Internet Research Task Force (IRTF) M. BehringerInternet-DraftRequest for Comments: 7575 M. PritikinIntended status:Category: Informational S. BjarnasonExpires: September 24, 2015ISSN: 2070-1721 A. Clemm Cisco Systems B. Carpenter Univ. of Auckland S. Jiang Huawei Technologies Co., Ltd L. Ciavaglia Alcatel LucentMarch 23,June 2015 AutonomicNetworking -Networking: Definitions and Design Goalsdraft-irtf-nmrg-autonomic-network-definitions-07.txtAbstract Autonomic systems were first described in 2001. The fundamental goal is self-management, including self-configuration, self-optimization,self-healingself-healing, and self-protection. This is achieved by an autonomic function having minimal dependencies on human administrators or centralized management systems. It usually implies distribution across network elements. This document defines commonlanguage,language and outlines design goalsand non-design goals(and what are not design goals) for autonomic functions. Ahigh levelhigh-level reference model illustrates how functional elements in anautonomic networkAutonomic Network interact. This document is a product of the IRTF's Network Management Research Group. Status of This Memo ThisInternet-Draftdocument issubmitted in full conformance withnot an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Research Task Force (IRTF). The IRTF publishes theprovisionsresults ofBCP 78Internet-related research andBCP 79. Internet-Drafts are working documentsdevelopment activities. These results might not be suitable for deployment. This RFC represents the consensus of the Network Management Research Group of the InternetEngineeringResearch Task Force(IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid(IRTF). Documents approved for publication by the IRSG are not amaximumcandidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status ofsix monthsthis document, any errata, and how to provide feedback on it may beupdated, replaced, or obsoleted by other documentsobtained atany time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on September 24, 2015.http://www.rfc-editor.org/info/rfc7575. Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.Table of Contents 1. Introduction to Autonomic Networking . . . . . . . . . . . .23 2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Design Goals . . . . . . . . . . . . . . . . . . . . . . . . 5 3.1. Self-Management . . . . . . . . . . . . . . . . . . . . . 5 3.2.Co-ExistenceCoexistence with Traditional Management . . . . . . . . . 6 3.3.By DefaultSecure by Default . . . . . . . . . . . . . . . . . . . . 7 3.4.DecentralisationDecentralization and Distribution . . . . . . . . . . . . 8 3.5. Simplification of Autonomic Node Northbound Interfaces . 8 3.6. Abstraction . . . . . . . . . . . . . . . . . . . . . . . 8 3.7. Autonomic Reporting . . . . . . . . . . . . . . . . . . . 9 3.8. Common Autonomic Networking Infrastructure . . . . . . . 9 3.9. Independence of Function and Layer . . . . . . . . . . . 10 3.10. FullLife CycleLife-Cycle Support . . . . . . . . . . . . . . . . . 10 4.NonNot among the Design Goals . . . . . . . . . . . . . . . . .. . . . . 1011 4.1. Eliminatehuman operatorsHuman Operators . . . . . . . . . . . . . . . .1011 4.2. Eliminateemergency fixesEmergency Fixes . . . . . . . . . . . . . . . . 11 4.3. Eliminatecentral controlCentral Control . . . . . . . . . . . . . . . . 11 5. An Autonomic Reference Model . . . . . . . . . . . . . . . .1112 6.IANASecurity Considerations . . . . . . . . . . . . . . . . . . .. .13 7.Security ConsiderationsInformative References . . . . . . . . . . . . . . . . . . . 138.Acknowledgements . . . . . . . . . . . . . . . . . . . . . .13 9. Informative References . . . . . . . . . . .. .. . . . . . 1415 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 1. Introduction to Autonomic Networking Autonomic systems were first described in a manifesto by IBM in 2001 [Kephart]. The fundamental concept involves eliminating external systems from a system's control loops and closing of control loops within the autonomic system itself, with the goal of providing the system with self-management capabilities, including self- configuration, self-optimization,self-healingself-healing, and self-protection. IP networking was initially designed with similar properties in mind. An IP network should be distributed and redundant to withstand outages in any part of the network. Routing protocols such as OSPFor ISISand IS-IS exhibit properties ofself-management,self-management and can thus be considered autonomic in the definition of this document. However, as IP networking evolved, theever increasingever-increasing intelligence of network elements was often not put into protocols to follow this paradigm, but was put into external configuration systems. This configuration made network elements dependent on some process that manages them, either ahuman,human or a network management