________________________________________________________________________________________________
In earlier research reports, network management has been reported in the networks technology chapter. Such a grouping would be quite acceptable - but the breadth and strength of our activities in this area are such that it seems more balanced to give them a whole section. The volume of our work in this area is partly because both we and our funding bodies realize the importance of the area; the gamut of our activities from components to real-time services makes us aware of the needs, eager to resolve the problems, and with testbeds to exercise our results. Our work covers a variety of aspects. In Section 5.1, we consider many aspects of service - both in the context of SuperJanet, and in that of CEC projects. Some of this management is at the network level; here we include both network and call management. Other activities are in Applications and service management. We soon found out that we needed to pursue research on the building blocks of network management systems. In Section 5.2, we consider both techniques applied to specific managed objects, and also the modeling of the management information. Clearly distributed management is of paramount importance; not only are we considering configuration management, but also the specific needs of mobile devices. In this context we are also concerned with the security of the management systems themselves.
In view of the range of our activities, we have found it very useful to develop a management platform called OSIMIS; this activity, which is described in Section 5.3, has been underway for many years. Earlier versions of the system have been widely distributed; it has been greatly improved over the past year, and has been requested by many groups both collaborating with us and ones with no direct relationgship. It deliberately accommodates both the OSI CMIS and the Internet SNMP procedures. OSIMIS is an interesting platform in its own right; it has been applied also to a number of application areas. Here we are looking at Virtual Path connection and routing, simulation systems, scripting languages, and even applications management.
James Cowan and Jon Crowcroft
Wide area broadband networks, the intelligent services which extend their functionality, and the applications which make use of these services, are all complex distributed systems which need to be managed. This management involves interactions between multiple administrative domains end users, service providers and network operators. This collaborative project, a British Telecom University Research Initiative, will investigate a range of research issues that apply to the management of multiservice networks, and in which the participants have strong and complementary expertise. The participants are University College London (co-ordinator), Lancaster University, Loughborough University of Technology, Oxford Brookes University and Cambridge University.
The project objectives are to develop a set of management tools to perform the following management functions in a multi-domain environment:
UCL's work is concentrated Under (2), Policy Based Traffic Management.
Traffic can be managed at various points in a network. Within a network, routers need to be configured to drop packets of a specified type when congestion occurs, and, at the end points of the network, protocol stacks need to be controlled so that the traffic of high priority application receives adequate resources. The purpose of a policy language for traffic management is to provide a means of representing and deploying policies. Such a language has a number of features and functions.
A welter of different network management and distributed programming models and protocols have evolved. The policy language should be able to work uniformly across heterogeneous distributed programming environments. We have chosen to develop a policy language that interworks between the Internet Simple Network Management Protocol (SNMP), which is the main protocol used for controlling network devices and protocol stacks, and a distributed programming environment based on the Object Management Group's (OMG) Common Object Request Broker Architecture (CORBA).
The approach we have adopted is to view a policy language as an interpreter for the specification language of a particular distributed programming model. The OSI Abstract Syntax Notation language (ASN.1) is used to specify the Managed Object Classes (MOCs) of a SNMP Management Information Base (MIB). We have developed an ASN.1 SNMP MIB compiler and interpreter which acts as a vehicle for deploying policy statements in an SNMP agent. The ASN.1 compiler parses an SNMP MIB and generates both C++ classes, one for each MOC, and symbolic information describing the C++ classes which the MIB interpreter uses to manipulate C++ objects. At run-time, C++ objects and interpreted policy statements interact seamlessly; statements of the policy language appear as methods of C++ MOs and C++ MIB variables and local variables of the policy language can be addressed transparently; details of how variables are encoded into SNMP packets are handled by the interpreter and completely hidden from the user. The policy language can be extended to take advantage of particular features of the distributed programming model; built-in functions to define and send SNMP traps are linked into the ASN.1 MIB interpreter.
The SNMP protocol provides the mechanism for distributing and changing policies. Managers can use the SNMP SET protocol operation to download policy statements and the GET primitive to find out what policies are currently in place. A table of policy MOs is used to store the policies. Each row in the table has three columns: one column contains the object identifier of the MO to which the policy statements should be applied and the other two columns hold the policy statements that should be executed when an SNMP SET or GET statement is applied to the MO in question. When a row in the table of policy MOs is updated, the statements downloaded are passed to the policy language parser and if the statements compile successfully, they replace the existing policies.
This approach will be applied to a CORBA based distributed programming environment; an interpreter for the CORBA Interface. Interface Definition language (IDL) will be developed along the same lines as the ASN.1 interpreter. The grammar of the policy language will remain the same in both ASN.1 and IDL interpreters, but in the latter the variables of the language will be IDL variables and the interpreter will hide all the details of IDL encoding.
