Network Function Virtualization (NFV) runs network functions (firewalls, load balancers, NAT, DPI) as software on general-purpose compute infrastructure instead of dedicated hardware appliances. NFV reduces capital expenditure and deployment time, enabling rapid scaling and service chaining. Service Function Chaining (SFC) defines how packets traverse a sequence of VNFs.
Deploy VNFs (e.g., open vSwitch, VyOS) on KVM or Docker. Configure service chaining using segment routing or encapsulation. Monitor VNF resource consumption and scaling behavior. Test failure recovery and traffic rerouting.
NFV is not the same as SDN; NFV virtualizes network functions while SDN virtualizes control. VNFs require careful resource provisioning; they are not infinitely scalable. Service chaining adds latency; performance tuning is essential.
From your work with software-defined networking and network virtualization, you know that modern networks separate control from data planes and can carve physical infrastructure into isolated virtual slices. Network Function Virtualization takes this a step further by asking: if we can virtualize the network itself, why not virtualize the devices that sit on it? Traditionally, every network function — firewalls, load balancers, intrusion detection systems, NAT gateways — required a dedicated hardware appliance from a specific vendor. NFV replaces these purpose-built boxes with Virtual Network Functions (VNFs), software implementations running on standard x86 servers.
The practical benefit is enormous. Instead of ordering a $50,000 hardware firewall, waiting weeks for delivery, and racking it in a specific location, an operator can spin up a firewall VNF on any available server in minutes. Need more capacity? Launch additional instances. Need to test a new configuration? Clone the VNF and experiment without touching production. This elasticity transforms network operations from a hardware procurement problem into a software deployment problem, dramatically reducing both capital expenditure and time-to-service.
The architecture follows the ETSI NFV framework, which defines three layers. The NFV Infrastructure (NFVI) provides compute, storage, and networking resources — typically virtualized through hypervisors or containers. The VNF layer contains the network functions themselves, each running as one or more virtual machines or containers. The Management and Orchestration (MANO) layer handles lifecycle management: instantiating, scaling, migrating, and terminating VNFs. If you have worked with SDN controllers, MANO plays an analogous role — it is the centralized brain that decides what runs where.
One of NFV's most powerful concepts is Service Function Chaining (SFC). Rather than forcing traffic through a fixed physical topology, SFC defines an ordered sequence of VNFs that packets must traverse — for example, firewall → DPI → load balancer → application server. The network steers traffic through this chain using encapsulation headers (like NSH — Network Service Header) or segment routing. This decouples the service logic from the physical topology entirely: the chain can be rearranged, extended, or shortened through software configuration alone. The combination of SDN for programmable forwarding and NFV for virtualized functions creates a fully software-defined network stack where both the control plane and the network services are decoupled from hardware.
No topics depend on this one yet.