Service function chaining (SFC) [see I-D.ietf-sfc-architecture at datatracker.ietf.org/doc/draft-eitf-sfc-architecture] involves steering traffic flows through a set of service functions (SFs) in a specific order. Examples of service functions (SFs) include a firewall instance, a video compression instance or another IP instance. Such an ordered list of service functions is called a Service Function Chain (SFC). The actual forwarding path used to realize an SFC is called the Service Function Path(SFP).
Network Service Headers (NSH) [see datatracker.ietf.org/doc/draft-ietf-sfc-nsh/] provide a mechanism to carry metadata between service functions. The NSH structure is defined in “I-D.ietf-sfc-nsh” which may be found at datatracker.ietf.org/doc/draft-ietf-sfc-nsh/. NSH data can be divided into two parts: (i) path information used to construct the chain; and (ii) metadata carrying the information about the network packet being chained. An NSH contains metadata information that are added to a packet or frame and used to create a service plane. The packets and the NSH are then encapsulated in an outer header for transport. The service header is added by a service classification function, which is a device or application that determines which packets require servicing, and correspondingly which service path to follow to apply the appropriate service. NSH data is unauthenticated and unencrypted, forcing a service topology that requires security to use a transport encapsulation that supports such security features (e.g.:IPsec).