Jump to content

Network compartment

From Wikipedia, the free encyclopedia

Network Compartmentalization, the division of network functionality into network compartments, is an important concept of Autonomic Networking.

Definition of Network Compartments

Network Compartments implement the operational rules and administrative policies for a given communication context. The boundaries of a communication context, and hence the compartment boundaries, are based on technological and/or administrative boundaries. For example, compartment boundaries can be defined by a certain type of network technology (e.g., a specific wireless access network) or based on a particular communication protocol and/or addressing space (e.g., an IPv4 or and IPv6 network), but also based on a policy domain (e.g., a national health network that requires a highly secure boundary).

A compartment's communication principles, protocols and policies form a sort of “recipe” that all compartment entities must obey. For example, the recipe defines how to join a compartment, who can join, and how the naming, addressing and routing is handled. The complexity and details of the internal operation is left to each compartment. For example, registration with a compartment can range from complex trust-based mechanisms to simple registration schemes with a central database or a public DHT-based system; resolution of a communication peer can be handled implicitly by the compartment's naming and addressing scheme or require explicit actions (e.g., resolution of an identifier to a locator). It is important to note here that compartments have full autonomy on how to handle the compartment's internal communication – i.e. there are no global invariants that have to be implemented by all compartments or all communication elements.

Members of a compartment are able and willing to communicate among each other according to compartment's operational and policy rules. Conceptually a compartment maintains some form of implicit database which contains its members; that is, each entry in the database defines a member. Before one can send a data packet to a compartment member, a resolution step is required which returns a means to “address” the member. Note that the above definition does not specify whether a member is a node, a set of servers or a software module. This rather abstract definition of compartment membership permits to capture many different flavours of members and communication forms.

It is anticipated that many compartments co-exist and that compartments are able to interwork on various levels (e.g. through "layering" or "peering" of compartments).