Data centers typically operate a great number of interconnected servers to implement certain network services. For example, security services such as firewalls are often used to inspect traffic for malware, intrusions, or other forms of security threats, permitting connections for authorized applications and blocking others. As another example, load balancing services are often implemented to balance workload across different servers. Other commonly employed services include content acceleration and transportation, application-specific security, network analytics, compression, etc. Currently, these network services are typically implemented on separate physical boxes each capable of handling a certain amount of traffic. On each box there is a management and control plane handling management related functions such as configuration of policies, as well as a data plane that handles executing and processing packets based on configurations. It can be difficult to deploy these physical boxes and coordinate their actions. Moreover, since many data centers now deploy multi-CPU servers on which multiple virtual machines are controlled by a hypervisor, the configuration and management of separate network services devices adds complexity and cost to the data centers.
In addition, many network services are implemented using a centralized architecture. For example, a load balancing service is typically implemented using a single load balancer that intercepts incoming traffic and redistributes the traffic to all the servers. Thus, the load balancer can be a single point of failure within the system as well as a bottle neck for traffic.