Service chain is a forwarding technology that guides east-west traffic network traffic through multiple service instances such as firewalls and third-party security devices in a specific sequence to ensure secure, fast, and stable network services. A service chain identifies traffic by using traffic feature groups and guides matching traffic to service instances. Service chains do not process north-south traffic, which should be handled by gateways.
A traffic feature group is a set of traffic features that match the traffic to be processed by service instances. The features can be the source and destination IP addresses, subnet, or port.
A service instance is a node in a service chain. Service instances can be geographically dispersed. They are allocated as resources through SDN to form service chains and direct traffic as configured. Service instances include firewalls, load balancers, and intrusion prevention systems. Service chains support firewall service instances and load balancer service instances, and a service chain can contain only one service instance.
A service chain firewall protects east-west traffic in internal networks and can act as a service instance in a service chain.
A load balancer can distribute access traffic to back-end real servers based on the specified forwarding policy. Load balancers can be used as service instances in a service chain.
Service chain firewalls—Guide traffic through firewalls in service chains. that are used inside organizations for traffic isolation.