It defines the way services will be inserted in the network and the necessary connections to have them up and running. There will be two types of services, symmetric and singles services. Symmetric services will require one server running at each side of the edge routers of the network, one for the client side and one for the server application one. Those services may have an understanding of its pair server configuration but it is not necessary. Example of these type of services are network application accelerator. Single services just require one server to enforce their functionality and they are mostly deployed at the application server side of the network. Example of these type of services are load balancers and firewalls among others. Regardless the type of service that will be inserted in the network, there are different models to wired a service into the network. These are the two existing models: A) In-Path (Bump in the Wire) In this model, the service is placed in the path of the traffic to the server VMs, by splitting the network into two, and having the service bridge between the two, in the process applying the service. This is achievable with the current set of Quantum APIs. HA in this model is achieved through an external monitoring entity that monitors the health of the service and kill/re-spins if it went down. B) Out-of-Path (Redirection) In this model, the service (single node or a cluster of nodes) is placed out of the normal traffic flow path, and the gateway redirects the candidate set of traffic to the service. After the service has been provided to the traffic, it is returned back to the gateway for forwarding to the end host. HA in this model is achieved through an external monitoring entity as in the in-path case. In addition, the VPN gateway could also monitor the state of the service and choose to make alternate redirection decisions.