Paul Barker, Peter Kirstein, Søren-Aksel Sørensen and Ping Su
The need for a framework to support Integrated Services Engineering (ISE) activities has resulted in the creation of the Open Services Architecture (OSA) which is an ongoing activity within the Cassiopeia project. At its core, OSA is the application of distributed object computing to the telecommunication application domain. In this sense it is a formal object-oriented client-server architecture which encompasses all aspects of service and network management. It extends from back-office telecommunications operation, to service management, to network management, and, at least as an objective, to real-time network control.
The scope of the DRAGON project is to demonstrate the practical applications of Service Management within the framework of an open service architecture. A number of Service Management functions have been implemented including a trading environment and a billing management application. The Service Management applications interact and interoperate with a selection of Multimedia Services through a set of interface modules.
OSA is primarily a distributed architecture which assumes a logical layering of the management services of TMN. The applications communicate among themselves on a relative level playing field through the offices of a Service Machine (SM). The SM uses the object-oriented framework of the Object Management Group's CORBA architecture. It provides facilities for applications to identify the existence of other applications and the parameters under which communications can take place. In this sense OSA can be considered as the universe of telecommunication applications all sitting on a giant wide area network. Any application can theoretically interact with any other application. The DRAGON SM consists of the following components:
Overview of the DRAGON Demonstrator.
The DRAGON demonstrator provides Service Machine and Service Management facilities to support a set of existing multimedia platforms. It will be used to demonstrate a distributed multimedia service on a pan-European network between sites at SEL Alcatel in Stuttgart, Telesystems in Paris and UCL in London. An overview of the demonstrator is given in the Figure below. The major aspects of the SM have already been demonstrated using an ATM based local area network. Because SEL and Telesystems will only have SMDS access to the European PNO pilot, we expect to use only the SMDS access parts mentioned in Section 4.1.1
Jon Crowcroft, Alina da Cruz, Anne Hutton, David Lewis, Tore Riksaasen and Athanassios Tiropanis
As the spread of digital networks makes access to data communications globally available, the interest of communication service providers is switching away from the provision of these bearer networks and towards the provision of the value added services that will operate over them. At the same time the liberalisation of telecommunication markets is precipitating a dramatic change in the profile of communication service providers. As can already be seen in the UK, this involves both an increase in the number of providers and the specialisation of individual providers in order to exploit market niches. Such a market will be highly dynamic with service offerings and prices changing rapidly. The role of the customer will also change, with the proportion of data traffic supporting corporate networks shrinking, while that used by both commercial and domestic customers for accessing third party services increases. This will be accompanied by an increase in the number of commercial customers who buy services, not for their own end-users, but to resell in an integrated value added service package to their own customers.
In this complex telecommunications market the open management, not only of the networks, but of the services themselves will become increasingly important. The large number and diversity of roles of the market players make the management of inter-organisational relationships fundamentally important to the management of services.
The ITUs series of recommendations on the Telecommunication Management Network (TMN) provides a basis for inter-domain management. However, this and other standards have so far concentrated on the management of individual network components and of networks operated by single organisations. The PREPARE project has been investigating how the management of multiple services in a complex multi-player market can be modelled using TMN techniques for implementation on existing management platforms. This work aims to determine whether TMN principles can be extended effectively to this form of complex service management, as well as to gain further insight into the real requirement of such management by the rapid prototyping and trial use of the TMN systems in a real B-ISDN testbed. (cf Section 4.1.2)
The TMN was initially based on the implementation of an inter-domain VPN management service over a broadband testbed and a more in depth case study of the requirements for VPN management. The model used in both was of a specialised value added service provider managing the resources of two separate PN providers in order to provide a VPN service to a multi-site corporate customer. Management of the customer site networks was included in this model so that network resources can be managed in a homogeneous way from end-user terminal to end-user terminal as part of the VPN service.
This approach has now been extended to the analysis and identification of some of the key requirements of multi-player multi-service management in the forms of service features. These service features are then used to define information models and manager functions that could be readily implemented and integrated in existing management platforms. To provide a firm basis for this work a new specific enterprise framework was developed. This framework was based on the work already performed in PREPARE but with additional actors being added in order to adequately represent the potential complexities of multi-service management. The actors, all assumed to be separate organisations, and their roles are summarised below:
The resulting model of service relationships is shown in the figure below.
Figure 5.2
Actors and Relationships in the PREPARE
enterprise model.
Peter Kirstein, Kevin McCarthy, George Pavlou and Thurain Tin
The Integrated Communications Management (ICM) project is an EC funded project under the RACE programme investigating management systems for broadband networks and services that conform to the Telecommunications Management Network (TMN) framework. Its main objective is to show that a TMN integrating Advanced Information Processing (AIP) techniques is feasible and desirable and to establish a testbed for this integration in which selected TMN functional specifications will be validated.
