| Internet-Draft | Inter-Agent Conflict and Resolution | June 2026 |
| Janz, et al. | Expires 12 December 2026 | [Page] |
Network management is increasingly carried out by autonomous, AI-driven agents that observe and act on the network and service state they share. Where their scopes overlap - the same managed entities, resources, or objectives - their independent decisions can prove mutually inconsistent, and such inter-agent conflict is, at bottom, coordination that has not been put in place; the two are best studied together. This document maps the problem for network management: where inter-agent conflict comes from, which families of mechanism resolve it, and how those mechanisms are chosen and combined. It then turns that map on a case of current interest in the IETF - the AI-based Network Management Agent (NMA) architecture - and offers six recommendations for strengthening how that architecture handles inter-agent conflict at its Agent-to-Agent interface.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 12 December 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.¶
Software agents have spread across every layer of network management. They sit at the cross-domain service tier, within individual management domains, next to Software-Defined Networking (SDN) controllers, and inside the observe-analyse-decide-act loops that drive managed entities, and they take on assurance, optimisation, configuration, anomaly response, capacity, and lifecycle work. No two are alike: they differ in how much they reason, in how much they are permitted to change, in the objectives they serve, and in the resources they touch. What makes them a system rather than a collection is that their reach overlaps - in what they watch, what they control, and what they would alter - and it is in that overlap that conflict arises and coordination becomes necessary.¶
Conflict and coordination, in this setting, are two descriptions of one thing: a conflict left standing between agents is just a coordination gap that nothing in the architecture closes, so providing the coordination a system needs and heading off the conflicts it would otherwise meet are a single task. That task resolves into three questions - what coordination to install, at which point in the architecture, and how the added machinery should interlock with whatever is already running. Behind all of them lies one larger question: whether agents, growing in number, in capability, and in the scope they are licensed to act on, will go on coordinating at all.¶
This agent-against-agent dimension is, in the authors' view, the part most out of step with where the field is going. Most attention today falls elsewhere - on giving a single agent more capability, and on the one interface where an agent hands work to the authoritative system that carries it out. How agents get along with each other, across the inter-agent interfaces that autonomous-network architectures are only now defining, is comparatively neglected, and the neglect grows more costly as autonomy rises, because added independence multiplies the ways agents can work at cross purposes. This document takes up that neglected dimension for network management: where inter-agent conflict originates (Section 3), the mechanism families that address it (Section 4), and how those are chosen and combined (Section 5). A substantial further aim, developed in the second half, is to bring the framework to bear on the AI-based Network Management Agent (NMA) under development in the IETF (Section 6), ending with six concrete recommendations to that effort (Section 7).¶
The survey is deliberately not exhaustive on any one technique; the goal is a map. Two bodies of work recur as illustrations. ETSI's Industry Specification Group on Zero-touch network and Service Management (ZSM) has produced the most developed treatment of agent conflict and coordination of any standards body, and its Management Domain construct [ETSI-ZSM-002] furnishes the architectural unit the later discussion rests on. Lovén et al. [LOVEN2026] offer the sharpest current treatment of price-based coordination for agentic computing of the kind adjacent to network management. And a recent ETSI study on agents in autonomous networks [ETSI-ZSM-020] speaks directly to the case examined here, placing the network-management agent inside the Management Domain - the very position this document urges on the IETF work. This document does not update or obsolete any existing RFC.¶
None of this is new to telecommunications, and the framing here extends prior work rather than displacing it. Coordinating self-organising functions that contend over shared radio parameters has been standardised since 3GPP Release 10, and a broad research literature classifies the resulting conflicts and the protective, reactive, and proactive remedies for them [SON]; the same concern reappears today as the mitigation of clashes among the xApps and rApps hosted on the O-RAN near-real-time RIC [ORAN-RIC]. Resolving policy conflicts by precedence was studied in distributed-systems management long before [LUPU], and the question has resurfaced for AI-assisted control loops in early 6G work [PARSAEEFARD]. The contribution here is to draw these strands into one frame - separating conflicts visible on inspection from those that emerge only in joint fulfilment, using encapsulation to connect work in markets, control, and learning, and marking the single-epoch / repeated-operation divide as the place the hard problems concentrate.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
