PROGRAMMABLE NEWORKS AND THEIR MANAGEMENT USING MOBILE CODE Andrzej Bieszczad (
[email protected]) Bernard Pagurek (
[email protected]) Tony White (
[email protected]) Cheryl Schramm (
[email protected]) Gatot Susilo (
[email protected]) Systems and Computer Engineering, Carleton University 1125 Colonel By Drive, Ottawa, Ontario, Canada K1S 5B6 Abstract In this paper we present an innovative approach to managing communication networks based on mobile agents or, more generally, mobile code. Our approach addresses issues in traditional client/server, or in this context manager/agent, network management systems like the amount of data that needs to be transmitted, problems inherent to heterogeneous environments, such as interoperability issues, problems with maintainability of complex software systems, and several others. The necessary elements of the infrastructure have been implemented in Java. The infrastructure includes mechanisms for code migration, security management and communication with managed resources. A network simulator has also been built to provide a testbed for the research. We explain innovative management ideas through demonstrations of the use of the infrastructure for several simple applications of mobile code that we categorize into servlets, deglets and netlets. We address the network security issues by defining a piglet as a hostile, malicious mobile code. We explore more advanced issues by describing several management applications that we are actively researching and implementing in the areas of discovery and presentation of component capabilities and information. Furthermore, we introduce a schema for dynamic network configuration. Our research is directed towards an ultimate goal of plug-and-play networks.
1
considerable human involvement. The term "craftsman" is
Introduction
The telecommunication networks that are in service today
often used to describe a network operator in a traditional
are usually conglomerates of heterogeneous, very often
telecommunications network with good reason. Legacy
incompatible, multi-vendor environments. Management of
network management systems are very strongly rooted in
such networks is a nightmare for a network operator who
the client/server model of distributed systems. This model
has to deal with the proliferation of human-machine
applies to both IETF (Case et al., [2]) and OSI (Yemini,
interfaces
Network
[11]) standards. In the client/server model, there are many
management is operator-intensive with many tasks that need
agents providing access to network components and
and
interoperability
problems.
considerably fewer managers that communicate with the
An emerging technology that provides the basis for
agents using specialized protocols such as SNMP or CMIP.
addressing problems with legacy management systems is
The agents are providers (servers) of data to analyzing
network computing based on Java technology (Gosling et
facilities centered on managers. Very often a manager has to
al., [4]). We refer to Java as a technology rather than merely
access several agents before any intelligent conclusions can
as another programming language as a result of its ’standard’
be inferred and presented to human operators. The process
implementation that includes a rich class hierarchy for
often involves substantial data transmission between
communication in TCP/IP networks and a network
manager and agent that can add a considerable strain on the
management infrastructure. Java incorporates facilities to
throughput of the network. The concept of delegation of
implement innovative management techniques based on
authority has been proposed (Yemini, [10]) to address this
mobile code (Kotay and Klotz, [6]; also [8]). Using this
issue.
appropriate
technology and these techniques we can address many
infrastructure that provides a homogeneous execution
interoperability issues and work towards plug-and-play
environment for delegated tasks. One approach to the
networks by applying mobile agents that can take care of
problem is SNMPscript (Case and Levi, [5]). However,
many aspects of configuring and maintaining networks in
SNMPscript has serious restrictions related to its limited
an autonomous fashion. For example, code distribution and
expression as a programming language and to the limited
extensibility techniques keep
area of its applicability (SNMP only). Although delegation
networks and their management facilities under control. The
is quite a general idea, the static nature of management
data throughput problem can be addressed by delegation of
agents still leaves considerable control responsibility in the
authority from managers to mobile agents1 where these
domain of the manager. Legacy network management
agents are able to analyze data locally without the need for
systems tend to be monolithic, making them hard to
any transmission to a central manager. We can limit the use
maintain and requiring substantial software and hardware
of processing resources on network components through
computing resources. Such systems also experience
periodic execution of certain tasks by visiting agents.
problems with the synchronization of their databases and the
Through engineering of a suite of simple management tools
actual state of the network. Although the synchronization
based on Web standards we address the problems inherent
problem can (potentially) be reduced in severity by
to monolithic systems that result from their size and
increasing the frequency of updates or polling, this can only
processing requirements. With a user interface based on
be achieved with further severe consequences on the
standards, we lower the learning curve for network
Delegation
techniques require an
the maintainability of
performance of the system and the network. 1
The terms "mobile agent" and "mobile code" will be used interchangeably throughout this article.
operators. Incorporating intelligent agents that can handle
In the following sections, we describe several realistic
tasks autonomously, we limit the requirements for human
management tasks that we are currently researching using
attention in the management process.
the described infrastructure. We conclude with our view of the prospects for the
In this paper, first, we introduce the necessary infrastructure for mobile code that we designed and
future and a review of planned activities. A similar effort, albeit more abstract, has been published
implemented in Java. The infrastructure includes the following necessary components:
very recently (Baldi, et al., [1]). In contrast to that work, our
• mobile code daemon,
paper is based on experiences with a number of applications
• migration facility,
that are driving our research activities.