The ICM testbed is based on the RACE Advanced Technology Testbed (RATT) ATM infrastructure in Basel, Switzerland and comprises a highly manageable four node ATM network, an advanced ATM simulator that can simulate larger networks, Q-Adaptors that offer a standard view of network and service resources, the OSIMIS platform as fundamental management infrastructure and a VPC Routing management TMN that has been developed during this year (see Section 5.4.6). Despite the current use of the RATT, this testbed is ultimately portable to other ATM platforms as far as they offer the control management capabilities required. In fact, using the OSIMIS platform facilities it would be easy to develop new Q-Adaptor units over any proprietary management facilities available.
This testbed may be used in the forthcoming ACTS framework as an advanced "national host" offering a unique environment for the inclusion of further network management services; the investigation of security policies; the provision of integrated network and service management capabilities; it may also be used as a broadband island being part of a larger scale experiment. In fact, next year a limited Virtual Private Network (VPN) case study will be conducted, involving also the RIA ATM island in Aveiro over the Pan-European Network Operator (PNO) infrastructure.
A lot of the research described in this section has been instigated by the needs of the ICM TMN systems which have evolved over four phases:
The phased approach has proved very beneficial, minimising the risk involved in targeting a single major goal and has encouraged a modular approach, resulting in a great deal of reusable infrastructure.
Saleem N. Bhatti, David Romano-Critchley , Graham Knight, Jonathan Ladipo, George Pavlou and Rong Shi
Much of this work has been carried out under the ESPRIT MIDAS project. The emphasis of MIDAS is to demonstrate the global management of applications and communications in a service environment. The words "service environment" imply an already existing environment with real users - not simply a demonstration network. In fact two environments will be used; one will be a large public administration network in Italy with a large X.400 mail system, the other will be a network of "ISDN teleworkers". The ISDN experiment is especially interesting as it integrates two very different environments in (we hope) a seamless way. Some ISDN teleworkers will use PC-based systems running DOS/Windows or OS/2 and SNMP management agents, others will run Unix with OSI management agents. The SNMP agents will be accessed through the SNMP/OSI proxy system developed in the ICM project so that they will appear identical to the Unix systems as far as the managing software is concerned. During the last twelve months much of the preparatory work for these demonstrations has been completed. UCL's work has concentrated on:
Graham Knight and Natascha Vassila
One of the key decisions that must be made in the design of network and system management is the distribution of function between the systems doing the managing and those being managed. The two principle vendor-independent standards in the field take opposing views on this subject. The Internet SNMP standard places most functions in the managing systems and has very simple agents in the managed systems. The ISO standards move much of the functionality to the managed systems and require support there for powerful object-oriented database facilities. An event-driven style of management is favoured in which the managed system takes responsibility for self-monitoring and issues reports only as needed. Experience at UCL has shown that the ISO approach can be effective in reducing the overhead of network management traffic on a network - provided always that the resource being managed has sufficient processing power to handle the complexity of the managed system software.
Despite the power of the ISO approach it remains relatively inflexible. In the main the events which can be reported are statically determined when the Management Information Base (MIB) is defined. For full flexibility one would like to be able to load a program into the managed system at run-time which can search for an arbitrary state in the managed system and can then issue a report or even undertake corrective action. A program which was authorised to perform management operations locally in the managed system, which would otherwise be invoked by the manager remotely, would reduce network traffic further and make the agent less vulnerable to network/link failures. This approach raises a number of issues; how can the security and integrity of the managed system be maintained, what sort of language is appropriate, are existing models of management information adequate, what kind of execution model is required? In order to investigate these issues we have begun some experiments in which an interpreter for a management-aware extension of the Tcl language is embedded in an ISO managed system implemented with the OSIMIS software. Tcl scripts may then be down-loaded and run on the managed system. At present the work is in the early stages and our main aim is to gain a better understanding of the requirements through experience with simple prototypes. The first version is now running however and will be extended throughout the next year.
Figure 5.3
Active Management.
Ihsan Khan and Graham Knight
The SNMP and ISO GDMO standards for network management define two different languages and information models for describing management information. The SNMP work is geared to a table-oriented description with simple syntax which is intended to simplify implementation. The ISO GDMO work adopts an object-oriented approach and allows much more complex and flexible information structures and syntaxes. Waiting in the wings is a third approach based on the Interface Definition Language (IDL) from DCE/DME. A number of industry groupings have been involved in specifying rules for translating between the three languages.