Network management hosts two structurally different kinds of agent, and which kind is in play determines where conflict can occur. An action-bearing agent alters network or service state; because each of its actions might clash with another agent's action, or with standing policy and configuration, its exposure is broad. An information-producing agent only senses, analyses, and reports, touching no managed entity directly, so it enters conflict only at one remove - through the action-bearing agents it informs. The upshot is that exposure to conflict is created by acting, not by reasoning, and the taxonomy that follows is anchored at the action layer. Disagreements over state - two agents holding incompatible pictures of the network - obey the same logic: they signify only insofar as they push agents toward divergent actions, and are otherwise the job of the state-synchronisation layer beneath the action layer. That layer, not the mechanisms catalogued here, is where the inconsistent-state case raised by the NMA draft [I-D.zhao-nmop-network-management-agent] belongs (see Section 6.1).¶
When action-bearing agents act independently, two or more can land on actions that cannot all be true together: inconsistent logically (contradictory demands on one target), structurally (not jointly executable on one entity at one time), consequentially (their downstream effects interfere), or compositionally (an action runs against a policy or configuration set outside the agent layer). The five types below organise these.¶
A further split runs through every one of the five and, for the choice of mechanism, tends to matter more than which type a conflict is: does it show itself when one inspects specifications, intents, and plans, or only when the system attempts to meet all the operative intents together? As the intent-driven closed-loop work notes [ETSI-ZSM-016], a conflict's reality and its severity frequently surface only while a joint fulfilment is being sought. The soft and impact-level kinds fall disproportionately on this emergent side; an effective intent - one thrown up by several explicit intents working together - can likewise appear only there, betrayed by its own non-fulfilment. The design consequence is sharp: the inspectable kind yields to pre-commitment checkers, whereas the emergent kind demands exploratory search before commitment plus assessment afterwards, so an architecture built only for the first is weakest exactly where it can least afford to be.¶
The catalogue below is ordered by how much central control each exerts, the most directive first and the lightest peer- and price-based schemes last; these are the options an agent-coordination architecture can draw on. None stands alone in practice, and how they combine is the subject of Section 5.¶
Whether the market family can be relied on turns on a structural property that is simple to state. Lovén et al. [LOVEN2026] identify the decisive factor as how entangled the dependencies among services are. Where those dependencies stay simple - broadly, tree-shaped, free of cross-cutting ties between stages of a service chain - a decentralised market provably matches what a fully-informed central planner would choose, and nobody profits by misstating what they value. Where they grow entangled, the guarantees collapse: prices may fail to settle, the optimal allocation becomes computationally hard, and no plain two-sided market can be efficient, fair, and self-financing all at once. The takeaway is that it is the shape of the composition, not algorithmic ingenuity, that decides whether a decentralised market holds up - and an awkward shape can frequently be domesticated by hiding the hard part behind a cleaner interface (Section 5.1). Because this work is a preprint still under review, its results warrant reliance only as far as the preprint itself proves them; and they are single-epoch, so the cross-epoch manipulation noted in Section 5 falls outside their reach.¶
Which families fit is largely fixed by the conflict type, and the place the decision is taken is fixed by where, relative to a Management Domain (MD), the relevant information sits - inside one domain's own machinery (intra-MD), across domains via the A2A interface or a cross-domain integrator (inter-MD), or at the end-to-end (E2E) service layer. Table 1 sets out both; in practice a deployment will draw on several of its rows, at several loci, at once.¶
| Conflict type | Well-suited families | Where decided |
|---|---|---|
| Hard contradictions | Imperative arbitration; refusal and re-negotiation; precedence | Intra-MD at earliest check; inter-MD via A2A across MDs |
| Soft - objective trade-offs | Utility reconciliation; negotiation; argumentation | Intra-MD; inter-MD via A2A; E2E for cross-service |
