IEN 32
Section 2.3.3.12

Title: Catenet Monitoring and Control: A Model for the Gateway Component

Author: John Davidson  [Davidson@BBNE]

Note: This document contains figures which are not included in this on line
version, the figures may be obtained in hardcopy from the author.


                 CATENET MONITORING AND CONTROL:

                A MODEL FOR THE GATEWAY COMPONENT

                          John Davidson

                  Bolt Beranek and Newman, Inc.

                             IEN #32

               Internet Notebook Section 2.3.3.12

                         April 28, 1978

                 Catenet Monitoring and Control:

                A Model for the Gateway Component





1.  INTRODUCTION


     At the last Internet meeting,  some  concern  was  expressed

that  we don't have a real "model" for what a gateway is, what it

does, and how it does it, and that without such  a  model  it  is

somewhat  dificult  to  describe  the  kinds  of activities which

should be monitored or controlled by  a  Gateway  Monitoring  and

Control  Center  (GMCC).   To  respond  to  that concern, we have

written this note to express our recent thoughts about a  gateway

model.  Although the note centers primarily around the topic of a

gateway  model,  we  have  also  included  a  few  thoughts about

possible  models  for  the  other   components   of   a   general

internetwork structure.

     The  note  proceeds  as  follows.   In  Section  2 we try to

establish a reason for wanting a model of  a  given  internetwork

component, and present a brief overview of the potential benefits

of   Monitoring   and  Control.   This  presentation  is  largely

pedagogical since it is assumed that this document  will,  for  a

while  at least, be the only introduction to the topic available.

     In Section 3 we discuss the fundamental kinds of  activities

which  must  be  performed  by any internet component if it is to

participate in Monitoring and Control.  This section  establishes

motivation  for  some  of the mechanisms discussed in the rest of

the paper.

                              - 1 -

     In Section 4 we discuss the roles  which  the  hosts,  local

Packet  Switching Networks (PSNs), and the Gateway Monitoring and

Control Centers (GMCCs)  may  have  to  play  in  Monitoring  and

Control for the internet.

     Then,  in  Section  5,  we  finally  begin  to  discuss  the

principle  characteristics  of  a  possible  gateway  model.   We

examine first a list of practical constraints which influence the

way  in  which  the  model  is being designed, and then, suitably

constrained, we begin the task of developing the model itself.  A

complete modelling has not yet been performed, and is  likely  to

take  quite  a  while  to  complete.  Section 5, however, gives a

suitable indication of  the  way  in  which  the  model  will  be

developed,  and  of  the alternative interpretations available to

gateway designers who pattern  their  implementations  after  the

model.


























                              - 2 -

2.  CONTEXT F OR MODELING

     It  is  assumed  that  gateways  exist to make communication

possible between hosts on different packet switching networks. In

this regard, they actually serve to make a single network out  of

several diverse, disjoint networks.  Thus gateways can be said to

form  the  nodes  of  a  super-network,  called  a Catenet, whose

"links" are the individual packet switching networks,  and  whose

"hosts"  are simply the individual hosts of the constituent PSNs.

As the nodes of this super-net, the gateways will be  responsible

in  part  or in whole for tasks like routing, fragmentation, flow

control,   reassembly,   retransmission,   and    perhaps    data

transformation  (e.g. encryption/decryption), access control, and

even authentication.

     We can assume that there are benefits  to  be  derived  from

having  the  Catenet  operate in a coordinated fashion.  However,

coordination is not achieved by default, because the  Catenet  is

being  constructed  in  pieces, with each piece potentially under

the control of a distinct administrator, each gateway implemented

in a unique processor, and each program conforming to a different

programmer's view of the workings of a gateway.


     The  Internetworking  group  brought  together  by  ARPA  is

serving as the coordinating authority for the development of many

of  the  components  of  the  Catenet.   To  make  the  important

administrative and technical decisions  associated  with  Catenet

construction, however, this group must be provided with technical

inputs.   Many of these inputs can come from theoretical studies,



                              - 3 -

protocol  investigations,   and   pre-construction   experiments,

modeling,  and  simulation  during  Catenet development.  But the

most important source of technical inputs will ultimately be  the

Catenet  itself.   If the true operational characteristics of the

net  can  be  readily  (and  continually)  determined,  then  the

administrative   issues   associated   with  Catenet  performance

(questions like "why is the throughput not as  predicted",  "what

components  are  proving unreliable", "should the net be expanded

or reconfigured", etc) can be adequately resolved  by  appeal  to

the  recorded  statistics;   collection  and  recording  of these

operational statistics form a part of what we refer to as Catenet

"Monitoring".  Also, since the  Catenet  will  sometimes  be  the

"target"  of  the  Internet  group or ARPA administrative policy,

then, insofar as policy affects the operation of  the  net  (e.g.

such  "policy"  decisions as "failed components should be dumped,

reloaded, and restarted ASAP"), technical tools must be  provided

which  help  implement  the  policy;  these kinds of tools form a

part of what we refer to as Catenet "Control".  (Some readers may

prefer to think of this as "Coordination" rather  than  "Control"

which unfortunately may carry other undesirable connotations.)