To the disinterested observer it often seems that advocacy of these different approaches are driven by politics, religion and history as much as by technical consideration. In this research we are attempting to remain aloof from the partisan arguments and form a dispassionate view of the three languages and to assess their strengths and weaknesses from the point of view of human managers and of implementors. During the last twelve months the approach has been to focus on the information embodied in the SNMP Host Resources MIB and to consider how similar information would be described in ISO GDMO; firstly in a natural way, secondly according to the SNMP to GDMO translation rules adopted by the Network Management Forum. In the latter we have been greatly assisted by the availability of the SNMP to GDMO translator developed in the ICM project. In the next year we hope to present conclusions on the SNMP/GDMO work and to begin consideration of IDL.
Saleem N. Bhatti and Graham Knight
The use of mobile devices is becoming increasingly popular. Soon users will be able to access their office or campus LAN from anywhere in the world by using a portable cellular phone and a laptop workstation. More specialised mobile devices are also in use such as Active Badges and Personal Digital Assistants (PDAs). We believe that this extension of the LAN via mobile devices requires network management features with respect to:
This year we have looked at security of Open Systems (Section 5.2.6) and the remote configuration aspects with respect to applications (Section 5.2.4). We have considered how we would adapt these solutions for the mobile environment. We will be keeping a close eye on the mobile-IPng work now in progress, and for the next year we plan to extend some of our current designs and conduct some experiments that will let us gauge the impact of mobile systems in extending the LAN environment.
Saleem N. Bhatti and Graham Knight
Managed systems, be they distributed applications or network elements, may require configuration updates to control and alter the way in which they behave or perform. Often, there is a requirement for more than one managed system to receive such configuration information and for the ensuing updates to be performed atomically across all those systems. Also, if that update is successful, the changes should be made persistent, which may involve changes to resources that are specific to the real resource being managed. For example, routing table changes for a workstation may not only require that the routing table image held in memory is updated but also that the workstations boot configuration files are modified.
The traditional Open management systems (both Internet and ISO models) make no explicit accommodation for operations with such semantics within their respective models. There are three obstacles to performing consistent distributed updates:
To address the first of these problems, this year we have been examining how it would be possible to extend the ISO model by use of an extension MIB to support not only atomic updates for single managed systems, but also distributed transactions across many managed systems (see Section 5.2.5). We have also been considering the second problem to see how the specific behaviour of the real resource can be hidden in the definition of the MIB. It seems that in some cases it may not be possible to influence the real resource behaviour to allow roll-back, but our preliminary work seems to suggest it should be possible to model the main interactions involved in a configuration operation by using a transaction-like mechanism defined as an extension MIB.
Next year, we plan to test our configuration management system on a real system - the management of the network level routing between the LAN and Primary Rate ISDN, with many local and remote users using the UCL Primary Rate ISDN gateway (see Section 5.1.5)
Graham Knight and Saleem N Bhatti
Our studies of the requirements for distributed configuration management in the MIDAS project have demonstrated the need for atomic transactions in managed systems (see Section 5.2.4). This is required, for example, when a managing system is attempting to update configuration tables in a co-operating collection of servers - X.400 MTAs perhaps. Such updates typically require multiple operations to transform the servers from one consistent state to another. It is important that the partially complete and inconsistent states which occur during these transformations do not become visible operationally.
The context for our work was the OSI management service and this has no support for transactions. Our aim was to add support within the existing framework - there should be no additional service elements and no modifications to existing elements. This would enable existing OSI managing systems to be easily adapted to use our transaction support.
Atomicity has several aspects. Our main concerns are "failure atomicity" (a guarantee that all operations in a transaction fail or succeed) and "isolation" (invisibility of partial states to third parties). To implement these we must avoid applying management operations to real attributes until the whole sequence of operations belonging to the transaction is known and can be carried out. Broadly, there are two well-known techniques for achieving this; "intentions lists" - which record operations as they are requested and "shadow pages" which perform operations initially on copies of the real data. We have decided to adopt the shadow approach with the unit of shadowing being a sub-tree of the OSI "Management Information Tree" (MIT). Our reasons for adopting this approach were pragmatic:
The tree structure of the MIT tends to group objects which have some functional association. Thus it is likely that a single copy will catch all the objects affected by a particular transaction.
Figure 5.4
The diagram shows a typical sequence of operations. The transaction is started by locking the subtree using an existing access control mechanism. The sub-tree (1) is then duplicated by invoking a specially defined CMIS "action" and linked to the MIT (2). The duplicated tree is made persistent (4, 5) and operations begin upon it. When the operations are complete a second action is invoked to copy the duplicate back in place in an atomic way.
We have now reached the implementation stage in this work. Once we have gained experience from this we intend to move on to consider co-ordination of distributed transactions across multiple managed systems.
