Distributed policy processing in virtual private operation environment for large scale networks

VPOE (virtual private operation environment) is an infrastructure to provide customized services for applications in large-scale heterogeneous networks. In this infrastructure, the programmable network devices - called "middleware boxes" can be deployed at some functional locations in the network and provide services effectively corresponding to the service requirements. The basic functionality of middleware box is to execute customized policies. With the number of applications increasing and new services becoming popular, the policy matching and processing have been becoming a bottleneck for the middleware box performance. We focus on designing a scalable policy processing architecture, aiming to deal with this issue. Particularly, our technologies include: (1) a distributed policy processing architecture for the middleware box; (2) two policy partitioning algorithms to achieve conflict-free policies for the distributed policy processing architecture and guarantee the correctness of the policy execution. We conduct extensive performance evaluations on different architectures and algorithms. The evaluation results show that the distributed architecture can achieve over 70 percent increase of performance/price ratio with proper assignment of the policy distribution degree. The experimental results also demonstrate that to make the policy both partition capable and conflict free, more new policies have to be generated, which can be effectively reduced by using the policy compression schemes.