In existing network environments, each device connected to the network (whether physical or virtual) must generally be configured by assigning identifying information to the device. Assigning identifying information such as an Internet protocol (IP) address, Media Access Control (MAC) address, etc. enables proper functioning of the device within the network environment. As such, addition of new devices to the network, and/or reconnection of existing devices (such as devices which were part of the network but reset to a prior or default configuration/settings and thus no longer properly connected to the network environment) requires the management of provisioning network resources to the newly added/reconnected device(s).
Typically, the identifying information may be manually assigned (e.g. by an administrator of the network environment). This presents a beginning of time problem for three distinct circumstances. First, when a new system is placed into the data center, it comes with a set of factory-assigned defaults which will prevent it from communicating until it has been configured with a direct connection. Second, when a system is reset to factory defaults in response to a corrupted configuration or as part of diagnosing a problem, settings are lost and must be re-established, again with a direct connection. Finally, when the part(s) that contain the network configuration data are replaced, manual configuration with a direct connection is required to re-establish network connectivity.
One conventional approach to address the foregoing problems with static address assignment is to use Dynamic Host Configuration Protocol (DHCP). However, skilled artisans in the field of network provisioning will appreciate that DHCP undesirably presents security vulnerabilities, which many data center administrators wish to avoid. Additionally, basic DHCP operation assigns addresses from a pool, thus requiring an administrator to consult the DHCP logs to determine which address was assigned to a specific server. To counter this problem, DHCP static assignment can assign a fixed IP address for a specific machine, but this requires the administrator to assign the address with the machine's media access control (MAC) address information, which may not be known at the time of provisioning. As such, the fixed IP approach within DHCP requires the administrator to discover and add the device MAC address to the DIRT static list. This is a cumbersome process which requires a priori knowledge regarding the device to be added and configuration of the network, each of which add undesirable burden to the overall process of network provisioning management.
Another conventional technique employed to address problems with static network provisioning such as described above utilizes Internet Protocol, Version 6 (IPv6) Link-Local Addressing (LLA). IPv6 LLA automatically provisions a unique address based upon the MAC address of the device to be added to the network environment. Additional addresses can be configured with a connection on the LLA A address. However, since LLA addresses are not mutable in IPv6 protocol rules, the network administrator must utilize a machine already connected to the local subnet of the system being configured in order to accomplish provisioning.
Another alternative approach for network provisioning utilizes a default addressing, scheme for hardware that is controlled from the network infrastructure. For example, an event may be raised when a new MAC address is detected on a switch port connection, triggering assignment of network configuration settings based upon data center allocations from the physical location of the switch port. This technique is typically used in cluster-based network environments where the hardware is substantially homogeneous, but is much more difficult to administer in other more general network environments such as data centers, where the connected hardware is heterogeneous and may thus have multiple MACs per switch port. As a result, the administrator typically must be closely engaged in the process of network provisioning in order to ensure the various heterogeneous hardware components are properly configured and provisioned for network connectivity.
Accordingly, in view of the limitations of existing techniques for managing network provisioning and particularly the security vulnerabilities and involvement of manual effort to accomplish network provisioning, it would be of great utility to provide systems, techniques, and computer program products enabling automatic provisioning of network configuration information in a secure manner, without requiring the use of a separate machine tied to a local subnet of the device to be provisioned within the network.