| Soft - resource contention | Markets; partitioning; priority queues; DCOP | Intra-MD resource layer; inter-MD at integrator |
| Action and ordering | Pre-execution detection; concurrency coordination; priority; DCOP | Intra-MD on owned entities; inter-MD via A2A on shared entities |
| Impact-level | Digital-twin exploration; merged analysis-and-decision; post-hoc impact assessment | Intra-MD NDT; cross-MD twin at E2E |
| Intent versus non-intent | Normative regulation; argumentation; lifting into intent; precedence | Intra-MD intent/policy layer; supra-MD governance |
A deeper recent finding is that some structural complexity simply resists any clean, fully distributed handling; the response is not to centralise everything, nor to decentralise harder, but to encapsulate - seal the hard sub-problem inside a boundary whose outward face is simple, run it centrally within, and let the world outside coordinate lightly. The move shows up in three literatures. Lovén et al.'s cross-domain integrators [LOVEN2026] take an entangled sub-composition and offer the market just one composite slice in its place - a slice that stays well-behaved outwardly only under stated conditions, something the integrator is built to secure rather than something it gets for free. The nested closed loops of ETSI GR ZSM 009-3 [ETSI-ZSM-009-3] make a set of interdependent loops look, from outside, like one loop. And cooperative MARL's centralised-training/decentralised-execution is the same trick expressed in rewards. The corollary: for some structural complexity there is no middle road - the realistic choice is encapsulation under central control, or breakdown.¶
In practice no architecture leans on a single family, and that fact deserves to be the stated default. Our suggested default is built from three legs. The first is a normative envelope - permissions, prohibitions, priorities, partitions, in today's agentic vocabulary a guardrail layer - that fences off the admissible actions, so anything unsafe, non-compliant, or beyond an agent's remit never reaches the table as a candidate; coordination, seen this way, is as much prevention as cure. The second is one or more decision mechanisms working inside that fence, chosen by conflict type per Table 1. The third tries candidates out on a digital twin ahead of committing, and stands a diagnostic leg behind that for whatever still slips through - in the near term, a fall back to a last-known-good configuration and a page to an operator. The legs back one another up: a decision mechanism without exploration is fragile against emergent conflict, exploration without a fence is unbounded, and a diagnostic leg pressed into front-line service is an expensive net (Figure 1). ETSI GS ZSM 016 [ETSI-ZSM-016] (partitioning, utility reconciliation, twin exploration), ETSI GR ZSM 019 [ETSI-ZSM-019] (governance overlay, pricing, negotiation), and Lovén et al. [LOVEN2026] (governance, slice market, integrator) each instantiate it; only the middle leg changes.¶
candidate actions from agents
|
v
+-------------------------------------------------+
| 1. Normative envelope (guardrail layer): |
| permissions, prohibitions, priorities, |
| partitions - bounds the admissible actions |
+-------------------------------------------------+
|
v
+-------------------------------------------------+
| 2. Decision mechanism(s), chosen by conflict |
| type: utility, market, negotiation, DCOP, |
| argumentation, or imperative arbitration |
+-------------------------------------------------+
|
v
+-------------------------------------------------+
| 3a. Exploratory leg (before commit): digital- |
| twin actuation; vet and rank candidates |
+-------------------------------------------------+
|
v committed action
+-------------------------------------------------+
| 3b. Diagnostic leg (after commit): impact |
| assessment; rollback + operator escalation |
+-------------------------------------------------+
Two further points round out the picture. First, a mechanism built on the premise that every conflict can be foreseen will fail precisely on the emergent ones that dominate live operation; the exploratory and diagnostic legs, then, are not optional trimmings but the parts that carry the usual case. Second, since the cost of coordinating is largely the cost of shipping information between agents, coordination should sit where that information already is: centralise locally within a domain or trust boundary, and use lighter machinery between boundaries. Hard questions stay open - designing mechanisms for the emergent case, keeping incentives sound once decisions repeat across epochs, conflicts among the composed mechanisms themselves, and re-composition as the agent population shifts. On the cross-epoch front there is progress: [LOVEN-TRILEMMA] shows that when agents persist and learn, single-epoch guarantees stop bounding behaviour and even the marketplace operator turns strategic, with a flat lesson - watching for cheating does not discourage it, and only structural remedies (binding commitment, administrative separation, competition among providers) take the incentive away. Treat single-epoch guarantees as though they extended to non-stop operation, and the problem has been mis-framed from the outset.¶
