for portable network use (that is, license), and the enterprise manages and allocates the account. Enterprise administrators can set up different VPN domains, that is, different working groups, for each department that needs to use the portable network. For example, it can be divided into finance, personnel, marketing, and outreach. Members within the same working group can communicate with each other, which not only strengthens the communication between members, but also ensures the security of data. The various working groups cannot communicate with each other, ensuring the security of data within the enterprise.
- 2. Portable network client installation
- System requirements
- Tablelists installation instructions on computers with Microsoft Windows operating systems
- The minimum system requirements for carrying your network client software (yPND: your Portable Network Desktop). Computer configuration must meet or exceed minimum system requirements to successfully install and use portable network client software
- 2. Pre-installed
- To successfully install portable network client software, you must ensure the following:
- The computer meets the minimum system requirements listed in the System Requirements table.
- The installation program checks whether the system meets the requirements. If it is not met, the installation cannot be continued. The system must meet the minimum configuration requirements before installation.
- · You must have system administrator rights on your computer to install.
Network virtualization technology features
- Security guarantee
- Although there are many technologies and methods for implementing VPNs, all VPNs should ensure the specificity and security of data transmission through public network platforms. In terms of security, since VPN is built directly on the public network, it is simple, convenient, and flexible to implement, but at the same time its security issues are more prominent. Businesses must ensure that the data transmitted on their VPNs are not peeked and tampered by attackers, and that they prevent unauthorized users from accessing network resources or private information. [2]
- 2. Quality of Service Assurance (QoS)
- VPN networks should provide different levels of service quality assurance for corporate data. Different users and services have different requirements for service quality assurance. In terms of network optimization, another important requirement for building a VPN is to make full and effective use of limited WAN resources to provide reliable bandwidth for important data. The uncertainty of WAN traffic makes its bandwidth utilization very low, causing network congestion during peak traffic times, preventing data that requires high real-time performance from being sent in a timely manner, and causing a large amount of network bandwidth to be idle when traffic is low.
- QoS can implement bandwidth management according to priorities through traffic prediction and flow control policies, so that various types of data can be sent in a reasonable order and prevent blocking from occurring.
- 3. Scalability and flexibility
- The VPN must be able to support any type of data flow through the intranet and extranet, facilitate the addition of new nodes, support multiple types of transmission media, and meet the needs of new applications such as simultaneous transmission of voice, images, and data for high-quality transmission and increased bandwidth .
- 4. Manageability
- It should be easy to manage and maintain from the perspective of users and operators. The goals of VPN management are: to reduce network risks, to have the advantages of high scalability, economy, and high reliability. In fact, VPN management includes security management, device management, configuration management, access control list management, and QoS management.
Key advantages of network virtualization
- 1) Network construction is fast and convenient. Users only need to connect each network node locally to the public network using a dedicated line and configure the network.
- 2) Reduce network construction investment Since VPN is a virtual private network built on the basis of a public network, it can avoid the high software and hardware investment required to build a traditional private network.
- 3) Saving the cost of use The user adopts VPN networking, which can greatly reduce the link rental fee and network maintenance cost, thereby reducing the operating cost of the enterprise.
- 4) Network security and reliable implementation The VPN mainly adopts international standard network security technologies. By establishing logical tunnels and encryption at the network layer on the public network, network data is prevented from being modified and misappropriated, ensuring the security and integrity of user data.
- 5) Simplify the user's maintenance and management of the network A large number of network management and maintenance work is completed by the public network service provider.