A first security service function chain is generated that identifies at least a first service function path comprising an identified set of security service functions, with at least one of the identified set of security service functions comprising a virtualized network function in a software defined networking (SDN) network architecture. The first security service function chain is utilized to create classification policies associating packets of a given packet type with the first security service function chain, and the first service function path is utilized to create forwarding policies specifying handling of packets of the given packet type by respective ones of the identified set of security service functions. The classification policies are provided to one or more nodes in a communication network comprising the SDN network architecture, and the forwarding policies are provided to one or more of the identified set of security service functions in the communication network.
展开▼