A network device is provided with more and more application services of various types, including security protection, application delivery, network optimization, and the like. Specifically, application service may include an application delivery controller (ADC), a wide area network optimization controller (WOC), deep packet inspection (DPI), an intrusion prevention system (IPS), and a uniform resource locator filter (URLF), and the like. The network device tends to integrate these application services to improve service processing capability and market competitiveness of the network device. While multiple applications are integrated, the network device provides an application management and control function for a user to manage application services on the device.
At present, when a user manages and integrates application services, a differentiated manner is used for policy configuration management and service knowledge base management. In practice, however, as application services keep extending, differences between different application knowledge bases continue to increase, and it becomes more and more difficult to implement unified policy configuration and management for policies. Therefore, how to manage and integrate different application services more effectively according to a user policy is an urgent problem to be solved at present.
At present, the problem is solved mainly by directly delivering a user policy in a centralized manner. As shown in FIG. 1, a user configures a policy first, and then sends it as a user policy set to service processing units of all application services (which is shown by row 2 in FIG. 1, where WOC is a service processing unit for processing a WOC service, and DPI, ADC, URLF, and IPS are similar thereto). Each of the service processing units parse the user policy set to obtain policy rules and extract a policy rule required by itself to perform compilation. Finally, each of the service processing units executes the extracted policy rule and invokes information of an application knowledge base (as shown by row 3 in FIG. 1) corresponding to the extracted policy rule to complete service processing.
However, it is found in practice that the technology described above has at least the following defect.
All service processing units need to parse the user policy repeatedly, and need to compile the policy rule and the information of the application knowledge base separately, which causes high system resource overhead.