Distributed policy processing in virtual private operation environment for large scale networks
Conference Paper
Overview
Research
Identity
Additional Document Info
Other
View All
Overview
abstract
2003 IEEE. VPOE (virtual private operation environment) is an infrastructure to provide customized services for applications in large-scale heterogeneous networks. In this infrastructure, the programmable network devices - called "middleware boxes" can be deployed at some functional locations in the network and provide services effectively corresponding to the service requirements. The basic functionality of middleware box is to execute customized policies. With the number of applications increasing and new services becoming popular, the policy matching and processing have been becoming a bottleneck for the middleware box performance. We focus on designing a scalable policy processing architecture, aiming to deal with this issue. Particularly, our technologies include: (1) a distributed policy processing architecture for the middleware box; (2) two policy partitioning algorithms to achieve conflict-free policies for the distributed policy processing architecture and guarantee the correctness of the policy execution. We conduct extensive performance evaluations on different architectures and algorithms. The evaluation results show that the distributed architecture can achieve over 70 percent increase of performance/price ratio with proper assignment of the policy distribution degree. The experimental results also demonstrate that to make the policy both partition capable and conflict free, more new policies have to be generated, which can be effectively reduced by using the policy compression schemes.
name of conference
IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003.