NETWORK VIRTUALIZATION:

Six Best Practices for Overcoming

Common Challenges
n TECH DOSSIER
SIX BEST PRACTICES FOR OVERCOMING COMMON CHALLENGES
Many organizations that have realized the benets of server virtualization are ready to move to
network virtualization. By combining hardware and software resources and functionality into a
single, software-based administrative entity, these organizations can reap the benets of greater
data center agility.
But network virtualization presents new challenges. The network is not a xed platform like a
server; it is a dynamic, uid, multivendor environment that wasnt built with network virtualization
in mind. To complicate matters, very few data centers will be 100 percent virtualized; many work-
loads will run only in physical environments. Thankfully, these challenges are not insurmountable.
With a bit of planningand the following best practicesorganizations can overcome these
challenges with a simple, open and smart approach.
BEST PRACTICE #1: ESTABLISH A SOLID FOUNDATION

The success of a virtualized overlay network rests on the health and stability of the underlying physical
network. Before taking any steps to virtualize the network, make sure the physical network is in order.
It should be application-location independent, and it must exhibit any-to-any connectivity with fairness
and non-blocking behavior for deterministic performance. This will ensure network behavior will not
vary based on the location of virtual machines. The physical network should also have low latency, low
jitter, and no packet loss under congestion.
BEST PRACTICE #2: ENABLE UNIVERSAL CONNECTIVITY

Network virtualization will require connecting applications between virtual networks (often based on
different encapsulation protocols like VXLAN or NVGRE), between virtual networks and physical networks,
and between physical data centers. Universal software-dened networking (SDN) gateways provide
advanced, exible physical and virtual network routing and bridging connections and translations
6
B
E
S
T

P
R
A
C
T
I
C
E
S
n TECH DOSSIER
2
SIX BEST PRACTICES FOR OVERCOMING COMMON CHALLENGES
required for inter-, intra- and cross-virtual network communications
for example, when separate virtual networks are used for production
and test environments. A universal SDN gateway lets compute
resources move between networks, either within physical data centers,
between physical data centers, or between a physical data center
and a cloud environment.
BEST PRACTICE #3: BUILD THE SHORTEST
BRIDGES POSSIBLE BETWEEN THE VIRTUAL
AND PHYSICAL WORLDS

To reach a client application, virtual networks must connect to a phys-
ical device somewhere, along with legacy physical applications and
database servers. Bridges, or Layer 2 gateways, between virtual and
physical worlds support the connection of physical environments, and
they should be deployed as close to the physical resources as possible.
For larger pools of physical resources, gateways should be deployed in
upper tiers of the data center network for efciencies of scale.
For example, it may be necessary to connect to physical servers running
bare-metal applications, or applications that dont run well in virtualized
environments, like Hadoop. These gateways should be deployed at the
access tier. When connecting to a large pool of physical resources, such
as a physical data center or a large number of physical applications,
the gateway should be deployed at the networks core/aggregation tier.
Finally, when running multiple virtual networks within a single physical
environment (as in IT as a Service or Infrastructure as a Service sce-
narios), the gateway should be deployed at the edge routing tier.
All gateways should also be automatedprogrammatically controlled
so they can be built and torn down automatically based on where a
virtual machine needs to connect between virtual and physical networks.

BEST PRACTICE #4: PREVENT VIRTUAL NETWORK
PERFORMANCE, DEGRADATION AND
RELIABILITY ISSUES

Virtual overlay networks are designed to imitate all aspects of the
underlying physical network, subjecting the overlay network to perfor-
mance, degradation and reliability issues when broadcast, unicast
or multicast packets are ooded to all devices within a broadcast
domainstandard network behavior that physical equipment is
designed to handle. However, broadcast, unicast and multicast ooding
place an exponential burden on the servers hosting the virtual network.
Hardware-based overlay replication ofoads broadcast, unicast and
multicast packets from the virtual network, allowing purpose-built
hardware-based devices to convert these packets into standard broad-
cast, unicast or multicast packets. These packets are then forwarded
to their receivers, delivering performance, scale and reliability.
BEST PRACTICE #5: ADOPT A SINGLE APPROACH
TO SECURITY

