Telecommunications networks typically include many network devices (i.e., routers, switches, hybrid switch/routers), and the network devices are generally managed/configured through a Network Management System (NMS). The NMS associates each network device with a set of attributes corresponding to the network device's capabilities and current configuration. A network manager may spend a significant amount of time establishing the set of attributes for a particular network device, and when the NMS connects to a particular network device, the NMS must have a mechanism for ensuring that it is definitively linking/synchronizing the correct set of attributes with the correct network device. If the NMS synchronizes a set of attributes with the wrong network device, network performance may be degraded, data may be lost or the network may crash.
Usually the NMS connects to a network device using an Internet Protocol (IP) address assigned to the network device. Some NMSs use the network device's assigned IP address as the mechanism for ensuring that the network device to which the NMS is connected is in fact the network device the NMS believes it to be. Unfortunately, the IP address assigned to a network device may change, for example, during a network re-configuration. If a network device's IP address is changed, the NMS would no longer be able to associate that network device with the correct set of attributes unless further steps are taken to associate the new IP address with the existing list of attributes. Moreover, the IP address previously assigned to the network device may be assigned to a different network device, and if the association at the NMS between the list of attributes and the IP address have not been changed, then the NMS would incorrectly associate the set of attributes for one network device with a different network device. This mis-configuration will lead to serious network errors and/or a network crash.
To improve the authentication process, some NMSs take both the IP address and another identifier into consideration. For example, some NMSs allow network managers to input a unique identifier for each network device. The NMS then associates the network device's set of attributes with both the IP address and the unique identifier. For typical transactions with the network device, the NMS uses only the IP address to connect with the network device and complete the transaction. Periodically, however, the NMS connects to the network device using the IP address, retrieves the unique identifier from the network device (e.g., from non-volatile memory or from software) and then compares the retrieved unique identifier to the stored unique identifier that the NMS associates with the IP address. If the unique identifiers match, then authentication is complete. If the identifiers do not match, then the network manager is notified. The identifiers may not match due to a legitimate network change, however, the network manager must go through a manual process of re-synchronizing the NMS association with the network device.
One concern with allowing users to input identifiers is uniqueness. A mechanism must be put in place to insure that similar identifiers are not used within the same network. In addition, if two or more networks are combined—for example, after the merger of two carrier companies—then again, the identifiers must be checked for uniqueness. If two or more identifiers are not unique, typically a manual process must be implemented for changing the identifiers of one or more of the network devices to again insure uniqueness.
Instead of using a user input identifier, an identifier tied to the network device itself may be used. For example, a Media Access Control (MAC) address may be used along with the IP address to definitively authenticate a network device. Many network devices include hardware (e.g., Ethernet access card) for connecting to a Local Area Network (LAN), and in general, MAC addresses are used to send data between devices connected to a LAN. A unique MAC address is assigned to each card having a LAN connection and is typically stored in non-volatile memory (e.g., PROM) on the card. Thus, the NMS may associate a network device's set of attributes with the assigned IP address as well as the MAC address of a LAN connection card within the network device, and periodically, the NMS may retrieve the MAC address from the card and compare it to the stored MAC address associated with the set of attributes and IP address.
Today, network devices often allow for hot swapping of cards, and if the card including the MAC address is replaced with a new card (e.g., an upgraded card), a new MAC address will be read by the NMS during the periodic poll, authentication will not complete successfully and the network manager will be notified. Moreover, for fault tolerance, many network devices have redundant network device cards. If the primary card fails and the redundant card takes over, a new MAC address will be read by the NMS during the periodic poll, authentication will not complete successfully and the network manager will again be notified. Thus, where a card has been replaced as part of a legitimate network device change or a redundant card has taken over as a primary, the new MAC address does not represent an error with respect to the replacement card. Regardless of whether the change in MAC address is due to an error or a planned for network change, the network manager is notified and forced to manually synchronize the NMS with the network device and the network device may not be configured/managed until such synchronization is complete. In addition, the card that was removed from the first network device may be swapped into a second device and the NMS may become out-of-synchronization with both network devices and, due to the MAC address, believe that the second network device is associated with the set of attributes actually belonging to the first network device. This can also crash the network.
As will be readily understood, an improved mechanism for allowing the NMS to definitively link each set of attributes with the appropriate network device in a network is needed.