So our organization is moving to virtualize most of the networking stack. Firewalls, Routers, Load Balancers. I wasn’t involved in those higher-level discussions as when the business i work for was acquired by the larger company these changes are already in progress. That being said, I honestly don’t understand the need to virtualize critical functions of the network. Maybe im just being an old-school networking curmudgeon but I want physical. Putting a SuperMicro on the edge with a Palo Alto .ova image feels …wrong. Now I have to think about the ESXi layer and how secure that is along with possible old Intel chips running on the physical so the Specter and Meltdown remediations will degrade my performance. Then what if I need to update the hypervisor? Now all my VMs have to restart as well. So I lose my Firewall, core switching? Yes, i know redundancy but still the blast radius is huge depending on the environment.
Perhaps Im truly not seeing the bigger picture. Can anyone share their experiences in the network virtualization tasks they’ve done and are there really benefits to the whole thing? I just see a bunch of cons and no pros.
I only recommend virtualizing the network functions such as firewalls, load balancers, etc… when you have the proper virtualization setup that would allow for live migrations to other hosts so the base platforms can be updated with minimal disruption and when there is staff or support trained on how it all works. It can be done, it can add some efficiency and even some resiliency but it does come with extra complexity that needs to be managed.
I’ve never had major issues virtualizing network appliances in VMware. It is another layer to think about, but standing up new appliances and testing is much easier. You also benefit from being able to take snapshots which is great when an update goes sideways. I would recommend to learn and leverage NSX too.