Computer networks that use the Internet Protocol (IP) are commonly referred to as “IP networks.” Within such IP networks, host systems and other devices are identified by numbers, known as IP Addresses. IP addresses provide a simple mechanism for identifying the source and destination address of messages sent within IP networks.
Managing a large Transmission Control Protocol/Internet Protocol (TCP/IP) network requires maintaining accurate and up-to-date IP address and domain name information. In the past, organizations responsible for such networks were required to manage IP addresses and domain names by manually modifying and configuring a number of databases. Static (i.e. unchanging) IP addresses were also manually configured into personal computers (PCs). This approach has created problems since the tasks were tedious and one incorrect digit in an IP address or incorrect character in a domain name could cause significant problems for users of the World Wide Web, network file systems, or electronic mail.
One protocol which has been developed to dynamically assign IP addresses within IP networks is DHCP. DHCP provides a framework to pass configuration information to hosts, also called DHCP clients, on a TCP/IP network. DHCP defines the mechanisms through which clients are assigned an IP address for a finite lease period, allowing for reassignment and reuse of a particular IP address to different clients in the future. DHCP also provides a mechanism for a client to gather all of the IP configuration parameters that it needs in order to operate within the TCP/IP network. FIG. 1 illustrates a network using DHCP. Hosts 10(a-N) (N is an integer) are connected to a customer premises equipment device 12 (CPE) such as a router, switch or bridge. The CPE is coupled to one or more address allocation devices 16(a-N). The address allocation devices 16(a-N) may be DHCP servers that allocate host addresses, such as IP addresses, to the hosts 10(a-N). CPE 12 may also include its own address allocation mechanism.
FIG. 2 shows the format of a typical DHCP packet 14. Since such DHCP packets 14 are well known to those of ordinary skill in the art, only the fields of interest will be discussed. Each DHCP packet 14 has a type, as further discussed below, which may be: “Discovery”, “Offer”, “Request”, or “Acknowledgement”. The type of DHCP packet 14 is encoded into the options field 18. The options field 18 may also be used for other purposes, such as the encoding of vendor specific information. The address allocation device 16 always uses its own address in the server identifier field 22, or siaddr, so that the packet will be returned to the address allocation device. The ciaddr field 24 is used to store the client identifier, typically the message authentication code (MAC) address. The giaddr field 26 is used to store a relay agent address, such as a server or any other relay agent sending or relaying the DHCP packet 14 to the host 10(a-N).
DHCP enables hosts 10(a-N) on an IP network to obtain their configurations from the address allocation device 16(a-N). This, in turn, reduces the work necessary to administer an IP network. As discussed above, there are four packet types in DHCP, as shown in FIG. 3 using host 10a and address allocation device 16a as an example. The first DHCP packet type is a Discovery packet, where a host 10a broadcasts a Discovery message over the Network in order to locate an address allocation device 16(a-N) and obtain a host address, such as an IP address. The host 10a may include in the Discovery packets a suggested host address and suggested lease duration. The second DHCP packet type is the Offer packet. The address allocation device 16a responds to the Discovery packet with a unicast offer message that includes an available host IP address and other configuration parameters. The host may receive more than one offer from multiple address allocation devices and may accept any one of the offers, however, a host 10a will usually accept the first offer it receives. The third packet type is the Request packet where the host 10a broadcasts a Request packet to formally accept the offered host address from the Offering device and implicitly tell other address allocation devices that it declines their offers. Finally, the last packet is the Acknowledgment packet where the selected address allocation device sends the host a unicast acknowledgment message acknowledging the Offer and including other necessary configuration parameters.
One disadvantage of DHCP is that the address allocation device does not give a network administrator much option to define, manage, or control host address allocation much less to implement host address allocation policies. The host 10(a-N) sends the data packet directly to the address allocation devices 16(a-N) and the address allocation devices 16(a-N) send the replies directly to the hosts. There are situations where network administrators may wish to constrain the allocation of host addresses to only authorized hosts and may want to authenticate the source and contents of the data packets, such as for security purposes. Moreover, a network administrator may want an accounting of the host activities such as logon and logoff times, whether the host's bills are paid and up-to-date, the number of incoming and outgoing data packets for each host, and other similar accounting information. Additionally, a network administrator may want to add additional services to make the network more efficient, such as virus detection. Thus, there exists a need for an efficient manner for a network administrator to define, manage and control host address assignment, host address allocation policies, and to authenticate and account for host addresses to provide for additional security and/or additional value added services.