Infrastructure control can be broken down into two broad aspects in the CloNe architecture: delegation-based controlanddistributed coordination. The first of these refers to requests invoked by the infrastructure service user that result in actions performed against the user’s virtual resources. These cascade down through the delegation hierarchy of infrastructure services according to the management functions of the services. The second refers to interaction among administrators in the distributed control plane to share or negotiate configuration information. The aspects are shown in Figure 4.1. The two aspects are related in that requests in delegation-based control may result in
actions that require distributed coordination. The counterparts in a distributed coordination are identified by information in the data model passed through the infrastructure service interfaces in the form of references.
Figure 4.1: Two Aspects of Control Interaction Across Infrastructure Services
4.2.1 Delegation Based Control
Delegation is concerned with the devolution of management responsibility. It is a two-way re- lationship in which the infrastructure service user hands over management responsibility for an infrastructure (including its creation) to the infrastructure service provider, and conversely the infrastructure service provider reports on the status of that infrastructure to the infrastructure ser- vice user. The provider is free to chose how to implement the infrastructure and its management, including by further delegation to other infrastructure service providers, but is not compelled to inform the user of how this is done.
As management responsibility is passed down a hierarchy or across peers a delegation chain is established that is itself always hierarchical in structure, with control flowing down the hierarchy and reporting flowing up. The higher levels of the hierarchy have a more global view, but it is more abstract with less detail of implementation. At the bottom of the hierarchy are the infrastructure services with their own administrative domains that directly control the resources used to implement the service. These have complete knowledge of the resources under their control, but do not have a global view of the infrastructure.
Delegation based control is exercised through the infrastructure service interface. The act of delegation forms a trust relationship that is the basis of devolved responsibility, so a key feature of the infrastructure service interface is the capability for mutual authentication between user and provider.
4.2.2 Distributed Coordination
Distributed coordination is concerned with operations that involve multiple agents. In particular we consider operations that require coordination across multiple administrative domains at the bottom of a delegation hierarchy.
One obvious way to achieve distributed coordination is to involve a common control point to coordinate the actions; we observe that two administrative domains will always have a common
infrastructure service user above them in the delegation hierarchy. However, if the lower infras- tructure services are unwilling to communicate implementation details up the delegation chain, they may not be able to involve that common control point. More generally, once management responsibility has been delegated, it is no longer the responsibility of the delegating party to be in- volved in the management. So the delegation hierarchy can not be exploited to achieve distributed coordination.
In general we can assume that administrative domains will have to share necessary information to establish connections with their immediate neighbours, and so there will be some sideways sharing of information. We can assume that distributed coordination will follow a peer-wise communication pattern, using limited information sharing, outside the scope of the delegation hierarchy. This form of distributed coordination will occur through the distributed control plane.
In order to interact across the distributed control plane two peer infrastructure services will need to prove that they have the delegated authority to participate in management of a given infrastructure or resource, and they will have to identify themselves as the neighbour with which information can be shared. The first of these is inherited through the delegation hierarchy, the second is a peer-wise agreement between administrative domains.
4.2.3 Reference Resolution
An infrastructure service user may decompose its users’ infrastructure models into multiple parts that will be delegated to different providers. These models may contain related information, such as shared configuration parameters or connected resources. Some shared information that is available at the point of delegation can simply be included in multiple models, but in some cases one provider will need information the is not known until another provider has further elaborated its part of the infrastructure.
This situation is dealt with by adding references to one model at the point of delegation that identify information held by the other providers. Resolving these references after delegation allows the information to be obtained from the target providers.
These references may identify the wrong provider or information in the event that the target provider transforms its model and repeats the delegation. In this case a new provider further down the delegation chain is the real source of the required information. This suggests a chained resolution process in which the target identified by a reference can redirect resolution to information held by other providers.
Care has to be taken with this process as it may inadvertently reveal information that providers would prefer to keep hidden. If a recursive approach is taken in which the delegating provider acts as an intermediary, the response may need to be obscured so that it can not be interpreted by the intermediary. If an iterative approach is taken, in which a delegating provider supplies a new reference identifying the delegatee, the provider will reveal the delegation hierarchy. If the resolution process involves an independent resolution mechanism, such as a publish subscribe service, these concerns may apply to the service itself.
In general the reference resolution process will need to follow indirection that results from dele- gation, but providers should be able to implement their own policies regarding information hiding. A provider may wish to ensure that certain information is only exposed to selected peers.