A single end-to-end scenario shows the map at work and leads into the agent-and-domain discussion of Section 6. Take a live ultra-reliable, low-latency slice whose capacity is being raised. Four closed-loop management functions act: one drives the slice modification; a transport-side function recomputes paths and queue weights, converging over seconds to minutes; a radio-side function retunes the slice's resource-block share within a fraction of a second; and admission control goes on admitting sessions, now to the larger quota. Individually all four are correct; the trouble is the spread of their timescales. Anticipating the change, the radio loop has already pared back a neighbouring donor slice's resource-block allotment; the transport loop's revised queue weights have not yet taken effect; and admission is already letting sessions in at the new, higher quota. Across the convergence window the donor slice drops below its latency target and its edge users come up short on throughput. Under the taxonomy of Section 3 the clash is impact-level, and it sits well toward the emergent end: inspected request by request nothing trips an alarm, because what collides is the timing interplay of three loops, not anything in a single specification.¶
The prescription follows from Table 1 and Section 5.2. A normative envelope - latency floors and resource-block ceilings, one set per slice - bounds the proposals any loop can make; a utility step, weighted by each slice's revenue and exposure to penalties, settles on one plan covering both the modification and the admissions; a digital-twin leg trials each candidate and drops the dangerous ones; and a diagnostic leg, falling back to a known-good configuration and paging an operator, mops up what the twin gets wrong. No one family does the whole job. And in NMA terms the place this conflict is settled - within one Management Domain or out across the Agent-to-Agent interface - depends on whether these functions live as co-located services or as separate agents in different domains, which is precisely the partitioning question the next section opens.¶
The framework above applies directly to a timely case. The IETF Network Management Operations (NMOP) working group is developing [I-D.zhao-nmop-network-management-agent], which defines an AI-based Network Management Agent for Level 4 (L4) autonomous-network operations: internally the four-stage observe-analyse-decide-act loop made AI-explicit (perception, reasoning, planning, and action modules with knowledge and memory), with an Agent-to-Agent (A2A) interface by which NMAs interact with one another and with non-AI components. Alongside the ZSM corpus the NMA overlaps the role of the ZSM closed loop; the vocabularies differ but the concerns are largely the same. The discussion here is constructive: the draft's direction is sound, and the aim is to deepen its treatment of agent coordination to match the autonomy ambitions of L4.¶
The draft's repeated invocation of "SDN controller" is best read, more durably, as standing in for the entity the NMA hands intent or policy to - the thing that holds authoritative network state, maps requests onto resources, and has its own pre-configured policies. In a forward-looking architecture that entity is a ZSM Management Domain (MD) [ETSI-ZSM-002]: a per-technology or per-administrative domain MD where the NMA acts at domain scope, or the E2ES MD where it acts on services spanning domains. The stand-alone SDN controller of the 2010s is either a legacy artifact within such an MD or a transitional shorthand for one. The substitution sharpens the analysis and propagates cleanly to alignment with the ZSM corpus, which already speaks the MD language; "MD" is used below where the draft would say "SDN controller".¶
The draft acknowledges two conflict types, both NMA-versus-MD cases under the reading above: configuration-and-policy conflicts (the NMA's intent-derived dynamic policy collides with the MD's pre-configured policy) and inconsistent network-state synchronisation (the NMA's internal model and the MD's authoritative view drift apart). Both are real. But the MD's side is not a passive component to be overridden; it is itself a composition of internal decision logic - closed loops, intent translation, resource management, policy enforcement - each a decision locus with its own conflict-handling responsibilities, so the NMA-versus-MD surface composes against the MD's whole apparatus.¶
More conspicuously, the NMA-versus-NMA case - two action-bearing agents conflicting at A2A - is essentially absent, even though A2A is defined precisely as the locus where multiple NMAs interact. An architecture that defines an inter-agent interface without defining how conflict there is detected and resolved has left the interesting work undone. Under L4 autonomy with multiple NMAs (per-tenant, per-service, per-region, or per-layer), every conflict type of Section 3 becomes available at A2A. L4 autonomy widens this surface rather than narrowing it: more independent decision authority means more candidate collisions and less scope for human intervention to catch what the architecture missed. A2A needs to be the locus where this surface is detected, characterised, and resolved - not merely an interface for state exchange - and it must compose with the conflict-handling the MD already performs per ETSI GS ZSM 009-1 [ETSI-ZSM-009-1], ETSI GR ZSM 011 [ETSI-ZSM-011], and ETSI GS ZSM 016 [ETSI-ZSM-016].¶