Using a single security approach to protect both physical and virtual
resources reduces errors and security gaps that can occur when
multiple methods are used. A single approach will also simplify admin-
istrative tasks and prevent duplication of efforts, reducing overhead.
BEST PRACTICE #6: ADOPT A COMMON APPROACH
TO NETWORK MANAGEMENT AND AUTOMATION

This approach should be extended to network management and auto-
mation efforts as well. A single pane of glass providing consolidated
visibility into the entire network will help identify and arbitrate where
issues lie. For example, a common network management platform
expedites troubleshooting by identifying where packets are owing and
where issues may existwhether a physical network misconguration
or an overloaded hypervisor dropping packetsand it also prevents
nger-pointing.
It is also advisable to establish a single point of automation to achieve
consistent behavior across physical and virtual networks.

ACHIEVE NETWORK VIRTUALIZATION BEST
PRACTICES WITH JUNIPER NETWORKS AND VMWARE

Juniper Networks MetaFabric Architecturea simple, open and
smart approach to data center designaccelerates the deployment
and delivery of applications within and across multiple data centers.
Delivered via a comprehensive portfolio of switching, routing, orches-
tration, SDN and security solutions as well as technology partnerships,
MetaFabric protects investments by allowing organizations to adapt to
changing data center needs. Customers can optimally deploy, utilize and
manage a unied pool of resources across multiple data centers with
greater agility, cost efciencies and end-user application experience.
Juniper delivers VMware NSX Layer 2 gateway services as part of the
MetaFabric Architecture on select Juniper switches and edge routers
to bridge virtual and physical environments in the data center. The
combination of Juniper and VMware optimizes applications and data
center efciencies, allowing exible workload placement and workload
mobility while delivering a single pane of glass for conguring networks
across hypervisors and physical switches. n
To learn more about how Juniper can help you virtualize the
network, visit www.juniper.net/datacenter.
From devices to data centers,
from consumers to cloud providers,
Juniper Networks delivers the
software, silicon and systems
that transform the experience
and economics of networking.
n TECH DOSSIER
3
SIX BEST PRACTICES FOR OVERCOMING COMMON CHALLENGES
ADDITIONAL READING
LAYER 2 GATEWAY SERVICES FOR
VMWARE NSX
Juniper Integrates with NSX to Programmatically Connect
Physical and Virtual Environments
VMware NSX allows enterprises to rapidly deploy networking and security for any application by enabling the fundamental
abstraction of networks from networking hardware to create a virtual network.
With network virtualization, simplied logical networking devices and services are abstracted from the physical network
and exposed as logical networking objects across a fully distributed virtualization layer, consumable by third-party applica-
tions through northbound APIs. VMware NSX exposes these logical networking devices and services as logical ports, logical
switches, logical routers, distributed virtual rewalls, and virtual load balancers, all with monitoring, quality of service (QoS),
and security built in.
Juniper Networks leverages the NSX distributed service framework to integrate with the NSX platform. This integration
delivers Layer 2 gateway services that allow virtual networks to be bridged to any physical network environment to provide
a unied user experience. It also provides the ability to seamlessly integrate with any cloud management platform for
greater data center agility and scale.
THE CHALLENGE

Virtual networks must connect to a physical device at some point,
along with legacy physical applications and database servers, in order
to reach the client application. In addition, most data center environ-
ments will operate multiple virtualized Layer 2 networks, whether to
support separate production and development environments, busi-
ness continuity/disaster recovery efforts, multiple tenants, or other
unique business needs.
Bridges are required between physical and virtual networks, as well
as between separate virtual networks. The placement (or location)
of the bridges is critical to delivering agility and scale; if placed in the
wrong location, it could easily become a bridge to nowhere. Ideally,
bridges are placed as close to the physical element as possiblebe
it server, storage, or client applicationto provide the greatest data
center agility and scale.
Separate add-on bridges such as dedicated gateways increase opera-
tional complexities and add OpEx costs. Seamlessly bridging physical
and virtual networks to optimize application and operational efcien-
cies requires physical-to-virtual gateways to be integrated into the
physical network infrastructure. In addition, the physical infrastructure
must be exible enough to provide physical-to-virtual Layer 2 gateway
services at any point in the data center network topology to provide
on-demand connectivity between physical and virtual workloads.
JUNIPER NETWORKS LAYER 2 GATEWAY SERVICES
FOR VMWARE NSX

