Network Edge Virtualization: IEEE 802.1 Qbg and IEEE 802.1 BR
One of the biggest changes in the edge network due to virtualization is the VEB (Virtual Ethernet Bridge) within a host for layer-2 switching between VMs on the host.
Issues with current virtual server networking:
Management and policy change:
Network administrators cannot enforce policies on vSwitches within the hypervisor. vSwitches are controlled by server administrators.
Traditional datacenter network monitoring and control tools do not have visibility into the virtual networking within hypervisor.
Security policy cannot be applied to the vSwitches using the same tools.
This results in increased end-point network complexity.
Limited features:
Virtual switches within hypervisor generally do not support all functionalities of a traditional switch. This may sometimes be deliberate so as to keep the performance impact of the virtual switches to minimal.
Performance impact:
Virtual networking within hypervisor uses host CPU cycles and memory resources and impacts performance.
The problem exists currently because the Ethernet bridge for layer-2 switches for VM-to-VM traffic within the same host is currently within the host server, in form of a vSwitch or a virtual Ethernet bridge within NIC silicon. The obvious solution would be to keep this Ethernet bridge outside the host server and into one of the edge switches (ToR or EoR). That way, the traffic between the VMs will also have to go to the edge switches and will be under the visibility and control of the network administrator and will be able to have the same network policies as the rest of the network.The reason that this is not implemented so far is that the current Ethernet standard does not allow "hairpin traffic", which the packets exit the through the same port or the switch that they entered. There are two solutions that are currently being pursed to be made into IEEE standards.
Two different solutions:
Edge Virtual Bridging (EVB) - IEEE 802.1 Qbg
Bridge Port Extension - IEEE 802.1 BR
Both of these standards have not yet been finalized and are expected to be ratified soon.
Edge Virtual Bridging (EVB) - IEEE 802.1 Qbg
IEEE 802.1 Qbg specifies a function in the controlling switch that allows a packet received on a switch port to be pinned on the same port, a behavior called reflective relay or hairpin forwarding.
The VEB, the Ethernet bridge within a host, will forward all frames sourced by the virtual machines to the adjacent controlling switch.The controlling switch will apply various policies on those frames and then will forward them back to the VEB. The VEB will then forward the frame to the appropriate virtual machine based on the MAC address and the VLAN ID.
Supporting IEEE 802.1 Qbg requires no hardware change. It will require changes in the VEB (in hypervisor or in NIC) and in the switch firmware to support reflective relay.
The IEEE 802.1 Qbg standard does not specify how a VEB in hypervisor or NIC uses the relay function. These implementations will be vendor dependent and propriety.
Bridge Port Extension - IEEE 802.1 BR
The purpose of this standard is to extend a bridge, and the management of its objects, beyond its physical enclosure using 802 LAN technologies and interoperable interfaces. IEEE 802.1 BR defines E-Tag.
E-Tag can be used to identify a virtual or physical interface and provide frame forwarding. Using an E-Tag capable NIC or software driver these interfaces could potentially be individual virtual or physical servers.
Management of large networks is highly complex. This complexity may be reduced by aggregating the more complex bridging functions onto fewer bridges and by collapsing bridge layers from a management perspective.
Implementation of E-Tag based networking will require E-Tag aware switches and port or fabric extending devices. This will require new hardware.