Every state-changing action is the output of a decide step somewhere, and in any real architecture that step is plural: an MD composes several internal decision loci, and an NMA contributes one or more inside or outside it. Handling conflict only at those decide loci is too narrow, though. The analyse stage of the loop can head it off earlier: an agent that already knows of other live intents, policies, or proposed plans will analyse differently - it may form a different plan, reassess an expected impact, or set aside a class of action that, considered on its own, looked best. What the analyse stage does not catch falls to three later modes: before any decide locus (pre-execution detection of inspection-detectable cases), jointly inside a decide locus (utility aggregation, market clearing, DCOP, or negotiation, where soft contradictions are usually resolved), and after all of them (post-hoc impact assessment and remediation per ETSI GS ZSM 009-1 [ETSI-ZSM-009-1]); earlier is cheaper. Some conflicts - notably resource contention - are visible only at the locus that sees the resource layer, typically inside the MD, so their surfacing there is by design, not a failure of the NMA-level decision. The architectural question is therefore not where "the" decide step lives but how authority is distributed across NMAs and MDs, what each locus can see, and how conflict feeds back between them.¶
Five models describe how an NMA can compose with an MD. Real deployments mix them, but the pure models clarify the choices, and Model C is the cleanest, most ZSM-aligned positioning - and the one ETSI's own study on agents in autonomous networks [ETSI-ZSM-020] has already adopted, placing the NMA inside the Management Domain.¶
Mechanism families map onto these models predictably. Imperative arbitration and normative regulation are native to the MD, where authoritative policy lives. Markets need peer entities with private valuations and a resource layer to clear against, so Model D is their home and the ETSI GR ZSM 019 [ETSI-ZSM-019] NaaS picture lives there. The intent-reconciliation families can live intra-MD (Model C) or across A2A (Models D and E), so their protocol semantics must support both; digital-twin exploration belongs at the highest scope at which the joint action can be simulated - a domain NDT, or a cross-MD twin at the E2E layer.¶
Six recommendations follow, constructive in intent: the draft's direction is right, and these deepen its agent-coordination dimension to match L4.¶
Inter-agent conflict handling introduces considerations beyond conventional model-driven management. Any decision that resolves a conflict by changing network or service state - an arbitration override, a market allocation, a negotiated concession, an action committed after digital-twin exploration - MUST be subject to authorisation appropriate to the agent's operational role and MUST be auditable after the fact. Where resolution depends on inputs exchanged between agents (utilities, preferences, priced offers, arguments, natural-language descriptions), an adversary able to influence those inputs could drive the outcome; implementations SHOULD attach provenance and confidence to such inputs and apply the trust and incentive mechanisms appropriate to the family in use, recognising that market incentive guarantees are per-epoch and do not preclude cross-epoch manipulation.¶
Conflict resolved only after the fact widens the window during which an incorrect or adversarially induced action affects the live network; implementations SHOULD prefer pre-commitment exploration where the latency budget allows. The A2A interface, as a new locus for exchanging intents, plans, and candidate actions, is itself an attack surface: it MUST provide authentication of the communicating agents, integrity and confidentiality of the exchange, and authorisation of the actions an exchange can trigger. Where resolution involves disclosing more granular information than usual, policy controls MUST govern what may be disclosed, to whom, and under what conditions. Finally, AI-driven agents inherit the general risks of large-language-model-based systems - prompt injection, hallucination, miscalibrated confidence - and implementations SHOULD apply the usual mitigations and require human review for resolutions whose consequences are operationally significant.¶
This document has no IANA actions.¶
Much of this thinking developed in tandem with the authors' ETSI ISG ZSM contributions on agent coordination. We thank colleagues there, along with the NMRG and NMOP communities, for many useful conversations on how agentic AI should figure in network operations.¶