IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 23, NO. 10, OCTOBER 2005 2049 An Active Model-Based Prototype for Predictive Network Management Stephen F. Bush and Sanjay Goel Abstract—If current trends continue, the next generation of enterprise networks is likely to become a more complex mixture of hardware, communication media, architectures, protocols, and standards. One approach toward reducing the management burden caused by growing complexity is to integrate management support into the inherent function of network operation. In this paper, management support is provided in the form of network components that, simultaneously with their network function, collaboratively project and adjust projections of future state based upon actual network state. It is well known that more accurate predictions over a longer time horizon enables better control de- cisions. This paper focuses upon improving prediction; the many potential uses of predictive capabilities for predictive network control will be addressed in future work. Index Terms—Atropos, network management, network predic- tion, simple network management protocol (SNMP). I. INTRODUCTION I T IS AN ACCEPTED tenet in system management that greater complexity leads to greater overhead and higher rates of failure. This will be an increasing problem as en- terprise management systems become more complex due to rapid advances in more specialized communication media and protocols. To provide a robust network, it must be self-aware; it should sense anomalies in order to correct and protect itself through local interactions. This should be done as an inherent feature of network operation. The focus in this paper is on a framework for distributed projection of management variables, irrespective of implementation. The definition and goal of proactive network management used in this paper is the precise projection of faults as soon as possible before they occur. Atropos has been implemented in an active network [5], which provides a framework for code within packets to exe- cute upon intermediate network nodes. Atropos is a prototype system; an actual production system may use any number of possible alternative implementations. The insight gained into relative increase in speedup and lookahead, as well as prediction accuracy versus overhead, lacking in the current literature, is addressed here. A less flexible implementation in legacy systems might be achieved by building dedicated network component models directly into legacy network de- vices such as today’s routers. However, these models would be immobile, not easily updated or removed, most likely requiring Manuscript received May 25, 2004; revised April 14, 2005. S. F. Bush is with General Electric Global Research, Niskayuna, NY 12309 USA (e-mail: bushsf@research.ge.com). S. Goel is with the School of Business, University at Albany, State University of New York, Albany, NY 12222 USA (e-mail: goel@albany.edu). Digital Object Identifier 10.1109/JSAC.2005.854108 the network device to be taken down when models are changed or updated. It would be very difficult for nonactive systems to transmit models within the network in a dynamically changing algorithmic form. A better mechanism for using Atropos to manage legacy networks would be to provide an active network overlay capable of monitoring legacy nodes. Atropos could reside in the active network overlay providing a predictive management service for the legacy network. This has the added benefit of preparing the legacy network for transition to a fully active network. While details of a particular use for predictive management is outside the scope of this paper, examples of potential control de- cisions using predictive management capability include mobile wireless location management [7] and network security [4]. An Atropos load projection model allows resources and routing to be better managed by anticipating traffic in order to optimize load distribution within the network. This framework allows “What if…?” scenarios to become an integral part of the net- work. Finally, Atropos-enhanced components are enabled with the ability to protect themselves by taking proactive, evasive ac- tion, such as migrating to safe hardware before anticipated dis- aster occurs. The most significant contribution of this paper is evaluating the ability of the Atropos prototype to couple distributed and parallel simulation with network operation. A prototype frame- work is proposed into which code representing network compo- nent models can be injected. The models operate in a distributed manner, simulating ahead of the real network, but with con- tinuous verification and correction based upon actual network state. In optimistic logical process synchronization techniques, e.g., time warp [15], [21], causality can be relaxed in order to trade model fidelity for speed. The framework introduced here relaxes prediction accuracy for speed. If the system that is being simulated can be queried in real time, prediction accuracy can be verified, and measures taken to keep the simulation in line with actual performance. Section II presents a review of the relevant literature. Section III describes the Atropos system and its architecture. Section IV provides a detailed analysis of different Atropos components, as well as its operational behavior. Section V provides a summary of the paper along with the future research direction. II. LITERATURE REVIEW Previous work in prediction of communication network re- sources has been motivated by requirements to support adap- tation of distributed applications. In order for an application 0733-8716/$20.00 © 2005 IEEE