     In  order to be able to Monitor and Control the operation of

the Catenet in accordance  with  administrative  policy,  in  the

presence of the diverse component implementations, some model for

the  network  as a whole should be developed.  Futher, models for

each of the component types  (gateways,  packet  switching  nets,

hosts)  should  be developed.  These model implementations should

then  be  instrumented  in  a  way  that  makes  it  possible  to


                              - 4 -

accumulate  the  technical  inputs  and to effect the operational

policy  desired  by  Catenet  administrators.    If   the   model

implementations  are appropriately general, then it is reasonable

to dictate that individual implementations adhere to these  basic

models.


     BBN is currently pursuing the development of a model for the

gateway  component  of the Catenet.  In particular, we are trying

to define how the model should be  instrumented  to  provide  the

appropriate  kinds  of Monitoring and Control capabilities.  Most

of the capabilities we think are needed are similar  in  function

to  the  capabilities  already  developed for the ARPANET and its

Network Control Center, NCC.  We are proposing, and in fact  have

actually  begun,  the  construction  of  a Gateway Monitoring and

Control Center (GMCC) patterned  after  the  NCC  (and  currently

sharing resources with it, since the NCC is already accessible to

internetwork  traffic  and since the scope of the current GMCC is

at this time quite modest).





















                              - 5 -

3.  FUNDAMENTALS OF MONITORING AND CONTROL

     We assert that all of  the   Catenet  components  should  be

properly instrumented in software (and if necessary, in hardware)

to measure the service which the Catenet as a whole provides, and

to  enhance  the  maintainability  of  the  net  as a whole.  The

instrumentation  should  provide  us  with  all  the   mechanisms

required to perform


          Performance Monitoring


          Event Recording


          Functional Testing


          Component Maintenance



Here,  by  Performance  Monitoring,  we intend that the status of           _______________________

Catenet  components  (both   the   binary   "working/not-working"

indication  and the status of internal operational components) be

made available to the GMCC.  This will require that  the  Catenet

components  have  a  mechanism  for communicating periodic status

reports and instantaneous error reports "back" to the GMCC.  This

mechanism may or may  not  require  that  the  reports  from  the

various  net  components  be  synchronized in order to enable the

GMCC to obtain a  "snapshot"  of  the  network  as  a  whole;  if

synchronization  is  required,  a synchronizing mechanism will be

required as well.  It is also undetermined  whether  a  protected

path (e.g. one using encryption to prevent spoofing)  is required

for communicating this information through the Catenet.


                              - 6 -

     There  should  also  be  a  mechanism  by which the GMCC can

request performance data from a Catenet component in the case  of

non-recurring  measurements.   The  set  of monitoring mechanisms

installed in any particular component may  differ  from  the  set

installed in any other component, depending on the granularity of

measurement which is desired in each case.

     By  Event Recording, we intend that the raw statistical data         _______________

on, say, the number of messages  or  packets  passing  through  a

given  component be made available to the GMCC in a standard way.

Not only must there be a standard way  of  collecting  the  event

statistics,  but  there  must  also  be  a  way  for a designated

authority like the GMCC to reset the event counters, say, or turn

on or off the event recording mechanisms. We shall have  more  to

say on what events are significant in a subsequent section.

     By  Functional  Testing  we  intend that the GMCC be able to         ___________________

direct the activities of the Catenet components  either  directly

(by  commanding performance of some task like message generation)

or indirectly (by sending, or directing other components to send,

messages  through  a  given  component)  in  order  to   exercise

component  mechanisms  for  error  analysis  or  load testing.  A

useful mechanism in the ARPANET is the ability to isolate  failed

hardware  components by forcing a loopback under software control

at each of the component boundaries.  The analogue of this scheme

in the Catenet is probably  simpler,  since  the  boundaries  are

logically  in  software  (e.g.  in  the gateway software in cases

where a local PSN or another nearby gateway is being  tested)  or

associated  with the local PSN which may have reasonably flexible


                              - 7 -

control of the interface which connects it to a network  host  or

to  a  gateway.  Looping performed within a component should also

be possible.

     To make use of these testing facilities, we need the ability

to generate artificial traffic (and to discard it) and to reflect

it (or turn it  around)  as  required.   Reflecting  messages  at

gateways  can,  for  example, give a measure of the throughput of

Catenet links.


     By Component Maintenance, we intend that the GMCC  have  the        _____________________

ability to coordinate, and in some cases perform, the analysis of

failure   for   failed  components,  the  restoration  of  failed

components,  the  institution   of   program   fixes,   and   the

distribution  of  new  releases.   It is not clear that Component

Maintenance can be the responsibility of just a single  GMCC,  of

course,  but  if  it is to be the responsibility of any GMCC-like

component, then the mechanisms by which the failed  component  is

to  be  handled,  and  how  it is to be of use in the maintenance

activity, should be adequately modelled  for  each  component  in

question.    In   this  regard,  we  see  a  potential  need  for

incorporating mechanisms for  self  diagnosis  in  the  component

models,  for  enabling  the  GMCC  (or some other network host in

conjunction with or in place of  the  GMCC)  to  read  and  write

arbitrary locations in a component's memory, etc.