Saleem N. Bhatti and Graham Knight
Much of the network management technology today still centres around a remote monitoring approach. One would like to have a more intrusive management capability but in a large distributed system one must have confidence that management activities can not be subverted, whether by accident or by malicious intent. To achieve this goal, one requires the management applications to have security mechanisms that will prevent unprivileged users from altering the system accidentally but also, more importantly, to prevent possible attacks from a third party who may disrupt or misuse services. The OSIMIS management platform developed at UCL has been enhanced to provide security services. There are two aspects to secure management: secure management exchange and control of access to the management service. Each is discussed below. The implementation of security is OSIMIS, making heavy use of the toolkit OSISEC, developed at UCL and discussed in Section 8.2.
The communicating parties, the manager/client and the agent/server, must be confident that the association between them is free from intrusion or inspection. Management applications may demand:
2) Controlling access to the management services
Access control allows one to define policies which govern that way in which users of the management system may interact with other management applications. For instance, it is possible to specify rights for only certain users to modify management information while allowing another set of users to read the information. OSIMIS has two experimental access control mechanisms, one based on security labels and one based on access control lists, both of which are documented as draft ISO standards.
This year, the mechanisms for mutual peer authentication, data origin authentication and connectionless integrity have been implemented and incorporated into OSIMIS. We are currently in the process of finalising the integration of the access control mechanisms into OSIMIS, and next year we will add the confidentiality mechanisms that we have designed.
So far, in all the changes made to OSIMIS to support security mechanisms, we have insured the CMIP management protocol conforms to the ISO standard, and so we will not hinder interoperability. Also, we have an experimental implementation of an XMP style API that makes use of our security mechanisms, transparently applying them to transmitted PDUs in the XMP provider. Checking of the received PDU can be done by the XMP provider or left to the application. The use of the security services can be negotiated through the XMP API.
Saleem Bhatti, James Cowan, Peter Kirstein, Graham Knight, David Lewis, Kevin McCarthy, George Pavlou and Thurain Tin
The UCL OSIMIS (OSI Management Information Service) system was developed as a platform for evaluating the strengths and weaknesses of the ISO/OSI approach to network and systems management. Through its various incarnations it has provided a focus for systems management related research in the department for some five years. OSIMIS has always been freely available for research use and is now used by research teams in every continent. It is especially prominent in Europe where it is used by several RACE projects to support Telecommunications Management Network (TMN) developments.
The last twelve months have seen the evolution of release 4.0 of OSIMIS. The innovative enhancements in this release have included:
These developments have arisen mainly through the efforts of the RACE ICM and ESPRIT MIDAS projects. In ICM, OSIMIS has been used by many partners across Europe to provide the Virtual Path Connection Management TMN operating over the RACE Advanced Technology Testbed in Basel (see Section 5.1.4.). This TMN comprises network elements with Q interface capabilities, mediation devices, operations systems and workstations. In MIDAS, it has been used to provide managed systems for distributed application management (see Section 5.1.5).
OSIMIS has also been used actively by UCL and various partners in the PREPARE project for developing components of the inter-domain management testbed constructed to operate over the project's broadband network testbed (see section 5.1.3). These components have included operations systems, Q-adaptors and managing applications / workstations. Because of the inter-domain nature of this work, these OSIMIS applications were required to work with management testbed components written by different partners using commercial network management platforms, thus verifying the interoperability of OSIMIS and these platforms. These platforms were Hewlett-Packard's OpenView, IBM's Netview/6000 and Ericsson's TMOS.
The research topics the OSIMIS developments have spawned are described in separate sections and include as main topics: active managed systems, transaction support, security, management model comparison and integration, intelligent remote monitoring, distribution support through the OSI directory service, transparent support for simulated environments and interchange between reference points and interfaces.
Kevin McCarthy and George Pavlou with G. Mykoniatis and J. Sanchez (NTUA)
Remote monitoring is extremely important in maintaining awareness in a distributed management environment. Remote monitoring can be polling-based, as is the case with SNMP-based systems, or even-driven. OSI management encourages an event-driven paradigm through the rich facilities it provides, such as object management, metric monitoring and summarisation.
Object management provides object creation, deletion and attribute value change notifications. We have implemented those transparently in the OSIMIS platform, providing a simple triggering interface to be used when these occur due to real resource operation. We have also specified intelligent object management monitors to add this capability to objects that do not have it in native form e.g. OSI objects that are results of verbatim translation of SNMP ones (see Section 5.4.1).
Metric monitoring provides the capability to observe a counter or gauge value either as is or by converting it to a rate (derived gauge) and to apply a threshold that may generate a "quality of service alarm" notification. The observed value may be smoothed statistically through uniformly or exponentially weighted moving average algorithms to avoid rapid fluctuations. The existence of a metric monitor capability in managed systems enhances the available raw data and obviates the use of rates, thresholds and tide-marks in the information model; these may be provided on demand. We have now a fully functional implementation of metric objects as part of OSIMIS.
