programmable neworks and their management using ... - CiteSeerX

1 downloads 0 Views 490KB Size Report
(bernie@sce.carleton.ca). Tony White. ([email protected]) ...... Krause, S. and Megadantz, T., Mobile Service Agents. Enabling. “Intelligence on. Demand” in.
PROGRAMMABLE NEWORKS AND THEIR MANAGEMENT USING MOBILE CODE Andrzej Bieszczad ([email protected]) Bernard Pagurek ([email protected]) Tony White ([email protected]) Cheryl Schramm ([email protected]) Gatot Susilo ([email protected]) Systems and Computer Engineering, Carleton University 1125 Colonel By Drive, Ottawa, Ontario, Canada K1S 5B6 Abstract In this paper we present an innovative approach to managing communication networks based on mobile agents or, more generally, mobile code. Our approach addresses issues in traditional client/server, or in this context manager/agent, network management systems like the amount of data that needs to be transmitted, problems inherent to heterogeneous environments, such as interoperability issues, problems with maintainability of complex software systems, and several others. The necessary elements of the infrastructure have been implemented in Java. The infrastructure includes mechanisms for code migration, security management and communication with managed resources. A network simulator has also been built to provide a testbed for the research. We explain innovative management ideas through demonstrations of the use of the infrastructure for several simple applications of mobile code that we categorize into servlets, deglets and netlets. We address the network security issues by defining a piglet as a hostile, malicious mobile code. We explore more advanced issues by describing several management applications that we are actively researching and implementing in the areas of discovery and presentation of component capabilities and information. Furthermore, we introduce a schema for dynamic network configuration. Our research is directed towards an ultimate goal of plug-and-play networks.

1

considerable human involvement. The term "craftsman" is

Introduction

The telecommunication networks that are in service today

often used to describe a network operator in a traditional

are usually conglomerates of heterogeneous, very often

telecommunications network with good reason. Legacy

incompatible, multi-vendor environments. Management of

network management systems are very strongly rooted in

such networks is a nightmare for a network operator who

the client/server model of distributed systems. This model

has to deal with the proliferation of human-machine

applies to both IETF (Case et al., [2]) and OSI (Yemini,

interfaces

Network

[11]) standards. In the client/server model, there are many

management is operator-intensive with many tasks that need

agents providing access to network components and

and

interoperability

problems.

considerably fewer managers that communicate with the

An emerging technology that provides the basis for

agents using specialized protocols such as SNMP or CMIP.

addressing problems with legacy management systems is

The agents are providers (servers) of data to analyzing

network computing based on Java technology (Gosling et

facilities centered on managers. Very often a manager has to

al., [4]). We refer to Java as a technology rather than merely

access several agents before any intelligent conclusions can

as another programming language as a result of its ’standard’

be inferred and presented to human operators. The process

implementation that includes a rich class hierarchy for

often involves substantial data transmission between

communication in TCP/IP networks and a network

manager and agent that can add a considerable strain on the

management infrastructure. Java incorporates facilities to

throughput of the network. The concept of delegation of

implement innovative management techniques based on

authority has been proposed (Yemini, [10]) to address this

mobile code (Kotay and Klotz, [6]; also [8]). Using this

issue.

appropriate

technology and these techniques we can address many

infrastructure that provides a homogeneous execution

interoperability issues and work towards plug-and-play

environment for delegated tasks. One approach to the

networks by applying mobile agents that can take care of

problem is SNMPscript (Case and Levi, [5]). However,

many aspects of configuring and maintaining networks in

SNMPscript has serious restrictions related to its limited

an autonomous fashion. For example, code distribution and

expression as a programming language and to the limited

extensibility techniques keep

area of its applicability (SNMP only). Although delegation

networks and their management facilities under control. The

is quite a general idea, the static nature of management

data throughput problem can be addressed by delegation of

agents still leaves considerable control responsibility in the

authority from managers to mobile agents1 where these

domain of the manager. Legacy network management

agents are able to analyze data locally without the need for

systems tend to be monolithic, making them hard to

any transmission to a central manager. We can limit the use

maintain and requiring substantial software and hardware

of processing resources on network components through

computing resources. Such systems also experience

periodic execution of certain tasks by visiting agents.

problems with the synchronization of their databases and the

Through engineering of a suite of simple management tools

actual state of the network. Although the synchronization

based on Web standards we address the problems inherent

problem can (potentially) be reduced in severity by

to monolithic systems that result from their size and

increasing the frequency of updates or polling, this can only

processing requirements. With a user interface based on

be achieved with further severe consequences on the

standards, we lower the learning curve for network

Delegation

techniques require an

the maintainability of

performance of the system and the network. 1

The terms "mobile agent" and "mobile code" will be used interchangeably throughout this article.

operators. Incorporating intelligent agents that can handle

In the following sections, we describe several realistic

tasks autonomously, we limit the requirements for human

management tasks that we are currently researching using

attention in the management process.

the described infrastructure. We conclude with our view of the prospects for the

In this paper, first, we introduce the necessary infrastructure for mobile code that we designed and

future and a review of planned activities. A similar effort, albeit more abstract, has been published

implemented in Java. The infrastructure includes the following necessary components:

very recently (Baldi, et al., [1]). In contrast to that work, our

• mobile code daemon,

paper is based on experiences with a number of applications

• migration facility,

that are driving our research activities.