The VMware NSX network virtualization platform delivers the opera-
tional model of a virtual machine for the network. Similar to virtual
machines for computing, virtual networks are programmatically
provisioned and managed independent of the underlying networking
hardware. NSX reproduces the entire network model in software,
allowing diverse network topologies to be created and provisioned
in seconds. However, the challenge of connecting to the physical
environment remains.
Juniper addresses this challenge by delivering VMware NSX L2
gateway services to bridge the virtual and physical network environ-
ments on select top-of-rack switches, core/aggregation switches,
and enterprise routers to allow optimal NSX deployments for all data
center network topologies.
ADDITIONAL READING
n TECH DOSSIER
4
SIX BEST PRACTICES FOR OVERCOMING COMMON CHALLENGES
FEATURES AND BENEFITS

The combination of Juniper and VMware enables the programmatic
connection of VLANs to logical networks throughout the data center.
This optimizes applications and data center operational efciencies by:
Enabling programmatic connection of VLANs to logical networks
Providing choice of NSX L2 gateway integration across top-of-
rac switches, core/aggregation switches, and routers to bridge
virtual and physical networks in any data center topology
Delivering data center agility and scale
SOLUTION COMPONENTS

As a part of this solution, Juniper will provide VMware NSX Layer 2
gateway services on select Juniper Networks QFabric System
products and QFX Series top-of-rack switches, as well as for the
EX9200 line of programmable core/aggregation switches and MX
Series 3D Universal Edge Routers via a Juniper Networks Junos

oper-
ating system software release upgrade scheduled for mid-2014.
Whether providing connectivity between the virtual network
and physical hosts, between remotes sites, or between external
networks, Juniper L2 gateway services for VMware NSX provide
programmatic connections of VLANs to logical networks throughout
the data center, optimizing applications and data center operational
efciencies.
SUMMARYBRIDGING PHYSICAL AND VIRTUAL
DATA CENTER ENVIRONMENTS

Virtual networks created through VMwares NSX allow enterprises to
rapidly deploy networking and security for any application by enabling
the fundamental abstraction of networks from networking hardware.
Juniper Networks leverages the NSX distributed service framework
and SDK to integrate with the NSX platform and provide Layer 2
gateway services that allow the virtual network to be bridged to any
physical network environment. This integration provides a unied
user experience and the ability to seamlessly integrate with any
cloud management platform.
NEXT STEPS

To learn more about bridging physical and virtual data center
environments, please contact your Juniper Networks or VMware
representative.
ABOUT VMWARE

VMware is the leader in virtualization and cloud infrastructure solu-
tions that enable businesses to thrive in the Cloud Era. Customers rely
on VMware to help them transform the way they build, deliver, and
consume Information Technology resources in a manner that is evolu-
tionary and based on their specic needs. With 2012 revenues of $4.61
billion, VMware has more than 500,000 customers and 55,000 partners.
The company is headquartered in Silicon Valley with ofces throughout
the world and can be found online at www.vmware.com.
ABOUT JUNIPER NETWORKS

Juniper Networks is in the business of network innovation. From
devices to data centers, from consumers to cloud providers, Juniper
Networks delivers the software, silicon and systems that transform
the experience and economics of networking. The company serves
customers and partners worldwide. Additional information can be
found at www.juniper.net.
Copyright 2013 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos and QFabric are registered trademarks of Juniper
Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of
their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,
transfer, or otherwise revise this publication without notice.