Network-Embedded Management and Applications

What are network-embedded applications? What is the difference between network-embedded and network-attached concepts? This chapter provides an overview of central network management strategies and compares them with distributed management, network-attached appliances, and a holistic approach of network-embedded applications. Concrete scenarios explain the benefit of network-embedded applications. In addition, industry initiatives that address network-embedded solutions are described. The business aspect is provided as well, describing the impact of network-embedded solutions. Technical challenges and future opportunities conclude this chapter.

Network programmability has a long story in the networking world. Routing protocol initially introduced network-embedded concepts; many other functions have been embedded into the network over time. Quality of Service is a good example for an embedded versus central approach: IntServ and DiffServ have clearly illustrated the difference. Embedded monitoring introduced a level of independence from central polling concepts, and zero-touch has introduced a new paradigm of device installation and rollout of new services. Middleware, web services, and the service-oriented architecture (SOA) have extended the range of embedded applications. Autonomic computing and self-management have described the vision and future of network management. Peer-to-peer networks and DHT are implementing self-managing elements already. Network virtualization and cloud computing demonstrate a strong need for embedded management and automation, as the dynamic and virtual infrastructure simply cannot be managed with the traditional approaches.

The traditional approach to network management has been one in which systems external to the network are used to manage the network and devices in it. An alternative, more recent approach has been to embed management functionality within the network itself. This approach makes the network “smarter” and reduces the dependence on external management systems. Importantly, embedding management into the network itself promises to reduce the total cost of ownership that is associated with running a network. This chapter details the technical and business drivers behind network-embedded management which lead to its growing importance. The concept of network-embedded management is compared with the concept of autonomic systems, whose vision is shared but whose limitations are pointed out. Practical challenges are outlined that network-embedded management must address in order to be deployable in practice. Finally, a perspective is given at how network-embedded management capabilities evolve along four critical dimensions, concerning the richness of management information and controls provided by the network, the efficiency of management communication patterns, the degree of autonomy in the network, and the ability of those capabilities to adapt.

Manageability, that is, the ease with which a system or a network can be managed, is the ultimate embedded management application. Manageability is ultimately determined by two main factors: management interfaces that are provided to interact with the network for management purposes and embedded management intelligence that provides certain management tasks inside the network. Three properties of management interfaces affect manageability in particular: the coverage (and completeness thereof) that a management interface offers, its degree of consistency, and its efficiency in allowing outside systems to get management tasks accomplished. Each of these properties is analyzed in detail. Opportunities on how these properties can be improved using embedded management are outlined. Subsequently, the migration of management intelligence from outside to inside the network is explored. In addition to automating workflows and providing event-driven functionality inside the network, issues associated with the need to coordinate functions across a network are addressed. This chapter concludes with an overview of manageability features for which migration from the outside to the inside is not an option because they either must be provided from within the network or not at all.

Networking technology has seen a remarkably fast adoption and influenced many aspects of daily corporate and individual life. While the fundamentals concepts are crisp and clear, the rapidly added functionality within and around networks has led to a situation where overall system of a network and its operation are commonly perceived complex. In this chapter, the author provides a practitioner’s perspective and uses methodology from the fields of user-centered design to illustrate how at the same time human roles, operating models, and the socio-technical context have also rapidly evolved, so that the networking industry can be seen at a rather unique transformational stage. Common characteristics of today’s network automation adoptions as well as the role of network automation in these transitions are followed by a discussion of future work and open questions.

Juniper Networks included automation as an early feature of its Junos operating system by offering a comprehensive API that could deliver the same degree of control to applications or scripts as is possible from the device CLI. While this automation is also possible from remote centralized servers, this chapter explores local device automation through on-box scripts. Because these scripts execute on the Junos device itself, they allow operational intelligence to be embedded directly into the device, allowing it to automatically react to changing conditions in the network without operator involvement. The three types of Junos on-box scripts are covered along with each of their unique abilities to customize and manage Junos devices.

Historically, network operators have experienced limitations in extracting value from their networks due to a closed innovation model. The Juniper Networks Junos Software Development Kit (SDK) enables the development of applications that can be embedded in the network, running in the devices themselves on top of the Junos operating system. In enabling programmability, Juniper Networks has evolved its Junos operating system into a true application platform to host innovative applications. We look at the Junos SDK in detail by examining applications in the network operating system architecture and then dive into the details of the APIs to understand the scope of a developed application’s functionality. We describe very particularly how packet-processing application can be developed and give two examples of such applications.

