We’ve mentioned service chaining in the past, but often it’s confused with service insertion. Both are important. One of the major challenges that’s long faced enterprise network is the ability to spin up new network services. SD-WANs make this a lot easier through service insertion and service chaining.
Suppose for a moment you want to construct a secure perimeter around your compute resources in your data center and Amazon Web Services (AWS) implementation. Normally, you’d introduce a firewall and an Intrusion Detection System (IDS) into each location. That way, should a security incident happen in one location, such as a malware outbreak or a denial of service attack, you would be able to mitigate that event without any reengineering work.
But bringing a full “security stack” to the traffic at each location comes with all sorts of problems. It’s expensive, for one. You can spend tens of thousands of dollars for each branch. And you’ll need to monitor, patch and upgrade those appliances. You’ve also fragmented your visibility into the security domain by spreading your security data across all of these appliances.
A far better approach is to flip the scenario. Deploy your security appliances and services in as few regional locations as possible and bring the traffic to the security stack. By doing that, you minimize the number of security appliances that need to be purchased and maintained. Of course, you have the challenge of getting the traffic to the security stack. This is where service insertion and service chaining come into play….(continue reading on our Network World blog here).