• interface to managed resources,

2

• communication facility,

Infrastructure It is not feasible to undertake network management tasks

• security facility.

without an appropriate infrastructure in place. We have

It would be unreasonable to expect any network operator

designed a new framework and implemented the elements

to allow for online experiments that involve autonomous

that are required to explore our ideas. None of the existing

agents. Therefore, we have designed and implemented a

network management technologies could accommodate our

network simulator for testing our ideas. It is described next.

advanced approach.

We continue with a taxonomy of mobile code using the

The choice of Java for the implementation of the

following classification:

infrastructure is rooted in the portability of the language and

• servlets, i.e., extensions or upgrades to servers that stay

built-in facilities to chunk the code and transport it to

resident as integral parts of the servers, • deglets, i.e., mobile agents that are delegated to perform a

specific task, • netlets, i.e., mobile agents that provide predefined

remote locations for execution. Java is an interpreted language; i.e., it is compiled to intermediate code known as bytecode that is executed (interpreted) by the Java Virtual Machine

(JVM).

Very

strong

support

from

the

functionality on a permanent basis.

telecommunication and computer industries makes the

Each type is illustrated by an example of its use in a

language

portable

due

to

the

proliferation

of

network management application that we have implemented

implementations of JVMs. JVMs are available, or will be

using our framework. In the context of network security, we

available in the very near future, for virtually any

subsequently analyze another, potentially malicious, type of

computing

mobile code, or piglet.

electronics items. This portability, and the existence of a

platform

from

mainframes

to

consumer

rich collection of standard class libraries, makes Java a very

attractive implementation platform for systems that have to

At this point, let us proceed to the description of our

function

framework.

in

technology

and

vendor

heterogeneous

environments. Network Management is one of the primary

2.1

Code mobility daemon

examples of such a diverse application domain environment. The second feature that we have highlighted --

NC

modularity and remote execution -- is ideally suited for systems that, by their nature, are distributed. Even in the classical static client/server approach the Java solution provides several advantages such as the capability to update component agents online without the need to restart, or to use a Web browser to run various applets as management

compressed code

listening on a well-known port (UDP or TCP)

MCD

MCD

MF

NC

JVM

MCM

VMC

MCD NC

JVM

kernel (Managed Resources)

JVM

NC - Network Component MCD - Mobile Code Daemon MF - Migration Facility MCM - Mobile Code Manager VMC - Virtual Managed Component JVM - Java Virtual Machine

tools. We will discuss these issues later on in this paper after Figure 1. Infrastructure the elements of the infrastructure have been introduced. A facility for the transportation of portable code is the Java is an object-oriented language, so it is very basic requirement for employing solutions based on mobile convenient to provide default capabilities that are required code. Figure 1 shows the elements that are needed to send for an agent system in a form of generic or abstract classes. code between Java Virtual Machines (JVMs) running on Applications that utilize these default behaviors can be network components (NCs) in our system. The principal easily constructed by sub-classing from those defaults component of the transport facility is the Mobile Code collected in Application Program Interfaces (APIs). Daemon (MCD). The MCD is a thread running inside a Overloading the default behaviors is the mechanism used to JVM that listens on two communication ports for incoming provide customization. messages. We employ two ports to accommodate both TCP The fundamental assumption that we are making is that and UDP communication. Configuration of port numbers is each network component is Java-enabled. In our vision of supported, although in the future we would like to use future networks, each network component runs a Java advertised and standard well-known ports such as 434. Virtual Machine. It is a very bold, revolutionary assumption. Another MCD can send a message containing Java We realize that before such networks arrive, we will need to bytecode to one of those ports. As illustrated in Figure 1, at accommodate existing systems. Therefore, there are certain any given moment in time various bytecodes can move provisions in place for more gradual, evolutionary asynchronously between network locations. As yet, no approaches. They will be described shortly. standard mobile agent communication protocol has been

agreed upon2 and so the MCDs use a proprietary Code

strategies is used to send the bytecode representing the

Transfer Protocol (CTP) for inter-daemon communication.

netlet to one of the ports on another listening MCD.

The MCD provides a number of services that facilitate the execution of mobile code. These services are:

Alternatively, a netlet can implement its own migration strategy that may depend on the intended application.



security services,

Similarly, a deglet may migrate using the algorithm



bytecode management,

provided by the delegating application.



mobile code instantiation,



providing an interface to managed resources,

the migration destination from each MCD. Another simple



migration facilities.

alternative is a random selection of one of the neighbors.

The simplest possible migration strategy is to predefine

Upon the reception of the bytecode representing one type

Other migration strategies can vary from similarly simple

of an agent, the MCD validates the included Java classes,

schema to elaborate algorithms that are based on the

loads them using the dynamic class loader and instantiates

application’s needs and network conditions.

objects for the agent. The code can be tagged as active or

2.3

passive. If the code is tagged as active, then it is installed

Security facility

The most common concern of operating companies about

and activated as a Java thread by calling its initialization and

autonomous

starting methods. Passive code is just installed; it can be

telecommunication networks is network security. We

used later on. Deglets and netlets are examples of active

address this and similar concerns with security based on

code, while servlets are passive.

agent authentication and access control. Java provides a rich

2.2

collection of security classes that are used to sign the agents

Migration facility

The Migration Facility (MF) is the part of the MCD

mobile

agents

cruising

throughout

and verify its authenticity through the use of security keys.

concerned with determining destinations for agents. If the

The infrastructure implements a security schema that is

bytecode instantiated by the MCD and running inside the

sufficient for most network management applications.

