Crossbow: Zetacloud's Network-in-a-Box
Network virtualisation is the process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network. It's categorized as either external virtualization, combining many networks or parts of networks into a virtual unit, or internal virtualization, providing network-like functionality to software containers on a single network server. ZCOS provides numerous network virtualization tools.
- Complete virtual network set-up can be accomplished using just a few commands. There's a lot of options, dependent on what one want to accomplish, but for a network administrator, having only a few commands to contend with makes the learning process easier.
- Private/Public Networks
- ZCOS automatically supports multiple private and public networks in a single server. Attaching VMs to networks running within a server on private virtual networs ensures that data that's private to a server cannot be accesses from outside. ZCOS uses NIC tags to manage private networks.
storageNIC tags are preconfigured in ZCOS install script. However, it is up to the data center administrator to properly configure these additional NIC tags on all compute nodes.
- IPv4 & IPv6
- Our system provides complete support for both IPv4 as well as IPv6 stacks. In fact, set-up of the IPv6 stack is simpler, though IP filtering and firewalls for IPv6 are more complicated because IPv6 does not need NAT.
- Virtual NICs
- A VNIC is a pseudo network interface that is configured on top of a system's physical network adapter, also called a network interface (NIC). A physical interface can have more than one VNIC. Each VNIC operates like and appears to the system as a physical NIC. The individual VNIC is assigned a media access control address (MAC address), which can be configured to a value other than the default MAC address assigned to the physical NIC. You can use the resource control features of Crossbow to allocate separate bandwidths to the individual VNICs.
- Virtual Switches
- When the first VNIC is created on a system, a virtual switch is also created above the physical interface. Though not directly accessible to the user, the virtual switch provides connectivity between all VNICs configured on the same physical interface, enabling the virtual network in a box scenario. The virtual switch forwards packets between the system's VNICs. Thus, packets from an internal VNIC source never have to pass to the external network to reach an internal network destination.
- IP Zones
- An exclusive IP zone is a separate instance of a full TCP/IP stack, which functions as a non-global zone. Each exclusive IP zone is built upon a physical network interface and has its own IP-related state. IP instances support DHCPv4 and IPv6 address autoconfiguration.
- Flow Control
- The network stack provides bandwidth management and flow control on a per VNIC basis. A system administrator can configure different bandwidth allocations to the various VNICs on a host through the new network-management commands. Traffic through each VNIC can be classified and separated into individual flows, based on port number, destination IP address, and other parameters. These features can be used to improve system efficiency and enable differentiated services for separate VNICs.
- Network overlays allow administrators to stitch together geographically diverse networks, to encapsulating network traffic between virtual machines using the VXLAN technology. ZCOS extends this concept by adding IPSec VPN mesh to secure the (by default unencrypted) VXLAN packets. This allows to securely extend virtual networks over the internet without the need of dedicated interconnects between multiple physical data centers. One direct advantage of this approach is the possibility of creating remote compute nodes that are managed by the same ZCOS Web UI management interface regardless of their location on the internet.