     Note  too  that  the  gateway  programs  will be provided by

various implementers.  These implementers may in  some  cases  be

willing  to  allow a given GMCC to handle reloads and restarts of



                              - 8 -

their component when it fails.  Both the implementer and the GMCC

staff may have to be involved in debugging the component  if  the

gateway's  model  debugging facility (which presumes the use of a

GMCC) is all the original implementers have for  accessing  their

component  remotely.   It  might  prove useful for the GMCC to be

able to copy the contents of a failed component into a  file  for

later  inspection  by  the original implementers in case they are

unavailable to copy  the  contents  themselves  at  the  time  of

malfunction.






































                              - 9 -

4.  MODELS FOR THE PRINCIPLE CATENET COMPONENTS


     This  note is principally about gateway modelling.  However,

we  have  asserted  throughout,  the  need  to  model  the  other

components  of  the  general  Catenet as well, so that we can use

them in Monitoring and Control applications where they are needed

and where they can be useful.  Here we describe briefly the goals

we have for modelling the other components.


4.1  The GMCC

     The functions of a GMCC should be able to  be  performed  by

any  host  in  the  composite net.  In view of this, a high level

description, or model, of the  way  a  GMCC  operates  should  be

created.  Both the GMCC program(s) and its data base(s) should be

described  in  a  way which allows Catenet users to reproduce the

GMCC functions  (this  basically  requires  coding  of  the  GMCC

programs  in  a  high  order  language)  and  to  interrogate  or

duplicate the accumulated data base(s) as required for their  own

special purposes.

     Because  each  gateway,  host, or local PSN component of the

composite Catenet is  potentially  the  property  of  a  distinct

administrative  authority,  it  is  conceivable  that  each might

actually be monitored or controlled by  a  distinct  GMCC.   This

would  not  necessarily  be  the best arrangement for purposes of

overall net maintainability, but nonetheless must be allowed for.

What is more likely, however, is that a given administrator  will

give  permission  to  some  approved  Catenet GMCC to perform the

Monitoring and Control  activities  associated  with  Performance


                             - 10 -

Monitoring,  say, or with Event Recording, but reserve for itself

the ability to perform the activities associated with  Functional

Testing   and   Component   Maintenance.    In   this  case,  the

Administrator's host will have  to  understand  and  be  able  to

duplicate  the  model  GMCC  functions, and the Catenet component

will have to know to respond to one or the other  GMCC  depending

on  the  function  being  requested.  Since different authorities

might exist for each different function, this  capability  should

be  modelled.  Further,  the  mechanism  for changing the name or

address of the various  designated  authorities  should  also  be

modelled.   Then  the  fact that each Catenet component knows the

name of the authority designated  to  perform  a  given  function

makes  it possible to restrict arbitrary hosts from abusing their

ability to emulate a GMCC.


4.2  The Hosts


     Members of the ARPANET NCC staff have asserted that  "a  key

factor  in  network  maintainability is the centralization of the

responsibility  for  providing  adequate  user  service.    Since

service   is   best  defined  at  the  man/machine  interface,  a

significant gain in maintainability would come about if the  user

interface  were  completely  at  the  man/machine  boundary.   By

including a host within the sphere of responsibility  of  network

maintenance,  there could be more uniform and speedier resolution

of problems within that host.  Since the  network  design  allows

for  dissimilar  node programs, not much additional complexity is

required to maintain a set of dissimilar service  hosts.   (Thus)


                             - 11 -

the  scope  of  the  network should be expanded to providing user

services with corresponding benefits for both unified design  and

maintainability."

     This  may be an extreme position, and may not actually be as

easy as anticipated by the NCC staff, but nevertheless  it  is  a

position  which has at least some validity, especially in view of

the fact that gateways are themselves just hosts, and much of the

modelling performed for gateways can thus  be  applied  to  other

general purpose hosts.

     Consider  what  Monitoring  and Control might be possible if

some small component of the host's network software, such as  the

TCP  program,  were instrumented to allow Performance Monitoring,

Event  Recording,  etc.   under   control   of   a   GMCC.    The

instrumentation  would  simply provide that the TCP keep track of

its events of interest and arrange for them to be made  available

in  a  convenient way to some other protocol module (perhaps) for

transmission to the GMCC.  In addition, if there is to be Control

of a TCP, some internal means should be provided for a process to

direct certain actions of the TCP (for example the  resetting  of

accounting statistics).

     Certain other capabilities might also prove useful.  The TCP

should  be  able  to report to the GMCC any errors it observes in

packet formats, packet delivery, etc. so that host personnel with

a reliable TCP implementation need not be concerned  about  error

analysis  for  newly  added,  undebugged hosts, say.  The GMCC is

certainly in the appropriate position to  be  able  to  correlate

abnormal  TCP  interactions with Catenet component outages and be


                             - 12 -

able to explain the abnormal behavior to the host via messages to

the TCP.  The TCP should be able  to  be  instructed  to  discard

certain messages or to echo them back to their source.  It should

perhaps  be  able to timestamp and trace various messages.  These

kinds of activities would all be possible  given  an  appropriate

and  uniform  instrumentation of the various TCP implementations.


