Network data plane hardware and software can be characterized as either stateful or stateless. An element may be referred to as being “stateful” if the element maintains state associated with an individual data flow such as, for example, a connection established using transmission control protocol (“a TCP connection”). A stateful element such as, for example, a firewall, must observe all packets of single data flow in both forward and reverse direction to ensure that the element will operate correctly. Thus, stateful elements require flow affinity to be preserved. Preserving flow affinity, however, can be difficult in a distributed and/or elastically scaled computing environment.
A stateless network element that replaces a distributed stateful element may not preserve flow affinity in both directions of the flow. Similarly, if a stateless element is replaced with a stateful element, flow affinity in the forward direction may be disrupted when the element is added or removed. Still further scaling of stateful elements (e.g., introducing a new instance of a stateful element) can disrupt flows and/or flow affinity. Thus, one challenge in distributed computing environments is the task of interconnecting stateless and stateful network elements in a manner that preserves data flow affinity. With the growing trend including virtualization of stateful network functions such as, for example, firewalls, network address translation (“NAT”) devices, and the like, this challenge can be more pronounced. Stateful virtual network functions may be required to operate, communicate, and/or otherwise interact with stateless networking devices and/or hardware, and there may be no way to preserve flow affinity in such environments.
In some cases, a gateway or other centralized device can store a flow table. A flow table can include entries for each flow path (e.g., keyed on a hash value generated based on packet headers). Such a flow table can require an entry for each traffic flow and therefore can be large and expensive (in terms of resource usage) to maintain and/or query. Thus, the use of centralized flow tables can be inefficient and may not be practical for distributed computing environments.