• interface to managed resources,
2
• communication facility,
Infrastructure It is not feasible to undertake network management tasks
• security facility.
without an appropriate infrastructure in place. We have
It would be unreasonable to expect any network operator
designed a new framework and implemented the elements
to allow for online experiments that involve autonomous
that are required to explore our ideas. None of the existing
agents. Therefore, we have designed and implemented a
network management technologies could accommodate our
network simulator for testing our ideas. It is described next.
advanced approach.
We continue with a taxonomy of mobile code using the
The choice of Java for the implementation of the
following classification:
infrastructure is rooted in the portability of the language and
• servlets, i.e., extensions or upgrades to servers that stay
built-in facilities to chunk the code and transport it to
resident as integral parts of the servers, • deglets, i.e., mobile agents that are delegated to perform a
specific task, • netlets, i.e., mobile agents that provide predefined
remote locations for execution. Java is an interpreted language; i.e., it is compiled to intermediate code known as bytecode that is executed (interpreted) by the Java Virtual Machine
(JVM).
Very
strong
support
from
the
functionality on a permanent basis.
telecommunication and computer industries makes the
Each type is illustrated by an example of its use in a
language
portable
due
to
the
proliferation
of
network management application that we have implemented
implementations of JVMs. JVMs are available, or will be
using our framework. In the context of network security, we
available in the very near future, for virtually any
subsequently analyze another, potentially malicious, type of
computing
mobile code, or piglet.
electronics items. This portability, and the existence of a
platform
from
mainframes
to
consumer
rich collection of standard class libraries, makes Java a very
attractive implementation platform for systems that have to
At this point, let us proceed to the description of our
function
framework.
in
technology
and
vendor
heterogeneous
environments. Network Management is one of the primary
2.1
Code mobility daemon
examples of such a diverse application domain environment. The second feature that we have highlighted --
NC
modularity and remote execution -- is ideally suited for systems that, by their nature, are distributed. Even in the classical static client/server approach the Java solution provides several advantages such as the capability to update component agents online without the need to restart, or to use a Web browser to run various applets as management
compressed code
listening on a well-known port (UDP or TCP)
MCD
MCD
MF
NC
JVM
MCM
VMC
MCD NC
JVM
kernel (Managed Resources)
JVM
NC - Network Component MCD - Mobile Code Daemon MF - Migration Facility MCM - Mobile Code Manager VMC - Virtual Managed Component JVM - Java Virtual Machine
tools. We will discuss these issues later on in this paper after Figure 1. Infrastructure the elements of the infrastructure have been introduced. A facility for the transportation of portable code is the Java is an object-oriented language, so it is very basic requirement for employing solutions based on mobile convenient to provide default capabilities that are required code. Figure 1 shows the elements that are needed to send for an agent system in a form of generic or abstract classes. code between Java Virtual Machines (JVMs) running on Applications that utilize these default behaviors can be network components (NCs) in our system. The principal easily constructed by sub-classing from those defaults component of the transport facility is the Mobile Code collected in Application Program Interfaces (APIs). Daemon (MCD). The MCD is a thread running inside a Overloading the default behaviors is the mechanism used to JVM that listens on two communication ports for incoming provide customization. messages. We employ two ports to accommodate both TCP The fundamental assumption that we are making is that and UDP communication. Configuration of port numbers is each network component is Java-enabled. In our vision of supported, although in the future we would like to use future networks, each network component runs a Java advertised and standard well-known ports such as 434. Virtual Machine. It is a very bold, revolutionary assumption. Another MCD can send a message containing Java We realize that before such networks arrive, we will need to bytecode to one of those ports. As illustrated in Figure 1, at accommodate existing systems. Therefore, there are certain any given moment in time various bytecodes can move provisions in place for more gradual, evolutionary asynchronously between network locations. As yet, no approaches. They will be described shortly. standard mobile agent communication protocol has been
agreed upon2 and so the MCDs use a proprietary Code
strategies is used to send the bytecode representing the
Transfer Protocol (CTP) for inter-daemon communication.
netlet to one of the ports on another listening MCD.
The MCD provides a number of services that facilitate the execution of mobile code. These services are:
Alternatively, a netlet can implement its own migration strategy that may depend on the intended application.
•
security services,
Similarly, a deglet may migrate using the algorithm
•
bytecode management,
provided by the delegating application.
•
mobile code instantiation,
•
providing an interface to managed resources,
the migration destination from each MCD. Another simple
•
migration facilities.
alternative is a random selection of one of the neighbors.
The simplest possible migration strategy is to predefine
Upon the reception of the bytecode representing one type
Other migration strategies can vary from similarly simple
of an agent, the MCD validates the included Java classes,
schema to elaborate algorithms that are based on the
loads them using the dynamic class loader and instantiates
application’s needs and network conditions.
objects for the agent. The code can be tagged as active or
2.3
passive. If the code is tagged as active, then it is installed
Security facility
The most common concern of operating companies about
and activated as a Java thread by calling its initialization and
autonomous
starting methods. Passive code is just installed; it can be
telecommunication networks is network security. We
used later on. Deglets and netlets are examples of active
address this and similar concerns with security based on
code, while servlets are passive.
agent authentication and access control. Java provides a rich
2.2
collection of security classes that are used to sign the agents
Migration facility
The Migration Facility (MF) is the part of the MCD
mobile
agents
cruising
throughout
and verify its authenticity through the use of security keys.
concerned with determining destinations for agents. If the
The infrastructure implements a security schema that is
bytecode instantiated by the MCD and running inside the
sufficient for most network management applications.
