Next we describe an example for processing a stream of packets. Construct the 6-tuple using the data from an exemplary packet described earlier. Access the service map for the packet, in the local flow table. If the service action is allowed, transmit the packet and update the stats. If the action is blocked, drop the packet and update the stats in the flow table. If the action is allowed, assert action==inspect and AppID==inspecting and store the states in the flow table.

In a service map example described next, an app firewall security service instance uses the service map when making the decision of where to send a received packet next after processing by the first service, accessing a flow table using outer IP header data carried by the packet to select a second service node, from among a plurality of service nodes performing the second service in the service chain. The next step is routing the packet to the selected second service node upon egress from the first service node. In this example, the service map shows ipsec service is available on pod 8 and pod 9, appfwl is available on pod 1, pod 2 and pod 3, and IPS service is available on pod 4, pod 5 and pod 6. The example shows the IP addresses for each of pods 1, 2 and 3. Additional pod IP addresses are omitted for brevity.

• • Pods: {
    • ipsec: [p8, p9],
    • appfwl [p1, p2, p3],
    • ips: [p4, p5, p6]
  • }
  • Ipaddrs: {
    • p1: 1.1.1.1,