While it is still far from common, device management automation using scripts is gradually getting higher attention today than it did in the past. One question in conjunction with this trend concerns what scripting is used for. One application is certainly management automation. However, scripting is not limited to that – it can also be considered a new way to program new networking features. It happens quite often that operator requirements evolve faster than vendors are able to implement them. In this context, intelligent scripts provide a quick way to tune, adapt, and reuse current features in novel and innovative ways. This chapter’s objective is to explain how embedded scripts can be used in a way to implement a true networking protocol which solves the problem of data center interconnect (DCI) that requires node redundancy for virtual local area network (VLAN) extension. Therefore, the title of this chapter might as well be “How to synchronize distant nodes with embedded scripts using a semaphore concept to achieve redundancy.” The example of interconnecting data centers demonstrates the use of scripts that are dispatched over distant nodes and that synchronize information via the usage of the “route-watch semaphores” concept. Our case study provides an analysis of an actual large-scale deployment where redundancy is managed via scripting in a live network. This chapter is organized to present first the problem environment and the ultimate solution that would fulfill the need in an upcoming future. It then focuses on the core of the problem of how to use scripting synchronization to create a temporary solution until definitive solution. Emphasis is given to implementation details and lessons learned. The aim of this chapter is to demonstrate that scripting can be used not only for quick-and-dirty “work-around” solutions and that it is not limited to management automation. Instead, it provides a viable platform for the development of small but efficient programs that solve emerging problems until a final solution is delivered by vendors.

The number of wireless and wireline devices connected to the Internet has already suppressed 12 billion in 2010 and is expected to reach 25 billion in 2015. This is more than three devices for each human being on earth. The new effusively connected world poses a great challenge and opportunity for device suppliers, service providers, and network management companies. The challenge lies in providing scalable and superior degree of automation to ensure smooth service for end customers. The opportunity lies in the ability in defining a new model that automatically collects essential device and user-related information and then uses the outcome to provide enhanced features and services. Smart services utilize automation, intelligence-based embedded management agents, and intellectual capitals to provide a proactive, predictive, and preemptive service experience addressing the operations and health of the network. They turn manufacturers and other value chain intelligence of every connected device into inelegance to derive new businesses. Smart services bend the traditional linear value chain into a “feedback loop” through which the heartbeats of manufactured objects will continually flow back through the complex business systems that creates, distributes, and services those products. Adaptors of smart services are creating extraordinary performances and parries to competition, underscoring the strategic impact of intelligent device networking on after slates and service management. This chapter defines the basic principles of smart services for Internet Protocol (IP)-based networks. It describes the fundamental smart service requirements including Smart Agents to identify and discover the connected network and collect essential embedded and user management information, fortifying the collected and validated information with intellectual capitals and best practices, analyzing the results using intellectual algorithms, and proactively taking action before the services is impacted. Smart services allow vendors/partners to access the network to reconfigure services parameters via a secure connectivity service.

Social network protocols and media are transforming the IT landscape. New IT professionals are integrating social media channels such as instant messaging and microblogging into their professional lives. A natural evolution arises starting with people using social networking to connect to each other, then embedding the same capabilities so that they can connect to devices. Once social networking is embedded into the devices, new solutions to network management challenges such as scale, security, and reliability can be found. Additionally, just like with people, devices can form peer groups with other, similar devices to automatically workaround problems, optimize operations, and improve network performance. In this chapter, we will explore these benefits of network-embedded social media technologies.

In recent years, a remarkable number of innovative Internet services have been developed and successfully deployed on a global-scale. However, keeping up with this rate of innovation in the networking domain has been challenging. The increasing reliance on virtualization in data centers for instance, requires the backing of a sufficiently versatile network substrate. At the same time, network requirements are often highly application specific, making it difficult to develop one-fits-all solutions. Today, adding new functionality to an existing network infrastructure is an extremely complex and resource consuming task. While a number of vendor specific solutions allow operators to customize network devices to varying degrees, this functionality depends largely on the deployed hardware. As a consequence, a cross-platform interface allowing operators to program network devices is highly appealing. Additionally, network virtualization and programmability are widely regarded as an essential building blocks for enabling the evolution of the Internet infrastructure. Network virtualization, i.e. decoupling logical resources from the physical substrate, offers a number of benefits: increasing flexibility and reliability, reducing management complexity, as well as improving efficiency. OpenFlow, developed by the High Performance Networking Group at Stanford University is a promising example of an emerging standard which has the potential to enable programmability and virtualization support across various platforms, by providing a simple yet powerful interface for manipulating flow table entries using external controllers. The strict separation control and forwarding planes using a well defined abstraction layer, paves the way for novel networking applications while maintaining compatibility with legacy network components. This chapter aims to provide a summary of the concepts behind OpenFlow. It will also highlights key related frameworks and offers a brief look at the development of custom OpenFlow applications. Finally we introduce a number of OpenFlow-related projects and research initiatives.

