Implementing Virtual Networks


A Virtual Network (VNET) is an abstract network resource realized across a fabric of Pluribus Networks switches. Using VNETs, you can segregate a physical fabric into many logical networks, each with its own resources, network services, and Quality of Service (QoS) guarantees. A VNET allows you to completely separate all traffic in one VNET from the traffic of other VNETs.




Figure 1 - Using VNETs with Netvisor One


Each VNET has a single point of management. As the fabric administrator, you can create VNETs and assign ownership of each VNET to individuals with responsibility for managing those resources. You can create separate user names and passwords for each VNET manager. Using the separate VNET administration credentials, the VNET admin can use Secure Shell (SSH) to connect to the VNET manager and access a subset of the Netvisor One CLI commands to manage that VNET. This way, multiple tenants can share a fabric with each managing a VNET with security, traffic, and resource protection from other VNETs.


VNETs are very flexible and can be used to create complex network architectures. For example, a Pluribus Networks switch, or a fabric of switches, can be used to create multiple tenant environments in an OpenStack deployment. In Figure 1 Using VNETs with Netvisor One, there are three VNETs, each with a management interface and a data interface. Each VNET is assigned an IP address pool used for DHCP assignment of IP addresses to each node, server, or OS component.


Underlying each VNET is the VNET manager. Each VNET manager runs in a zone. When services are created for a VNET they occupy the same zone on a switch. This is called a shared service and it is the default when creating services. However, each zone can only support a single instance of a service. If a second service instance is needed for a VNET, then it needs to occupy a separate zone. This is called a dedicated service. In most cases, you can create services as shared unless you specifically want to create a dedicated service.


When a fabric is created, a VNET is automatically created and named fabric-name-global. This VNET owns all resources within the fabric, and as new VNETs are created, resources are moved from the default VNET to the new VNETs. Global services remain in the default VNET unless assigned specifically to a VNET.