Network applications such as FTP, WWW, Mirroring etc. are presently operated with little or no knowledge about the characteristics of the underlying network. These applications could operate more efficiently if the characteristics of the network are known and/or are made available to the concerned application. But network characteristics are hard to come by. The IP Performance Metrics working group (IETF-IPPM-WG) is working on developing a set of metrics that will characterize Internet data delivery services (networks). Some tools are being developed for measurements of these metrics. These generally involve active measurements or require modificationsin applications. Both techniques have their drawbacks. In this work, we show a new and more practical approach of estimating network characteristics. This involves gathering and analyzing the network's experience. The experience is in the form of traffic statistics, information distilled from management related activities and ubiquitously available logs (squid access logs, mail logs, ftp logs etc. ) of network applications. An analysis of this experience provides an estimate of the characteristics of the underlying network. To evaluate the concept we have developed and experimented with a system wherein the network characteristics are generated by analyzing the logs and traffic statistics. The network characteristics are made available to network clients and administrators by Network Performance Metric (NPM) servers. These servers are accessed using standard network management protocols. Results of the evaluation are presented and a framework for efficient operation of network operations, using the network characteristics is outlined.

The advent of mobile IP communication has opened up several new areas of mission critical communication applications. But the bandwidth and reliability constraints coupled with handover latency are posing some hurdles which need to be overcome before real world mobile IP applications, with low tolerance for data loss, can be deployed. In this paper, we analyze the unreliability of existing information collection methods in the real-world MobileIP environment. We focus on this problem and propose a novel network management model that anticipates the wireless mobile entities and uses SNMP. The key idea of this model is the introduction of a store-and-forward type Managed Object (MO). During the period of unreachability between the Manager and the agent, the data is cached at the agent until the connectivity recovers. In our experiment we used a prototype implementation in real-world wireless communication field, and showed the effectiveness of our proposed method.

Network traffic contains many symptoms of various network faults. Symptoms of faults aggregate and are manifested in the aggregate traffic characteristics generally observed by a traffic monitor. It is very difficult for a manager or an NMS (Network Management Station) to isolate the symptoms manifested in the aggregate traffic characteristics. Especially, transit networks, like a backbone network, deal with many types of traffic. So, symptom isolation must be efficient. In this paper, we propose a powerful algorithm for symptom isolation. This algorithm is based on the popular SNMP-based RMON technology. Using dynamically constructed aggregate, fresh symptoms can be isolated efficiently. We apply the algorithm to two operational transit networks which connects some LANs and WANs, and evaluate it using trace data collected from these networks. The results show a significant improvement in the fault management capability and accuracy. Furthermore, the characteristics of fault symptoms and the various factors for effective system configuration are discussed.

To design and develop user-oriented, flexible and distributed applications which can deal with various users' requirements, new technologies to manage, control and utilize the services of communication networks have to be provided. In this paper, the current challenges faced by large-scale distributed applications are discussed and a framework for the next generation network operation and management is presented on the basis of agent-based computing technologies. Examples of flexible distributed applications are presented to clarify the role of application-centric flexible network operation and management.

In a distributed network management environment, a NMS (Network Management Station) interacts with several agents in different sub-networks. In the network fault management context, the NMS detects symptoms that indicate some abnormality e. g. a surge in ICMP traffic, which may be caused by some network malfunction or misuse. The occurrence of a symptom is an event. Large number of events may be detected by an NMS. The sheer number of these events makes it difficult, if not impossible, for an NMS to diagnose these events. Generally, a fault may have a cascading effect which may, in turn, give rise to a very large number of events. The sequence of events and their correlation play an important role in fault management and diagnosis. In the distributed environment of todays networks, the absence of any uniform time for reference makes this a challenging task. In the present network management framework of SNMP, a Manager maintains a notion of the clock of the agent it interacts with. But this mechanism is inadequate to determine the sequence of events and their correlation, more so, in a distributed environment which may involve several managers. In this paper we propose a mechanism for ordering and correlating events detected in large-scale network which is managed in a distributed manner within the SNMP framework. Our algorithm uses the concept of a Network Management Clock (NMC). The NMC is a virtual clock maintained by a manager based on sysUpTime readings from each SNMP agent. In this paper, the algorithm, its implementation and evaluation will be discussed.

