Cisco vPath allows you to deploy network services, like in a physical switch. It is embedded in every VEM. Essentially, it provides intelligent packet steering, which means that policy lookup is decoupled from enforcement. For example, with the Virtual Security Gateway (VSG), which is a virtualized Cisco firewall, once a policy decision is made at the VSG for a particular flow, it's up to vPath now to implement that policy for each packet in that flow, thereby freeing up the VSG.

The vPath is enabled at a port-profile level. When VSG policies are configured, flow is evaluated against the policy by the VSG, and then the policy decision is pushed for implementation to vPath. It stores that decision only for the duration of that flow. Once there is a Reset (RST) event or Finish (FIN) flag, the flow entry is removed from the vPath table. There is also an activity timer, which can terminate sessions.

FIN and RST are TCP control bits (flags). FIN indicates that the client will send no more data, while RST resets the connection. Virtual Wide Area Application Services (vWAAS) is Cisco's WAN optimization technology, used to improve application delivery in cloud environments. Have a look at the following diagram for more details: