- What is a Virtual Network?
- What is a VRF?
- Is Virtual Networking mandatory?
- If I decide to use Virtual Networking, does it impact my existing VLANs and Subnets?
- Is Virtual Networking available to UBC Okanagan and beyond?
- How much does it cost?
- How do I sign up?
- Is it difficult to convert to Virtual Networking?
- Is troubleshooting Virtual Networks more difficult?
- What technology are VRFs based upon?
- Where is my virtual firewall located?
- If I don't want to use a virtual firewall, can I use my own firewall?
What is a Virtual Network?
It is the combination of resources to create a single administrative entity. For Virtual Networks, this is the set of VLANs, Subnets, and VRFs belonging to a particular faculty or department, including a virtual firewall that ties them together.
What is a VRF?
VRFs (Virtual Router Forwarding instances – pronounced verfs) are virtual network segments. A VRF appears as a separate private department router on top of the physical routers of the campus network. Any Subnets in a building on campus can be assigned to a VRF. A department may have a few VRFs if they require a few network segments for security considerations. However, VRF’s are not meant to address all security requirements. The traffic routing between Subnets within a VRF doesn’t go through a firewall. To connect a Subnet outside of a VRF, connectivity is through the virtual firewall assigned to this virtual network.
A VRF is a layer 3 network feature, not a campus-wide network layer 2 bridged VLAN.
Is Virtual Networking mandatory?
No, it is not mandatory. However, it is a highly recommended solution. If you don't want to take advantage of virtual networking then you will miss many significant benefits of using it, such as minimizing operating expenses and capital expenses, unified security policies and protection, and updated network capacity.
If I decide to use Virtual Networking, does it impact my existing VLANs and Subnets?
The only impact is that you have to let the NMC know what VRF each subnet should be assigned to. Other than that, it's business as usual. No VLANs or IP addresses change. The Transmogrifier works as normal.
Is Virtual Networking available to UBC Okanagan and beyond?
Virtual networking is available at UBC Vancouver, Okanagan and Vancouver General Hospital (VGH).
How much does it cost?
This service is free to UBC departments.
How do I sign up?
Submit a service request to the Network Management Centre
Is it difficult to convert to Virtual Networking?
This is a complex network conversion, especially if there is an existing firewall involved. The NMC will work with you to prepare a plan to transition your department's VLANs and Subnets to a Virtual Network. A test Virtual Network can be created as a starting point to become familiar with the set up before transitioning. Most of the work for the department involves defining a centralized security policy and firewall rules to implement that security policy. A conversion can take anywhere from one to three months.
Is troubleshooting Virtual Networks more difficult?
No, it is similar to troubleshooting networks that contain a firewall. Common tools like ping and traceroute work normally within the subnets in a VRF.
What technology are VRFs based upon?
VRFs are an industry standard technology supported by many vendors, including Cisco Systems. The underlying technology leverages MPLS and BGP protocols. The defining document is RFC2547 - BGP/MPLS VPNs.
Where is my virtual firewall located?
There are several firewalls, configured in pairs for redundancy that deliver virtual firewall services for UBC.
If I don't want to use a virtual firewall, can I use my own firewall?
No, the virtual network solution doesn’t support a separate departmental firewall because a separate department firewall will become a bottleneck of the virtual network and eliminate the benefit of network virtualization