system. Autonomic functions can be defined in two ways: o On a node level: Nodes interact with each other to form feedback loops. o On a system level: Feedback loops include central elements as well.System levelSystem-level autonomy is implicitly or explicitly the subject in many IETF working groups, where interactions with controllers or network management systems are discussed. This work specifically focuses onnode levelnode-level autonomic functions. It focuses on intelligence of algorithms at the node level, to minimize dependency on human administrators and central management systems. Some network deployments benefit from a fully autonomic approach, forexampleexample, networks with a large number of relatively simple devices. Mostofcurrently deployednetworks howevernetworks, however, will require a mixed approach, where some functions are autonomic and others are centrally managed. Central management of networking functions clearly has advantages and will be chosen for many networking functions. This document does not discuss which functions should becentralisedcentralized or follow an autonomic approach. Instead, it should help make the decision which is the best approach for a given situation. Autonomic function cannot always discover all required information; for example,policy relatedpolicy-related information requires human input, because policy is by its nature derived and specified by humans. Where input from some central intelligence is required, it is provided in a highly abstract,network widenetwork-wide form. Autonomic Computing in general and Autonomic Networking in particular have been the subject of academic study for many years. There isa largemuch literature, including several useful overview papers (e.g., [Samaan], [Movahedi], and [Dobson]). In the presentdocumentdocument, we focus on concepts and definitions that seem sufficiently mature to become the basis for interoperable specifications in the near future. In particular, such specifications will need toco-existcoexist with traditional methods of network configuration and management, rather thanrealisingrealizing an exclusively autonomic system with all the properties that it would require. There is an important difference between "automatic" and "autonomic". "Automatic" refers to apre-definedpredefined process, such as a script. "Autonomic" is used in the context of self-management. It includes feedback loops between elements as well as northbound to central elements. See also the definitions in the next section. Generally, an automatic process works in a givenenvironment,environment but has to be adapted if the environment changes. An autonomic process can adapt to changing environments. This document provides the definitions and design goals for Autonomic Networking in the IETF and IRTF. It represents the consensus of the IRTF's Network Management Research Group (NMRG). 2. Definitions We make the followingdefinitions:definitions. Autonomic: Self-managing (self-configuring, self-protecting, self- healing, self-optimizing); however, allowing high-level guidance by a central entity, through Intent (see below). An autonomic function adapts on its own to a changing environment. Automatic: A process that occurs without human intervention, with step-by-step execution of rules.HoweverHowever, it relies on humans defining the sequence of rules, so is not Autonomic in the full sense. For example, a start-up script is automatic but not autonomic. An automatic function may need manual adjustments if the environment changes. Intent: An abstract,high levelhigh-level policy used to operate the network. Its scope is an autonomic domain, such as an enterprise network. It does not contain configuration or information for a specific node (see Section 3.2 on how Intentco-existscoexists with alternative management paradigms). It may contain information pertaining tonodesa node with a specificrole, for examplerole (for example, an edgeswitch,switch) or a node running a specific function. Intent is typically defined and provided by a central entity. Autonomic Domain: A collection of autonomic nodes that instantiate the same Intent. Autonomic Function: A feature or functionwhichthat requires noconfiguration,configuration and can derive all required informationeitherthroughself-knowledge, discoveryself- knowledge, discovery, orthroughIntent. Autonomic Service Agent: An agent implemented on an autonomic nodewhichthat implements an autonomic function, either in part (in the case of a distributed function) or whole. Autonomic Node: A nodewhichthat employs exclusively autonomic functions. It requires (!) no configuration. (Note that configuration can be used to override an autonomic function. See Section 3.2 for more details.) An Autonomic Node may operate on any layer of the networking stack. Examples are routers, switches, personal computers, call managers, etc. Autonomic Network: A network containing exclusively autonomic nodes. It may contain one or several autonomic domains. 