Digital communications networks have continued to grow in importance as people have come to rely on the electronic exchange of information to support both business and personal pursuits. E-mail, the electronic transfer of files, and various other services are made possible by the use of digital communications networks.
The type of digital communications network employed often depends on the size of the network to be implemented, as well as the needs and capabilities of the party or parties implementing the network. Hardware cost and network management complexity are often a factor when choosing the type of network to be implemented.
Networks limited to a small geographical region, e.g., home or single office location, are frequently called local area networks (“LANs”). LANs are often privately-owned networks within a single building or small campus. LANS are widely used to connect personal computers and workstations at a single location, e.g., company office or residence, to one another and to shared resources such as printers and/or local centralized file storage.
One popular type of LAN, an IEEE 802.3 standard based LAN is popularly called Ethernet. Ethernet is a bus based broadcast network with decentralized control. When using Ethernet, data, e.g., messages, information and signals are transmitted in Ethernet using frames. Ethernet devices broadcast and receive frames over the shared bus over which the frames are broadcast. The format of an IEEE 802.3 frame 100 is shown in FIG. 1. Each frame 100 starts with a 7 byte preamble 102 containing a preset bit pattern. The preamble 102 is followed by a start of frame byte 104 which includes the bit pattern 10101011 used to denote the start of the frame. Next come two addresses, a destination address 106 and a source address 108. The high-order bit of the destination address is a 0 for ordinary addresses and 1 for group addresses. Group addresses, in contrast to individual device addresses, allow multiple stations, e.g., devices coupled to the Ethernet, to receive frames including a single group address. When a frame is sent to a group address, all the stations in the group receive it. Sending to a group of stations is called a multicast. The address consisting of all 1 bits is reserved for broadcast. A frame containing all 1s in the destination field, indicating a broadcast, is delivered to all stations on the network.
Six byte global Media Access Control (MAC) Ethernet device addresses are assigned by a central authority to ensure that no two stations on the same Layer 2 network, e.g., Ethernet LAN, have the same global address. Manufacturers of Ethernet devices, e.g., networking boards, request a block of addresses from the central authority to assure that no two Ethernet boards are assigned the same global MAC address. The boards then send and receive frames based on the 48-bit MAC address programmed into the board by the manufacturer. Because source MAC address information is inserted into Ethernet frames by the Ethernet boards, the source address 108 in an Ethernet frame is usually accurate and is difficult to fake.
Since Ethernet MAC address are unique at least on the same Layer 2 network and potentially globally, any device on a Layer 2 network can address any other device on the network by just using the right 48 bit MAC address assigned to the device being addressed.
MAC addresses are data link layer addresses. The data link layer corresponds to the second layer of the seven layer OSI (Open Systems Interconnection) Reference Model. As a result, Ethernet LANs and other LANS which use data link layer addresses are sometimes called Layer 2 networks.
In addition to the address information 106, 108 the Ethernet frame includes a length of data field 110, data field 112, padding field 114 and a checksum field 116. As will be discussed below, information intended to be transmitted over an IP based network may be included in the data field 112.
While Layer 2 networks are well suited for implementing LANs, e.g., at relatively small sites, it is often desirable to connect devices, e.g., computers located on different LANs. Layer 3 networks, which rely on network protocols, e.g. TCP/IP protocols, are often used for interconnecting Layer 2 networks. Layer 3 packets, e.g., IP packets, are often encapsulated in Layer 2 frames to extend the reach of the Layer 3 network to host devices on the Layer 2 network. This permits Layer 2 signaling and frames to be used for transmissions of data over the Ethernet while preserving Layer 3 addressing information for transmission over the Layer 3 network. The network resulting from interconnecting one or more Layer 2 and Layer 3 networks is often referred to as an internet.
The Internet is a well-known worldwide internet that is used to connect computers and other devices located at universities, governments offices, businesses and individuals together.
FIG. 2 is an extremely simplistic representation of the Internet 200. As illustrated, the Internet 200 includes a plurality, e.g., first and second, Layer 2 networks 201, 203, coupled together by a Layer 3 network 205. While only two Layer 2 networks, e.g., Ethernet LANs, are shown, many thousands of such networks may be part of the Internet. Edge routers, e.g., multi-protocol routers, capable of converting between Layer 2 and Layer 3 formats and addressing schemes, are often used to connect Layer 2 networks to Layer 3 networks. In FIG. 2, first edge router 216, connects the first Layer 2 network 201 to the Layer 3 network 205. Similarly the second edge router 218 connects the second Layer 2 network 203 to the Layer 3 network 205.
In the FIG. 2 example, two host devices 208, 210 are shown coupled to the first Ethernet bus 204, used to implement the Ethernet LAN 201, while third and fourth host devices 212, 214 are shown coupled to the second Ethernet bus 206 used to implement Ethernet LAN 203. While only two hosts are shown on each Ethernet LAN it is to be understood that a large number of hosts may be coupled to any one of the Layer 2 networks, corresponding to Ethernet busses 204, 206, at any given time.