JVM as a thread represents a netlet, then after its task at the

Implementing the mobile code infrastructure in Java has

node has been completed, the netlet may ask the MCD to

provided a security package that is sufficient to implement

migrate it to another NC. The MCD uses the MF to

four security facilities: authentication, data integrity, data

determine which of the default migration strategies is

privacy and authorization. We do not support data privacy

applicable to the requesting netlet. One of applicable

at this moment. We use the current implementation of the Java security API. This API can easily be extended to implement more stringent rules.

2

However, we are following the progress of the Mobile Agent Facility specification [13] submitted to the OMG.

level services of the visited network component, or invoke

NC

SecurityManager or ClassLoader classes. It is possible to

JVM

write enhanced SecurityManager classes in order to provide ASF

even more stringent security rules. With these restrictions

MCD

MCD NSF

JVM

NC NSF - network security facility ASF - agent security facility NC - network component MCD - mobile code daemon JVM - Java Virtual Machine

and facilities, the network component is reasonably safe from attacks by any malicious mobile code, or piglet. However, research in the area of enhanced security is ongoing. As illustrated in Figure 2, the Network Security Facility

Figure 2. Network and agent security (NSF) is a part of the MCD that ensures that only trusted The Java Security API provides a comprehensive set of methods that can be used to implement either low level or high level security functionality in Java applications. The JDK version 1.1.3 also comes standard with a default provider, named “SUN”. The “SUN” provider package includes an implementation of the Digital Signature Algorithm, and an implementation of the MD5 [RFC 1321] and SHA-1 [NIST FIPS 180-1] message digest algorithm. The authentication uses DSA, which provides a pair of keys, a public key and a private key. The data integrity use of MD5 and SHA-1 ensures the integrity of the mobile agent during its transmission. The mobile agent is not allowed to access local resources directly. Instead, it must do it indirectly through the Virtual Managed Component (VMC) that provides interfaces to the actual resources. The VMC implements access control to network component resources in order to guard sensitive data. Further details on the structure of VMCs will be provided in section 3. A mobile agent is not allowed to access the local file system, launch programs, call system

agents are allowed to be instantiated. Additionally, agent’s actions are also verified against its capabilities through the interfaces to network components, which are addressed in section 3. The second most common concern about netlets is the danger of flooding the network with autonomous agents reproducing themselves in the network without any control. One solution to this potential problem is the provision of meta-level management facilities that apply to the agents themselves. For example, ensuring that certain constraints on the quantity of netlets present in the network are satisfied can control their density. If a control agent determines that a threshold is exceeded for a certain type of netlet, then some of them are intercepted and destroyed. Conversely, if there are too few agents, then new netlets are generated. Netlet security is closely related to network security. If a netlet is not properly secured against intruders, then it may become a piglet and indirectly impact the security of the network. Therefore, a visiting netlet is equipped with a shield that protects its integrity. An agent can only be

modified by trusted entities. The Agent Security Facility

serializing it. That process will then be followed by calls to

(ASF) that is illustrated in Figure 2, is the default

the methods onRestore() and onStart(). Otherwise, the

component of an agent that provides a security mechanism.

mobile code will be instantiated and the methods onInit()

2.4

and onStart() will be called. At this point, the mobile code is

Infrastructure operation

up and running as a thread within the JVM. To access the NC (receiver)

NC (sender)

receive and store the mobile code

request a connection and start migrating

no

trusted code ?

network component's managed resources, the agent obtains

discard the mobile code

yes

inform the manager

has persistent states ?

call method: onDestroy

yes

inform the manager

restore states

a handle to the VMCs from the Mobile Code Manager (MCM). The methods in the agent’s code are called in an

no done

call method: 1. onInit 2. onStart

start migrating

call method: 1. onRestore 2. onStart

inform the manager

stop wrap up its states if requested

call method: onMigrate

migrate

event-driven mode triggered by the MCD, other agents or the agent itself.

mobile code running and performing its tasks

call method: start Mobile code idle onStart

call method: onStop

When an agent’s migration is requested by the manager, another agent, or the agent itself, the MCD calls the method onMigrate() of the associated agent. This notifies the agent

Figure 3 Flow diagram for infrastructure operation Figure 3 shows the general operation of the infrastructure for code mobility. Assume that a chunk of mobile code is about to be sent from one network component (the sender) to another (the receiver). Through the MCD’s migration facility (either via UDP or TCP connections) the sender sends the signed and compressed code (i.e., bytecode), the parameters and the persistent state obtained from serializing the instance of the mobile code. The receiver will receive and store them in the designated space for that particular mobile code. After the transmission is completed, the receiver verifies the code for authentication and data integrity. If the code passes the authentication checks, it will be instantiated (subject to standard JVM security checks); otherwise, it will be discarded by the MCD. The mobile code may or may not have persistent state. If it has persistent state, then the state will be restored by de-

that it is about to be transported to the next destination. Therefore, the agent will have time to finish up its task and notify the MCD whether or not it wants to keep its persistent state or it refuses to migrate. If the agent really wants to migrate, the MCD will start shipping the agent with the associated persistent state as necessary. When the migration has completed, the agent is destroyed and removed from the MCD. However, when the migration fails for some reason, the agent is notified by calling its method onFailMigration(). Therefore, the agent may determine what it wants to do next. For instance, if the migration fails because of an unreachable destination, the agent may alter the destination or just simply terminate itself. On destroying the agent, the MCD calls the method onDestroy() to ensure that the agent stops its tasks, releases its memory space and other acquired resources.

