In an example contemporary computer architecture, functions such as firewalls, deep packet inspection (DPI), antivirus, load balancing, and network address translation (NAT) to name just a few, may be provided via network function virtualization (NFV). In NFV, each network node may be virtualized into a single-function virtual machine (VM), and several such single-function VMs may be provided on a single physical computer node, such as a rack-mount or blade server. Instances of virtual network functions (VNFs) may be “spun up” as needed to meet demand, and then “spun down” when demand decreases.
The path that a packet follows as it traverses the virtual network may be referred to as a “service function chain” (SFC). For example, if a packet is to be first inspected by a firewall, then by a DPI, and finally sent to a NAT, before finally being forwarded to the workload (WL) server, the service chain (starting from an edge router (ER)) may include ER→FW→DPI→NAT→WL.