1
Introduction
Over the past decades, enterprise networks have undergone increasing diversity of network
services and functions. The tremendous growth in vertical and horizontal deployment of pro-
prietary network appliances makes network architectures extremely complicated and difficult
to manage [213, 32]. In particular, typical network appliances always incur high costs of invest-
ment (Capital Expenditure (CapEx)) and maintenance (Operation Expenditure (OpEx)) [210],
as they are usually expensive, vendor specific, and complicated to manage, creating numerous
pain points to network administrators [88, 207]. Also, a new form of typical network appliance
is usually treated as one-off solution to support a specific function [12], making it hard to de-
ploy new service or customize the existing network appliances for fulfilling different customer
requirements. An example in the deployment of today’s network services, such as firewall,
Intrusion Detection and Prevention System (IDS/IPS), is that the network functions are often
hardware-dedicated and placed at fixed network spots, and the capacity of handling traffic is
limited. For example, traditional hardware-based firewall fails to support dynamic provisioning
to deal with frequent and highly variation of traffic load [58]. Also, it is a difficult and complex
task to monitor the malicious processes of VMs running inside the host by using traditional
IDS/IPS, since the traditional IDS/IPS only provides fixed functionality to deal with specific
types of attacks, and has fixed capacity in handling network traffic [82].
To address the aforementioned issues, many enterprises and service providers are seeking
for more effective techniques to improve operational efficiency, reduce power usages, and speed
up their service deployments. Network Function Virtualization (NFV), along with Software-
Defined Networking (SDN), has emerged as promising solutions in recent years. In particular,
the concept of NFV was firstly proposed by the European Telecommunication Standard (ETSI)
with the purpose to reduce hardware investment cost, enhance capacity of resource utilization,
and accelerate service deployment of new network services to support business revenue and fu-
ture growth objectives. The key idea of NFV is to decouple network functions from dedicated
hardware devices and implement them using software-based approaches. That says, instead
of installing, configuring, and operating a dedicated appliance to perform a network functions,
NFV allows network operators to use standard hardware platform to simply load the software
image into a virtual machine, and launch the desired network service on demand. As such,
the network functions can be implemented and deployed on a range of commodity hardware
located at different geographical locations, avoiding the needs of installing new equipments.
Thanks to these characteristics, NFV-based implementations can significantly reduce capital
and operational expenditures (CapEx and OpEx), increase network efficiency and agility, pro-
vide a shorter time to market deployment of network services, and improve the scalability of
resource utilization [117, 98, 191]. Another silent feature of NFV is that a regular service
function (a.k.a, Virtual Network Function (VNF)) can be broken down and decomposed into
1