3. Design Goals This section explains thehigh levelhigh-level goals of Autonomic Networking, independent of any specific solutions. 3.1. Self-Management The original design goals of autonomic systems as described in [Kephart] also apply to Autonomic Networks. Theover-archingoverarching goal is self-management, which is comprised of severalself-*"self" properties. The most commonly cited are: o Self-configuration: Functions do not requireto be configured, neitherconfiguration, by either an administratornoror a management system. They configure themselves, based on self-knowledge, discovery, and Intent. Discovery is the default way for an autonomic function to receive the information it needs to operate. o Self-healing: Autonomic functions adapt on their own to changes in theenvironment,environment and heal problems automatically. oSelf-optimising:Self-optimizing: Autonomic functions automatically determine ways tooptimiseoptimize theirbehaviourbehavior against a set of well-defined goals. o Self-protection: Autonomic functions automatically secure themselves against potential attacks. Almost any network can be described as "self-managing", as long as the definition of "self" is large enough. For example, a well- definedSDNSoftware-Defined Networking (SDN) system, including the controller elements, can be describedover alloverall as "autonomic", if the controller provides an interface to the administratorwhichthat has the same properties as mentioned above (high level, network-wide,etc).etc.). For the work in the IETF andIRTFIRTF, we define the "self" properties on the node level. It is the design goal to make functions on network nodesself- managing,self-managing, in other words, minimally dependent on management systems or controllers, as well as human operators. Self- managing functions on a node might need to exchange information with other nodes in order to achieve this design goal. As mentioned in theIntroduction,introduction, closed-loop control is an important aspect of self-managing systems. This implies peer-to-peer dialogues between the parties that make up the closed loop. Such dialogues require two-way "discussion" or "negotiation" between each pair or groups of peers involved in the loop, so they cannot readily use typical top-down command-response protocols. Also, a discovery phase is unavoidable before such closed-loop control can take place.Multi-partyMultiparty protocols are also possible but can be significantly more complex. 3.2.Co-ExistenceCoexistence with Traditional Management For the foreseeable future, autonomic nodes and networks will be the exception; autonomicbehaviourbehavior will initially be defined function by function. Therefore,co-existencecoexistence with other network management paradigms has to be considered. Examples are management by command line, SNMP, SDN (with related APIs),NETCONF,the Network Configuration Protocol (NETCONF), etc. Conflict resolution between a) autonomic defaultbehaviourbehavior and Intenton one side,and b) other methodson the otheris therefore required. This is achieved throughprioritisation.prioritization. Generally, autonomic mechanisms define anetworknetwork- widebehaviour,behavior, whereas the alternative methods are typically on anode by nodenode-by-node basis.Node basedNode-based management concepts take a higher priority over autonomic methods. This is in line with current examples of autonomicfunctions,functions; forexample routing: Aexample, with routing, a (statically configured) route has priority over the routing algorithm. In short: o lowest priority: autonomic defaultbehaviourbehavior o medium priority: autonomic Intent o highest priority:node specificnode-specific network management concepts, such as command line, SNMP, SDN, NETCONF, etc. How these concepts areprioritised between themselvesprioritized is outside the scope of this document. The abovepriorisationprioritization essentially results in the actions of the human administrator always being able toover-ruleoverrule autonomicbehaviour.behavior. This is generally the expectation of network operatorstoday,today andremainstherefore remains a design principle here. In critical systems, such as atomic power plants, sometimes the opposite philosophy is used: The expectation is that awell definedwell-defined algorithm is more reliable than a human operator, especially in rare exception cases. Networking generally does not follow this philosophy yet.Warnings howeverHowever, warnings should be issued ifnode specificnode-specific overrides may conflict with autonomicbehaviour.behavior. In other fields, autonomic mechanisms disengage automatically if certain conditions occur: Theauto-pilotautopilot in a plane switches off if the plane is outside apre-definedpredefined envelope of flight parameters. The assumption is that the algorithms only work correctly if the input values are in expected ranges.SomeHowever, some opinionshoweversuggest that exactly in exceptional conditions is the worst moment to switch off autonomicbehaviour,behavior, since the pilots have no full understanding of the situation at thispoint,point and may be under high levels of stress. For thisreasonreason, we suggest here to NOT generally disable autonomic functions if they encounter unexpected conditions, because it is expected that this adds another level of unpredictability in networks, when the situation may already be hard to understand. 