As illustrated in Figure 4, a Virtual Managed Component (VMC) is a collection of facilities that can be

Managed Resources

used by mobile agents to access the managed resources of Security Methods

Interface to Managed Resources

Management Applets

Recovery Procedures

Provisioning Procedures

an NC. External parties use the Virtual Managed Component Interface (VMCI) to interact with the VMC, and with the NC’s managed resources. To be useful, a

Virtual Managed Component Interface (VMCI) External parties

visiting agent has to understand at least some elements of the VMCI. The VMC interacts with managed resources as shown in Figure 5.

Figure 4. Virtual Managed Component

3

Interface to managed resources

NC

MR

MR

Access to network information is a principal requirement

VMC VM

for a management system. In legacy systems, such

VMC

CI

MCD JVM

VMCI

NE

functionality is provided by management agents; for JVM

example, an SNMP or CMIP agent in systems based on

MR

MR

NC - network component MR - managed resource VMC - Virtual Managed Component VMCI - VMC Interface JVM - Java Virtual Machine

standards or an Appliance Agent in the Java Management API (Gosling et al., [4]). All of these agents are static in nature; i.e., they do not change the location where they are

Figure 5. Accessing managed resources with Virtual Managed Components

running. They are usually fairly complex servers that have The security subsystem protects the managed resources access to kernel level functions of the managed resources. from unauthorized use and provides a security mechanism They are very component-specific, but may also support for installing extensions of the VMC. If an agent wants to standard access methods. access any of the component’s resources, then it must use In an environment that involves mobile rather than static one of the provided access methods. A VMC may include agents, there is a need for a more ubiquitous way of management applets that can be transferred to the manager accessing network information. Netlets are lightweight location, loaded into a Web browser and used to manage the agents that can implement neither direct (kernel level) nor component in a way predetermined by the vendor. The indirect (SNMP, CMIP, etc.) access methods to all network VMC may include a repository of recovery procedures that components that they visit. The access facilities have to be the vendor makes available to other applications. Another local. facility may provide provisioning agents that can be used to

configure the component in the live network automatically

connections or circuits. Such logical components might be

on component startup. Furthermore, the VMC may provide

convenient ways of dealing with certain types of

an indirection mechanism -- referring to a vendor URL --

information. Additionally, application programmers may

where appropriate applets and mobile agents may be

use the provisions for extensions to incorporate VMCs into

obtained. This is explored in a later section.

alternate logical schema. An example of such use is

The VMC provides the only interface to a network

presented in Figure 6. There is an application modeling the

component that can be accessed by an agent. The VMCs are

network that uses direct links to VMCs to feed the data into

local; i.e., they can be accessed only locally on the

the objects in the network model. An object in the network

component. However, a VMC may allow for the installation

model can be built upon a number of VMCs. For example, a

of extensions that can export the interface. A VMC is built upon a vendor specific information structure, which internally can have a flat or hierarchical organization. As

VMC VMC

illustrated in Figure 5, a VMC may provide access to many

VMC

managed resources. Processes that run remotely cannot

VMC

communicate with Managed Resources (MR) unless there

VMC

are specific provisions for local extensions of the VMCI.

VMC VMC

There might be several VMCs for a single network component if the vendor chooses to structure the access in such a way. Vendors may implement complex algorithms to Figure 6. Modeling networks with VMCs provide and modify the information. VMCs are selflogical network link object can be constructed from data contained, but may provide for bringing in additional data coming from two nodes that are the endpoints of the link. related to the component or the network. There can be no The construction of such a model is the subject of section built-in network knowledge in any of the VMCs, since 6.5. component vendors engineer them prior to connecting the Physically, a VMC can execute on the computing components to networks. Using similar arguments, there are resources of the managed component or it can execute no built-in interactions with other VMCs. Again, extensions remotely. For example, a VMC running on a PC can use a might be allowed to establish such communication after the micro-controller to access data coming from a photonic component has been put in service. switch and to control such a switch. In this example, the Vendors may choose to provide a VMC that does not correspond to one or more physical entities, e.g. a set of

system, which is a data structure that can be written to by visiting agents. Agents might be allowed to write to and

NC MED

NC

NC FAC

read data from the blackboard, depending upon their access FAC

JVM

rights. The default blackboard that is a part of the

DAS

framework can be extended to an arbitrarily complex shared JVM

JVM

NC - Network Component FAC - Facilitator JVM - Java Virtual Machine MED - Mediator DAS - Directory Administration Server

data structure by downloading and installing appropriate extensions. The netlet communication facilitator (FAC) is a proxy that supplies an indirect communication link between agents

Figure 7. Inter-agent communication that visit a location at the same time. Agents that have VMC is still the only interface to the switch from the extension privileges can expand the default capabilities of perspective of the management system. the proxy. 3.1

