Vendors tout virtualization features

Applied to servers or storage, virtualization lets users host dozens or hundreds of server operating system instances, or divide and control the amounts of storage on different disks, both from a few large machines. The technology provides lower operational costs and less complexity, proponents say.

Network vendors say virtualization also can apply to enterprise core and edge routing. For segmenting an enterprise into various subnetworks - with different rules and controls - users can tap into virtual routing features in switches instead of buying and plugging in new chassis or boxes to do this separation.

The concept of virtual networking is nothing new, as virtual LAN (VLAN) technology for years has been a tried and tested way to set up secure, separate LAN segments on a single Ethernet switch or across multiple switches. Many vendors now are touting the virtualized routing features inside their core chassis switches as a similar tool for segmenting parts of an enterprise at Layer 3 and providing more security and control over internal and external network traffic.

In MPLS carrier networks, Virtual Routing and Forwarding (VRF) is used to segregate customer traffic into separately routed segments, sometimes operating on the same box. For corporate use, VRF-lite (a smaller-scale implementation that does not require MPLS), carves a single router into multiple virtual boxes, vendors say. Extreme, for instance, includes virtual router configuration as a feature in its modular ExtremeWare XOS switch operating system. Juniper supports the technology on its ISG line of security router/firewalls, as well as other routing platforms. Cisco includes support for VRF and VRF-lite in the IOS version of its Catalyst 6500 switch.

Foundry Networks' NetIron switches support Multi-VRF, which lets users create virtual routing domains in a box. These domains, similar to Layer 2 VLANs, segregate traffic flows. Users can install firewalls outside the box or internal access-control lists to regulate what traffic is shared among virtual router segments.

"If you have four or five network segments, you can create four or five different routing tables for each of these" using technologies such as VRF, says Hasan Siraj, a product manager for Cisco's Catalyst 6500 switch family. "These routing tables will be maintained throughout the network, and you can even have overlapping IP addresses between these two networks, and they would not know about it."

VRF and VRF-lite are activated and configured through commands in Cisco IOS, which is required to run virtualized, routed segments on a Catalyst 6500, according to Marie Hattar, marketing director for Cisco's router and switch products.

"What we're looking for, in terms of a future implementation, is how we can evolve the IP-based technology to make it easier to do virtualization," Hattar says.

She says Cisco is working on new technologies that will help make virtual routing configurations easier to set up. She didn't say whether this technology will take the form of a GUI for configuring protocols such as VRF or Generic Route Encapsulation, or some other method.