Routers, serve as forwarding devices and, optionally, protocol conversion devices. In the FIG. 2 diagram, edge routers 216 and 218 have the capability of converting between Ethernet frames and IP packets, and vice versa, using one or more tables relating IP addresses to MAC addresses.
Routers 222, 224, 226 and 228 internal to the Layer 3 network form part of what is sometimes called the Internet backbone. Since these routers do not need to handle Ethernet frames, they do not include the protocol conversion functionality present in the edge routers 216, 218. Groups of routers 216, 218, 222, 224, 226, 228 managed by a single administrator is often called an Autonomous System (AS). The Internet includes several AS which are connected to each other. Each AS may include one or more DHCP (Dynamic Host Configuration Protocol) servers which are responsible for assigning IP addresses to host devices connected to the AS. In FIG. 2, a single DHCP server 220 is shown coupled to edge routers 216, 218.
Unlike LANs which use data link layer addresses, the Internet uses Layer 3 (Network layer) addresses, e.g., IP Addresses, for purposes of identifying source and destination devices and determining the appropriate route upon which packets should be transmitted. Source and destination IP addresses are included, along with data, in IP packets used to transmit information across the Internet. Every host and router on the Internet has an IP address which encodes its IP network number and host number. The combination is unique, no two machines have the same IP address.
Exemplary IP addresses are 32 bits long and are used in the Source address and Destination address fields of IP packets. FIG. 3 is a diagram 300 which illustrates the standard 32 bit format for IP addresses. Note that host addresses are divided into different classes (A, B, C) with different numbers of bits allocated to the network number and host portion number in each address class. From a management perspective, system administrators may divide the host number portion of a 32 bit IP address into a subnet portion 402 and a host portion 404 as illustrated in block 400 of FIG. 4. In such embodiments, within the network defined by the network portion of the IP address, a subnet mask is used at the routers within the network to distinguish between the host portion 404 and the rest of the 32 bit IP address and thereby allow for routing within the network based on the subnet portion of the address.
The demand for IP address continues to grow and, with fewer bits than are used for MAC addresses, there are considerably fewer IP addresses available for allocation. Given the demand for IP addresses and the limited supply, IP addresses are leased from a central authority responsible for overseeing their allocation. Internet service providers, may lease a large number, e.g., a block of IP addresses, which the provider then sub-leases to end users, e.g., host devices.
As a result of the lease (actually the sub-lease) process, end users obtain an IP address which is subject to lease restrictions including the right to use the IP address for a limited period of time. IP addresses leased for extended periods of time, e.g., a year or more, are often termed “static” IP addresses. Static IP addresses are used for applications such as Web site hosting where the Internet connection is likely to remain active and in use for extended periods of time. Users normally pay a premium for static IP addresses.
With regard to individual Internet users, IP addresses are more commonly leased to end users on a dynamic basis. Internet service providers frequently use a DHCP server to assign users IP addresses for a limited lease time when they seek to access the Internet, e.g., from a host device coupled to the Internet by way of a Layer 2 network. FIG. 2 illustrates a single DHCP server 220 coupled to the two edge routes 216, 218 to oversee IP address allocation. In practice, the Layer 3 network 202 may include multiple DHCP servers with each server being responsible for allocating IP addresses to users on a different network or subnet. The system administrator responsible for overseeing an AS determines the relationship between DHCP servers, sets of IP addresses allocated by each of the DHCP servers and the edge routes which connect users to the DHCP servers for IP address assignment.
Once an IP address is leased to a host, e.g., user, if the host remains active beyond the lease term, the lease may be extended or a new IP address assigned to the host from the available pool of IP addresses at the end of the first lease term.
When a user intends to stop using the IP address, the user's device, e.g., host device 208, normally signals to the DHCP server that assigned the IP address that the address is being released. This allows the address to be added to the pool of available addresses and reused. In the event that a release message is not received prior to the IP address lease timing out, and the DHCP server encounters a shortage of addresses in the pool of available addresses, the DHCP server may poll devices to which it allocated IP addresses to see if they are still active. Failure to receive a response may result in the DHCP adding the IP address assigned to the non-responding device back into the pool of available IP addresses.
Thus, unlike MAC address which are fixed for the life of a product by the manufacturer, the IP address assigned to a particular host device can change from moment to moment. Accordingly, in contrast to MAC addresses which are fixed for the life of a product by the manufacturer, there is no permanent fixed relationship between a physical device and the IP address assigned to the device.
Many contemplated IP applications could benefit from reliable information about the location and/or identity of a host device using an IP address. The dynamic allocation of IP addresses and re-use of IP addresses discussed above, greatly complicates attempts to accurately correlate specific devices and/or physical locations with an IP address.