Ontologies and agent communication Figure 7 shows the communication between agents not

An important issue in agent-based systems relates to soonly on the same network component but also on the called ontologies. Ontologies address communication different one. To enable the inter-agent communication between agents and the environment and between the agents facility, every MCD must install the facilitator and one or themselves. more MCDs have the mediator (MED) installed. The VMCI defines an ontology for all application agents Once the MCD instantiates a mobile agent, it registers that act within our framework. The agents communicate the agent with the facilitator (local database) which, in turn, with the managed resources using the ontology. In addition, automatically relays the registration to the mediator (global VMCs may support certain standards like GDMOs or MIBs database). or vendor specific extensions. Through standard provisions Suppose two mobile agents exist on the same network of the VMCI, a visiting agent may negotiate an enhanced component or, more precisely, on the same MCD and one means of communication with the VMC that goes beyond of the agents wants to send a message to another. The the VMCI defaults. message will be received by the facilitator and then Another set of ontologies relates to the inter-agent delivered locally to the recipient. However, if the recipient communication. Inter-agent communication depends on the is on a different MCD, the facilitator will relay the message application involved. Nevertheless, there are certain to the mediator. The mediator knows the current location of standard mechanisms with which agents can exchange the intended recipient exactly and conveys the message to information. One of the default provisions is a blackboard the facilitator where the recipient is running in order to

deliver the message. If the mediator does not find the

components can be networked together with no impact on

location of the agent because the agent does not yet exist in

the agent’s behavior. Each

the network, it will keep the message until the agent appears

SNC has

a

behavior

determined

by

its

implementation. In the simplest case, there might be a table

in the network or until the message times out. The inter-agent communication service supports not only

of attributes that is modifiable by the user of the simulator.

broadcasting.

However, the behavior can be arbitrarily complex; for

Suppose an agent wants to broadcast a message, the

example, a value of an attribute can be expressed as a

message will be relayed directly by the facilitator to the

function of time.

point-to-point

communication

but

also

mediator. The mediator duplicates and sends the message to every agent that the mediator knows of in the mobile code region. Network simulator

In the mobile code package, the mediator is implemented as a VMC. Therefore, the manager may find out which agents are present in the network, their current locations,

Simulated and Real Network Elements

and other attributes, simply by sending an agent to the Real network

directory administration server and querying the mediator.

4

Network simulator At present, there are few operating companies that would

Figure 8. Simulating large heterogeneous networks

5

Management methods based on the use of

allow autonomous mobile agents to move unrestricted

mobile code

within its network. Therefore, in order to conduct many parts of our research, we need a network simulator. From

We introduced four types of mobile code earlier in this

the perspective of an agent, there is no difference between a

paper: servlets, deglets, netlets and applets. In this section,

real and a Simulated Network Component (SNC) as long

we will examine several methodologies that are built upon

as both run the MCD that is able to accept and execute the

them.

agent’s code. Using the simulator, we can create many SNCs

5.1

Extensibility

on a limited number of real NCs. Each SNC runs its own

The capability to transfer code for remote execution

JVM containing an MCD. From the agent’s perspective,

(Daniele et al. [3]; Stomos et al. [9]) opens a Pandora box of

such a virtual network is indistinguishable from the real

opportunities

network. As a matter of fact, virtual and simulated

repositories of software components can be downloaded for

for

distributed

computing.

Remote

execution on an as needed basis. Network management

The protocol handlers from the examples can be generalized

systems can take advantage of many of these techniques.

to any type of service.

As a simple demonstration, consider the case of an installable protocol driver shown in Figure 9. If host 1 wants myTelnet

to talk to host 2, then they both need to understand the same language; i.e., they need protocol handlers for the same

myTelnet

host 1

host 2

protocol. If host 2 does not have a protocol handler, for example for myTelnet, then no communication can take place. However, if there is an infrastructure for transferring code, then host 1 can decide to install the handler for myTelnet on host 2. Now, communication between the two hosts is possible.

Figure 10. Installable services from protocol server

host 1

host 2

It is not only a complete lack of an expected service which can be addressed with these techniques. For example,

myTelnet

myTelnet

an older version of a client can be upgraded if it attempts to access a server that handles only a more recent version. Similarly, the server can be upgraded or extended without host 1

host 2

taking it off line. In that way, there are no problems with myTelnet

myTelnet

incompatible

protocols

or

their

versions

and

the

maintenance of the software is quite straightforward. In network management systems, a vendor-specific agent Figure 9. Installable (soft) protocol can offer a complete communication protocol (or extensions A similar scenario is shown in Figure 10, but in this case to such) to the manager. Vice versa, the manager may neither host 1 nor host 2 have handlers for myTelnet. There upgrade, extend or install an agent on a device that does not is a negotiation between host 1 and host 2, in which they have an up to date services. agree upon the communication protocol. When negotiated 5.2

Delegation

and myTelnet is the resulting protocol choice, the protocol Delegation of authority (Yemini, [10]; Stomos et al. [9]) handlers for myTelnet are downloaded from a remote has already found a solid ground in Network Management repository to both hosts. as a methodology that allows for construction of distributed systems. Instead of encoding the complete management

an agent to perform the task. The task can be arbitrarily complex and may involve one or many network locations. If

