Increasingly, enterprises offer their users mobility and accessibility to the enterprise's network and applications from anywhere and at anytime. As a result, one of the biggest challenges in administering today's enterprise network is to provide visibility and maintain control of who is connected to the network, where they are located, and which applications they use.
The user and endpoint device information necessary for providing visibility and maintaining control, such as the user's physical location, the endpoint device's Internet Protocol (IP) and Media Access Control addresses, the Virtual Local Area Network (VLAN) to which the user/device belongs, and any related Quality of Service (QoS) information, can be difficult to obtain. Unless the information is captured when the user/endpoint device initially connects to the network, the information must generally be retrieved from the network itself, such as from the network connectivity devices, i.e., the switches, through which the user is connected to the network.
Most of the existing technology for obtaining the user and endpoint device information necessary for providing visibility and maintaining control of the network do not scale well. This is particularly true in large network deployments or in networks where the user/endpoint device connections and access to applications tend to be dynamic.
For example, some of the solutions available today use a “pull” model to obtain information about the endpoint devices and users connected to the network by intermittently polling the network connectivity devices, switch by switch, and interrogating the local forwarding databases (FDBs). As a practical matter, however, calling the devices, switch by switch, and extracting and sending the information back to a centralized repository, such as a network management system (NMS) database, may consume a significant amount of network bandwidth and time. The information is likely to be stale by the time it reaches the NMS. Moreover, not all of the desired information may be extracted from or even derived from information stored in the FDB.
Other solutions make use of the Link Layer Discovery Protocol (LLDP), in which LLDP-enabled devices advertise information about themselves over the Data Link layer that allows devices to learn higher layer management reachability and connection endpoint information from adjacent devices. But not all devices may be LLDP-enabled. Moreover, the LLDP information must still be extracted from the devices and centrally stored.
Still other solutions make use of proprietary discovery protocols to discover and store information in an enterprise extension of the Management Information Base (MIB) used with the Simple Network Management Protocol (SNMP). But not all devices in a network may work with the proprietary discovery protocols.