4.3  The PSNs


     The links of the Catenet are the local PSNs.   Unlike  usual

network  links,  these  links  are  equipped  with  a  processing

capability in the form of their own node computers or  their  own

NCC  hosts, etc.  Whatever form this processing capability takes,

it can presumably be  made  to  communicate  with  other  Catenet

components   using   the   protocols  for  GMCC-to-component  and

component-to-GMCC communication.  The local PSNs should  be  able

to  report  errors  in interfacing which occur at the PSN/gateway

interface; they can also report gateway ups  and  downs  as  they

observe them; they might be instrumented to assist in tracing and

looping  of  messages  sent  to or through them;  they could keep

track of the length of gateway outages;  and since the PSN is the

only component with hardware (in most cases) connections  to  the

gateway  and  host components, it can perhaps help in the restart

or reload of these components.  The techniques for performing any

of these activities should be carefully and completely  modelled.








                             - 13 -

5.  A MODEL FOR THE GATEWAY COMPONENT


     The  principle thing we expect a gateway to do is to perform

message routing; a suggested routing mechanism  is  presented  in

IEN  No.  30, "Gateway Routing: An Implementation Specification",

by  Strazisar  and  Perlman.   Beyond  this,  there  are  several

secondary  activities  in which the gateway must play a role, and

the large majority of these can be clustered  under  the  general

heading  of  Monitoring and Control.  These are the activities we

are most concerned with here.  As discussed earlier, the  gateway

component,  like  any  other component, should be instrumented to

include mechanisms which allow it to cooperate  with  a  GMCC  in

providing  Performance  Monitoring,  Event  Recording, Functional

Testing, and Component (i.e. gateway)  Maintenance.   It  is  the

role of the model to identify the mechanisms which should be used

within the gateway to provide these various functions.


5.1  Considerations Affecting the Design


     The  intent of this section is to give some insight into the

process by which the model for  the  gateway  component  will  be

developed.   There  are  a  number  of fundamental considerations

which should be stated beforehand because of their impact on  the

way we want to think of gateways as an entity and thus on the way

we think of the necessarily composed.  The first of these is that

a gateway should be considered to have a net-independent part and

one or more net-dependent parts.  The net-independent part should

be  considered  the  heart  of the gateway -- the place where the



                             - 14 -

common functions of routing, flow  control,  etc.   are  actually

performed; this part is hopefully divorced from considerations of

the networks to which the gateway is attached.  The net-dependent

parts  on the other hand may all be different, since the networks

in most cases will be different, but each should  have  the  same

eessential  structure:  there will be modules which gate messages

to and from the attached net, and modules which append or  remove

local headers to or from internet (and other) messages, etc.  One

of  the challenges for the model designer and gateway implementer

is to carefully design the boundary between the net-dependent and

net-independent functions.



     The gateway model should be able to  accommodate  more  than

one   type   of  gateway  implementation.   That  is,  it  should

accurately describe or apply to implementations such as:

   - the  conventional  gateway.   This  is  a  single  processor
     performing  gateway functions only and connected to only two
     nets.

   - a two- or multi-processor gateway.  This  is  a  distributed
     implementation  of  the  gateway, such as the "half-gateway"
     model once considered; the mechanisms used by  the  separate
     processors  to communicate with each other should not affect
     the model design.

   - gateways within general purpose host  processors  where  the
     gateway  program is just one of several that may want access
     to the network.

   - gateways connected to three or more networks.

   - gateways  using  only  a  single  net  interface.   Such  an
     arrangement  might  result  if, for example, a single medium
     were used by two different nets.  readdressing, say, ....

   - both  big  and  small  (in  terms  of  power,  size,   cost,
     capability) gateways (including very simple - perhaps purely
     hardware - implementations).


                             - 15 -

   - existing ARPANET gateways.

   - existing othernet (sic) gateways.

   - the gateway module which sits between a host TCP,  say,  and
     the  network,  and  whose  job it is to select a destination
     gateway consistent with the destination host.

   - a gateway with two or more interfaces to a  single  network.

   - a gateway which is (either always or sometimes) unwilling or
     unable  to  participate in Monitoring and Control exercises.

   - gateways  which  are  responsible  for  access  control   or
     authentication.   The  need  for these special functions may
     impact the form of certain mechanisms proposed  for  use  in
     the model implementation.

   - gateways which need to perform fragmentation  or  reassembly
     of  encrypted  data  messages,  or  which need to be able to
     understand special packet  formats  associated  with  secure
     data transmissions.

   - gateways which may without warning turn into "one-way" paths
     only for such applications as military EMCON.






5.2  The Beginnings of a Model



     There  are  several  kinds  of information which the gateway

should be able to exchange  with  the  GMCC  in  support  of  its

Monitoring and Control activities.  Among them are:

   Administrative Information

     This  is  information  that  identifies the gateway uniquely
     among all the components of the composite Catenet.  To get a
     proper picture of the net at any given time,  a  GMCC  would
     like to be able to discern, among other things,

       the computer type
       the memory size
       the  gateway characterization (conventional, ARPANET, ...)
       the Administrator's name, address, phone number
       the program size, release number, release date and time


                             - 16 -

       the addresses of hosts serving as GMCCs
       the names of connected nets, etc.