PC browser

PC 1 NC 1

the task is a one-shot assignment, then we refer to the agent as a deglet. 5.3

Autonomy

The task assigned to an agent might be of a permanent nature and it does not have to address an existing network condition. If the agent is mobile, then we refer to such an agent as a netlet. Societies of netlets are inherent elements Figure 11. Delegation

of the network management infrastructure that may address

knowledge into one entity, the central manager, there are certain responsibilities that are assigned to other processes. These tasks can be still controlled to some degree by the central authority, but in many cases, local managers can perform various tasks in an autonomous way. Code mobility adds another dimension to the convenience of the delegation techniques.

centralized and distributed, all managers, central and local, static

handle network faults. In many cases, the capability to provide autonomous, on-the-spot diagnosis might be superior to the centralized option that involves transmission of large amounts of data that have to be processed centrally by some kind of an intelligent or knowledge based application. Netlets can be engineered to handle problems in

In traditional network management systems, both

are

many issues. For example, there might be netlets that can

processes.

To

fulfill

their

duties,

they

a distributed manner; for example, each netlet can deal with a single network fault. In general, netlets can be used to maintain many aspects of the network autonomously.

communicate through standard protocols, like SNMP (version 2) or CMIP. Any task that is delegated to a local manager has to be implemented by that manager. If a new task is to be delegated, then all managers that have to be upgraded must be taken off line. The problems with static distribution of managers can be addressed by employing techniques based on mobile code. An example of such an approach is illustrated in Figure 11. Instead of communicating with other managers and asking Figure 12. Autonomy them to perform a certain task, the manager can instead send

6

Applications

the deglet will visit many nodes. Alternatively, the deglet can include its own migration patterns. A good migration

In this section, we examine a number of applications of algorithm will result in complete coverage of the whole the methods based on mobile code that we have managed network. For example, marking visited nodes can implemented or are in the process of implementing. The ensure that each node is visited only once. A variation of applications are thought of as testbeds for ideas rather than this application is the use of deglets that report only the complete solutions for management systems. Most of these nodes that satisfy certain conditions. For example, a list of applications can be implemented in standard ways, but we nodes that are overutilized can be requested. argue that the use of mobile code is beneficial. The task performed by a deglet can be more complex. In 6.1

Network utilities another application that is illustrated in Figure 14, a deglet (or a number of them) is injected into the network nodes not Host browser

PC 1 Printer 1 NC 1

only to report certain condition, but also to actually perform one or more local actions that depend on the condition. For example, a

server

that contains outdated

software

components can be updated or a node with an increasing failure trend is requested to restart. This technique can also be used to distribute new services to specific locations in the network. Figure 13. Host sniffer

In all similar applications, netlets can be used in place of

As the first example, let us consider a system as represented

deglets. In that way, network management functions gain

in Figure 13.

The operator of the network opens a

certain degree of autonomy. For example, the list that is

management tool (an applet) in a Web browser, which

displayed in the Web browser in Figure 13 can be a list of

displays an list of active devices in the network. In a traditional system, in order to collect the responses from the nodes the manager (the applet) would use a ping-type

Figure 14. Condition sniffers

command. Such a solution requires that a list of the potential destinations be maintained in the manager. In our approach, a deglet (or a number of them) is injected into the network with the task of reporting the visited nodes. Since an MCD on each network node implements a migration algorithm, Figure 14. Persistent Delegation

active traps (alarms), if a society of netlets reporting traps is

applet can be downloaded to the manager as illustrated in

active in the network.

Figure 15. In this application, the manager maintains a list

If netlets are used in place of deglets in the way described

of network components using the techniques that were

in Figure 14, then many management functions can be

described previously. When the operator requests the

implemented autonomously. A comprehensive suite of

managed data for a component whose VMC includes a

similar applications can be the basis for truly intelligent

management applet, then the applet is downloaded to the

networks with an autonomous management infrastructure.

manager and executed within the Web browser. Java is a

Such an infrastructure, including all classes of intelligent

rich language that makes it possible to build very complex

methods rooted in the Artificial and Computational

software tools. The vendor might be the provider of such

Intelligence, is one of the main goals of our research. The

applets, so the vendor's network component designers can

applications presented in this paper only provide a small

carefully craft the way in which the component is managed

cross-section of research yet to be undertaken.

in a particular network setting. It may include component

6.2

specific graphics and verification routines for management

Managed information browsers

Today, browsers with which network operators can get access to the information about the network components are

data. 6.3

Provisioning

the most popular management tools. Web technology brings

Provisioning virtual circuits in an ATM network is a

new opportunities for the design of convenient component

fairly complex process usually involving several parties. In

browsing tools that can be opened in Web browsers and

our experience, it took quite a long time to negotiate all

access the managed data over the Net. Networking

aspects of a PVC that we established between a Newbridge

technologies like CORBA, DCOM or Java’s RMI bring

switch in our lab at Carleton University and a Fore switch in

additional value through their support for distributed

the network management lab at the National Research

computing with remote software components. Java’s core libraries add many classes that can enhance the Graphical Host browser

User Interface (GUI) of the management tools making the Java platform even more attractive.

PC 1 PC PC 22 Printer 1 Printer 2 NC 1 Router Laptop

Java also brings the code mobility that is exercised by the Web browsers to download applets and execute them within the

browser

environment.