JVM as a thread represents a netlet, then after its task at the
Implementing the mobile code infrastructure in Java has
node has been completed, the netlet may ask the MCD to
provided a security package that is sufficient to implement
migrate it to another NC. The MCD uses the MF to
four security facilities: authentication, data integrity, data
determine which of the default migration strategies is
privacy and authorization. We do not support data privacy
applicable to the requesting netlet. One of applicable
at this moment. We use the current implementation of the Java security API. This API can easily be extended to implement more stringent rules.
2
However, we are following the progress of the Mobile Agent Facility specification [13] submitted to the OMG.
level services of the visited network component, or invoke
NC
SecurityManager or ClassLoader classes. It is possible to
JVM
write enhanced SecurityManager classes in order to provide ASF
even more stringent security rules. With these restrictions
MCD
MCD NSF
JVM
NC NSF - network security facility ASF - agent security facility NC - network component MCD - mobile code daemon JVM - Java Virtual Machine
and facilities, the network component is reasonably safe from attacks by any malicious mobile code, or piglet. However, research in the area of enhanced security is ongoing. As illustrated in Figure 2, the Network Security Facility
Figure 2. Network and agent security (NSF) is a part of the MCD that ensures that only trusted The Java Security API provides a comprehensive set of methods that can be used to implement either low level or high level security functionality in Java applications. The JDK version 1.1.3 also comes standard with a default provider, named “SUN”. The “SUN” provider package includes an implementation of the Digital Signature Algorithm, and an implementation of the MD5 [RFC 1321] and SHA-1 [NIST FIPS 180-1] message digest algorithm. The authentication uses DSA, which provides a pair of keys, a public key and a private key. The data integrity use of MD5 and SHA-1 ensures the integrity of the mobile agent during its transmission. The mobile agent is not allowed to access local resources directly. Instead, it must do it indirectly through the Virtual Managed Component (VMC) that provides interfaces to the actual resources. The VMC implements access control to network component resources in order to guard sensitive data. Further details on the structure of VMCs will be provided in section 3. A mobile agent is not allowed to access the local file system, launch programs, call system
agents are allowed to be instantiated. Additionally, agent’s actions are also verified against its capabilities through the interfaces to network components, which are addressed in section 3. The second most common concern about netlets is the danger of flooding the network with autonomous agents reproducing themselves in the network without any control. One solution to this potential problem is the provision of meta-level management facilities that apply to the agents themselves. For example, ensuring that certain constraints on the quantity of netlets present in the network are satisfied can control their density. If a control agent determines that a threshold is exceeded for a certain type of netlet, then some of them are intercepted and destroyed. Conversely, if there are too few agents, then new netlets are generated. Netlet security is closely related to network security. If a netlet is not properly secured against intruders, then it may become a piglet and indirectly impact the security of the network. Therefore, a visiting netlet is equipped with a shield that protects its integrity. An agent can only be
modified by trusted entities. The Agent Security Facility
serializing it. That process will then be followed by calls to
(ASF) that is illustrated in Figure 2, is the default
the methods onRestore() and onStart(). Otherwise, the
component of an agent that provides a security mechanism.
mobile code will be instantiated and the methods onInit()
2.4
and onStart() will be called. At this point, the mobile code is
Infrastructure operation
up and running as a thread within the JVM. To access the NC (receiver)
NC (sender)
receive and store the mobile code
request a connection and start migrating
no
trusted code ?
network component's managed resources, the agent obtains
discard the mobile code
yes
inform the manager
has persistent states ?
call method: onDestroy
yes
inform the manager
restore states
a handle to the VMCs from the Mobile Code Manager (MCM). The methods in the agent’s code are called in an
no done
call method: 1. onInit 2. onStart
start migrating
call method: 1. onRestore 2. onStart
inform the manager
stop wrap up its states if requested
call method: onMigrate
migrate
event-driven mode triggered by the MCD, other agents or the agent itself.
mobile code running and performing its tasks
call method: start Mobile code idle onStart
call method: onStop
When an agent’s migration is requested by the manager, another agent, or the agent itself, the MCD calls the method onMigrate() of the associated agent. This notifies the agent
Figure 3 Flow diagram for infrastructure operation Figure 3 shows the general operation of the infrastructure for code mobility. Assume that a chunk of mobile code is about to be sent from one network component (the sender) to another (the receiver). Through the MCD’s migration facility (either via UDP or TCP connections) the sender sends the signed and compressed code (i.e., bytecode), the parameters and the persistent state obtained from serializing the instance of the mobile code. The receiver will receive and store them in the designated space for that particular mobile code. After the transmission is completed, the receiver verifies the code for authentication and data integrity. If the code passes the authentication checks, it will be instantiated (subject to standard JVM security checks); otherwise, it will be discarded by the MCD. The mobile code may or may not have persistent state. If it has persistent state, then the state will be restored by de-
that it is about to be transported to the next destination. Therefore, the agent will have time to finish up its task and notify the MCD whether or not it wants to keep its persistent state or it refuses to migrate. If the agent really wants to migrate, the MCD will start shipping the agent with the associated persistent state as necessary. When the migration has completed, the agent is destroyed and removed from the MCD. However, when the migration fails for some reason, the agent is notified by calling its method onFailMigration(). Therefore, the agent may determine what it wants to do next. For instance, if the migration fails because of an unreachable destination, the agent may alter the destination or just simply terminate itself. On destroying the agent, the MCD calls the method onDestroy() to ensure that the agent stops its tasks, releases its memory space and other acquired resources.