     Information such as this may best be sent unsolicited  to  a
     special  service  host  when a gateway first comes up on the
     net after some outage;  interested experimenters could  then
     retrieve  the information from the host much as is currently
     done in the ARPANET for retrieving Host status  information.

   Measurement Information

     This  information is simply the collective set of statistics
     accumulated by  the  gateway  during  its  operation.   They
     reflect the processing performed by the gateway in servicing
     internet traffic.

   Monitoring Information

     This is primarily the "up/down", "up for how long", "planned
     outages", "recent crash explanation", "net interface reset",
     etc.  kinds  of  information  which dictates to the GMCC the
     status  and health of the gateway component.

   Control Information

     This is either the information sent by the GMCC to cause the
     gateway to enter a test, reload, or, restart  mode,  or  the
     information  sent  by  the gateway to the GMCC to report the
     results of component testing, to dump some  of  its  memory,
     etc.

   Debugging Information

     Patterned  after  a  general purpose time sharing host's DDT
     program which has complete control  over  the  execution  of
     subservient   programs,   the  information  associated  with
     debugging includes commands to read or write a cell, to  set
     or  reset  (pseudo)  breakpoints, to search memory, etc. and
     the responses to these commands.  Two kinds of DDTs may have
     to be accommodated in any given gateway implementation,  one
     to  be used by experimenters, say, and one, like XNET, to be
     used during initial debugging.

   Descriptive Information

     This is the information which conveys to the GMCC  the  list
     of  capabilities  possessed  by  the  gateway; it includes a
     listing of the kinds of information collected  and  reported
     by  the  gateway,  a characterization of queue capacities, a
     list of settable operational parameters,  a  description  of
     the  histograms  maintained  by  the  gateway, a list of the
     protocols  supported,  etc.   It  responds  to  the   GMCC's
     questions  about  "what  can you do", "how much can you do",
     etc.

                             - 17 -

   Experimental Information

     This is the information associated with the manipulation  of
     the  component  by experimenters.  It is in part descriptive
     (experimenters can ask what experiments are supported,  what
     parameters   are   allowed,  what  range  on  parameters  is
     accepted,  etc.),  in  part  control   (they   can   request
     initiation  of an experiment), and in part measurement (they
     can  request  operational  statistics  associated  with  the
     experiment),  but  it  seems reasonable to distinguish it as
     distinct from these other  operational  aspects  insofar  as
     possible;   not  all  gateways  which  provide  descriptive,
     control,  and  measurement  information  will  also  support
     experimental use.

   Accounting Information

     This  information  is  basically  the  set of raw statistics
     which should be used by an administrator  for  charging  for
     gateway  utilization.   It is reasonable to distinguish this
     information from pure measurement information  since  it  is
     not  necessarily  of  interest  to  a  GMCC  worrying  about
     functional capabilities, and will likely have to be reported
     to some special host rather than a general purpose community
     GMCC.

   Operational Information

     This is included here just as a reminder that in addition to
     manipulating all the information associated with  Monitoring
     and  Control  activities,  the  gateway  will  also  want to
     occassionally handle internet  messages,  routing  messages,
     and  the  rest  of  the  information that is its "reason for
     being" in the first place!



     Note that it is possible to consider  that  each  individual

kind  of  information  is  associated  with  a particular kind of

"event"  which  occurs  within  a  gateway.   Thus  we  may  have

Measurement  events,  Monitoring  events, and even Administrative

events within a functioning gateway.  It is also the role of  the

gateway  model  to specify how these events are to be recognized,

recorded, reported, caused, prevented, suspended, continued, etc.





                             - 18 -

     At least three notions are central  to  our  discusionss  at

this  point.   First,  we   have the four basic functions that we

have discussed in detail before:  Performance  Monitoring,  Event

Recording, Functional Testing, and Component Maintenance.  From a

suitable,  high level external viewpoint, these are the functions

that the gateway is involved in.  Second, we have  the  different

kinds  of  information  which must be recorded by the gateway and

transported between the gateway and  the  GMCC.   Each  different

kind  of  information  implies  possibly  a  distinct  formatting

requirement, distinct collection mechanism, etc.  Finally,  there

are  the several different mechanisms which must exist inside the

gateway that can be used  to  collect,  record,  and  report  the

different  kinds  of  information.   The most apparent mechanisms

which  exist  in  the  gateway  implementations  are   processes.

Processes  are the addressable resources which carry on dialogues

with the GMCC and with each other in some cases.  In addition  to

the  distinct processes, there are other mechanisms which we will

just label as  "routines".   Routines  are  best  thought  of  as

utility  functions  which  may  be  invoked by any of the gateway

processes  to  help  each  get  its  collecting,  recording,  and

reporting  done.  An  example  of  a utility routine might be one

which formats a message  according  to  gateway-to-GMCC  protocol

specifications  and  adds  it  to a queue of messages to be sent.

Examples of processes are

        - the monitoring process which generates the periodic and
          spontaneous  reports  to  the   GMCC   describing   the
          operational status of the gateway.




                             - 19 -

        - the  measurement  process  which  delivers   cumulative
          statistics to the GMCC.

        - the echoing process which returns all received messages
          to the source from which they originated.

        - the memory transport process which  moves  portions  of
          the  gateway  memory  (programs or data) to or from the
          GMCC.

