Enforcement of Data-Plane Policies in Next-Generation Networks

Abstract

Modern networks not only forward traffic, but also perform a variety of processing operations on packets (e.g., content inspection, transcoding, QoS scheduling). Such data plane operations cannot be easily coordinated in the current Internet architectures since there is no explicit policy support for packet processing services. As more diverse systems and protocols are deployed in the next-generation Internet, this problem becomes increasingly challenging. In our work, we propose a novel policy enforcement system for data-path functions in the next-generation Internet. Using a formalism to represent policies and automated planning tools, connection request can be adapted to meet the policy requirement of the domains they traverse. We present the theoretical foundations of this approach as well as a prototype implementation based on our network service architecture. Our results show that this approach is an effective solution to enforcing policies relating to the date plane of networks.