Projecting advanced enterprise network and service management to active networks

R. Boutaba, A. Polyrakis
2002 IEEE Network  
he events in the area of computer networks during the last few years reveal a significant trend toward open architecture nodes, the behavior of which can easily be controlled. This trend has been identified by several developments [1] such as: • Emerging technologies and applications that demand advanced computations and perform complex operations • Sophisticated protocols that demand access to network resources • Research toward open architecture nodes Active networks, a technology that allows
more » ... hnology that allows flexible and programmable open nodes, has proven to be a promising candidate to satisfy these needs. Active networks (AN) [1-3] is a relatively new concept, emerged from the broad DARPA community in 1994-95. In AN, programs can be "injected" into devices, making them active in the sense that their behavior and the way they handle data can be dynamically controlled and customized. Active devices no longer simply forward packets from point to point; instead, data is manipulated by the programs installed in the active nodes (devices). Packets may be classified and served on a per-application or per-user basis. Complex tasks and computations may be performed on the packets according to the content of the packets. The packets may even be altered as they flow inside the network. Hence, AN can be considered active in two ways [2] . First, the active devices perform customized operations on the data flowing through them. Second, authorized users/applications can "inject" their own programs into the nodes, customizing the way their data is manipulated. Due to these features of AN, an open node architecture is achieved. Custom protocols and services can easily be deployed in active nodes, making the network flexible and adaptive to users' and the network/service administrators' needs. Architecturally, AN can be divided into discrete (or programmable), and integrated (or encapsulated) approaches [1, 4] . The main difference between those two approaches is that in the former, programs are sent to active nodes through separate out-of-band channels, while in the latter the code is embedded in data packets. This imposes some differences in the capabilities of the two approaches. The programmable approach seems more appropriate for cases where administrators want to modify the behavior of nodes (e.g., by replacing a protocol or installing a new service). The integrated approach seems more efficient when the network applications require advanced computations or customized manipulation of their packets by the network nodes. In both approaches, though, the architecture usually defines some basic primitives in the active nodes that provide critical or commonly used functions such as packet manipulation, access to the environment of the node and navigation schemes, scheduling, and storage. An important aspect in the deployment of AN is security and safety, since the open architecture of active nodes makes them vulnerable to malfunctions of the code executed on them and attacks [2] [3] [4] . Several techniques have been proposed in order to ensure data and code security and operational safety: authentication of users; safe execution environments and restricted sets of operations; inspection of the integrity of the code; restriction to programs downloaded by trusted servers; and restricted and authenticated access to resources. Abstract Active networks is a promising technology that allows us to control the behavior of network nodes by programming them to perform advanced operations and computations. Active networks are changing considerably the scenery of computer networks and, consequently, affect the way network management is conducted. Current management techniques can be enhanced and their efficiency can be improved, while novel techniques can be deployed. This article discusses the impact of active networks on current network management practice by examining network management through the functional areas of fault, configuration, accounting, performance and security management. For each one of these functional areas, the limitations of the current applications and tools are presented, as well as how these limitations can be overcome by exploiting active networks. To illustrate the presented framework, several applications are examined. The contribution of this work is to analyze, classify, and assess the various models proposed in this area, and to outline new research directions. T T
doi:10.1109/65.980542 fatcat:t7f5wej3onhgzmei77g6ghjruy