SRI proposes to develop and demonstrate a tool, called Adaptive Network Controller and Reporting System (ANCORS), that will automate the assessment and control of changes to distributed network assets. ANCORS will run on the target network itself and will be used to predict the behavior and measure projected performance before proposed network changes are actually deployed. Through hybrid simulation/emulation of network performance and behavior semantics, ANCORS will automate the process of assessing and effecting a desired change to an active network that maximizes performance, resource utilization, and operational stability. ANCORS modules will be deployed throughout an active network infrastructure, and will perform live traffic simulations of desired changes to fielded network assets. A rich user interface will enable operators to express change scenarios and then gauge how these changes would affect network topology, timing semantics, recovery logic, load distribution, and data flow rules. Through a heuristic control subsystem, ANCORS will then allow operators to identify and implement the optimal change to the relevant network assets.
Management of network operation and evolution requires powerful simulation and planning tools for analysis and design of network infrastructure. Current tools, however, have limited capabilities.
- They operate separately and not in an integrated fashion.
- They run on dedicated hosts and use artificially generated traffic.
- Access to the tools is limited, and they do not support collaboration among multiple planners and analysts. For example, planners need to share a common model of the network to reach consistent results and enhance network utilization. Such sharing is not offered by today's tools.
These limitations restrict the usefulness of the current tools to relatively static military and commercial environments, in which a single network manager conducts all design efforts. This limits the ability of different groups, who share the network, to coordinate different plans.
Future networks will be large, extremely dynamic, and ever-changing, which will require a quantum leap in the capabilities of simulation and planning tools. Future activities in national security will increasingly rely on rapidly deployable forces that critically depend on reliable and uninterrupted flow of information. Likewise, electronic commerce, which is expected to expand at a fast pace, will require secure and reliable communications as an essential element. Both fields will require tools for dynamically configuring their communication, computing, and information resources to match the changing needs of the users. Simulation will be needed to help operators explore and select the optimal deployment and configuration of network assets. Such networks will need tools that can adapt their functionality, and scope and that can grow and change with the network itself:
- To generate results that accurately predict network behavior and performance, simulation and analysis must be closely tied to the actual, rather than on artificially generated, network and traffic conditions. To that end, the tools should run on the network itself, taking the actual observable traffic conditions into consideration.
- Before committing network-wide changes such as the alteration of the network routing algorithm, an operator may want to conduct simulation experiments that can predict the behavior of the network under the new algorithm without affecting network reliability. That is, analysis and design tools should be available to a wide range of network operators, who could act independently or in collaboration with one another.
- New vulnerabilities may be discovered that threaten the survivability of a network. Operators should be able to install countermeasures dynamically to match evolving threats. Here, too, simulation experiments are needed to test efficacy of planned security measures and ascertain tradeoffs between network performance and security.
While a complete replication of the real network to conduct stand-alone, off-line simulations is possible, replication may be extremely expensive and require significant development. SRI proposes to develop a tool called the Adaptable Network COntrol and Reporting System (ANCORS), to facilitate these tasks.
This figure depicts ANCORS components and their interrelation in achieving the desired functionalities. The simulation and monitoring layer, which is the primary research emphasis of this project, introduces the foundational technology upon which ANCORS will extend the Network Management paradigm to provide planning, performance, and stability assessment.
Data from the simulation and monitoring layer can be fed up to higher layers to first assess and then maintain optimal performance and stability of active networks. The simulation and monitoring layer is partitioned into three distinct parts:
- a behavioral simulation layer,
- a fault simulation layer, and
- a timing synchronization layer.
At the top of the hierarchy the control and assessment layers abstract relevant information that is fed up from the simulation and monitoring layer to
- assist a human operator in making network planning decisions to control the network in an optimal way and
- trigger autonomous network management mechanisms aimed at improving network performance and reliability.
SRI possesses in-depth technical knowledge that could be applied to significantly advance the control- and assessment-layer technologies within the context of active networks. However, for this project we plan to focus specifically on the simulation and monitoring layer to develop powerful basic technology that can be leveraged for the development of sophisticated network engineering and management. Our proposed distributed planning and simulation system will leverage existing network management (NM) technology and will introduce simulation as an additional network management service. This approach has several benefits with respect to traditional off-line simulation:
- it naturally supports reuse of both simulation software and network models,
- it is efficient because it can exploit the close correspondence of the simulation hardware and the simulated system,
- it reduces the scope of the research because it can utilize NM technology that is already available, and
- it provides a clear path for technology transfer.
The above Figure shows the system-level architecture of ANCORS' simulation and monitoring layer. In this layer ANCORS extends the functionality of NM systems by adding simulation and more flexible monitoring capabilities. In addition to a standard NM agent, in our new paradigm, each NM node has a simulation agent that maintains and instantiates a set of simulation models to describe the behavior of the network being managed. This network simulation management (NSM) agent simulates the subsystem that it manages in response to specific remote NSM messages. Each NSM agent has access to the local management information database (MIB) (maintained by conventional NM agents) and manages three distinct simulation models:
(1) a behavioral model that describes the semantics of the subsystem,
(2) a fault model that describes the behavior, in the presence of faults, and
(3) a timing model that synchronizes the distributed simulation and updates simulated time.
Separation of these three models is very helpful in that model complexity is partitioned into more easily manageable parts. Each model can be fine-tuned and experimented with in isolation from the other models.
Control and Assessment Layers
The control and assessment layers will be designed to accept streams of network data from either the behavioral and fault simulation agents or the live-traffic monitoring agents. By designing ANCORS control and assessment layers in this way, we can achieve software reuse of these layers and seamlessly integrate simulation and assessment with actual network monitor and control. At the assessment layer, ANCORS will perform two sophisticated analytical reviews of the network's data. The first is a heuristic review of elements within the data, specifically looking for metrics within the reported results that represent exceptional or unexpected behavior. Boundary results for the metrics are specified at the initialization of the data collection agents, and may be dynamically updated by an ANCORS administrator. The second form of assessment involves an adaptive learning algorithm that performs continuous statistical profiling of the network data.
The algorithms used to provide the heuristic assessment and the statistical profiling of network data will be adapted from the related SRI research effort in information survivability through the agent-based surveillance and automated response entitled ''Analysis and Response for Intrusion Detection in Large Networks`` (DARPA Contract F30602-96-C-0294). The output of the heuristic assessment and the statistical profiling engine is propagated to the ANCORS control layer, where these results are displayed for the administrator. In addition, the control layer will provide a sophisticated expert system decision engine capable of providing predetermined responses, given the receipt of various assessment results. The control agent will also be adapted from the research prototype developed in DARPA Contract F30602-96-C-0294. ANCORS's NSM will provide network planners a basis for establishing, prior to actual modification of network infrastructure or protocols, the impact of proposed changes to the network's ability to support various survivability properties.
Through modeling alterations in the operational semantics of a network element, including exception and response logic, an ANCORS simulator can use current network traffic to perform real-time prediction of local faults and vulnerabilities. Network planners will be able to query ANCORS for data that will allow them to address questions such as
- Given the removal or addition of a given network entity, is the network more or less susceptible to a particular failure?
- Will the given modification to the semantic models of the following network entities (e.g., the modification of a protocol in an active network) make the network more or less susceptible to a given failure?
- Given the occurrence of a known network failure and current traffic patterns, what network entities are most likely to have manifested the failure? (
- Given the following failure to a given network entity, which network entities are likely to experience failure as a result? What failures are they likely to experience?