How Network Monitoring Could Be Like Fishing

Researchers at Northwestern University have published details of network management software that identifies real or potential problems in the same way anglers search for fish—by looking for the effect they have on other things, not necessarily looking for the things themselves.

A game fish that bites at small fry could end up floating in the center of an expanding target, if the baitfish flips above the surface just long enough to create a ripple that spreads out hundreds of yards in every direction.

“A fundamental property of networks is that a perturbation to one node can affect other nodes, potentially causing the entire system to change behavior or fail,” according to Adilson E. Motter, who supervised research on a follow-the-ripples technique published as “Realistic control of network dynamics” in the journal Nature Communications.

“We have turned this principle on its head for something positive: to control network behavior,” he added in a statement announcing the publication.

Complex enterprise networks can be difficult to manage, because the search functions and control mechanisms in most networking software follows a linear train of logic rather than looking for anomalies as well as for particular targets. “It is in principle much simpler to manipulate linear dynamics” such as the linear models of most networking software, according to the paper’s lead author Sean P. Cornelius.

Neither networks nor the behavior patterns of fish are linear, so anglers and network managers alike will get skunked poking around potential hunting grounds rather than looking for the ripples of things affected by things that were affected by whatever caused the original problem.

The new technique is a computational model that collects alerts or updates caused by small problems or conflicts on individual devices across the network. It also takes advantage of the relationship that allows even small changes to one network service or device to create a disproportionate reaction, even when it is carried by (or affects only) a fraction of the nodes in the network: the model extrapolates a meaning for even small events, and traces them back to their origin. On a particular machine—or one nearby—researchers can make a small change that creates the same kind of ripple as the original tip-off, but moving from the network manager out across the network to a single piece of troubled hardware; or to create small changes in the configuration of dozens of network nodes that collectively add up to a major alteration.

The team also applied the technique to a model of power-grid networks, in which generators have to be perfectly sync’ed with one another to avoid collisions or conflicts that could reduce the efficacy of both.

By manipulating only a relatively small percentage of the configuration variables available, the software was able to deliver messages to problem nodes even when a tree or telephone pole or other disaster had physically blocked or downed one part of the network.

Even though it relies on disproportionate reactions and on small notices to have more impact than large ones, the network-monitoring framework is able to poll other nodes on the network until they learn enough to identify the end-user machines that provoke the largest reaction and obedience of other network nodes.

By contrast, network- and applications-management software usually functions either by installing client software in each managed device, or allowing the software to send out its own queries and information for either asset management or to gather data required to recommend any changes to the network.

“This [framework] can be one node out of tens or hundreds or thousands of nodes, depending on the application,” Motter said. “In treating a disease, for example, doctors cannot directly control all of the many thousand genes in a cell, but we can hope to influence them indirectly by manipulating a few key genes that will then influence the others.”

Because it focuses on behavior within a population of targets to be monitored, however—and doesn’t rely on a specific network-management protocol to contain, maintain or reconfigure individual nodes on the network—the mathematical model can be used as easily to paint a picture of the current behavior and likely chain of disorder that will lead to a major reaction.

The framework and mathematical models behind it have not been turned into a product yet, and may not be. The framework and mathematical models on which it is based are only at the research stage.  Because the method of investigation can be applied to many different types of application, it’s not even certain the technique will show up in network management software.

 

Image: Alex011973/Shutterstock.com

Post a Comment

Your email address will not be published.