        - the terminal  handling  process  which  excanges  ASCII
          character  streams  between  the gateway's terminal (if
          one is present) and a specified internetwork source  or
          destination.

        - the debugging process.

        - the message generator process.

        - etc.




     It  should  be obvious that processes do not deal one-to-one

with the kinds  of  information  we  discussed  above.   A  given

process,  such  as the measurement process, may be used to report

the  cumulative  statistics  of  each   of   several   kinds   of

information.  Alternatively, it may take more than one process to

deal with all the information of any particular kind; for example

experimental information as discussed above.  And it is certainly

likely that multiple distinct processes will have a need to share

a  single  common  routine whenever their processing requirements

are identical; for example, tracing of  messages  sent  from  the

GMCC  to  the debugger, to the echoer, or to the terminal handler

should be done by having each process (conceptually)  invoke  the

single  trace  mechanism.   It  may  also  be  the  case that two

processes can be cascaded for the purpose of combining  different

kinds of information into a single net message.


                             - 20 -

5.3  A Sample Modeling


     We  will  develop  the  gateway  model in terms of a general

purpose host's implementation, since this allows inclusion of  as

much   mechanism   as   may   be  useful  for  the  more  general

implementation.  The figure below shows the principle  components

of  the  input  handler  for  a  net-dependent  part of a general

purpose gateway.


First there is a hardware component which represents the physical

interface  between  the  network  and  the   gateway   processor.

Obviously this interface will be different for different nets and

for  different processors, but as a model component should always

correspond to some real chunk of hardware in any  implementation.


Second,  there  is  a  piece  of code which serves to control the

input portion of the net interface hardware.  Its basic  function

is  to  effect  the  reading  of  messages  from the network into

gateway memory. In  the  process,  it  may  perform  intermediate

parsing, do checksum and consistency processing, etc.


Third,  there  is  a message queue where unparsed messages reside

after they have been received by the net  interface  routine  but

before  they  have  been  processed by any other gateway routine.

This queue may be implemented in any of  several  ways,  and  may

only  have  room for a single message in some implementations. (A

"higher" level routine may perform queue management in this case,

using a different data structure.)




                             - 21 -

                             - 22 -

Fourth, there is a second routine depicted whose  job  it  is  to

parse  the  received  messages  one-by-one  and  distribute  them

individually to new message queues based on the contents of their

local network header.


Finally, there are several model components (including both  data

structures  and  routines) which are not pictured, but still must

be modelled; a subsequent and more complete modelling effort will

certainly include them. These are data   structures  like  buffer

pools and routines like buffer managers, etc.



     Associated with these model components are a large number of

parameters,  both  static  and  operational. These are the things

we've been calling "events".  In the following we give a sampling

of the events  of  interest  for  each  of  the  event  types  we

identified  before.   The  sampling  is  not  complete, but it is

representative of the kinds of information we might be interested

in  for  purposes  of  Monitoring  and  Control  in  the  gateway

modelling.   Of  course,  not  all  of  the  events  are of equal

interest or value;  as modelers, we should attempt to identify as

many as we can, and leave  to  the  individual  implementers  the

selection  of  which  events  they really want to record, report,

etc.


Events of Interest:

   Administrative -

        the name and manufacturer of the hardware interface




                             - 23 -

   Measurement -

        a histogram of log[base 2] message sizes
        message counts for each distinct local header type


   Monitoring -

        cumulative uptime
        number of interface errors


   Control -

        reset counters
        place a message on the input queue


   Debugging -

        read the hardware status register


   Descriptive -

        Fan out for local headers
        queue size
        maximum message size


   Experimental -

        discard every second message at the interface


   Accounting -

        total bits received at the interface







5.4  Continuing the Sample Modeling


     In this section we  continue  the  sample  model  introduced

above  by showing how certain of the data paths might be extended

to account for subsequent message processing.  It should be  easy


                             - 24 -

to  identify  the  events  of  interest in this extension given a

little thought.  Subsequent attempts at modelling will  enumerate

these   in   detail.    Note  that  there  are  probably  several

alternative ways of  depicting  these  later  stages  of  message

processing;  this fact is compounded by the fact that this is the

point      in      message       processing       where       the

net-dependent/net-independent  boundary  may be crossed.  Further

discussion of alternatives to this part of the model is postponed

to the section entitled "Issues".



     Figure 2 shows the extension to the model.  It begins  where

the  previous figure left off.  First, note that at this point we

have separated the various types of messages arriving at the  net

interface into unique queues according to indicators in the local

header.  For this figure we will follow only a single path -- the

one followed by internet messages which carry the normal internet

traffic.   These internet packets are removed from their queue by

a routine which separates them again, this time according to  the

version  bit,  into a queue of messages which employ the previous

internet formatting conventions and a  queue  of  messages  which

employ the current conventions.


From  this latter queue, the messages are sent to another routine

whose job is to initiate the option processing.  In Figure 2,  we

have  represented  the  options  as  subroutines  without further

elaboration; subsequent versions of the model should provide  the

elaboration.



