CSAIL Publications and Digital Archive header
bullet Research Abstracts Home bullet CSAIL Digital Archive bullet Research Activities bullet CSAIL Home bullet

link to publications.csail.mit.edu link to www.csail.mit.edu horizontal line


Research Abstracts - 2007
horizontal line

horizontal line

vertical line
vertical line

Designing for Internet Management: The Knowledge Plane

Karen R. Sollins, William Lehr & John T. Wroclawski


The over-arching hypothesis under which we are proposing this work is that in the network of the future we must architect a network management plane that aids, assists, and for many of the more routine and increasingly burdensome or challenging tasks, either enhances or replaces humans. The contribution of this work is the realistic and improved organization of intelligence (applications) that comprise network management. The insight is that a common approach driven by both the design principles of the Internet in conjunction with more specialized constraints can derive productive organizational designs for such applications. In its most basic form, the problem we are addressing is the organization of the reasoning engines that are key to the intelligence required to make the network increasingly self-managed.


The business of managing networks has become increasingly difficult, as network management is pushed into often very personal (home or body-net) environments and as network management issues are becoming increasingly global, crossing domains of responsibility. Considering the architecture of the current Internet, we find that scale, local autonomy, distribution, and a lack of global knowledge (exacerbated by the underlying end-to-end philosophy that discourages anything more than least functionality inside the net) place challenges on global network management. Adding to that the recognition that ''the net'' has become critically central to the functioning of our society, economy, health and governmental structures, we find a need for a common approach to network management that spans the network and is designed to meet these extremely diverse needs. In the end (or the beginning) users are the drivers of the need for communication. Therefore they will also be the drivers for how effectively the resources they need will perform and be managed. Thus, consider for example, the user on a laptop who tries to browse the web and finds that a page will not load. That user must be able to contact an agent to begin a diagnosis of the problem, and that must start at home. The first question that must be answered is whether or not the laptop is connected to a network. Since that question must be answerable even when the answer is that it is not connected, there must be at least a small representative of the network management capability residing locally. The objective of this research is to gain insight into not only the local specialist, but the organization sets of such agents that together can address larger, more complex questions for which the answers may not be as simple.


The Knowledge Plane (KP) was proposed by Clark et al. [CP+03] as a new dimension to a network architecture, contrasting with the data and control planes; its purpose is to provide knowledge and expertise to enable the network to be self-monitoring, self-analyzing, self-diagnosing, and self- maintaining or -improving. To achieve these goals a KP brings together widely distributed data collection, wide availability of that data, and sophisticated and adaptive processing or KP functions, within a unifying structure that brings order, meets the policy, scaling and functional requirements of a global network, and, ideally, creates synergy and exploits commonality of design patterns between the many possible KP functions. To design and build a system of this size and scope, we identify the following set of design requirements: scalability to address the size and scope of the Internet; efficiency to provide responsiveness to requests made of the KP; robustness, to enable the KP to continue to function as best possible, even under incorrect or incomplete behavior of the network itself; non-intrusiveness, to keep the KP from impinging significantly on the resource usage intended for the customers of the network; local control, to support local networks and resources in their needs for privacy and other forms of local control, while enabling them to cooperate for mutual benefit in more effective network management.

We identify three key lower level building blocks as a starting point: an information plane, structuring abstractions, and an ontology appropriate for reasoning. The information plane both is a repository for information gathered through measuring, monitoring, etc. as well as knowledge learned by inference and reasoning. In addition the information plane is tasked with supporting sharing and partial information including aggregation and dissemination while respecting the global decentralized nature of the Internet. The goal of structuring is to organize the intelligence or functions required for the self-management capabilities required by a global-scale network. Our hypothesis is that a multi-level strategy that combines the strengths of local or specialized experts with higher level oversight, analysis and synthesis provides both effective partitioning of functionality and coordination among the components. We identify four key types of constraints necessary for organizing such functional components:

  • Function and use constraints: In order to achieve a particular function, the application may be conceived as a set of interacting components collocated with the knowledge necessary to success. It is possible that parts of the knowledge and functional subcomponents may be distributed, but there will be constraints from both the knowledge itself as well as not only the functional subcomponents but how they must interact that will necessarily frame the shape of the (possibly) distributed coordinated function or network management tool.
  • "Network" location: At least in some cases, often for purely technical reasons, the management of a network may by necessity be kept local to that network, where locality may be defined by a number of metrics. The simplest of these is a topological constraint. Additionally, more challenging ones include latency, bandwidth and other network metric based approaches. In our work we will begin with the simplest, but recognize that there are already services available that allow for some of the more dynamic and more challenging metrics.
  • Physical location: We separate this from the previous category because the issues of geographic location or perhaps administrative ownership boundaries are generally orthogonal to the more performance based network location constraints.
  • Policy and other external constraints: These constraints fall into three major categories, security, pricing, and other non-numeric incentives, such as social good, selfishness, and other social preferences.

In this last area, one of the most challenging aspects of it is to understand and design for the competitive and generally non-cooperative nature of the society into which our networks are placed. At the same time, because these networks are providing shared resources they must be managed for the benefit of such a set of competitors. Thus, a key question is how to design the management applications to allow for the privacy, security, regulation, and other aspects of competition to flourish, while finding the common ground and ability to cooperate. This will require understanding not only the points at which cooperation are necessary, but as best possible positive incentives that will encourage cooperation. It is here that we depend the field of economics to both examine and explore possibilities for approaches.

Progress and Future
The work in this area includes projects reported by three students, Robert Beverly, Ji Li and George Lee. The work is proceeding through repeated cycles for build or refine a prototype, apply it to increasingly challenging network management functions, and evaluate the effectiveness both in terms of the specific domain or function and in terms of the generality and extensibility of the framework for applicability to increasingly challenging problems. Ji Li also reports on the first of these case studies, the application of our methodology to zero-day low-bandwidth worm or intrusion detection. Future intended applications include extennsios to the intrusion detection work, root cause fault diagnosis, DNS failure diagnosis, path performance, and routing.

This work is being funded by the National Science Foundation, Cisco University Research Program, and through the Communications Futures Program by the members of that program. Further funding is also being solicited at present.


[1] David Clark, Craig Partridge , J. Christopher Ramming, John Wroclawski, A Knowledge Plane for the Internet. In Proc. ACM SIGCOMM'03, Karlsruhe, Germany, August 2003.


vertical line
vertical line
horizontal line

MIT logo Computer Science and Artificial Intelligence Laboratory (CSAIL)
The Stata Center, Building 32 - 32 Vassar Street - Cambridge, MA 02139 - USA
tel:+1-617-253-0073 - publications@csail.mit.edu