Summarisation objects provide the capability to request the periodic reporting of an arbitrary number of attributes, possibly after statistical smoothing. Though this is a useful facility that reduces the cost of polling, we envisage a more sophisticated use of such a facility through objects that will also apply a number of algorithms to the observed values and compare the result against a threshold. Through a number of simple algorithms, a manager will be able to construct almost arbitrary expressions by combining a number of intelligent summarisers. The latter can be also programmable, to reduce the number of such objects involved in a complex calculation. Of course there is a limit to such capabilities, as the ultimate flexibility can only be provided by an interpreted policy that may be downloaded through a policy object (the ultimate intelligent monitor) and evaluated on the fly. We have currently an initial design and implementation of intelligent summarisation objects and we are currently researching formally described fully flexible policies.
Kevin McCarthy and George Pavlou with D. Griffin, S. Sartzetakis and C. Stathopoulos (ICS)
OSI management has evolved in a bottom-up fashion, leaving distribution issues to be considered last. Considerable research has been carried out in this area over the last years which has recently found it way into standards through the Shared Management Knowledge one to which we are contributing. In the ICM project we have designed and implemented a location transparency facility using the OSI Directory Service before standards were available. The directory is used as a repository of information about management application entities which update it at start-up and shut-down with location and other useful information e.g. supported classes, capabilities etc. Management applications perform a directory look-up to find where the application to be contacted runs before they attempt to connect to it. The directory look-up may be based either on the full Directory Access Protocol (DAP) or on the Lightweight DAP (LDAP) over TCP/IP.
Research is ongoing on static "resource maps" in the directory which may point at management applications that provide managed object instances with those capabilities. As such, a desired managed object instance may be located through the simple knowledge of the class, a directory look-up and subsequently scoping and filtering or discovery facilities after an association to the handling managed system has been established. Such a facility may be also used as a distributed systems framework. Objects will not export interfaces but they may be addressed by name through supporting information in the directory. In fact, we have designed and implemented a simple statistics square root and mean/standard-deviation service based on the OSIMIS facilities, including the location transparency service. The relevant server may be found through a directory look-up while the aforementioned services are realised as actions on the statistics object. The performance of operating on a remote object is high but the cost of establishing two associations is incurred, to the directory first and then to the handling agent.
We also intend to provide meta-management facilities to set-up a complex distributed management system and also fault transparency services. An important asset of using the OSI directory to provide such services is its federated nature which provides a global high-performance object-oriented database.
Saleem N. Bhatti, James Cowan, Kevin McCarthy and George Pavlou
Last year we reported on the problem space and our solution which consists of a stateless generic gateway between the OSI CMIS/P and the Internet SNMPv1. Our gateway is fully compliant with the Network Management Forum (NMF) ISO/ITU-T and Internet Management Coexistence (IIMC) set of standards to which we have made substantial contributions.
Last year's implementation did not offer a mapping of SNMP trap messages to OSI notifications. In fact this mapping is not straight-forward, as SNMP traps do not belong to any group of SNMP managed objects but are rather emitted by the proxied agent - they are even hardwired in the protocol in the case of SNMPv1. SNMP Traps are mapped to the IIMC defined 'internetAlarm' OSI notification. This contains the list of name/value pairs that are contained in the trap. The proxy is required to determine the name of the object instance that is associated with each name in the trap. The completed notification is forwarded to any manager that has previously requested such reports via an event forwarding discriminator, and may also be logged locally via a previously created log object.
Our performance trials, which compared OSI and SNMPv1 management of RFC1213 SNMPv1 resources, have yielded favourable results for the gateway approach. The timings shown in the accompanying table are all the more surprising given the fact that usage of a gateway by definition adds a second communication path, i.e. manager-to-gateway and gateway-to-agent. The timing figures should be examined only relatively but for completeness we mention that the environment was Sun SPARC Classic workstations running SunOS 4.1.3 with the manager, proxy and the target SNMP agent running on different end systems over an Ethernet.
Test Manager Test Runs Mean Case Time (s) IP OSI 25 2.28 subtree SNMPv1 retrieval 21 2.60 TCP OSNP 46 1.75 subtree SNMPv1 35 1.83 retrieval
Table 1
Comparison of MIB Access Times
The importance of translating between CMIS/P and SNMP through generic application gateways becomes apparent when information model enrichment is attempted through systems management functions such as metric monitoring and summarisation, (see section 5.3.2). The object management notifications (object creation/deletion, attribute value change) are equally important but they are not provided by the "raw" SNMP-based information model that results from the verbatim translation. The need to support them for "dump" managed objects has led to research towards generic monitor objects that supervise a management information subtree and report object creations/deletions or monitor a specific attribute for changes. Those, together with the metric and summarisation objects, enhance the observed information model and provide sophisticated event-driven management capabilities, thus eliminating polling in the local environment between the generic proxy and the proxied SNMP agents.