As illustrated in Figure 4, a Virtual Managed Component (VMC) is a collection of facilities that can be
Managed Resources
used by mobile agents to access the managed resources of Security Methods
Interface to Managed Resources
Management Applets
Recovery Procedures
Provisioning Procedures
an NC. External parties use the Virtual Managed Component Interface (VMCI) to interact with the VMC, and with the NC’s managed resources. To be useful, a
Virtual Managed Component Interface (VMCI) External parties
visiting agent has to understand at least some elements of the VMCI. The VMC interacts with managed resources as shown in Figure 5.
Figure 4. Virtual Managed Component
3
Interface to managed resources
NC
MR
MR
Access to network information is a principal requirement
VMC VM
for a management system. In legacy systems, such
VMC
CI
MCD JVM
VMCI
NE
functionality is provided by management agents; for JVM
example, an SNMP or CMIP agent in systems based on
MR
MR
NC - network component MR - managed resource VMC - Virtual Managed Component VMCI - VMC Interface JVM - Java Virtual Machine
standards or an Appliance Agent in the Java Management API (Gosling et al., [4]). All of these agents are static in nature; i.e., they do not change the location where they are
Figure 5. Accessing managed resources with Virtual Managed Components
running. They are usually fairly complex servers that have The security subsystem protects the managed resources access to kernel level functions of the managed resources. from unauthorized use and provides a security mechanism They are very component-specific, but may also support for installing extensions of the VMC. If an agent wants to standard access methods. access any of the component’s resources, then it must use In an environment that involves mobile rather than static one of the provided access methods. A VMC may include agents, there is a need for a more ubiquitous way of management applets that can be transferred to the manager accessing network information. Netlets are lightweight location, loaded into a Web browser and used to manage the agents that can implement neither direct (kernel level) nor component in a way predetermined by the vendor. The indirect (SNMP, CMIP, etc.) access methods to all network VMC may include a repository of recovery procedures that components that they visit. The access facilities have to be the vendor makes available to other applications. Another local. facility may provide provisioning agents that can be used to
configure the component in the live network automatically
connections or circuits. Such logical components might be
on component startup. Furthermore, the VMC may provide
convenient ways of dealing with certain types of
an indirection mechanism -- referring to a vendor URL --
information. Additionally, application programmers may
where appropriate applets and mobile agents may be
use the provisions for extensions to incorporate VMCs into
obtained. This is explored in a later section.
alternate logical schema. An example of such use is
The VMC provides the only interface to a network
presented in Figure 6. There is an application modeling the
component that can be accessed by an agent. The VMCs are
network that uses direct links to VMCs to feed the data into
local; i.e., they can be accessed only locally on the
the objects in the network model. An object in the network
component. However, a VMC may allow for the installation
model can be built upon a number of VMCs. For example, a
of extensions that can export the interface. A VMC is built upon a vendor specific information structure, which internally can have a flat or hierarchical organization. As
VMC VMC
illustrated in Figure 5, a VMC may provide access to many
VMC
managed resources. Processes that run remotely cannot
VMC
communicate with Managed Resources (MR) unless there
VMC
are specific provisions for local extensions of the VMCI.
VMC VMC
There might be several VMCs for a single network component if the vendor chooses to structure the access in such a way. Vendors may implement complex algorithms to Figure 6. Modeling networks with VMCs provide and modify the information. VMCs are selflogical network link object can be constructed from data contained, but may provide for bringing in additional data coming from two nodes that are the endpoints of the link. related to the component or the network. There can be no The construction of such a model is the subject of section built-in network knowledge in any of the VMCs, since 6.5. component vendors engineer them prior to connecting the Physically, a VMC can execute on the computing components to networks. Using similar arguments, there are resources of the managed component or it can execute no built-in interactions with other VMCs. Again, extensions remotely. For example, a VMC running on a PC can use a might be allowed to establish such communication after the micro-controller to access data coming from a photonic component has been put in service. switch and to control such a switch. In this example, the Vendors may choose to provide a VMC that does not correspond to one or more physical entities, e.g. a set of
system, which is a data structure that can be written to by visiting agents. Agents might be allowed to write to and
NC MED
NC
NC FAC
read data from the blackboard, depending upon their access FAC
JVM
rights. The default blackboard that is a part of the
DAS
framework can be extended to an arbitrarily complex shared JVM
JVM
NC - Network Component FAC - Facilitator JVM - Java Virtual Machine MED - Mediator DAS - Directory Administration Server
data structure by downloading and installing appropriate extensions. The netlet communication facilitator (FAC) is a proxy that supplies an indirect communication link between agents
Figure 7. Inter-agent communication that visit a location at the same time. Agents that have VMC is still the only interface to the switch from the extension privileges can expand the default capabilities of perspective of the management system. the proxy. 3.1
Ontologies and agent communication Figure 7 shows the communication between agents not
