Telecommunication and other data network functions are increasingly virtualized and consolidated into network servers. For example, network functions such as packet switching, packet filtering, and intrusion detection that historically have been provided by dedicated or proprietary hardware appliances are now virtualized and provided by virtual machines executing on off-the-shelf servers, desktop computers, network switches, and other devices that are instantiated on-the-fly based on workload requirements. However, each virtualized network function requires a different amount of overhead based on the particular network function being provided. For example, a virtualized network function that performs a deep packet inspection of network packets received from a remote computing device may require more overhead per packet than the amount of overhead per packet required by a virtualized network function that performs web caching.
A growing trend among network services providers is to chain together virtualized network functions to provide tailored network service offerings based on customer needs without requiring customers to purchase and/or install dedicated or proprietary hardware appliances. For example, a service provider may define a chain of individual virtualized network security functions (e.g., a virtualized firewall function, a virtualized intrusion detection function, etc.), each of which is configured to process, in a particular order, network packets received from a remote computing device. Based on customer workload requirements and/or the per packet overhead associated with each of the virtualized network functions defined in the chain, multiple instances of a particular virtualized network functions may be instantiated. However, such practice introduces additional complexity into the forwarding decisions required to steer network packets through the chain of individual virtualized network functions.