3.3.By DefaultSecure by Default All autonomic interactions should be secure bydefault secure.default. This requires that any member of an autonomic domain can assert its membership using a domain identity, forexampleexample, a certificate issued by a domain certification authority. This domain identity is used for nodes to learn about theirneighbouringneighboring nodes, to determine the boundaries of the domain, and to cryptographically secure interactions within the domain. Nodes from different domains can also mutually verify their identity and secure interactions as long as they have a mutually respected trust anchor. A strong, cryptographically verifiable domain identity is a fundamental cornerstone in Autonomic Networking. It can be leveraged to secure allcommunications,communications andallowsthus allows automatic security without traditional configuration, forexample pre-sharedexample, preshared keys. See also the document "Making The Internet Secure By Default" [Behringer] for more information. Autonomic functions must be able to adapt theirbehaviourbehavior depending on the domain of the node they are interacting with. 3.4.DecentralisationDecentralization and Distribution The goal of Autonomic Networking is tominimiseminimize dependencies on central elements; therefore,de-centralisationdecentralization and distribution are fundamental to the concept. If a problem can be solved in a distributed manner, it should not becentralised.centralized. In certaincasescases, it is today operationally preferable to keep a central repository of information, forexampleexample, a user database ona AAAan Authentication, Authorization, and Accounting (AAA) server. Anautonomic networkAutonomic Network should be able to use such central systems, in order to be deployable. It is possible to distribute such databases as well, and such efforts should be at least considered. Depending on the case, distribution may not be simplereplication,replication but may involve more complex interactions andorganisation.organization. 3.5. Simplification of Autonomic Node Northbound Interfaces Even in adecentraliseddecentralized solution, certain information flows with central entities are required. Examples arehigh levelhigh-level service definitions, as well as network status requests, audit information,logginglogging, and aggregated reporting. Therefore,alsonodes in anautonomic networkAutonomic Network require a northbound interface. However, the design goal is to maintain this interface as simple and high level as possible. 3.6. Abstraction An administrator or autonomic management system interacts with anautonomic networkAutonomic Network on a high level of abstraction. Intent is defined at a level of abstraction that is much higher than that of typical configuration parameters, for example, "optimize my network for energy efficiency". Intent must not be used to convey low-level commands or concepts, since those are on a different abstraction level. For example, the administrator should not be exposed to the version of the IP protocol running in the network. Also on the reporting and feedbacksideside, anautonomic networkAutonomic Network abstracts information and provides high-level messages such as "the link between node x and y is down" (possibly with an identifier for the specific link, in case of multiple links). 3.7. Autonomic Reporting Anautonomic network,Autonomic Network, while minimizing the need for user intervention, still needs to provide users with visibility like in traditional networks. However, in anautonomic network,Autonomic Network, reporting should happen on anetwork widenetwork-wide basis. Information about the network should be collected and aggregated by the networkitself,itself and presented in a consolidated fashion to the administrator. The layers of abstraction that are provided via Intent need to be supported for reporting functions as well, in order to give users an indication about the effectiveness of theirintent.Intent. For example, in order to assess how effective the network performs with regards to the Intent "optimize my network for energy efficiency", the network should provide aggregate information about the number of ports that were able to be shut down, and the corresponding energy savings, while validating current service levelsareare, onaggregateaggregate, still met. Autonomic network events should concern theautonomic networkAutonomic Network as a whole, not individual systems in isolation. For example, the same failure symptom should not be reported from every system that observes it, but only once for theautonomic networkAutonomic Network as a whole. Ultimately, theautonomic networkAutonomic Network should supportexception basedexception-based management, in which only events that truly require user attentionareactually cause the user to be notified. This requires capabilities that allow systems within the network to compare information and apply specific algorithms to determine what should be reported. 