An important issue in agent-based systems relates to soonly on the same network component but also on the called ontologies. Ontologies address communication different one. To enable the inter-agent communication between agents and the environment and between the agents facility, every MCD must install the facilitator and one or themselves. more MCDs have the mediator (MED) installed. The VMCI defines an ontology for all application agents Once the MCD instantiates a mobile agent, it registers that act within our framework. The agents communicate the agent with the facilitator (local database) which, in turn, with the managed resources using the ontology. In addition, automatically relays the registration to the mediator (global VMCs may support certain standards like GDMOs or MIBs database). or vendor specific extensions. Through standard provisions Suppose two mobile agents exist on the same network of the VMCI, a visiting agent may negotiate an enhanced component or, more precisely, on the same MCD and one means of communication with the VMC that goes beyond of the agents wants to send a message to another. The the VMCI defaults. message will be received by the facilitator and then Another set of ontologies relates to the inter-agent delivered locally to the recipient. However, if the recipient communication. Inter-agent communication depends on the is on a different MCD, the facilitator will relay the message application involved. Nevertheless, there are certain to the mediator. The mediator knows the current location of standard mechanisms with which agents can exchange the intended recipient exactly and conveys the message to information. One of the default provisions is a blackboard the facilitator where the recipient is running in order to
deliver the message. If the mediator does not find the
components can be networked together with no impact on
location of the agent because the agent does not yet exist in
the agent’s behavior. Each
the network, it will keep the message until the agent appears
SNC has
a
behavior
determined
by
its
implementation. In the simplest case, there might be a table
in the network or until the message times out. The inter-agent communication service supports not only
of attributes that is modifiable by the user of the simulator.
broadcasting.
However, the behavior can be arbitrarily complex; for
Suppose an agent wants to broadcast a message, the
example, a value of an attribute can be expressed as a
message will be relayed directly by the facilitator to the
function of time.
point-to-point
communication
but
also
mediator. The mediator duplicates and sends the message to every agent that the mediator knows of in the mobile code region. Network simulator
In the mobile code package, the mediator is implemented as a VMC. Therefore, the manager may find out which agents are present in the network, their current locations,
Simulated and Real Network Elements
and other attributes, simply by sending an agent to the Real network
directory administration server and querying the mediator.
4
Network simulator At present, there are few operating companies that would
Figure 8. Simulating large heterogeneous networks
5
Management methods based on the use of
allow autonomous mobile agents to move unrestricted
mobile code
within its network. Therefore, in order to conduct many parts of our research, we need a network simulator. From
We introduced four types of mobile code earlier in this
the perspective of an agent, there is no difference between a
paper: servlets, deglets, netlets and applets. In this section,
real and a Simulated Network Component (SNC) as long
we will examine several methodologies that are built upon
as both run the MCD that is able to accept and execute the
them.
agent’s code. Using the simulator, we can create many SNCs
5.1
Extensibility
on a limited number of real NCs. Each SNC runs its own
The capability to transfer code for remote execution
JVM containing an MCD. From the agent’s perspective,
(Daniele et al. [3]; Stomos et al. [9]) opens a Pandora box of
such a virtual network is indistinguishable from the real
opportunities
network. As a matter of fact, virtual and simulated
repositories of software components can be downloaded for
for
distributed
computing.
Remote
execution on an as needed basis. Network management
The protocol handlers from the examples can be generalized
systems can take advantage of many of these techniques.
to any type of service.
As a simple demonstration, consider the case of an installable protocol driver shown in Figure 9. If host 1 wants myTelnet
to talk to host 2, then they both need to understand the same language; i.e., they need protocol handlers for the same
myTelnet
host 1
host 2
protocol. If host 2 does not have a protocol handler, for example for myTelnet, then no communication can take place. However, if there is an infrastructure for transferring code, then host 1 can decide to install the handler for myTelnet on host 2. Now, communication between the two hosts is possible.
Figure 10. Installable services from protocol server
host 1
host 2
It is not only a complete lack of an expected service which can be addressed with these techniques. For example,
myTelnet
myTelnet
an older version of a client can be upgraded if it attempts to access a server that handles only a more recent version. Similarly, the server can be upgraded or extended without host 1
host 2
taking it off line. In that way, there are no problems with myTelnet
myTelnet
incompatible
protocols
or
their
versions
and
the
maintenance of the software is quite straightforward. In network management systems, a vendor-specific agent Figure 9. Installable (soft) protocol can offer a complete communication protocol (or extensions A similar scenario is shown in Figure 10, but in this case to such) to the manager. Vice versa, the manager may neither host 1 nor host 2 have handlers for myTelnet. There upgrade, extend or install an agent on a device that does not is a negotiation between host 1 and host 2, in which they have an up to date services. agree upon the communication protocol. When negotiated 5.2
Delegation
and myTelnet is the resulting protocol choice, the protocol Delegation of authority (Yemini, [10]; Stomos et al. [9]) handlers for myTelnet are downloaded from a remote has already found a solid ground in Network Management repository to both hosts. as a methodology that allows for construction of distributed systems. Instead of encoding the complete management
an agent to perform the task. The task can be arbitrarily complex and may involve one or many network locations. If
PC browser
PC 1 NC 1
the task is a one-shot assignment, then we refer to the agent as a deglet. 5.3
Autonomy
The task assigned to an agent might be of a permanent nature and it does not have to address an existing network condition. If the agent is mobile, then we refer to such an agent as a netlet. Societies of netlets are inherent elements Figure 11. Delegation
of the network management infrastructure that may address
knowledge into one entity, the central manager, there are certain responsibilities that are assigned to other processes. These tasks can be still controlled to some degree by the central authority, but in many cases, local managers can perform various tasks in an autonomous way. Code mobility adds another dimension to the convenience of the delegation techniques.