George Pavlou
Subnetwork monitoring can be achieved by monitoring the individual elements that constitute the subnetwork either through polling (SNMP) or through event reporting (OSI). As the private network (LAN, MAN) market is currently dominated by SNMP, subnetwork monitoring systems employ a polling strategy. Although this is adequate for maintaining a picture of the status or even throughput of network interfaces, it does not scale well for more sophisticated management. The need for more sophisticated monitoring has led to the specification of the Remote Monitoring (RMON) SNMP MIB, which is implemented in a device that listens passively for all traffic on a broadcast technology subnetwork (e.g. Ethernet, Token Ring, FDDI, DQDB or even an intelligent hub). A RMON agent maintains information on device activity, information on the pairing between devices, information of devices that top a particular chosen parameter, capture and packet filtering etc.
The RMON MIB stretches the SNMP capability to the limit and it even borrows ideas from OSI management in the form of metric monitoring and logging. Though some RMON products are available, they are high cost solutions due to the complexity involved in designing and implementing such complex agents based on the SNMP framework. A more careful examination of the RMON MIB reveals that a lot of the complexity lies in the intent to provide facilities similar to those of the OSI Systems Management Functions (SMFs), which are generic and usually constitute platform support of managed systems. The alarm group is essentially a simple monitor metric facility while the event group is a very simple version of the OSI event reporting and logging. The history group can be provided by a combination of the summarisation and logging facilities while the hostTopN group may be implemented generically through an intelligent summariser (see Section 5.3.2). As such, one is left only with the statistics, host and matrix groups which are fairly simple to provide.
We have translated those groups to the equivalent OSI ones using the generic IIMC rules (see Section 5.4.1) but we have then used human heuristics to optimise them by normalising and removing SNMPisms. The resulting model was implemented by two students as their summer project, using the publicly available tcpdump Ethernet-based packet capturing facility. Two other students have provided a sophisticated Tcl/Tk-based Graphical User Interface that accesses that information but also requests its enhancement through event discriminators, logs, metric monitors and summarisers which were already provided by the OSIMIS platform. The result is a fully event-driven subnetwork monitoring system realised as a summer student group project, in a small fraction of the time that would be required had we employed the SNMP framework. Other sophisticated facilities such as the intelligent summarisers discussed in Section 5.3.2 may be applied to enhance the available capabilities of the OSI RMON agent even further.
George Pavlou, Rong Shi and Thurain Tin
The advent of the Tcl interpreted scripting language and of the associated Tk widget set has greatly simplified the construction of test scripts and Graphical User Interfaces (GUIs), both being of paramount importance to management systems. In fact, Tcl/Tk -based GUIs may operate over UNIX X-Windows, MS Windows or even the Mac System 7 windowing system. Tcl SNMP extensions already exist as the latter is fairly simple, allowing only a limited number of object syntaxes, namely integer, string and object identifier. CMIS/P is a more complex a protocol, allowing arbitrary syntaxes for attributes, actions and notifications. As such, CMIS-based scripting facilities are difficult to design and implement.
In the OSIMIS platform, every management syntax has a well-defined string representation, used mostly for pretty-printing but also potentially for programming. This observation led to a fully string-based CMIS/P specification that may be used locally over a pipe or even remotely over a reliable transport service e.g. TCP, OSI TS etc. This may be used to construct a generic management access server which receives string CMIS messages, forwards them to the addressed remote application and returns the results/errors to the invoking client. A number of Tcl CMIS extension instances may be communicating with this server from UNIX workstations, PCs etc. while the server runs on a UNIX system. This architecture results in OSI CMIP stack independence for the manager.
The CMIS-based scripting language may be procedural, with syntax similar to a number of generic OSIMIS manager programs that offer the full CMIS power. It may also be object-oriented using the ITCL extension, having a flavour similar to that of the Remote MIB OSIMIS access infrastructure - we intend to support both options. The advantages of a Tcl-based CMIS scripting language are its interpreted nature and the existence of all the Tcl control and data structuring facilities. Tk support will also facilitate rapid GUI construction: we expect to provide a new MIB browser in the course of a few days rather than the few months of the initial InterViews-based project. We are currently in the process of specifying the two versions of the scripting language with realisation to follow.
George Pavlou
Simulation is a powerful technique to study the behaviour of real systems without the latter being physically available for experimentation. Even in their availability, simulation overcomes limitations of scale and allows the study of conditions such as e.g. faults that would cause disruption in real services if they were to be generated and studied on the real system. In the case of management, it is desirable to exercise a management system against a simulated network and services in order to validate its operation before it is tried in the real environment. Ideally, the management system should be exactly the same in the two situations.
