Network devices and clients may provide a number of complex functions with respect to network traffic. Among other functions, network devices may provide load balancing, application security, content switching, SSL offloading, acceleration, and caching. However, as the number and complexity of the functions provided by network devices grows, the complexity and amount of configuration required for a network device may similarly increase. Further, improper or suboptimal configuration of a network device may result in decreased performance, network errors, application incompatibility, and weakened security.
Many network devices may utilize a policy framework to control network device functions. In these frameworks, a policy may specify a rule and an action which dictates a behavior under certain conditions. For example, with HTTP traffic, a policy framework may allow a user to configure device behavior based on content within the HTTP stream. These policies may become complex depending on the content to be analyzed and the behaviors sought. Thus, there exists a need for a policy framework which allows a user to apply structure to network traffic for the purpose of writing policies to direct device behavior. There similarly exists a need for a network device which can then implement such structured policy expressions in an efficient manner.
In addition, as the number and complexity of network device functions grow, the number of policies required for their configuration may also grow. With an increase in the number of policies, there also exists a need for specifying and implementing processing orders among policies and groups of policies.
Further, some desirable policies used in network devices may not always have defined results. For example, a policy may specify behavior in response to a given field of an HTTP request, but may be undefined in cases where the field is not present or the field has an unexpected value. While it may be possible in some cases to write policies that are always defined, this may require additional policies or more complex policies and may increase administrative overhead. Thus, there exists a need for configuration systems which allow a user to specify one or more actions for the case in which a policy is undefined.