centralized and distributed, all managers, central and local, static
handle network faults. In many cases, the capability to provide autonomous, on-the-spot diagnosis might be superior to the centralized option that involves transmission of large amounts of data that have to be processed centrally by some kind of an intelligent or knowledge based application. Netlets can be engineered to handle problems in
In traditional network management systems, both
are
many issues. For example, there might be netlets that can
processes.
To
fulfill
their
duties,
they
a distributed manner; for example, each netlet can deal with a single network fault. In general, netlets can be used to maintain many aspects of the network autonomously.
communicate through standard protocols, like SNMP (version 2) or CMIP. Any task that is delegated to a local manager has to be implemented by that manager. If a new task is to be delegated, then all managers that have to be upgraded must be taken off line. The problems with static distribution of managers can be addressed by employing techniques based on mobile code. An example of such an approach is illustrated in Figure 11. Instead of communicating with other managers and asking Figure 12. Autonomy them to perform a certain task, the manager can instead send
6
Applications
the deglet will visit many nodes. Alternatively, the deglet can include its own migration patterns. A good migration
In this section, we examine a number of applications of algorithm will result in complete coverage of the whole the methods based on mobile code that we have managed network. For example, marking visited nodes can implemented or are in the process of implementing. The ensure that each node is visited only once. A variation of applications are thought of as testbeds for ideas rather than this application is the use of deglets that report only the complete solutions for management systems. Most of these nodes that satisfy certain conditions. For example, a list of applications can be implemented in standard ways, but we nodes that are overutilized can be requested. argue that the use of mobile code is beneficial. The task performed by a deglet can be more complex. In 6.1
Network utilities another application that is illustrated in Figure 14, a deglet (or a number of them) is injected into the network nodes not Host browser
PC 1 Printer 1 NC 1
only to report certain condition, but also to actually perform one or more local actions that depend on the condition. For example, a
server
that contains outdated
software
components can be updated or a node with an increasing failure trend is requested to restart. This technique can also be used to distribute new services to specific locations in the network. Figure 13. Host sniffer
In all similar applications, netlets can be used in place of
As the first example, let us consider a system as represented
deglets. In that way, network management functions gain
in Figure 13.
The operator of the network opens a
certain degree of autonomy. For example, the list that is
management tool (an applet) in a Web browser, which
displayed in the Web browser in Figure 13 can be a list of
displays an list of active devices in the network. In a traditional system, in order to collect the responses from the nodes the manager (the applet) would use a ping-type
Figure 14. Condition sniffers
command. Such a solution requires that a list of the potential destinations be maintained in the manager. In our approach, a deglet (or a number of them) is injected into the network with the task of reporting the visited nodes. Since an MCD on each network node implements a migration algorithm, Figure 14. Persistent Delegation
active traps (alarms), if a society of netlets reporting traps is
applet can be downloaded to the manager as illustrated in
active in the network.
Figure 15. In this application, the manager maintains a list
If netlets are used in place of deglets in the way described
of network components using the techniques that were
in Figure 14, then many management functions can be
described previously. When the operator requests the
implemented autonomously. A comprehensive suite of
managed data for a component whose VMC includes a
similar applications can be the basis for truly intelligent
management applet, then the applet is downloaded to the
networks with an autonomous management infrastructure.
manager and executed within the Web browser. Java is a
Such an infrastructure, including all classes of intelligent
rich language that makes it possible to build very complex
methods rooted in the Artificial and Computational
software tools. The vendor might be the provider of such
Intelligence, is one of the main goals of our research. The
applets, so the vendor's network component designers can
applications presented in this paper only provide a small
carefully craft the way in which the component is managed
cross-section of research yet to be undertaken.
in a particular network setting. It may include component
6.2
specific graphics and verification routines for management
Managed information browsers
Today, browsers with which network operators can get access to the information about the network components are
data. 6.3
Provisioning
the most popular management tools. Web technology brings
Provisioning virtual circuits in an ATM network is a
new opportunities for the design of convenient component
fairly complex process usually involving several parties. In
browsing tools that can be opened in Web browsers and
our experience, it took quite a long time to negotiate all
access the managed data over the Net. Networking
aspects of a PVC that we established between a Newbridge
technologies like CORBA, DCOM or Java’s RMI bring
switch in our lab at Carleton University and a Fore switch in
additional value through their support for distributed
the network management lab at the National Research
computing with remote software components. Java’s core libraries add many classes that can enhance the Graphical Host browser
User Interface (GUI) of the management tools making the Java platform even more attractive.
PC 1 PC PC 22 Printer 1 Printer 2 NC 1 Router Laptop
Java also brings the code mobility that is exercised by the Web browsers to download applets and execute them within the
browser
environment.
