NFVaaS - while it sounds like a joke about mixing acronyms between cloud ('x' as a Service) and SDN, NFV is already a serious mix of the two technologies - and I think there's a lot of promise in taking this joke a lot farther.
SDN provides centrally controlled packet steering - a planned path, through specified forwarding engines, between endpoints. Cloud provides orchestrated 'service' deployment, automating the setup of VMs/containers/whatever. NFV mixes the two concepts, to use cloud orchestration to deploy middleboxes into the SDN packet path, so it's possible to steer connections through firewalls, NAT, IDS, DLP, load balancers, caching engines, etc. The key point is that the services are consumed not by users, but by packets/sessions, thus making NFV both into "cloud for networking" and "networking for cloud". For the rest of this post, I'm going to simplify NFV into the concept of "orchestrating network middleboxes".
So how is NFVaaS different from just NFV? The XaaS term implies wrapping something up in a turn-key way so that it's easy to consume. DBaaS gives me an interface to a running database onto which I can apply schema and do some SCRUD, instead of setting up a server and installing software. IaaS gives me virtual bare metal. NFVaaS therefore goes beyond applying middleboxes as part of delivering or munging sessions for some other application - the whole point of NFVaaS is that I want middleboxes through which to push my own packets. If I have a network that needs a firewall, what I have is a problem that could be solved by NFVaaS, deploying a firewall through which I can push my packets.
To put this another way, if my network use is primarily as a client (rather than running a web site, etc.) then the primary service I consume is "access". To add value to that service, I want to add middleboxes, but I want it "cloud-style": usable in minutes, with costs relating to my use rather than acquisition and maintenance. NFV provides the ability for someone to deliver that service to me.
Some technically-minded readers may be asking, "how do you insert something into the packet path?" There are a few different ways, but what I personally prefer is using a VPN. Right now I'm renting a VPS which I use as a VPN concentrator and cloud storage server, with the intention of adding IP blocking based on an open theat intelligence feed. At some point I might add Squid as a transparent proxy running ClamAV. There's a lot I can do to create my own "clean pipe" service, and the value to me greatly exceeds the VPS cost. However, it took me a while to set up what I have, and will take a lot more time to add (and tune) the additional capabilities. If I could get all of this as a service for a reasonable cost, I'd recommend it to all of my non-technical friends and family.
NFV gets a lot of attention in big networks like Service Providers, Data Centers, and Large Enterprise - in short, anyone running their own private clouds - but just because it runs in a cloud doesn't mean that it doesn't have value to everyone else. I'm definitely looking forward to renting time on a IDS.
