The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Contemporary computer networks have developed increasing complexity and require regular and active management. Such networks may comprise large numbers of routers, switches, gateways and other active elements of network infrastructure. Traditionally, network management has been accomplished using a network management station (NMS) that communicates with one or more network elements, issues requests to the network elements, and obtains data values from the network elements. The requested data is evaluated by network management personnel, who may elect to send commands or issue re-configuration information to the network elements.
A drawback of this approach is that the NMS must have access to all network elements that it manages. When the NMS forms part of a private network such as a corporate LAN or WAN, this issue is not a significant factor because the NMS may be configured within the same security domain that includes the network elements. However, many networks are now owned, operated and/or managed by managed service providers (MSPs) that are physically or logically separate from the business enterprise or other party that actually uses the networks. An MSP is a network service provider, often a traditional ISP or telecommunications company, that manages a network for another party.
In this scenario, one MSP may need to manage multiple networks that are used by different business enterprises. Each of the networks is maintained as a separate secured environment by the business enterprise, which typically closely guards the security of its network. One security technique often used in this environment is private network addressing, in which the business enterprise and not the MSP assigns private network addresses to the network elements. Consequently, the MSP may not know the addresses that are in use at the time that the MSP needs to perform a management operation. Another common security technique involves deploying a firewall to screen messages directed into the private network. The Simple Network Management Protocol (SNMP) is commonly used for sending management requests, but firewalls may be configured to block SNMP requests from outside entities. Further, even when SNMP can be used, typically it cannot be used to retrieve sufficient information for evaluation at the management point. As a result, the MSP has difficulty “reaching into” the managed network to retrieve configuration information, to retrieve information not supported by SNMP, or to issue commands. It may be impractical for the MSP to require its customers to cease using dynamic addressing schemes.
Moreover, network users and MSPs have developed increasing interest in deploying self-managing network elements. While some degree of management always will be required, network users and MSPs are seeking to make networks more autonomous by reducing the amount of human intervention involved in acquiring information from a network, determining the meaning of the information, making decisions about the information, and translating the decisions into management actions that are performed in the network. It would be undesirable if the MSP had to use a “truck roll” or locally deployed MSP technician, interacting with local support staff, for obtaining the needed information, determining that faults have occurred, or implementing changes in the managed network.
Still another issue relates to difficulties in sending out diagnostic information from a device. For example, a device may generate and send an alarm upon the occurrence of an alarm condition. However, a remote device or management system may encounter difficulty in diagnosing the cause of the alarm occurs, because at that time, the device may no longer be reachable, or reach-through is performed not timely and unnecessarily delays troubleshooting and diagnosis. Therefore, transmittal of all pertinent information at the onset of a major problem, as defined through a user policy, is required, that allows decisions to be made at a remote network operations center without need for further on-site intervention.
No prior approach is believed to provide device-initiated network management. Such prior approaches that are lacking in one or more respects include policy-based management, automatic update system that are used, for example, in computer operating systems, and alarm correlation. Device announcement protocols have been provided in the products of Stratacom and in Ungerman-Bass switches, but these have been impractical to use in large networks containing thousands of network elements. The Cisco Discovery Protocol is a known method of discovering devices in a network, but for success all such devices must be CDP-compatible, which is not true in large, heterogeneous networks.