Analysis: Dirty DEN tackles the network beast

In the past decade, there has been no single development that delivered a 'silver bullet' improvement in network efficiency, reliability or simplicity.

While hairy Gothic creatures of film lore can be killed easily, the monster of network complexity has proved a much tougher opponent.

The latest so-called silver bullet is directory-enabled networking (DEN).

Vendors say DEN will allow managers to drive network behaviour from top to bottom and end to end.

Network resources have to support key business processes through consistent, high-level rules, to automatically assign the right network resources.

Developments that might contribute to this vision have arrived on the scene, including standards such as LDAP, COPS, IntServ, IEEE 801.2P/Q, RSVP and DiffServ. These standards specify enabling technologies which allow communication of prioritisation and bandwidth allocation between devices.

Policy-enabled DEN networking is a hot topic, but can it solve the problem that network vendors created in the past? The champions of network devices - particularly but not exclusively their vendors - say it will fix the existing failings of systems.

Their claims, however, must be taken with a pinch of salt: network managers have heard it all before. Virtual Lans were hailed as the future of networking as far back as 1996 and before that, it was going to be ATM and X.25.

It remains to be seen whether DEN and other developments will really answer network managers' prayers or whether, like so many promising technologies before them, they will be consigned to the dustbin of networking history.

Accidents will happen

A network performs two kinds of tasks: essential and accidental. Accidental difficulties are those that exist, but are not inherent in the technology.

Issues surrounding the abstraction of the physical network into frameworks, such as the ISO Reference Model, and its mapping onto network devices within throughput and latency constraints, are accidental. The essential difficulty lies in fashioning the abstractions themselves.

The hardest part of designing a virtual network is the specification, design and testing of the conceptual, abstracted network, rather than the labour of installing cabling and network devices and testing its connectivity. Many strides have been made design-wise in solving the accidental difficulties of networking, including repeaters, bridges, routers, gateways, TDM, ATM, ATM QoS, Ethernet, Token Ring, switched Ethernet, IsoEthernet, 3Com PACE, IEEE 801.2P/Q, Gigabit Ethernet, RMON, RMON2, Layer 4 switching and VLans.

While each innovation is beneficial, the gains were made against the accidental difficulties of networking rather than the essential ones. It is generally accepted that most network managers spend more than 90 per cent of their time dealing with the accidental tasks of network design. The gains do not add up to a great improvement in the network design crisis.

With DEN, if the abstraction is to be considered qualitatively superior, the issues are how far network elements can be differentiated from their management, how far the network can be abstracted, and how it is an improvement on what has gone before. Separation of the control (management) layer from the physical (devices) layer is key to the practical implementation of DEN.

Vendors are claiming DEN can provide many things, including the ability to embed intelligence in the network element, use of desktop directories, the generation of service-level agreement reports, extending behaviour to the network edge through agents. But none of these is core to the DEN approach. A network element is treated much like it is in network management, except that it only refers to a directory for limited information about user or network behaviour. It is not so much the features that are different, but the role each plays in management.

If we accept this argument, DEN appears to be an empty promise. After all, it is not much more than existing network management technology, which has so far failed to automate problem solving.

DEN may improve the representation of network management. But with multi-level feedback and feed-forward mechanisms, it can address some of the essential difficulties of networking as well as the accidental ones. So, it is not yet the magic silver bullet, but challenges existing network management on the basis of its breadth.

To tackle the biggest problems, DEN must attack the fundamental network design. The implementation that will succeed is the one that has problem-solving capabilities which correspond to the physical and abstracted network elements.

This will require devices that interface with the management software information that allows them to be used properly. Each device will need to co-operate with other network elements in a problem-solving architecture.

We can then use the information to model the network: to capture just how complex the problem is and resolve it using appropriate automated heuristic techniques. The abstraction of any network must be traceable to the detailed model of the network, to check that the system conforms to its environment.

If DEN has a future, it must go beyond management to incorporate automated problem-solving techniques and focus on the characteristics of each network.

This view of DEN may seem pessimistic. What is needed is a sustained combined effort on several fronts, over a long period, to alleviate the network management crisis. The focus needs to be on the overall network, rather than a single technical solution that solves accidental problems of network representation currently performed by management software.

A single network vision

The key factors in DEN are about process, not products. A word of caution is necessary, if only to help DEN vendors manage expectations. The vision, expounded in sales and marketing presentations and in promotional white papers, is of a single network assembled from elements chosen and bought from a commodity market, and managed as a single entity.

An analogy can be drawn with the manufacturing industry. The industrial revolution moved production from the cottage to the factory floor by identifying, specifying, partitioning and automating the manufacturing processes. In industry, processes are broken down into a number of separate, detailed processing steps.

For example, transforming wire into a needle involves 72 steps. If we understood the behaviour of large networks - and, with respect to DEN, large abstracted networks - we would be closer to automating them. Managing a network would then be closer to controlling a factory production line for Mars bars.

Network management of large systems will remain mysterious as long as their behaviour remains a mystery. The industrial revolution for network management is not here and DEN is not a silver bullet. There isn't one.

Still, incremental developments might make each full moon a little less scary for network managers.

THE ESSENCE OF DEN

The success of DEN is influenced by the overall design of the network, as well as its management. Factors to consider are:

- Real-time (or near real-time) RMON and SMON

- Whole-packet processing by switches

- Automated user identification, registration, authentication and profile generation

- Good network designers.