Network Management in the World of Virtualization

Previously, I posted on some of the reasons why network managers should care about the rapid adoption of virtual systems (see http://www.networkworld.com/community/node/40013). The concepts I covered there still apply, and the concerns are growing as the number of VMs grows. Basically, it comes down to two key issues. First, change and configuration management objectives are relevant - there are configuration policies that need to be applied to virtual switch elements that are every bit as important as the policies applied to physical switches. And second, when the inevitable "my application is slow" (or more commonly, "the network is slow") call comes and troubleshooting ensues, it's really important to be able to see traffic that may be traveling between VMs on the same physical host, in order to definitively localize the root cause. Aggravating this is the fact that in most shops, virtual systems are owned/managed by the systems administrators, and the network ops team is left standing outside, looking in, and asking for permission to get some measure of visibility and control. I've talked to a few network managers about this, and got some interesting examples of how they are trying to cope. One said "we're not allowed to put management tools inside the virtual platform, so if we think there might be a problem, data center ops will vMotion one of the VMs to another host so we can force the traffic to go external where we can see it." Another told me that network engineering was asking for access to the vSwitches for policy compliance checking, but so far no luck - plus their attempts to use the SNMP and (admittedly experimental) NetFlow data were less than satisfactory so far. In my original post, I mentioned several vendors who were working on addressing these issues, and in the past few months more progress is being made on both fronts. For example, HP has recently released a VMWare ESX vSwitch driver for their HP Network Automation product, allowing discipline and rigor to be applied to configuration management of virtual network elements. Another example is OPNET's recent ACE Live VMon product - a fully functional network probe that can live on a VM blade and be used to troubleshoot intra-host traffic directly. These issues will need to be addressed by ops teams, and fast, in order to get the most out of the investments being made in VM technology and take the risk out of rapidly growing deployments.