What Drives Azure? Virtualized Networks According to Microsoft


Azure, Microsoft’s cloud platform, has seen a lot of change over the past three years. This provided motivation for the company to move its network onto a virtualized platform which is driven by NVGRE (Network Virtualization using Generic Routing Encapsulation). NVGRE allows for horizontal tunneling of layer 2 networking packets over the IP fabric which provides the same function as does Cisco/Vmwware’s VXLAN.

The virtualized network takes in requests through an Azure frontend which distributes these to a network fabric controller. The network controller pushes the requests to an Azure VMSwitch which operates at the network control plane serving the different compartmentalized VMs. Each major application gets its own individual controller. This has forced Microsoft to create an allocator that coordinates several controllers at once. With 40G Ethernet it is a challenge to keep up with line rate. Virtualized networks provide a great abstraction tool, but Microsoft admits, implementing this networks is not trivial.

Network virtualization moves control functions away from base switches into a control plane, providing a single point of management for network assets. This has drawn a lot of interest from companies since the funds that could have gone into purchasing hardware is saved for other operations. Microsoft cites some of the benefits the company has experienced through network virtualization: rate limiting, five-tupled ACLs (with source IP, destination IP, protocol, source port, destination IP), easier VLAN deployment on larger scales and flexible billing. Multiple private virtual networks can be created on Microsoft’s virtualized network. This can then get connected to a customer’s on-premise network.

According to Microsoft’s Albert Greenberg, there is now no difference in how networking and other cloud services are handled. Greenberg: “All policy is software – everything is a VM, which means all the underlying mechanisms for building services in the cloud can be re-purposed for networks and we deploy networks like all other services.”

image credits: Amicus-cloud