A LODES agent consists of four components: Network OBServer (NOBS), Network Packet Sender (NePS), Local Network Diagnostic System (LND), and Communication handler for a local expert system (Chales). Their roles are described in the following table. During diagnosis, these components run simultaneously and cooperatively. Communication between these components is achieved with UNIX socket interfaces.
Component Function NOBS NOBS continuously monitors flowing packets and reports statistical data to network managers when requested. According to knowledge on problem detections, NOBS can detect problems and indications of problems by analyzing flowing packets. NePS NePS can build any type of packet and send it to any host. This is usually used for sending test packets or for simulating network flows. LAND LAND is the main component in LODES. LAND has protocol and diagnostic knowledge, and it can diagnose problems in internetworks. In diagnostic processes, LAND controls other components. Chales Chales works as a buffer for communications with other LODES agents (all diagnostic processes are run asynchronously).
The required diagnostic system must be distributed, since networks offer a physically and functionally distributed environment. The cause of a link-level problem is sometimes located in a remote network. Analysis of packets collected in the remote network gives essential information to the diagnostic system. Two methods for achieving this have been proposed.
(1) Each network has a program which collects packets and sends them to a certain centralized diagnostic system.
(2) Each network has a diagnostic system which isolates the problem singly or in cooperation with other systems, depending on the nature of the problem.
Although the development cost of the method (1) is low, it has a number of disadvantages. First, sending many collected packets to another network increases the work load of networks and IP routers. Furthermore, since transmission of IP packets over narrow-band media is very slow, sending collected packets is not an acceptable method in this case. Second, the centralized diagnostic system must know all the IP addresses, routing tables, host information, etc. for diagnosis, but generally centralized management of this data is problematic. Actual network management is distributed to avoid the difficulties of centralized management. Finally, sending packets without encoding to another network is dangerous, because they may contain important data such as passwords. Method (2) may be a little expensive, but only the results of analysis are sent to another system, reducing the amount of communicated data. The other problems with (1), described above, are also all solved simply. Thus, the required diagnostic expert system must be distributed and cooperative.Back to the LODES top page