1. Field of the Invention
The present invention relates to a method and apparatus for tracking dynamic addresses on a network.
2. Description of the Prior Art
The monitoring of computer network usage is very important in modem computer networks, as it allows the network manager to see how the network is performing, and what conversations are taking place in the network. This allows the network manager to perform traffic flow analysis, determine bandwidth requirements, enforce company policies and ensure that the security of the network has not been compromised.
A common technique is to monitor which network addresses are conversing with each other, using a standard such as RMON2 (Remote Network Monitoring version 2, as described in the IETF RFC2021, “Remote Network Monitoring Management Information Base Versions 2 using SMIv2”). This will enable the network manager to see, for example, which IP (Internet Protocol) addresses are in conversation with each other. However, there is a problem with monitoring conversations in this way.
A standard technique for assigning IP addresses to devices is to use an automated system known as DHCP (Dynamic Host Configuration Protocol, as described in the IETF RFC1531, “Dynamic Host configuration Protocol”). In simple terms, when a network uses DHCP, it is not necessary to assign a unique IP address for all times to each device on the network. Instead, one device on the network, known as the DHCP server, controls a pool of IP addresses. When a new device is connected to the network (including the effective “reconnection” that occurs when a device that has been switched off is turned back on again), it contacts the DHCP server, requesting an IP address. In response, the DHCP server allocates one of the unallocated IP addresses in its pool to that device, which the device then keeps until it is removed from the network (or switches off).
This technique has the advantage that it vastly reduces the overheads in configuring new network devices (allowing mobile devices such as laptops to be easily and quickly connected to a network). However, the use of DHCP also introduces the aforementioned network-monitoring problem.
As the IP addresses in the DHCP server's pool are only associated with a particular device for a particular length of time (i.e. until the device is removed from the network, either physically or switched off), one IP address can be associated with different physical devices at different times (we shall consider such an IP address as a dynamic address). Without further information, the network-monitoring system will not know what IP address belongs to which device at what time, and this reduces the value of the information gathered by the network-monitoring system (i.e. the network manager will know which IP addresses were conversing, but not which devices). For security reasons for example, it is desirable to know which physical devices were conversing.
One solution to this problem would be to contact the DHCP server (or servers, in a large network) directly, and request the latest device-to-IP address mappings from their tables. However, there is no current standard for performing this task.
The present invention provides a method to overcome or reduce this problem.