MonALISA Grid Monitoring
Agents System
Menu mode: dynamic | fixed
Last update on:
Dec 03, 2015

Uptime: 165 days, 18h, 38m
Number of requests: 3974882
since 28 October 2005

MonALISA Agents System

MonALISA uses specialized agents to perform global optimization and control tasks in order to help and improve the operation of large distributed and real-time applications. These agents communicate by messages using a fast, reliable, scalable and secure agents platform integrated with the MonALISA framework.

The MonALISA Agents System is modular. New agents that process the monitoring service gathered data and cooperate can be easily developed and loaded into the distributed system.

The TCP connections between monitoring services and all proxy services make it possible a reliable communication between agents.

Agents are hosted by the monitoring services and identifieded by their names. They communicate using the TCP connections between the proxy and the monitoring services. The MonALISA services create TCP connections with all the discovered proxy services and an agent message is sent on one of these connections. If the message was successfully written on the connection, than the message is considered to have been sent to one of the proxy service and forwarded by this proxy to the service that has loaded the destination agent. But if there was an error writing the message on the connection, than it is chosen the following connection to another proxy and the message is trying to be sent on this new selected connection. In this way, the agent communication is reliable, because of the TCP usage and because of the possibility of multiple paths to send the message.

When a proxy service receives an agent message, it verifies if it comes from the agent that pretends that is the sender of the message and, if it does, it forwards it to the monitoring service that holds the destination agent (if it is a message transmitted to another agent). If the connection between the proxy and the destination farm is down or there is an error writing the message on it, then the message is saved locally a period of time. If the timeout expires and the connection is still down, then the message is discarded and an error message is transmitted to the source agent to inform it about the transmission failure. There also are messages from the agent to a proxy service when the agent is querying for information about the existence of other agents in the whole destributed system.

There are three types of messages that can be sent on the MonALISA agents' platform:

  • Unicast agents message: message transmitted between two agents, an unicast message because it implies only one destination;
  • Broadcast agents message: message transmitted by an agent to all the agents from a group; it is a broadcast message because the message is forwarded by the proxy to all the known agents from a group;
  • Information messages: messages transmitted by an agent to a proxy service for querying information about other agents (number of agents from a group or the list of agents from a group or from the whole system).

Agents are classified in groups. The classification is maintained in the proxy service. An agent can register to a group by setting the group source field of an agent message to the desired group. When the message with the selected group seted in the group source arrives to the proxy, after the message verification, the agent is added to the specified group. If the group does not exist, then the group is created and the agent is added to it. This classification of agents is suitable for group communication. There are broadcast messages that are sent to all the agents registered in a specified group. If the broadcast message does not specify a group, than the message is sent to all the existing agents. Agents can be grouped by the application they are trying to resolve.

An agent can request from a proxy service the list of agents registered in a group or the list of all existing agents (in case the broadcast group is not specified), or the number of agents registered in a group or the number of all existing agents from the system (when the group is not specified) . In a direct message between two agents the following fields can be specified: the source address (@), source group (unspecified if the agent is still not in any group), the destination address (@) or a broadcast address if it's a group message, the destination group, if flag the message needs a confirmation response, and the effective message. For fast communication, the message needs to remain short.


Figure 1: MonALISA Agents Platform Communication

Several implementations of MonALISA features make use of the agents platform communication.

One of them is the monitoring and controlling of optical switches (CALIENT and GLIMERGLASS). Using simple shell commands, users can creat optical pathes for communication. On every machine having an optical network card runs a daemon that intercepts the user commands and sends it to a convenient agent. This agent communicates and cooperates with other agents for establishing optical pathes desired by the authorized user in real-time.

MonALISA distributed intrusion detection system makes use of the agents system. Intrusion data are collected by a MonALISA module from the Snort intrusion detection system. Snort is a signature detection system that analyzes the packets that are sent on the network. It detects different attacks and labels them with a priority number, also specifying the source ip addresses. These data are gathered in MonALISA database and analyzed by the agent which is capable of getting security decisions. When seeing an attack, the agent uses iptables tool to introduce a rule for discarding attacking packets and collaborates with the other intrusion detection agents from the distributed system and announces them to protect their machines from this attack. The rule is up for a timeout. After this allocated time, the rule is deleted from iptables. But if the same attack is detected from the same source, than the timeout increases and the other intrusion detection agents from the system are notified to increase their timeouts for the rule.

A distributed content-based search system can be created using the MonALISA Search Agent. These agents can communicate in a flexible way and can group, index and search files from distributed files repositories using specific clustering algorithms. Each agent controls the information content from one of the file repositories and finds remote files from the description received in the messages from the other agents. The user can send simple commands for searching files in the distributed system or can push files in the system using shell commands. These commands are analized by a daemon running on the user machine. This daemon finds the best agents (by the search agent published attributes) to introduce the command in the distributed system. The chosen agents cooperate with other search agents from the distributed system to perform the user command and returns the result to the user daemon.