The progress of multimedia applications for education, research, social welfare and commerce is generating a lot of interest in the potential of a combination of satellite networking and Internet technology. The combination is particularly attractive as a low cost solution in regions which are large and sparsely populated. In 1991, aiming at networking the Pan-Pacific region, the PARTNERS (Pan-Pacific Regional Telecommunications Network Experiment and Research by Satellite) project was initiated. In this project, the major target was to construct a satellite-based network infrastructure to support education, research and so on in the Pan-Pacific region. As a part of PARTNERS the MEISEI-NET (Multimedia EducatIon System using satellite ETS-V and InterNET) project was started to evaluate the utility of satellite networking for education and reserch and, to investigate the feasibility of expanding the reach of the Internet using the PARTNERS infrastructure. MEISEI-NET focussed on (1) low start-up cost, (2) open access to the rich information resources on the Internet, (3) use of network to support education and research, and , (4) development and distribution of software for MEISEI-NET users. The construction of MEISEI-NET will be detailed followed by a report on its usage and the effects of this network. To support and manage MESEI-NET operations, we developed and deployed SNMP-based intelligent network management system. It offered fault detection and notification. This made the MEISEI-NET robust and practical despite of the satellite's (ETS-V) drift-problem. Students and researchers of universities from different countries participated in and benefited from MEISEI-NET until March 1996.

In this paper we examine the architectural and operational design issues of a practical network management system using the Simple Network Management Protocol (SNMP) in the context of a large-scale OSI-based campus-network TAINS. Various design aspects are examined and the importance of time-management is elicited. In the proposed design, intelligent, time-synchronised agents are deployed to collect information about the network segments to which they are attached. The manager talks to the agents and gathers relevant network information. This information is used by the expert network manager, in conjunction with a network knowledge base (NKB) and a management information knowledge base (MIKB) , to reconstruct the overall network-traffic characteristic, to evaluate the status of the network and to take/suggest some action. This model is particularly useful in networks where some global control, monitoring and management is desired and installing agents on all elements, connected to the network, is impossible. The use of time labels and narrow time windows enables the manager to obtain a reasonably accurate picture of the network status. The introduction of time-labelled composite objects in the Management Information Base (MIB) provides a means of reducing the load of management-related traffic on the network. The MIKB containing a logical description of the behaviour of the managed objects defined in the MIB, drives the expert system and provides the knowledge of general nature that a human expert has about networks. The proposed MIKB concept provides a very convenient schema for building the knowledge base in an expert network management system. Further since the MIKB is MIB-specific, it can be used in network management systems for managing similar MIB's.

Internet communication is increasingly becoming an important element in daily life. Keeping this network safe from malicious elements is an urgent task for network management. To maintain the security level networks are generally, monitored for indications of usage with ill-intentions. Such indications are events which need to be collated, correlated and analyzed in real-time to be effective. However, on an average medium to large size network the number of such events are very large. This makes it practically impossible to analyze the information in real-time and provide the necessary security measures. In this paper, we propose a mechanism that keeps the number of events, to be analyzed, low thereby making it possible to provide ample security measures. We discuss a real-time Intrusion Detection System (IDS) for detecting network attacks. The system looks out for TCP ACK/RST packets, which are generally caused by network scans. The system can extract the tendency of network flows in real-time, based on the newly developed time-based clustering and Dynamic Access Tree creation techniques. The algorithm, implemented and deployed on a medium size backbone network using RMON (Remote MONitoring) technology, successfully detected 195 intrusion attempts during a one month period. The results of the pilot deployment are discussed. In this paper, the proposal, implementation and evaluation will be described.

The up and coming multimedia services are based on real-time high-speed networks. For efficient operation of such services, real-time and precise network management is essential. In this paper, we show that presently available MIB designs are severely inadequate to support real-time network management. We point out and analyze the management constraints and bottlenecks. The concept of quality of management of management information is introduced and its importance in practical network management is discussed. We have proposed a new MIB architecture that will raise the quality of management information to meet the requirements of managing high-speed networks and multimedia services. Experimental results from a prototype implementation of the new MIB architecture are presented.

Online and realtime traffic summarization is a challenge as, except for the routine cases, aggregation parameters or, the flows that need to be observed are not known a priori. Dynamic adaptive aggregation algorithms adapt to the network traffic to detect the important flows. But present day algorithms are inadequate as they often produce inaccurate or meaningless aggregates. In this work we propose a Dynamic Constrained Adaptive Aggregation algorithm that does not produce the meaningless aggregates by using information about the network's configuration. We compare the performance of this algorithm with the erstwhile Dynamic (Unconstrained) Adaptive Aggregation algorithm and show its efficacy. Further we use the network map context that shows the network flows in an intuitive manner. Several applications of the algorithm and network map based visualization are discussed.