Simulation of management systems and their policies is not new but until recently, management systems and the managed entities have been tightly-coupled in the simulation environment. What was simulated was signalling plane or protocol operation related management, with the management policies coexisting physically with the managed resources in a simulator. In the RACE projects NEMESYS and ICM, a different approach has been followed with the management system being a separate entity, very much as it would be in a real environment. This operates on the simulated managed resources through adaptation functions which present a standard view of the latter as managed objects.
There are two problems to be solved though, in order to achieve transparent operation over both the real and simulated environment:
The first can be solved by utilising a powerful feature of the OSI management model, namely allomorphism. Any simulated network or service element may pose as an instance of a derived class of the standard "system" which emits a "new time" notification. Any management applications that talk to these elements check for the existence of this class and if present, register to receive that notification and operate in simulated time. They subsequently relay that notification to superior systems so that the whole management system hierarchy operates in simulated time. The second problem may be solved by introducing the capability of permitting more than one management application function in a single physical entity. This comes as platform support and the concept is explained in Section 5.4.5. As both of these are run-time support functions, management systems may operate transparently in either real or simulated environments. This is exactly the case for the ICM VPCM TMN described in Section 5.4.6.
George Pavlou and Thurain Tin
The TMN architectural framework distinguishes between the logical aspects of interoperability points (reference points) and the physical aspects (interfaces). In the case of the TMN, the logical aspect of interoperation is defined through an object model and an associated access service, the former being defined in the Guidelines for the Definition of Managed Objects (GDMO) abstract language while the latter being the CMIS management service. The transport mechanism to implement a reference point can be anything if the two communicating functional blocks reside in the same system while it should be an agreed OSI stack profile for remote communication i.e. the reference point becomes an interface.
There are many cases in which two logical entities should reside at the same end system. For example, a generic CMIS/SNMP Q-Adaptor results in a qx rather than a q3 reference point, in which case a mediation function is needed to convert the former to q3 and the two functions should be at the same end-system for performance reasons. The same may be true for two related Operation System Functions (OSFs) as it has been the case in the VPCM system described in Section 5.4.5. Until recently, the capability to implement reference points locally through lightweight mechanisms while still maintaining the full logical separation of functions has not been possible in either research or commercial systems.
We have now designed and implemented such a mechanism in the OSIMIS platform. For the local communication of logical function blocks, we have chosen a shared address space as it provides the most efficient means of local communication. Considerations of domain sockets, TCP or RPC were abandoned as the cost of UNIX interprocess communication is rather high. Our solution relies in having the two or more local functional blocks operating within the same UNIX process, maintaining the CMIS API but avoiding to descend/ascend the OSI stack for local communication. The object-oriented nature of the OSIMIS infrastructure has enabled the introduction of such a facility with minimal only changes. In fact, separating or merging two or more functional blocks involves only a two line code change and relinking! Our first performance measurements show an order of magnitude reduction in access times, compared to two local blocks communicating over a full interface.
Kevin McCarthy, George Pavlou, Thurain Tin with D. Griffin (ICS) and P. Georgatsos (Alpha)
The efficient operation of a network relies on the maximisation of network throughput, whilst guaranteeing certain service characteristics. The routing policy used should be adaptive so as to cater for traffic and topological changes. Routing in ATM is based on Virtual Path Connections (VPCs). A route is the concatenation of VPCs from source to destination, where each VPC is a sequence of links that have been allocated a specific portion of the total link capacity. Since VPCs are defined by configurable parameters, these and the routes built from them can be configured on the fly by a management system in accordance to the current network conditions. A VPC and routing Management (VPCM) system is required to take advantage of the configurability of VPCs whilst ensuring that the network performance remains high during periods of changing traffic load. VPCM has both static and dynamic aspects; the initial VPC network and routing plan must be designed to meet the predicted demand, with dynamic updates due to the occurrence of unpredictable user behaviour.
The VPCM solution designed in the RACE ICM project is based on the integration of the Operation System Function (OSF) components listed below, into a layered TMN architecture. Generic functions for performance monitoring, load monitoring and configuration management on ATM networks are fully provided.
The ICM VPCM TMN is a very complex system that tries to address tomorrow's needs for VPC and routing management for multi-class ATM networks. It makes use of a truly hierarchical architecture and has stretched TMN architectural concepts to the limit, suggesting extensions for directory access and trading functions and necessitating the use of meta-management facilities. An early implementation was demonstrated in Brussels, with user interfaces connected to the TMN OSs in Basel over ISDN and showing the reaction of the management system in excessive load over particular VPCs, the load being generated from multimedia terminals.