Today's enterprise, data-center, and internet-service-provider networks deploy different types of network devices, including switches, routers, and middleboxes such as network address translation and firewalls. These devices are vertically integrated monolithic systems. Software-defined networking (SDN) and network function virtualization (NFV) are promising technologies for dis-aggregating vertically integrated systems into components by using “softwarization”. Software-defined networking separates the control plane from the data plane of switch and router, while NFV decouples high-layer service functions (SFs) or Network Functions (NFs) implemented in the data plane of a middlebox and enables the innovation of policy implementation by using SF chaining. Even though there have been several survey studies in this area, this area is continuing to grow rapidly. In this paper, we present a recent survey of this area. In particular, we survey research activities in the areas of re-architecting middleboxes, state management, high-performance platforms, service chaining, resource management, and trouble shooting. Efforts in these research areas will enable the development of future virtual-network-function platforms and innovation in service management while maintaining acceptable capital and operational expenditure.

In most access control systems, authorization is specified using binary decisions, "yes" or "no," to the access requests resulting in access being permitted or denied respectively. We argue that emerging Internet applications require that this binary decision be extended to "allow access provided some actions are taken. " We propose the notion of provisional actions that specifies the necessary actions to be performed in addition to the binary decision and introduce an access control model for it. We also provide an administrative model for policy management purpose.

On the Internet, a Quality of Service (QoS) guaranteed services are increasingly being demanded, and the Internet Engineering Task Force (IETF) is developing the specification documents for the QoS services intensively. This overview details the technical rationales underlining the contents of the specification documents developed by the IETF for Differentiated Services (DiffServ)--to provide QoS guarantee services in the large IP networks-- and Policy Framework--to manage DiffServ compliant networks. The IP networks with DiffServ consist of boundary routers and interior routers. These routers are composed of packet classifiers and marker, shaper, and policing function. Many vendors have developed DiffServ-compliant routers with gigabit interfaces. An example of an implementation of a DiffServ-compliant router and a demonstration of a QoS service using this router are presented here. The Policy Framework is expected to be one of the promising management solutions to co-operate with and manage many DiffServ-compliant routers. An experiment that adopts the Policy Framework to a DiffServ compliant network is also outlined.