Abstracts - 2007
Designing for Internet Management: The Knowledge Plane
Karen R. Sollins, William Lehr & John T. Wroclawski
The over-arching hypothesis under which we are proposing this work is that in the network of the future we must architect a network management plane that aids, assists, and for many of the more routine and increasingly burdensome or challenging tasks, either enhances or replaces humans. The contribution of this work is the realistic and improved organization of intelligence (applications) that comprise network management. The insight is that a common approach driven by both the design principles of the Internet in conjunction with more specialized constraints can derive productive organizational designs for such applications. In its most basic form, the problem we are addressing is the organization of the reasoning engines that are key to the intelligence required to make the network increasingly self-managed.
The business of managing networks has become increasingly difficult, as network management is pushed into often very personal (home or body-net) environments and as network management issues are becoming increasingly global, crossing domains of responsibility. Considering the architecture of the current Internet, we find that scale, local autonomy, distribution, and a lack of global knowledge (exacerbated by the underlying end-to-end philosophy that discourages anything more than least functionality inside the net) place challenges on global network management. Adding to that the recognition that ''the net'' has become critically central to the functioning of our society, economy, health and governmental structures, we find a need for a common approach to network management that spans the network and is designed to meet these extremely diverse needs. In the end (or the beginning) users are the drivers of the need for communication. Therefore they will also be the drivers for how effectively the resources they need will perform and be managed. Thus, consider for example, the user on a laptop who tries to browse the web and finds that a page will not load. That user must be able to contact an agent to begin a diagnosis of the problem, and that must start at home. The first question that must be answered is whether or not the laptop is connected to a network. Since that question must be answerable even when the answer is that it is not connected, there must be at least a small representative of the network management capability residing locally. The objective of this research is to gain insight into not only the local specialist, but the organization sets of such agents that together can address larger, more complex questions for which the answers may not be as simple.
The Knowledge Plane (KP) was proposed by Clark et al. [CP+03] as a new dimension to a network architecture, contrasting with the data and control planes; its purpose is to provide knowledge and expertise to enable the network to be self-monitoring, self-analyzing, self-diagnosing, and self- maintaining or -improving. To achieve these goals a KP brings together widely distributed data collection, wide availability of that data, and sophisticated and adaptive processing or KP functions, within a unifying structure that brings order, meets the policy, scaling and functional requirements of a global network, and, ideally, creates synergy and exploits commonality of design patterns between the many possible KP functions. To design and build a system of this size and scope, we identify the following set of design requirements: scalability to address the size and scope of the Internet; efficiency to provide responsiveness to requests made of the KP; robustness, to enable the KP to continue to function as best possible, even under incorrect or incomplete behavior of the network itself; non-intrusiveness, to keep the KP from impinging significantly on the resource usage intended for the customers of the network; local control, to support local networks and resources in their needs for privacy and other forms of local control, while enabling them to cooperate for mutual benefit in more effective network management.
We identify three key lower level building blocks as a starting point: an information plane, structuring abstractions, and an ontology appropriate for reasoning. The information plane both is a repository for information gathered through measuring, monitoring, etc. as well as knowledge learned by inference and reasoning. In addition the information plane is tasked with supporting sharing and partial information including aggregation and dissemination while respecting the global decentralized nature of the Internet. The goal of structuring is to organize the intelligence or functions required for the self-management capabilities required by a global-scale network. Our hypothesis is that a multi-level strategy that combines the strengths of local or specialized experts with higher level oversight, analysis and synthesis provides both effective partitioning of functionality and coordination among the components. We identify four key types of constraints necessary for organizing such functional components:
In this last area, one of the most challenging aspects of it is to understand and design for the competitive and generally non-cooperative nature of the society into which our networks are placed. At the same time, because these networks are providing shared resources they must be managed for the benefit of such a set of competitors. Thus, a key question is how to design the management applications to allow for the privacy, security, regulation, and other aspects of competition to flourish, while finding the common ground and ability to cooperate. This will require understanding not only the points at which cooperation are necessary, but as best possible positive incentives that will encourage cooperation. It is here that we depend the field of economics to both examine and explore possibilities for approaches.
Progress and FutureThe work in this area includes projects reported by three students, Robert Beverly, Ji Li and George Lee. The work is proceeding through repeated cycles for build or refine a prototype, apply it to increasingly challenging network management functions, and evaluate the effectiveness both in terms of the specific domain or function and in terms of the generality and extensibility of the framework for applicability to increasingly challenging problems. Ji Li also reports on the first of these case studies, the application of our methodology to zero-day low-bandwidth worm or intrusion detection. Future intended applications include extennsios to the intrusion detection work, root cause fault diagnosis, DNS failure diagnosis, path performance, and routing.
This work is being funded by the National Science Foundation, Cisco University Research Program, and through the Communications Futures Program by the members of that program. Further funding is also being solicited at present.
 David Clark, Craig Partridge , J. Christopher Ramming, John Wroclawski, A Knowledge Plane for the Internet. In Proc. ACM SIGCOMM'03, Karlsruhe, Germany, August 2003.