Virtual access layer

The virtual access layer (VAL) refers to the virtualization of the access layer that connects servers to the network in the data center. Server virtualization is now aggressively deployed in data centers for consolidation of applications hosted on x86 servers. However, the underlying limitations in current networks prevent organizations from meeting the performance, availability, security, and mobility requirements of server virtualization. VAL is a product strategy that delivers features to address the unintended consequences of server virtualization. It focuses on issues in the server and virtual server I/O, addressing the operational challenges for server, application, and network administrators.

A commonly deployed three-tier LAN network design includes the access layer, which provides initial connectivity for devices to the network. At the next tier, the aggregation layer (sometimes referred to as distribution layer) concentrates the connectivity of multiple access-layer switches to higher-port-count and typically higher-performance Layer 3 switches. The aggregation layer switches are in turn connected to the network core layer switches, which centralize all connectivity in the network. The trinity of access, aggregation, and core layers enables the network to scale over time to accommodate an ever greater number of end devices

In physical environments, the access layer of the network was the physical edge switch. With server virtualization, the access layer moved into the server via embedded Ethernet switches in software (known as “softswitches”) inside the virtualization hypervisor. The migration of the access layer into the server has created challenges for scalability, security, management, and reliability. Today the edge of the network extends past the physical access layer switch and now includes hypervisor-hosted softswitches, virtualization-capable adapters, the physical access layer switch, and optionally a bladed server switch. In virtualized environments, this approach impacts simplicity and performance and exposes the network to a much larger attack “surface.”

The requirements for the virtual access layer are as follows:
 * 1) Transparently extending the network and its services to heterogeneous Virtual Machines (VMs)
 * 2) Automatic migration and enforcement of network policies with VM migration
 * 3) Choice of inter-VM switching methods to match different use cases
 * 4) Uniform, open management of the network edge across physical and virtual components

This requires virtualization of the network access layer, so that network administrators can provide consistent enforcement of network access control and security policies—and integrate them with configuration templates for VMs inside the physical server. The data center networking challenge today is how to simplify, optimize, and manage the virtual access layer.