While discussing

Virtual

Managed Components earlier in this paper, we indicated that a VMC might include management applets. Such an Figure 15. Component browser

Council, Ottawa. The PVC includes a path through a cloud

subsequent exchange of necessary information completes

in the OCRINet maintained by Bell Canada. The process

the setup. At that point, the requesting party is informed that

would be even longer if there was another operating

the task has been accomplished.

company offering similar services; for example, Bell’s

We are also looking into the use of netlets to manage the

competition could offer better prices making price

PVCs. For example, if any of the operating companies

negociation possible. There were several network managers

modifies its offer, then a special-purpose netlet can detect

involved in the PVC setup process.

that fact and the negotiation process can be repeated.

We have designed and implemented a system based on

6.4

Plug-and-play networks

agents that handles similar tasks in an autonomous way. A

Self-maintaining networks that we introduced in earlier

request to setup a PVC is assigned to a deglet, which

sections of this paper can be folded into a broader concept

coordinates the overall process. It uses additional deglets to

that guides our research and experiments, a plug-and-play

perform partial tasks. Using the deglets, all of the necessary

network. To exercise the essential ideas of such networks,

data is exchanged by the endpoints using the provisions

we are investigating an application that is illustrated in

incorporated into their respective VMCs. The deglets

Figure 17. This scenario has been derived from the

communicate with VMCs using a special ontology that

problems that we experienced while installing a CDROM

generalizes the knowledge of setting up a PVC by the

drive in one of our PCs. We spent several days before we

vendor. Parts of the necessary data may be brought as

resolved all of the problems related to a device driver that

required from remote locations; for example, vendor’s Web

was necessary to make use of the CDROM drive. The example in Figure 17 is a generalized version of the problems that we experienced.

Fore (NRC)

Newbridge (Carleton)

Internet Network

OCRINet

Printer vendor

printer driver (updates)

Figure 16. Provisioning PVCs sites. Then, another deglet negotiates with the VMCs in the operator’s clouds. The best deal is selected and the

Figure 17. Plug-and-play components

In the scenario, there is a Java-enabled printer to be

the need to provide a model of the network on a network

connected to a network of workstations (PCs and Unix) and

management workstation will still remain. Mobile agents

other devices. The network is connected to the Internet, and

can be used to achieve an 'intelligent' network model that is

so is the maker of the printer. The vendor provides a VMC

constructed in real time during discovery of a network

with the printer, which includes provisioning deglets and

component.

netlets. After connecting to the network, a netlet (or a

A deglet is injected into the network from the network

number of them) is sent to the network to determine the

management workstation and, using the idea of host sniffing

environmental requirements; i.e., it discovers the type of

described in section 6.1, visits network components. At

workstations and their locations. Then, a deglet contacts the

each network component, the deglet interacts with the VMC

vendor’s repository of drivers and downloads drivers

in order to determine where the vendor maintains a

appropriate for the printer and for the environment. The

properties site. The deglet then visits the vendor site and

drivers are installed on the devices that will make use of the

requests that a deglet be sent to the network management

printer. The printer registers with the vendor, so wh en a new

workstation for the purpose of constructing a Virtual

driver is released, then the printer can negotiate with the

Network Component (VNC), part of the network model

network whether the local drivers should be upgraded. The

being created. The network model provisioning agent visits

netlets that travel in the network are also assigned a task of

the network management workstation and instantiates a

detecting new destinations for the drivers.

virtual network component by interacting with the actual

6.5

network component in the live network. As it is the case

Network model creation and maintenance

that the agent visiting the network management workstation Network

and the VMC on the network component are both provided Internet

by the vendor, the nature of the protocol used in their communication

is

unimportant

and can

be

purely

proprietary. Also, unlike traditional network models, the virtual network component provisioning agent installs behaviour as well as state for the virtual network component Component vendor

within the network model; hence the use of the term 'intelligent'. This is an example of mobile agents used for Figure 18 Network model creation with mobile agents While the plug-and-play network of tomorrow will demonstrate a high degree of self configuration and repair,

the creation of middleware.

6.6

the idea with the DPI protocol. The DPI protocol was

Mobile servers

In conventional client/server systems, servers have fixed locations. This frequently causes problems as demands

chosen as it is a ’lightweight’ protocol and avoids the BER encoding/decoding that is part of SNMP. In our research environment, a VMC extension registers

change, both on the server platform and within the network The

with an SNMP agent and, acting as an SNMP subagent,

communications server within our framework has been

provides data in response to SNMP requests. This scenario

designed as a mobile agent and we are currently

is shown in Figure 19.

itself,

leading

to

degraded

performance.

investigating algorithms based upon techniques from

Both of these ideas could be applied in cases where the

Reinforcement Learning (Littman, [12]) in order to allow

inter-working with the legacy system is required. We can

the server to migrate automatically when performance

associate simulated network components with actual

degrades.

devices running legacy agents through properly engineered each communication

VMCs. It is also helpful within our simulated environment

request causes an update to the probability with which the

to be able to link simulated components to the real ones if

server either remains resident on the current network

an idea that has already been tested through a simulation is

component or migrates to another network component

to be tried on a live network.