While discussing
Virtual
Managed Components earlier in this paper, we indicated that a VMC might include management applets. Such an Figure 15. Component browser
Council, Ottawa. The PVC includes a path through a cloud
subsequent exchange of necessary information completes
in the OCRINet maintained by Bell Canada. The process
the setup. At that point, the requesting party is informed that
would be even longer if there was another operating
the task has been accomplished.
company offering similar services; for example, Bell’s
We are also looking into the use of netlets to manage the
competition could offer better prices making price
PVCs. For example, if any of the operating companies
negociation possible. There were several network managers
modifies its offer, then a special-purpose netlet can detect
involved in the PVC setup process.
that fact and the negotiation process can be repeated.
We have designed and implemented a system based on
6.4
Plug-and-play networks
agents that handles similar tasks in an autonomous way. A
Self-maintaining networks that we introduced in earlier
request to setup a PVC is assigned to a deglet, which
sections of this paper can be folded into a broader concept
coordinates the overall process. It uses additional deglets to
that guides our research and experiments, a plug-and-play
perform partial tasks. Using the deglets, all of the necessary
network. To exercise the essential ideas of such networks,
data is exchanged by the endpoints using the provisions
we are investigating an application that is illustrated in
incorporated into their respective VMCs. The deglets
Figure 17. This scenario has been derived from the
communicate with VMCs using a special ontology that
problems that we experienced while installing a CDROM
generalizes the knowledge of setting up a PVC by the
drive in one of our PCs. We spent several days before we
vendor. Parts of the necessary data may be brought as
resolved all of the problems related to a device driver that
required from remote locations; for example, vendor’s Web
was necessary to make use of the CDROM drive. The example in Figure 17 is a generalized version of the problems that we experienced.
Fore (NRC)
Newbridge (Carleton)
Internet Network
OCRINet
Printer vendor
printer driver (updates)
Figure 16. Provisioning PVCs sites. Then, another deglet negotiates with the VMCs in the operator’s clouds. The best deal is selected and the
Figure 17. Plug-and-play components
In the scenario, there is a Java-enabled printer to be
the need to provide a model of the network on a network
connected to a network of workstations (PCs and Unix) and
management workstation will still remain. Mobile agents
other devices. The network is connected to the Internet, and
can be used to achieve an 'intelligent' network model that is
so is the maker of the printer. The vendor provides a VMC
constructed in real time during discovery of a network
with the printer, which includes provisioning deglets and
component.
netlets. After connecting to the network, a netlet (or a
A deglet is injected into the network from the network
number of them) is sent to the network to determine the
management workstation and, using the idea of host sniffing
environmental requirements; i.e., it discovers the type of
described in section 6.1, visits network components. At
workstations and their locations. Then, a deglet contacts the
each network component, the deglet interacts with the VMC
vendor’s repository of drivers and downloads drivers
in order to determine where the vendor maintains a
appropriate for the printer and for the environment. The
properties site. The deglet then visits the vendor site and
drivers are installed on the devices that will make use of the
requests that a deglet be sent to the network management
printer. The printer registers with the vendor, so wh en a new
workstation for the purpose of constructing a Virtual
driver is released, then the printer can negotiate with the
Network Component (VNC), part of the network model
network whether the local drivers should be upgraded. The
being created. The network model provisioning agent visits
netlets that travel in the network are also assigned a task of
the network management workstation and instantiates a
detecting new destinations for the drivers.
virtual network component by interacting with the actual
6.5
network component in the live network. As it is the case
Network model creation and maintenance
that the agent visiting the network management workstation Network
and the VMC on the network component are both provided Internet
by the vendor, the nature of the protocol used in their communication
is
unimportant
and can
be
purely
proprietary. Also, unlike traditional network models, the virtual network component provisioning agent installs behaviour as well as state for the virtual network component Component vendor
within the network model; hence the use of the term 'intelligent'. This is an example of mobile agents used for Figure 18 Network model creation with mobile agents While the plug-and-play network of tomorrow will demonstrate a high degree of self configuration and repair,
the creation of middleware.
6.6
the idea with the DPI protocol. The DPI protocol was
Mobile servers
In conventional client/server systems, servers have fixed locations. This frequently causes problems as demands
chosen as it is a ’lightweight’ protocol and avoids the BER encoding/decoding that is part of SNMP. In our research environment, a VMC extension registers
change, both on the server platform and within the network The
with an SNMP agent and, acting as an SNMP subagent,
communications server within our framework has been
provides data in response to SNMP requests. This scenario
designed as a mobile agent and we are currently
is shown in Figure 19.
itself,
leading
to
degraded
performance.
investigating algorithms based upon techniques from
Both of these ideas could be applied in cases where the
Reinforcement Learning (Littman, [12]) in order to allow
inter-working with the legacy system is required. We can
the server to migrate automatically when performance
associate simulated network components with actual
degrades.
devices running legacy agents through properly engineered each communication
VMCs. It is also helpful within our simulated environment
request causes an update to the probability with which the
to be able to link simulated components to the real ones if
server either remains resident on the current network
an idea that has already been tested through a simulation is
component or migrates to another network component
to be tried on a live network.
In the case of mobile servers,
within the same mobile code region. In order to achieve this, we are currently designing a MIB to be used in monitoring
NC
agent activity within a specific mobile code region. It is our
Mobile Agent Manager
intention to implement a subagent that uses this MIB and
MCD VMC with DPI
that the subagent will register with an SNMP agent using
SNMP Manager
JVM
the DPI or AgentX protocols.