3.8. Common Autonomic Networking Infrastructure[I-D.irtf-nmrg-an-gap-analysis][RFC7576] points out that there are already a number of autonomic functions available today. However,thesethey are largely independent, and each has its own methods and protocols to communicate, discover,definedefine, and distribute policy, etc. The goal of the work on Autonomic Networking in the IETF is therefore not just to create autonomicfunctions,functions but to define a common infrastructure that autonomic functions can use. This Autonomic Networking Infrastructure may contain common control and management functions such as messaging, service discovery, negotiation, Intent distribution,self-monitoringself-monitoring, and diagnostics, etc. A common approach to define and manage Intent is also required. Refer to the reference model below: All the components around the"autonomic service agents""Autonomic Service Agents" should be common components, such that theautonomic service agentsAutonomic Service Agents do not have to replicate common tasks individually. 3.9. Independence of Function and Layer Autonomic functions may reside on any layer in the networking stack. For example,layerLayer 2 switching today is already relatively autonomic in many environments, since most switches can be plugged together in many ways and will automatically build a simplelayerLayer 2 topology. Routing functions run on a higher layer and can be autonomic onlayerLayer 3. Evenapplication layerapplication-layer functionality such as unified communications can be autonomic. "Autonomic" in the context of this framework is a property of a functionwhichthat is implemented on a node. Autonomic functions can be implemented on any node type, forexampleexample, a switch, router, server, or call manager. An Autonomic Network requires an overall control plane for autonomic nodes to communicate. As in general IP networking, IP is the spanning layer that binds all those elements together; autonomic functions in the context of this framework should therefore operate at the IP layer. This concernsneighbourneighbor discovery protocols and other functions in the Autonomic ControlPlane functions.Plane. 3.10. FullLife CycleLife-Cycle Support An autonomic function does not depend on external input to operate; it needs to understand its current situation andsurrounding,surroundings and operate according to its current state. Therefore, an autonomic function must understand the full life cycle of the device it runs on, fromfirstmanufacturing and initial testing through deployment, testing, troubleshooting,up toand decommissioning. The state of thelife-cyclelife cycle of an autonomic node is reflected in a state model. Thebehaviourbehavior of an autonomic function may be different for different deployment states. 4.NonNot among the Design Goals This section identifies various items that are explicitly not design goals in theIETF/IRTFIETF and IRTF forautonomic networks, whichAutonomic Networks; they are mentioned to avoid misunderstandings of the general intention. They address some commonly expressed concerns from network administrators and architects. 4.1. Eliminatehuman operatorsHuman Operators Section 3.1 states that "It is the design goal to make functions [...] minimally dependent on [...] human operators".ItHowever, it ishowevernot a design goal to completely eliminate them. The problem targeted by Autonomic Networking is the error-prone andhard to scalehard-to-scale model of individual configuration of network elements, traditionally by manual commands but today mainly by scripting and/or configuration management databases. This does not, however, imply the elimination of skilled human operators, who will still be needed for oversight, policy management, diagnosis, reaction tohelp deskhelp-desk tickets, etc. The main impact on administrators should be less tedious detailed work and more high-level work. (They should become more like doctors than hospital orderlies.) 