Lora O'Haver
Senior Solutions Marketing Manager

Service Chaining: The ABCs of Network Visibility

September 20, 2016 by Lora O'Haver


Internet traffic flows through NAT, DPI and AC before entering enterprise

In this post we look at a way to increase the speed of data moving through your network. Service chaining is a powerful tool for automating the movement of data packets and it’s getting a lot of attention these days as a way to improve the quality and speed of application delivery.

Purpose of Service Chaining

A ‘service chain’ is a set of network services which are performed in a specific order and ‘service chaining’ refers to steering the traffic through such a chain. It’s like a recipe where actions are performed in a pre-ordained order. Services can be performed in parallel or in serial, depending on the situation. The chain can be implemented by cabling individual devices together or, increasingly, by using software provisioning to control the flow of data through the selected services. Monitoring tools that are linked together in this way are sometimes referred to as a daisy-chain.

The use of service chains is linked to the automation of functions that have been either embedded in single-purpose hardware devices, dictated by physical topologies, or performed manually--which are increasingly perceived as too costly and inflexible in our fast-moving digital economy.

Service Chaining Use Cases

Service chaining is one of several approaches that make it possible to centrally manage and direct the operation of IT resources, to increase efficiency and time-to-market, as well as decrease costs.

Real-Time Network Monitoring:

With real-time monitoring, you need to keep traffic moving quickly and your security tools working efficiently. Chaining tools together allows to you to pass only the suspicious traffic to additional tools for deeper inspection or to a honeypot to be quarantined. Packets without anomalies are moved along quickly, to maintain maximum response time. A common example is the use of a Security Information and Event Management (SIEM) solution to filter out suspicious traffic for further analysis by other tools in the daisy-chain. Traffic without exception is quickly sent back through the network to support the fastest possible response time.

Out-of-Band Monitoring:

Out-of-band monitoring tools can be chained for similar reasons. An example would be to take the result of application classification provided by an Ixia network packet broker and send the application-specific information on to the best tool for analyzing a given packet type. Meta data can also be added to the packets to let tools farther in the chain know more about the origin or destination of the traffic.

Value Added Traffic Management:

Service chaining is also common when administrators must enable multiple resources or processes to be used. Examples are to enforce policies, perform QoS monitoring, to gather real-time analytics for traffic flow adjustments, are enforced to ensure quality of service  

Service Management:

The concept of service chaining plays a strong role in helping carriers provide services to end users with speed and accuracy or helping providers deliver a service with an excellent experience. One example is the chain of special-purpose platforms that video packets must pass through before delivery to the end customer, beginning with video optimization, then transparent caching, then (optional) parental controls, and finally a WAP gateway. These services are linked or chained together so that tasks necessary for all of these services do not have to be performed multiple times. Details about each user—such as their device, location, or whether they are subject to parental control—are also used to dynamically steer traffic through the necessary services.

Advantages of Service Chaining

  • Enable Network Function Virtualization (NFV): Once upon a time, specialized network appliances ruled the data center and in many places they still do. When you consider their purpose, however, you can identify multiple functions taking place inside each appliance. For instance, a firewall might perform network address translation, deep packet inspection, and access control. The hardware appliance was designed to perform these functions at wire speed. But in recent years, many of the functions once performed by expensive hardware appliances are being redesigned as software functions that can be run on any generic and low-cost CPU. This process is called network function virtualization and the goal is to achieve the same results as the appliance, but at greater efficiency and less cost.
  • Reduce Latency: In order to get acceptable performance in a virtualized environment however, services that run in software on a generic CPU must be chained together, to accelerate total processing speed or latency. Any time services are grouped together in a way that forces processing to proceed from step one to step two, latency can be reduced and speed accelerated.
  • Reduce Redundant Inspections: Without the ability to chain together certain functions, a particular packet may need to pass through a particular service more than once to meet the qualifications for other types of inspection tools. For instance, in the case of security monitoring, SSL traffic can pass through a powerful decryption tool and the exposed content can be sent through a series of additional inspection tools. This avoids the need to send the traffic through decryption for each tool, which would increase latency and multiply the cycles being consumed on the decryption tool. A more efficient and more cost-effective result is achieved by sending decrypted traffic through multiple tools before passing it through to the trusted network.
  • Apply Consistent Policies: Pre-set service chains help ensure that actions are taken in a specific sequence and nothing is overlooked. This reduces errors and increases the chance that abnormalities will be identified in time to prevent damage to an organization’s data or other resources.
  • Increase Flexibility: The ability to define service chains dynamically, based on the user, device, location, service level, or other characteristic is a powerful capability in the fast-moving digital economy. Well-defined rules and policies can help decrease the time to deliver a service and increase the quality of the user experience.


Service chaining is a useful concept that can help you organize operational tasks into more manageable groups. As programmability becomes the norm in network management, organizations will find more ways to use service chaining to increase network visibility, improve security monitoring, and increase the speed and quality of applications.

Ixia’s entire series of blogs on visibility are available now in the e-book Visibility Architectures: The ABCs of Network Visibility