In the case of mobile servers,

within the same mobile code region. In order to achieve this, we are currently designing a MIB to be used in monitoring

NC

agent activity within a specific mobile code region. It is our

Mobile Agent Manager

intention to implement a subagent that uses this MIB and

MCD VMC with DPI

that the subagent will register with an SNMP agent using

SNMP Manager

JVM

the DPI or AgentX protocols.

7

MCM

DPI-enabled SNMP Agent

Inter-working with legacy systems It is worth noting that the old manager/agent schema can

easily be implemented using VMCs. For example, an

Figure 19 Mobile agent talks to SNMP agent

application that uses a local VMC and implements an SNMP protocol handler can be installed inside the MCD. Thereafter, it can act as an SNMP agent.

8

Conclusions and future work The preliminary research into the area of the use of

An alternative that we have implemented within our

mobile code for network management has proven that there

framework is a handler of an extension protocol. We tried

are many opportunities that are worth further exploration.

We have demonstrated that agent mobility adds another

The work on an autonomous provisioning agent project

dimension to network management methodologies that can

has initiated our research on self-configuring networks. It is

be employed.

an exciting area that overlaps with service management. We

The work on the mobility framework has convinced us

hope to benefit from research on ODP, TINA (Megadantz,

that Java technology is currently the best candidate for

[7]), etc. while simultaneously contributing our own ideas

implementation of the methodologies based on mobile code.

in the area.

We have determined many components that are necessary

It is not our intention to provide off-the-shelf solutions or

for the infrastructure on which the methodologies could be

to set standards. Our research will retain its exploratory

built.

nature and be used as a vehicle for generating and testing

We are just at the beginning of our journey towards the

ideas that may prove useful for networks of the future. We

realization of plug-and-play networks. We will continue to

believe that our research will provide steps forward towards

research

the realization of the ultimate goal of any operating

the

requirements

for

the

code

mobility

infrastructure, which we consider to be the basis for the

company: a trouble-free, plug-and-play network.

active networks of tomorrow. We will focus on further research into its components, what are the necessary

9

Acknowledgments

patterns of their behavior and what are the limitations and

We would like to acknowledge the contribution to the

constraints. In particular, we will be looking carefully into

work presented in this paper by the current and former

the issues of security, which will be based on the security

student members of the Perpetuum Mobile Procura

features of Java, the migration patterns for netlets, inter-

project at Carleton University: André Campeau and

agent communication strategies, the ubiquitous interface to

Yanrong

managed resources and its extensions.

Telecommunications Research Institute of Ontario for its

In the application area, we have already started to explore the use of agents, and mobile agents in particular, for fault

Li.

We

would

also

like

to

thank

the

funding of this research and the National Research Centre for the use of its facilities.

diagnosis. We have put forward several projects involving methods from Artificial and Computational Intelligence. We expect to present results from certain projects in the near

10 REFERENCES 1.

Baldi, M., Gai, S. and Picco, G. P., Exploiting Code

future, while there are a number of others that are long term;

Mobility in Decentralized and Flexible Network

for example, diagnostic techniques based on Swarm

Management, First International Workshop on Mobile

Intelligence or mobile, distributed expert systems.

Agents Mobile Agents’97, Berlin, Germany, April 7-8, 1997.

2.

Case, J. D., Fedor, M., Schoffstall, M. L. and Davin, C.,

International Symposium

Simple Network Management Protocol, RFC 1157,

Management, Washington, DC, April 1991.

May 1990. 3.

IEEE Communication Magazine, pages 20-29, May

Extensibility (AgentX) Protocol, Version 1, Proposed

1993

Gosling, J. and Arnold, K., Joy, B., Steele, G.,

http://www.cs.washington.edu/research/jair/volume4/k

Lindholm, T., Walrath, K., Campione, M., Yellin, F. et

aelbling96a-html/rl-survey.htm.

Jeff D. Case, David B. Levi, SNMP Mid-Level-

Kotay, K. and Kotz, D., Transportable Agents. In

Third International Conference on Information and Knowledge Management (CIKM 94), Gaithersburg, Maryland, December 1994. Krause, S. and Megadantz, T., Mobile Service Agents Enabling

“Intelligence

Telecommunications,

on

Demand”

Proceedings

of

in IEEE

GLOBCOM’96, London, U.K., 18-22 Nov. 1996. Mobile

Code

Bibliography,

http://www.cnri.reston.va.us/home/koe/bib/mobile-abs. bib.html 9.

Stomos, J. W. and Gifford, D. K., Remote Evaluation, ACM Transactions on Programming Languages and Systems, 12(4), pages 537-565, October 1990.

10. Yemini, Y., Goldszmidt, G. and Yemini, S., Network Management

by

Delegation.

In

The

A

Survey,

13. Mobile Agent Facility Specification, OMG TC

the CIKM Workshop on Intelligent Information Agents,

8.

A., W., Reinforcement

Learning:

Yannis Labrou and Tim Finin, editors, Proceedings of

7.

12. Littman, L., P., and Moore,

Operations and Management Area of IETF, Dec. 1996.

Manager MIB, Draft, IETF, 1993. 6.

Network

Daniele, M., Wijnen, B. and Francisco, D., Agent

al, The Java Series, Addison-Wesley, 1996. 5.

Integrated

11. Yemini, Y., The OSI Network Management Model,

Standard, SNMP Agent Extensibility (agentx) Charter,

4.

on

Second

Document cf/xx-x-xx, June 2nd, 1997