4.2. Eliminateemergency fixesEmergency Fixes However good the autonomous mechanisms, sometimes there will be faultconditions etc.conditions, etc., that they cannot deal with correctly. Atthis pointthat point, skilled operator interventions will be needed to correct or work around the problem.HopefullyHopefully, this can be done by high-level mechanisms (adapting the policy database in someway) butway), but, in somecasescases, direct intervention at the device level may be unavoidable. This is obviously the case for hardware failures, even if theautonomic networkAutonomic Network has bypassed the fault for the time being.Truck rolls"Truck rolls" will not be eliminated when faulty equipment needs to be replaced. However, this may be less urgent if the autonomic system automatically reconfigures tominimiseminimize the operational impact. 4.3. Eliminatecentral controlCentral Control While it is a goal to simplify northbound interfaces (Section 3.5), it is not a goal to eliminate central control, but to allow it on a higher abstraction level. Senior management might fear loss of control of anautonomic network.Autonomic Network. Infactfact, this is no more likely than with a traditional network; the emphasis on automatically applying general policy and security rules might even provide more central control. 5. An Autonomic Reference Model An Autonomic Network consists of Autonomic Nodes. Those nodes communicate with each other through an Autonomic Control Planewhichthat provides a robust and secure communications overlay. The Autonomic Control Plane is self-organizing and autonomic itself. An Autonomic Node contains various elements, such as autonomic service agentswhichthat implement autonomic functions. Figure 1 shows a reference model of an autonomic node. The elements and their interaction are: o Autonomic ServiceAgents, whichAgents: They implement the autonomicbehaviourbehavior of a specific service or function. o Self-knowledge: An autonomic node knows its own properties and capabilities o Network Knowledge (Discovery): Anautonomic service agentAutonomic Service Agent may require various discovery functions in the network, such as service discovery. oIntent: Network wide high level policy. Autonomic Service Agents use an Intent interpretation engine to locally instantiate the global Intent. This may involve coordination with other Autonomic Nodes. o Feedback Loops: Control elements outsideFeedback Loops: Control elements outside the node may interact with autonomic nodes through feedback loops. o An Autonomic User Agent, providing a front-end to external users (administrators and management applications) through which they can receivereports,reports and monitor the Autonomic Network. o Autonomic Control Plane: Allows the node to communicate with other autonomic nodes. Autonomic functions such as Intent distribution, feedback loops, discovery mechanisms,etc,etc., use the Autonomic Control Plane. The Autonomic Control Plane can runinband,in-band, over a configured VPN, over a self-managing overlaynetwork,network as described in[I-D.behringer-autonomic-control-plane],[ACP], or over a traditionalout of bandout-of-band network. Security is a requirement for the Autonomic Control Plane, which can be bootstrapped by a mechanism as described in[I-D.pritikin-bootstrapping-keyinfrastructures].[BOOTSTRAP]. +------------------------------------------------------------+ | +------------+ | | | Feedback | | | | Loops | | | +------------+ | | ^ | | Autonomic User Agent | | V | | +-----------+ +------------+ +------------+ | | | Self- | | Autonomic | | Network | | | | knowledge |<------>| Service |<------>| Knowledge | | | | | | Agents | | (Discovery)| | | +-----------+ +------------+ +------------+ | | ^ ^ | | | | | | V V | |------------------------------------------------------------| | Autonomic Control Plane | |------------------------------------------------------------| | Standard Operating System Functions | +------------------------------------------------------------+ Figure 1: Reference Model for an Autonomic Node At the time of finalizing this document, this reference model is being worked out in more detail. See [Reference-Model] for more details. 6.IANA Considerations This draft does not request any IANA action. 7.Security Considerations This document provides definitions and design goals for Autonomic Networking. A full threat analysis will be required as part of the development of solutions, taking account of potential attacks from within the network as well as from outside.8. Acknowledgements Many parts of this work on Autonomic Networking are the result of a large team project at Cisco Systems. In alphabetical order: Ignas Bagdonas, Parag Bhide, Balaji7. Informative References [ACP] Behringer, M., Bjarnason, S., BL,Toerless Eckert, Yves Hertoghs, Bruno Klauser. We thank the following people for their input to this document: Dimitri Papadimitriou, Rene Struik, Kostas Pentikousis, Dave Oran,B., andDiego Lopez Garcia. The ETSI working group AFI (http://portal.etsi.org/afi) defines a similar framework for Autonomic Networking in the "GeneralT. Eckert, "An AutonomicNetwork Architecture" [GANA]. Many concepts explainedControl Plane", Work inthis document can be mapped to the GANA framework.Progress, draft-behringer-anima-autonomic-control-plane-02, March 2015. [Behringer] Behringer, M., Pritikin, M., and S. Bjarnason, "Making Themapping is outside the scope of this document. Special thanks to Ranganai Chaparadza for his commentsInternet Secure By Default", Work in Progress, draft-behringer-default-secure-00, January 2014. [BOOTSTRAP] Pritikin, M., Behringer, M., andhelp on this document. 