Complex Problems (Was: Re: Discipline of Internet Protocol Engineering)

John C Klensin john-ietf at jck.com
Wed Jul 2 10:01:00 CEST 2003 

Dave,

I've needed to let this set of messages season a bit in the hope 
of saying something coherent and not repeating myself too much.

I think one needs to distinguish between "adequate understanding 
of the problem" and "overly broad attempts at a solution".  For 
the latter, we are, I think, pretty much in agreement: attempts 
to engineer large, integrated, complex solutions have rarely 
been successful in the IETF (or, perhaps, anywhere else).  But, 
when we take a complex _problem_ and say "well, we understand 
the lower-right-corner of it, so let's 'solve' that" often leads 
us into a solution that doesn't integrate well with the other 
pieces when those come along.  That poor integration can 
constrain opportunities and solutions going forward or can force 
us toward incompatible changes, neither of which is good.

Clearly, it is important to find a balance, since the quest for 
comprehensive and perfect understanding of every problem would 
result in our never actually getting anything done (if one were 
cynical, one might make that observation about this WG as well 
as about the IETF's technical/engineering work).  But "this 
piece will work, so let's do it" needs, IMO, to be carefully 
balanced with "and _what_ problem is it solving?".  And we need 
to have clear explanations and a reasonable consensus about the 
latter.   I suggest that failure to take that step has gotten us 
into a lot of trouble in some areas in the past and that may be 
where my views and Keith's intersect.

With that distinction between problem analysis and solutions, 
let's look at some of your examples...

--On Thursday, 26 June, 2003 13:41 -0700 Dave Crocker 
<dhc at dcrocker.net> wrote:

>...
> Solving a big, complicated problem by trying to develop a
> single, coherent specification -- no matter how many
> documents; the point is about making all the bits of work
> proceed in lock-step -- is a well-known way to ensure failure.
> One only needs to look at OSI in general, and X.400 in
> particular. (And by way of anticipating one of the rat-holes,
> I'll note that X.400 achieved the rare success of having too
> much be integrated all at once, but still lack core bits of
> functionality.)

And I would suggest that the failure in X.400 was that they lost 
track of the problem analysis (which was actually pretty good, 
IMO, in the early stages of that work) in the process of trying 
to accommodate too many different views and "solution" ideas. 
They also left two or three important issues out of that problem 
analysis: a reasonable migration path from earlier systems 
(including, later on, a reasonable migration path from earlier 
versions of X.400) and general usability (aggravated by the fact 
that there were already deployed systems that were easier to 
use).  A possible additional important issue was that we already 
had deployed and successful experience with more or less peer to 
peer email systems, while the analysis that led to X.400 assumed 
a highly-structured "email provider" environment.  I imagine 
that the missing "core bits of functionality" to which you refer 
fall into one of those areas, but might be additional ones in 
which the problem analysis failed to be adequate (and tracked 
into the final results).

By contrast, regardless of the development method, X.400 turned 
out to be fairly modular and composed of separable pieces, as 
evidenced by the number of times people have successfully used 
some pieces of the system and not others.   It is arguably 
better in that regard than SMTP, which assumes --in its handling 
of Received fields if nothing else-- some semblance of 822 
header/body structure in the messages that are being transported.

> The usual logic for explaining this problem is that the
> complexity of juggling all the issues, across the entire
> service, simply buries the development effort. At best, it
> ensures that the work is produced much, much later, often
> after the market has found an alternate solution. (And that
> is, most certainly, what happened to OSI. I can elaborate on
> this is some detail, if anyone really challenges this point.)

No disagreement on this.   But it is possible to do modular 
development against a systems-level problem understanding.  The 
only additional requirement that introduces is that the 
little-piece development proposals must be examined against a 
"does this foul up anything else in the system" criterion.  And 
that is, IMO, one which we have too often managed to bypass.

> Breaking down a complex problem into smaller pieces that are
> individually useful does two things that are quite good:
>
> 1) It permits each piece of work to be useful, even if some
> other piece of work has a persistent problem;

Yes, as long as those individual pieces don't prevent each other 
from working, or overconstrain parts of the problem for which 
pieces are not yet developed.

> and 2) it
> permits turning the crank on the specification engine more
> quickly and more frequently. This means that we get
> operational experience more quickly and can then, quickly,
> refine the specifications to match actual field knowledge.
> With large, integrated efforts, the inter-dependencies mean
> that the whole of the work is not useful until the most
> problematic part is completed.

Again, up to a point.  I would have said "until the boundaries 
of the most problematic parts are understood sufficiently to be 
reasonably confident that they really are isolated".   To draw 
from another recent thread, a _solution_ to the problematic 
parts is not necessary, but some understanding of them and there 
implications often is.

> And it means that it is quite a
> few years before there is any feedback from the user
> community;. If there was a problem with the major design
> decisions that were made, they become essentially impossible
> to change, because things took so long to delivery.

I think one can argue that point into a "lose either way" 
situation, so it is important to strike an appropriate balance. 
>From the other perspective, one could claim that the "smaller 
pieces" approach --without adequate problem analysis-- can lead 
to quick and effective feedback from the user community about 
those specific pieces, but that their deployment may then make 
it essentially impossible to solve the more difficult problems 
by constraining possible solutions to them down to a null set. 
That is reasonable if the more difficult problems are also the 
less important ones, but there are no guarantees that is the 
case.  Sometimes, the most difficult problems are also the most 
important.

>...
> Is IP a failure?  Besides independent development of TCP and
> UDP, from the IP core, ICMP has been able to proceed
> independently, as has different address-mapping efforts and,
> for that matter, address interpretation efforts.

But IP, and the post-split TCP/IP, started from, I think, a 
fairly comprehensive understanding of what problems people were 
trying to solve.   Your example, along with the email 
transfer/content split, has more to do with effective 
modularization of the solution(s) than it does with a particular 
style of development.  Indeed, if one goes back and examines the 
history of the transfer/content split in email, a case can be 
made that, as with IP, the two started out fairly integrated and 
were split up after the advantages of that became clear.   To 
the extent to which that is true, neither one is a good example 
of _design_ or _development_ on a "small pieces" basis: rather, 
they are examples of redefinition of the problem and 
remodularization of the solution after the initial design and 
development were complete.

>...
> (One could go down a rathole about nonconformance, noting how
> badly we suffer from excessive variance in email system
> behavior, but I claim that is due to lack of enforcement,
> rather than due to any architectural issues. Given the wide
> range of support for HTML, and the like, this might be an
> applications-level issue. But it is not a big-vs-small design
> effort issue.)

Agreed.

> In fact, this highlights one of the other, surprising benefits
> of a divide-and-conquer approach, namely that it permits
> post-hoc additions that were not planned.  When the original
> philosophy is to do as little as possible to be useful,
> knowing that more bits of related work will be done, then it
> often is easier to do some of those bits many years later.

Again, I suggest that the advantages you are claiming here --and 
with which I agree-- are due to effective modularization, rather 
than a particular development approach (such as "divide and 
conquer").  And I believe we are more likely to get the 
modularization right if we have a moderately complete 
understanding of the problem --a systems analysis of properties, 
relationships, and interactions-- rather than if we start 
carving off pieces of the problem piecemeal on the assumption 
that we can always fit things back together later.

regards,
    john

More information about the Problem-statement mailing list