next up previous
Next: Environmental awareness Up: Global policies Previous: Global policies


Policy migration and replication

An interesting property of the DLA support as discussed in section [*] is that it allows the DLA itself to push loadable code into other MCAs. This follows from the fact that starting loadable code is part of the secondary interface of the Sandman MCA where the secondary interface is publicly accessible. So, in a multi-domain network, the code is capable of sending DLAs across the wire which will then be run in the remote MCA. Using this mechanism the DLA is also able to migrate or replicate itself across a larger network (see Figure [*]). Note that the various incarnations of the DLA distributed over the network, as well as different DLAs are still able to communicate.

Figure: Policy migration
\includegraphics[width=3in]{migr.eps}

It can be argued that a network operator running a MCA in a particular administrative domain will probably not want to allow code from applications in very different administrative domains to be loaded inside the heart of its MCA. Nevertheless, we feel that there are advantages in doing precisely this and that there is no intrinsic risk in doing so (provided the security issues described in section [*] are addressed).

But even if we accept that DLAs are not allowed to spread across multiple administrative domains, this does not mean that they are not allowed to spread over multiple MCA domains, as these are very different things. MCA domains only consists of an instantiation of the MCA together with one or more switches they control. In fact, the most common MCA domain consists simply of a traditional switch controller on a single switch. Therefore, there will generally be multiple MCA domains in a single administrative domain (which could be as large as a department). In this respect, the Sandman MCA is only different from traditional MCAs in that it offers a choice of how many switches one wants to associate with the MCA domain. This could be a single switch as in traditional systems, or small clusters of three or four switches. This is illustrated in Figure [*]. Within the (fairly large) administrative domain, it is then perfectly permissible to have DLAs cross MCA domain boundaries.

Figure: Policy migration
\includegraphics[width=2.35in]{migr.eps}
Figure: Domains and boundaries
\includegraphics[width=2.35in]{domains.eps}

Figure: Administrative domain consisting of 5 MCAs
\includegraphics[width=3in]{domains.eps}


next up previous
Next: Environmental awareness Up: Global policies Previous: Global policies
Herbert Bos
2001-12-11