Controlling access to enterprise resources is of outmost importance for effective and secure functioning of an enterprise. Access control is provided in terms of authentication and authorization. The former verifies a user or an entity’s identity and credentials when access is attempted, whereas the latter deals with what actions are allowed on the resources to which access has been granted. A modern enterprise has to provide resource access control (RAC) to wide varieties of resources, from (ISO/OSI) layer 1 to layer 7 (L1–L7) resources. Typically, accesses to application, server, and storage (or L7) level resources are controlled by an application RAC (ARAC) system and that of network resources controlled by a network RAC (NRAC) system.

In an enterprise, ARAC and NRAC are performed separately. As a result, frameworks or systems to manage them are separate, which hinders enhanced security and effectiveness of RAC. Hence integration or interoperation of ARAC and NRAC is needed.

Accesses to resources are controlled via policies managed by policy management frameworks (PMF) or systems. The policies are specified via a policy specification language (PSL), where the policy elements can be a subject attempting access, resource to which access is requested by the subject, an action a subject wants to perform on the resource, a policy rule condition to be satisfied, etc. Integration or interoperation of ARAC and NRAC requires enhanced model of PSL, in particular extended definition of subject, resource, and policy rule. Two of the major components of a PMF are policy decision point (PDP) and policy enforcement point (PEP). While the former typically resides outside of the resources being access controlled, the latter resides embedded within the resource concerned. The PDP manages enterprise-wide centralized policies, whereas the PEP manages and enforces policies locally on the resource. A request by a subject to access a resource is intercepted by the PEP, which then may forward the request to a PDP for (centralized) policy decision. In an integrated or interoperated ARAC and NRAC (IA/NRAC), PDP or PEP components of them interact with each other, improving security and effectiveness of enterprise-wide RAC. In addition, in an IA/NRAC, an ARAC PEP may be embedded within the network (network device or OS).

We survey approaches to distributed management and highlight an architecture that is especially suited for embedded management in a large network. We then discuss in detail two fundamental classes of protocols that execute as embedded functions within such an architecture. The first is the class of Echo protocols, which can be used for distributed polling, global state estimation, resource discovery, and distributed configuration. The second class is that of GAP protocols, whose main application is continuous real-time monitoring. Both classes are based on distributed trees, which are created during the execution of the protocols. Furthermore, both protocols perform in-network aggregation of the results from local operations on network elements. When presenting the protocols, we discuss their underlying distributed algorithms, their performance properties, such as overhead and execution times, and possible extensions for operational use. We limit the discussion to a single administrative domain.

Peer-to-peer (P2P) technologies have enabled the development and successful deployment of next-generation applications on top of the Internet. File sharing, collaborative work, and multimedia content distribution are examples of application whose success is tightly associated with the employment of P2P technologies. Network management can benefit from P2P technologies as well. For example, the long-studied issue of decentralized network management can incorporate the intrinsic distributed nature of P2P application to deliver interdomain collaborative management. In this chapter, we discuss how the network management discipline can use P2P technologies to deliver new management solutions.

As the IP traffic observed on network operator’s backbones keeps increasing year by year, the analysis of NetFlow data metered for this traffic becomes a burden for centralized traffic monitoring solutions. Thus, SCRIPT proposes a decentralized accounting architecture and framework for NetFlow storage and analysis, which is flexible to allow for the development of distributed traffic analysis applications. SCRIPT mechanisms organize multiple PCs or AXP (Application Extension Platform) cards in an analysis network and route NetFlow records according to rules imposed by the analysis application. In turn, the evaluation of the prototype has shown that (a) this approach allows for a linear increase of the number of NetFlow records, which can be processed with the number of nodes in the SCRIPT deployment network, and (b) deploying SCRIPT on router-embedded AXP cards is improving an already existing infrastructure with the capability of storage and processing of NetFlow records.