9. Informative ReferencesS. Bjarnason, "Bootstrapping Key Infrastructures", Work in Progress, draft-pritikin-anima-bootstrapping-keyinfra-01, February 2015. [Dobson]Dobson et al.,Dobson, S., Denazis, S., Fernandez, A., Gaiti, D., Gelenbe, E., Massacci, F., Nixon, P., Saffre, F., Schmidt, N., and F. Zambonelli, "A survey of autonomic communications", ACM Transactions on Autonomous and Adaptive Systems(TAAS)(TAAS), Volume11, Issue 2, Pages223-259 ,223-259, DOI 10.1145/1186778.1186782, December 2006. [GANA]ETSI GS AFI 002, ,ETSI, "Autonomic network engineering for the self-managing Future Internet(AFI): GANA(AFI); Generic Autonomic Network Architecture (An Architectural Reference Model for Autonomic Networking, Cognitive Networking andSelf-Management.",Self- Management)", ETSI GS AFI 002, April 2013, <http://www.etsi.org/deliver/etsi_gs/ AFI/001_099/002/01.01.01_60/gs_afi002v010101p.pdf>.[I-D.behringer-autonomic-control-plane] Behringer, M., Bjarnason, S., BL, B., and T. Eckert, "An Autonomic Control Plane", draft-behringer-autonomic- control-plane-00 (work in progress), June 2014. [I-D.irtf-nmrg-an-gap-analysis] Jiang, S., Carpenter, B., and M. Behringer, "General Gap Analysis for Autonomic Networking", draft-irtf-nmrg-an- gap-analysis-04 (work in progress), March 2015. [I-D.pritikin-bootstrapping-keyinfrastructures] Pritikin, M., Behringer, M., and S. Bjarnason, "Bootstrapping Key Infrastructures", draft-pritikin- bootstrapping-keyinfrastructures-01 (work in progress), September 2014.[Kephart] Kephart, J. and D. Chess, "The Vision of Autonomic Computing", IEEEComputerComputer, vol. 36, no. 1, pp. 41-50, DOI 10.1109/MC.2003.1160055, January2003, <http://users.soe.ucsc.edu/~griss/agent- papers/ieee-autonomic.pdf>.2003. [Movahedi] Movahedi, Z., Ayari, M., Langar, R., and G. Pujolle, "A Survey of Autonomic Network Architectures and Evaluation Criteria", IEEE Communications Surveys &Tutorials Volume: 14 , Issue: 2 DOI:Tutorials, Volume 14, Issue 2, Pages 464-490, DOI 10.1109/SURV.2011.042711.00078,Page(s): 464 - 490,2012. [Reference-Model] Behringer, M., Ed., Carpenter, B., Eckert, T., Ciavaglia, L., and B. Liu, "A Reference Model for Autonomic Networking", Work in Progress, draft-behringer-anima- reference-model-02, June 2015. [RFC7576] Jiang, S., Carpenter, B., and M. Behringer, "General Gap Analysis for Autonomic Networking", RFC 7576, DOI 10.17487/RFC7576, June 2015, <http://www.rfc-editor.org/info/rfc7576>. [Samaan] Samaan, N. and A. Karmouch, "Towards Autonomic Network Management: an Analysis of Current and Future Research Directions", IEEE Communications Surveys andTutorials Volume: 11 , Issue: 3; DOI: 10.1109/SURV.2009.090303; Page(s): 22 - 36,Tutorials, Volume 11, Issue 3, Page(s) 22-36, DOI 10.1109/SURV.2009.090303, 2009. Acknowledgements Many parts of this work on Autonomic Networking are the result of a large team project at Cisco Systems. In alphabetical order: Ignas Bagdonas, Parag Bhide, Balaji BL, Toerless Eckert, Yves Hertoghs, Bruno Klauser. We thank the following people for their input to this document: Dimitri Papadimitriou, Rene Struik, Kostas Pentikousis, Dave Oran, and Diego Lopez Garcia. The ETSI working group AFI <http://portal.etsi.org/afi> defines a similar framework for Autonomic Networking in the "General Autonomic Network Architecture" [GANA]. Many concepts explained in this document can be mapped to the GANA framework. The mapping is outside the scope of this document. Special thanks to Ranganai Chaparadza for his comments and help on this document. Authors' Addresses Michael H. Behringer Cisco Systems Building D, 45 Allee des Ormes Mougins 06250 FranceEmail:EMail: mbehring@cisco.com Max Pritikin Cisco Systems 5330 Airport Blvd Boulder, CO 80301USA Email:United States EMail: pritikin@cisco.com Steinthor Bjarnason Cisco Systems Mail Stop LYS01/5 Philip Pedersens vei 1 LYSAKER, AKERSHUS 1366 NorwayEmail:EMail: sbjarnas@cisco.com Alexander Clemm Cisco Systems 170 West Tasman Drive SanJose , CaliforniaJose, CA 95134-1706USA Email:United States EMail: alex@cisco.com Brian Carpenter Department of Computer Science University of Auckland PB 92019 Auckland 1142 New ZealandEmail:EMail: brian.e.carpenter@gmail.com Sheng Jiang Huawei Technologies Co., Ltd Q14, Huawei Campus No.156 Beiqing Road Hai-Dian District, Beijing 100095P.R.ChinaEmail:EMail: jiangsheng@huawei.com Laurent Ciavaglia Alcatel Lucent Route de Villejust Nozay 91620 FranceEmail:EMail: laurent.ciavaglia@alcatel-lucent.com