In a conventional networking arrangement, network appliances—such as firewalls, distributed denial of services (DDoS) appliances, deep packet inspection (DPI) devices, load balancers, anti-virus inspection servers, virtual private network (VPN) appliances, and so forth—are physically wired in a chained arrangement at the edge of the network. Data packets arriving from an external network (such as from the public Internet) pass through one or more network appliances before arriving at an application service node, such as a web server, proxy server, email server, or other type of application service node.
Lately, there have been developments in virtualization of networking functions, such as network functions virtualization (NFV). NFV is a network concept that virtualizes various network functions, implementing them as virtual machines running networking-related software on top of standard servers, switches, and storage. Benefits include reduced equipment costs, reduced power consumption, increased flexibility, reduced time-to-market for new technologies, the ability to introduce targeted service introduction, as well as others. Also, software-defined networking (SDN) is a mechanism in which a control plane interfaces with both SDN applications and SDN datapaths. SDN applications communicate network requirements to the control plane via a Northbound Interface (NBI). SDN datapaths advertise and provide control to its forwarding and data processing capabilities over an SDN Control to Data-Plane Interface (CDPI). SDN effectively defines and controls the decisions over where data is forwarded, separating this intelligence from the underlying systems that physically handle the network traffic. In summary, the SDN applications define the topology; the clients, servers and NVF components are the nodes (“hubs” and “endpoints”) in the topology; the SDN datapaths are the “spokes” that connect everything together.