The present invention relates generally to communication networks, and more specifically to a system and method for determining a Media Access Control (MAC) layer address responsive to an Internet Protocol (IP) layer address.
The complex maintenance, configurations and troubleshooting requirements of computer networks and communications systems are often the responsibility of a person known as a network manager. Various automated tools are available to assist network managers, and are referred to generally as network management systems. The guidelines which define the allocation of network resources and services are referred to as network management policies. Network management policies, for example, define how devices are to be configured, and/or which users or devices are authorized to use which network resources, and the relative priorities of various devices.
In existing systems, network management policies are sometimes applied on a per-address basis. Addresses used in packets transmitted over computer networks are often described with relation to layers of the International Standards Organization (ISO) Model for Open Systems Interconnection (OSI), sometimes called the OSI reference model. Two layers of the OSI reference model that are typically associated with address information are the data link and network layers. The data link layer is often considered to be divided into two sublayers: a logical link control (LLC) layer and a media access control (MAC) layer. MAC layer address information of a packet typically consists of a source MAC address and a destination MAC address. Source and destination MAC addresses are used within what is commonly referred to as the local "subnet". When a packet passes through multiple subnets between its source and destination, typically by way of internetworking devices such as routers, the packet is said to go through many "hops" along its route. Source and destination MAC addresses are generally carried over a single "hop" within the potentially multi-hop route to a packet's ultimate destination. MAC layer addresses are therefore an example of "single hop" or "point to point" address information. A MAC layer address is usually statically associated with an individual network interface of a device, for example as stored within a non-volatile memory of a network interface card.
Network layer addresses, in contrast, are carried from the packet's originating system all the way to the packet's ultimate destination, potentially over multiple subnets or "hops". For example, internetworking protocol (IP) packets include IP source and destination addresses that are preserved from the originating system all the way to the ultimate destination of the packet. Network layer addresses are therefore considered to be "end to end" addresses. During operation of existing systems, a given IP address is typically associated, either dynamically or statically, with a single network interface of a particular device.
In existing network management systems employing address-based network management policies, a request to use a given network service is granted or rejected based on the privileges or level of service associated with a source address contained in the request. With regard to using MAC addresses for this purpose, a problem arises due to the way routers process IP packets. Specifically, when a router forwards a packet from a host on one subnet to a host or a router on another subnet, the router overwrites the packet's original source MAC address with the MAC address of the router's egress interface. Thus, a MAC address of a given network interface is only visible in packets received on the subnet to which the network interface is directly attached, sometimes referred to as the "local subnet". If a server is not located on the same subnet as the clients to which it provides services, source MAC addresses in service requests cannot be guaranteed to be MAC addresses of the systems from which the requests originated. This makes it difficult for a server to determine the system which originated the request. Accordingly, a MAC address based network management policy is problematic in an enterprise network with many subnets.
At least one existing network management system has enabled a network manager to locate a device having a particular MAC address within the network, and to determine an IP address that is currently associated with that MA7 address. However, this system collects address data by periodically polling all network devices in the network. Address data collected by this system could, therefore, be as old as tie polling interval. Since this method for collecting data is relatively timely-consuming and bandwidth intensive, it is not feasible for such a system to obtain current address information in real-time. Accordingly, this type of existing system cannot be used to perform efficient and effective real-time trouble shooting of problems related to a particular user's network layer address.
Additionally, future versions of cable television set-top boxes and other home networking products may be IP based. It may also be desirable for service providers to be able to identify a particular customer by the MAC address of the customer's home networking device. For example, when a customer initiated a request for a "premium" service, the service provider would need to identify the MAC address of the requesting customer's network interface device, through the source IP address within the request, in order to bill the customer for the requested service.
Finally, existing address-based network policies in general do not permit allocation of resources on a per-user basis. This arises from the fact that multiple users may be associated with either a single MAC or IP address. For example, a shared system in a guest office or library may be used by different users at different times. Additionally, IP addresses are often dynamically allocated when a user logs into a network enabled system. For these reasons, a single statically allocated IP address may be associated with different users at different times, and different dynamically allocated IP addresses may be used by a single user for different sessions on a single system. Network management policies based on specific users have, therefore, been difficult to support.
For the reasons outlined above it would be desirable to have a system for identifying, given an IP address, a MAC layer address associated with a network interface of a remote system with which that IP address is also associated. The system should enable a network management system or network manager to identify the MAC address of a network interface that originated a service request message, based on a source IP address within the request. The system should be capable of operating at any location with respect to the originating system or device. In particular, the system should be capable of obtaining a MAC address of a network interface on a remote system, for which an IP address is known.