7
MCM
DPI-enabled SNMP Agent
Inter-working with legacy systems It is worth noting that the old manager/agent schema can
easily be implemented using VMCs. For example, an
Figure 19 Mobile agent talks to SNMP agent
application that uses a local VMC and implements an SNMP protocol handler can be installed inside the MCD. Thereafter, it can act as an SNMP agent.
8
Conclusions and future work The preliminary research into the area of the use of
An alternative that we have implemented within our
mobile code for network management has proven that there
framework is a handler of an extension protocol. We tried
are many opportunities that are worth further exploration.
We have demonstrated that agent mobility adds another
The work on an autonomous provisioning agent project
dimension to network management methodologies that can
has initiated our research on self-configuring networks. It is
be employed.
an exciting area that overlaps with service management. We
The work on the mobility framework has convinced us
hope to benefit from research on ODP, TINA (Megadantz,
that Java technology is currently the best candidate for
[7]), etc. while simultaneously contributing our own ideas
implementation of the methodologies based on mobile code.
in the area.
We have determined many components that are necessary
It is not our intention to provide off-the-shelf solutions or
for the infrastructure on which the methodologies could be
to set standards. Our research will retain its exploratory
built.
nature and be used as a vehicle for generating and testing
We are just at the beginning of our journey towards the
ideas that may prove useful for networks of the future. We
realization of plug-and-play networks. We will continue to
believe that our research will provide steps forward towards
research
the realization of the ultimate goal of any operating
the
requirements
for
the
code
mobility
infrastructure, which we consider to be the basis for the
company: a trouble-free, plug-and-play network.
active networks of tomorrow. We will focus on further research into its components, what are the necessary
9
Acknowledgments
patterns of their behavior and what are the limitations and
We would like to acknowledge the contribution to the
constraints. In particular, we will be looking carefully into
work presented in this paper by the current and former
the issues of security, which will be based on the security
student members of the Perpetuum Mobile Procura
features of Java, the migration patterns for netlets, inter-
project at Carleton University: André Campeau and
agent communication strategies, the ubiquitous interface to
Yanrong
managed resources and its extensions.
Telecommunications Research Institute of Ontario for its
In the application area, we have already started to explore the use of agents, and mobile agents in particular, for fault
Li.
We
would
also
like
to
thank
the
funding of this research and the National Research Centre for the use of its facilities.
diagnosis. We have put forward several projects involving methods from Artificial and Computational Intelligence. We expect to present results from certain projects in the near
10 REFERENCES 1.
Baldi, M., Gai, S. and Picco, G. P., Exploiting Code
future, while there are a number of others that are long term;
Mobility in Decentralized and Flexible Network
for example, diagnostic techniques based on Swarm
Management, First International Workshop on Mobile
Intelligence or mobile, distributed expert systems.
Agents Mobile Agents’97, Berlin, Germany, April 7-8, 1997.
2.
Case, J. D., Fedor, M., Schoffstall, M. L. and Davin, C.,
International Symposium
Simple Network Management Protocol, RFC 1157,
Management, Washington, DC, April 1991.
May 1990. 3.
IEEE Communication Magazine, pages 20-29, May
Extensibility (AgentX) Protocol, Version 1, Proposed
1993
Gosling, J. and Arnold, K., Joy, B., Steele, G.,
http://www.cs.washington.edu/research/jair/volume4/k
Lindholm, T., Walrath, K., Campione, M., Yellin, F. et
aelbling96a-html/rl-survey.htm.
Jeff D. Case, David B. Levi, SNMP Mid-Level-
Kotay, K. and Kotz, D., Transportable Agents. In
Third International Conference on Information and Knowledge Management (CIKM 94), Gaithersburg, Maryland, December 1994. Krause, S. and Megadantz, T., Mobile Service Agents Enabling
“Intelligence
Telecommunications,
on
Demand”
Proceedings
of
in IEEE
GLOBCOM’96, London, U.K., 18-22 Nov. 1996. Mobile
Code
Bibliography,
http://www.cnri.reston.va.us/home/koe/bib/mobile-abs. bib.html 9.
Stomos, J. W. and Gifford, D. K., Remote Evaluation, ACM Transactions on Programming Languages and Systems, 12(4), pages 537-565, October 1990.
10. Yemini, Y., Goldszmidt, G. and Yemini, S., Network Management
by
Delegation.
In
The
A
Survey,
13. Mobile Agent Facility Specification, OMG TC
the CIKM Workshop on Intelligent Information Agents,
8.
A., W., Reinforcement
Learning:
Yannis Labrou and Tim Finin, editors, Proceedings of
7.
12. Littman, L., P., and Moore,
Operations and Management Area of IETF, Dec. 1996.
Manager MIB, Draft, IETF, 1993. 6.
Network
Daniele, M., Wijnen, B. and Francisco, D., Agent
al, The Java Series, Addison-Wesley, 1996. 5.
Integrated
11. Yemini, Y., The OSI Network Management Model,
Standard, SNMP Agent Extensibility (agentx) Charter,
4.
on
Second
Document cf/xx-x-xx, June 2nd, 1997