The present invention relates to the field of to an SDN (Software Defined Network) based service chaining, and more particularly to realization of such chaining.
With the increasing popularity of cloud computing in recent years, cloud security, especially network security, has been attempted to be addressed by conventional systems and methods. One type of known method and system involves the use of SDN-based service chaining to dynamically provide virtualized network security services.
SDN is emerging known computer network technology, which decouples the system that makes the decision as to where to send the traffic (called a control plane) from the underlying system that forwards the traffic to a selected destination (called a data plane). The control plane typically includes an SDN controller, and the data plane typically includes a set of interconnected switches. The control plane uses a communication mechanism, such as OpenFlow, to communicate with the data plane.
In conventional SDN systems, a “service chain” refers to a chain formed of a group of services, that is, an ordered set of services. These services may be called middleboxes, which may perform various operations such as conversion, check, filtering on a flow, so as to provide network security functions such as firewall. The middleboxes are usually physically connected with one another via a group of switches. A service chain provides constrained point-to-point forwarding service, wherein a flow from a specific source to a specific destination must pass through a Layer 2 (L2) path formed by a given set of middleboxes in a given order.