VEPA - Let the Switch switch again

Virtual Servers are cool, everybody is going virtual now. But we (Networking guys) hate them sometimes. The vSwitches inside the Virtual Servers are now responsible for moving the packets between the different Virtual Machines in there, hence the packets never touch the wire, and the physical switches and security devices become more and more blind and can never QoS or secure that traffic.

Now it seems that the IEEE is planning to let the switches do their switching again. VEPA (Virtual Ethernet Port Aggregator or IEEE802.1Qbg) are meant to let the vSwitch handle the packets to the adjacent edge switches. Or as HP ProCurve's CTO, Paul Congdon, described it here:

On a bridge, if the port it needs to send a frame on is the same it came in on, normally a switch will drop that packet, but VEPA enables a hairpin mode to allow the frame to be forwarded out the port it came in on. It allows it to turn around and go back.

Also another extension (IEEE802.1Qbh) was required to allow remote switches and security devices - instead of just those adjacent ones - to handle such traffic and perform whatever switching, QoS, or policy inspection tasks on it.

The below presentation is really good in describing the VEPA pre-standard.
http://www.ieee802.org/1/files/public/docs2009/new-dcb-hudson-tagless-vepa-0109.pdf

Tags: IEEE802.1Qbg, VEPA, Virtualization, Gr33n Data