                             - 25 -

                             - 26 -

Finally,  after  option  processing,  the messsages are separated

again into individual queues  according  to  the  values  in  the

protocol   field.   Here,  separate  queues  may  be  formed  for

unrecognized protocols, previous and  current  versions  of  TCP,

gateway  routing  messages,  and  eventually  the  Monitoring and

Control messages, the Datagram Protocol, the Real-Time  Protocol,

etc.


     As  stated,  we  will  not  elaborate  here on the events of

interest for this part of the model; some should be obvious.





































                             - 27 -

5.5  Unresolved Issues


     In this section we want to address a number of issues  which

are  not  yet resolved in the modelling of the gateway component.

Their resolution will probably depend on prolonged discussions in

certain cases, on snap decisions in  others;   possibly  in  some

cases  a  satisfactory  resolution  will  not  be  possible,  and

whatever alternative solutions are proposed will all have  to  be

included in a generalized modelling to make sure the modelling is

comprehensive enough.

     At any rate, the topics which need further investigation are

presented below.





5.5.1  Are the Event Types Correct


     First  there  needs  to  be  some general agreement that the

event types (information types) we have identified are sufficient

for modelling purposes.  It is probably the case  that  they  are

correct   enough  for  a  beginning,  and  that  no  particularly

disruptive perturbation of the model would be caused  if  another

event  type  had  to someday be accommodated or an existing event

type had to  be  deleted.   However,  the  omission  of  an  XNET

information   type   (not   to  be  confused  with  the  distinct

"debugging" type) may have to be remedied before too long.








                             - 28 -

5.5.2  What Information Should be Communicated to the GMCC


     Here there is a lot of room for varying opinion.   The  next

cut at the model will try to identify as many potential events of

interest as possible.  Obviously, not all these events will be of

interest  to  all  implementers;   that's  why the Monitoring and

Control mechanisms  must  be  sure  to  allow  for  only  partial

participation  on  the  part  of  any  particular implementation.

However, it may also be the case that we omit some event that  is

of  particular  interest  to  some  gateway  implementer,  or the

information which we choose to record  about  the  event  is  not

quite   what   is  needed  for  some  implementer's  needs.   Our

collection mechanism  must  be  flexible  enough  to  accommodate

extensions at any time.

     Here the real issue may be how to control, administratively,

the  selection  of  events  of  interest  so that all parties are

satisfied with the set selected.



5.5.3  How Should Information be Communicated to the GMCC


     We are  of  the  opinion  that  in  most  cases,  the  basic

gateway-to-GMCC   communication   facility   should  be  datagram

oriented on the basis that (1) connection  overhead  may  be  too

expensive  for  certain gateway implementations, that (2) no flow

control is  probably  needed  since  the  gateways  will  not  be

generating  data  too  frequently  and since GMCCs will generally

have substantially greater storage  and  processing  capabilities

than will the gateways, and that (3) a practical reporting scheme


                             - 29 -

can  probably  be  developed  in  which  lost  messages  will not

necessarily represent lost information, merely  delayed  delivery

of  information,  since  the  contents  of  lost  messages can be

inferred from later messages, (this is the  case  for  cumulative

statistics for example);  on the other hand, the datagrams should

carry  sequencing information, and will of course employ standard

Internet Headers.

     Datagram service will be  satisfactory  in  most  cases,  we

hope.   In certain instances, however, reliable transmissions may

be extremely important;  for  these  instances,  some  additional

capability  may  have  to be added.  As yet, we have no real feel

for the capabilities required; thus this is still an open  issue.

Also  at  issue  is  the decision as to whether internet messages

directed at the various gateway  processes  should  all  carry  a

single  protocol  designator,  or  whether each different message

type should command a distinct designator.  It is not  yet  clear

whether  minimal  gateway implementations would find it easier to

process messages formatted in one way vs. the other,  or  whether

it  is  too  wasteful of the Internet Header's protocol field, or

whether it is easier one way or the other  to subsequently add or

delete new message formats.

     Beyond these basic  issues,  there  is  also  the  issue  of

message  formats  and  message content.  Two alternatives present

themselves as regards event  reporting.   We  assume  that  event

counters  can be maintained in 16-bit words,  say.  We can insist

that messages contain a fixed  number  of  counters  in  a  fixed

order,  and  thus  eliminate  the  need  to  transmit descriptive


                             - 30 -

information with each reporting message.  Or, we  can  allow  for

every  counter  to be accompanied by another word which names the

counter.  Tradeoffs  between  the  two  strategies  are  not  yet

properly understood.



5.5.4  Addressing Processes from Outside the Gateway


     Each  of the gateway processes responsible for some activity

of Monitoring and Control has a unique identity, or name,  within

the  Catenet.   But  because  the gateway is attached to multiple

nets, it is possible for each process to have  multiple  distinct

addresses.   We  can assume that one reasonable modelling for the

net-dependent  input  handler  requires  the  input  handler   to

recognize  at  the  net  interface  all the messages addressed to

processes which share its own net (and host)  address.   This  is

the  case  for example in a general purpose implementation of the

gateway, since the general purpose input handler doesn't normally

receive messages for processes  that  don't  share  its  own  net

address.  It probably should not be the responsibility of a given

net-dependent input handler to be aware that it is playing a role

in  a  gateway  implementation,  and  thus to be cognizant of the

alternative internet addresses of the gateway processes it thinks

of as its own;  i.e. the net-dependent code should  not  have  to

know  what other nets the gateway is connected to.  Therefore, if

a message arrives at one net interface that specifies a  resource

(process)  whose  net address is different from that of the input

handler, then the message  should  simply  be  handed  off  to  a



                             - 31 -

special  process  which can effect the proper disposition for the

message without further involvement of the input handler.

     Figure 3 depicts this arrangement.


Here, each network has its own interface to a common copy of  the

gateway  process,  so  that  it  can communicate with it directly

whenever a message arrives which addresses the  process  via  the

appropriate  net.   However,  when  a  message  is received for a

destination not known to the input handler, the message is simply

handed to the special process, which in this figure  is  referred

to  as  the "Postman".  Note that the Postman can effect delivery

to the processes  via  its  own  interface,  so  that  successful

delivery  does  not  depend  on  the  route taken by the message.

(Note that the model might want to specify that  the  Postman  be

able  to  add  messages  to the input queues of the net-dependent

input handlers as a means for effecting  delivery  in  a  uniform

way.)    The   Postman  here  also  has  the  responsibility  for

performing the tasks associated with the routing of  messages  to

distant  locations.  That is, messages input at the gateway which

are only passing through should be routed by the general  gateway

routing  algorithms;  these can be implemented by the Postman, or

by some other process to which the Postman interfaces.


     There  is,   of   course,   another   way   to   model   the

net-dependent/net-independent  boundary.   Figure  4  shows  this

other way.






                             - 32 -

                             - 33 -

                             - 34 -

Basically the difference here is  that  the  net-dependent  input

handlers   no  longer  have  their  own interfaces to the gateway

processes.  Instead, they simply pass all  received  messages  to

the internal Postman and allow it to effect delivery.  This is an

acceptable   approach   even  if  in  the  general  purpose  host

implementation the net-dependent input  handlers  still  have  to

worry  about  interfacing  processes  which aren't using Internet

Headers.  However, in this model, the Postman  and  the  affected

processes  must  be  sure  to not lose the destination address by

which they were reached, lest they not be able to  use  the  same

address  for the source in the header of their response messages.

(We are somehow assuming that the recipient of  a  message  whose

source  address  does not match the destination address which was

used for  transmission,  will  not  be  anxious  to  perform  the

required reverse lookup to map the source address into a resource

name.  If we were to model this capability, it is not clear where

the processing for this lookup would be performed.)

     At issue here then is just exactly which of these two models

should be assumed for "the" model implementation.



5.5.5  Addressing Processes from Inside the Gateway


     Here  is  an  issue  which  has certainly been touched on in

other internet meetings; it is basically a discussion of the need

for  high  level  protocols  to  carry   their   own   addressing

information.





                             - 35 -

     Gateway  processes  will  have occassion to communicate with

other  processes  in  support  of  gateway  routing  or   gateway

Monitoring  and  Control.   Traffic between two gateway processes

may  be  intrahost,  intranet,  or  internet,  depending  on  the

relative  locations  of the source and destination processes.  At

issue is whether in all cases a single  data  transport  protocol

should  be  used  to  effect  message  delivery.  We have already

"concluded" in the discussion of  event  reporting  that  gateway

Monitoring and Control messages should employ Internet Headers in

all  cases.  And it would certainly seem on the surface that this

scheme is ideal.  However, in certain cases this may not be true.

     We are struck by an inconsistency which arises when  we  try

to   attain   symmetry   in   modelling  the  gateway's  internal

organization.  At one point in the model, we have a process whose

job it is to route messages through a given local net.   Whenever                                            _________

it  is  handed an internet message, it analyzes the header of the

message in order to determine the desired destination, and  hence

what local address to specify in the net-dependent data transport

protocol.

     The   inconsistency   is  found  because  we  don't  have  a

corresponding process whose job it is  to  analyze  higher  level

protocol  headers in order to route messages through the internet                                                         ________

(using the internet data transport protocol).  This means  either

that each of our Monitoring and Control processes must make up an

Internet  Header itself, or that, if some common process is to do

it, the common process must be handed the addressing  information

by  some  "out-of-band"  path  (such  as  a shared memory control


                             - 36 -

block).  This may not  be  easy  to  provide  for  a  distributed

gateway implementation, say.

     The  real issue here, of course, is inspired by the problems

we see for, say, TCP users,  if  the  Internet  and  TCP  Headers

recently  proposed  are adopted for use in the Catenet.  The fact

that higher level protocols are being designed which don't  carry

their  own addressing information means that these protocols will

be practically unusable in any instance where the data  transport

protocol  used  to  carry the messages is different from the data

transport protocol embodied in the  Internet  Header.   TCP,  for

example, would probably not be usable without Internet Headers in

the ARPANET, since port addressing would be impossible.

     Although  it  is  probably  the case that we will not opt to

include addressing information in the messages  which  adhere  to

our  higher level Monitoring and Control protocols, and will thus

in fact choose to use the Internet Header to provide  addressing,

we  nevertheless  wonder  if  it  is wise to arbitrarily restrict

these  protocols  to  use  with  only  a  single  data  transport

protocol.


















                             - 37 -

mirror server hosted at Truenetwork, Russian Federation.