The problem of associating IP addresses with physical locations is further complicated by the manner in which IP addresses are assigned and used. Blocks of IP addresses are assigned by the central authority to different network providers based on the size of their networks. Unlike zip codes or telephone number area codes, assignment of IP addresses is independent of geographic location. Accordingly, IP addresses do not inherently convey geographic location information as do, for example, zip codes used by the post office or the area code portion of a telephone number.
Reliable location information is also difficult to obtain in an IP network because IP based routing relies, in most cases, on the intelligence of the network to determine the routing path to a specified destination address. The host need not, and in most cases does not, know the physical location of the destination device to which it is sending packets or the route over which the transmitted packets will be conveyed. In addition, routers in an IP network usually only need to determine the next router in a path based on an IP address and therefore often do not include detailed topology information relating to large portions of an IP network. While shielding end devices and routers from having to make end to end routing decisions has many advantages, the lack of information about the physical devices corresponding to IP addresses poses problems in many contemplated IP based applications.
IP based services, those based on private internets and the larger Internet are continuing to grow in importance. IP and the Internet are beginning to be used for a wide range of applications such as music file sharing, news delivery, software distribution, etc. IP and Internet applications which are expected to grow in importance in the future include Internet telephony and video on demand services. In the case of Internet telephony voice signals are exchanged over the Internet through the use of packets including voice data.
As the use of IP addresses for a wide variety of services continues to grow, security becomes an ever-increasing issue, e.g., it is undesirable to assign IP addresses to a device based on fraudulent information. As can be appreciated, the assignment of IP addresses based on fraudulent information makes tracking an accountability difficult and has the potential of allowing an individual to steal services, e.g., Internet or other IP services in a manner that may not be traceable using existing systems.
One potential way of obtaining IP addresses assignments based on fraudulent information which has presented service providers with a problem will now be explained with reference to FIG. 16.
As discussed above, IP addresses are frequently assigned to devices on a dynamic basis. Devices requesting assignment of an IP address may be coupled to an IP network via an Ethernet or other LAN. An edge router serves to interconnect the LAN and IP based network. Assignment of IP addresses is performed by a DHCP server.
MAC addresses are used for addressing purposes in Layer 2 networks, e.g., Ethernet LANs, which communicate information using frames. In contrast, IP addresses are used for routing purposes in Layer 3 networks, e.g. IP networks, which communicate information using packets. MAC addresses are assigned by hardware manufactures and are programmed into communications devices at the time of manufacture. The manufacturer assigned MAC address is inserted by the device hardware into the header of each frame generated by the device. As a result, MAC addresses included in the headers of Ethernet frames tend to be reliable. The contents of the data portion of an Ethernet frame are determined by software which can be manipulated with relative ease. Accordingly, MAC addresses included in the data portion of frames are considerable less reliable then the MAC address in the frame header. The MAC address in the data portion of a frame is sometime faked by users seeking to hide their identity, e.g., when seeking an IP address.
In contrast to MAC addresses which are assigned by device manufacturers, IP addresses are frequently assigned to devices on a dynamic basis by DHCP servers.
Edge routers are used to couple Layer 2, e.g., Ethernet LANs, to Layer 3 networks, e.g., IP networks. In order to support routing between the two networks, the edge router normally includes two tables, e.g., a Layer 2 forwarding table and a Layer 3 to Layer 2 address resolution table. The Layer 2 forwarding table includes information associating router ports with Layer 2 (MAC) addresses. The address resolution table includes information associating IP addresses with MAC addresses.
The Layer 2 forwarding table is normally created from header information received in Ethernet frames. This is done by having the edge router store the MAC address obtained from an Ethernet frame in the Layer 2 forwarding table along with information identifying the port on which the frame including the header was received. Frames subsequently received by the edge router directed to the stored MAC address will be output via the port indicated in the Layer 2 forwarding table. Since the information in the Layer 2 forwarding table is obtained from Ethernet Frame headers it tends to be reliable.
As mentioned above, in order to communicate over an IP network, a device on an Ethernet LAN is required to first obtain an IP address. To obtain the IP address, the device sends an IP address request message to an edge router in an Ethernet frame. In response to the request, the edge router populates the Layer 2 forwarding table with the MAC information obtained from the frame's header. In addition, the edge router, normally acts as a proxy for the requesting device, and initiates a DHCP communications session between the DHCP server and the requesting device. FIG. 16 illustrates an exemplary Ethernet frame 1600 which includes a header 1612 which includes a MAC address 1602 and a payload also called a message body 1615. The payload 1615 includes data, e.g., includes an IP address request 1604 and a corresponding MAC address 1606. The data 1604, 1606 represents the body of the frame, at least the MAC address portion 1606 of which may be forwarded to a DHCP sever, e.g., by an edge router acting as a proxy for the requesting device. The MAC address 1602 in the header 1612 will normally not be forwarded to the DHCP server.
As part of the DHCP communications session, the requesting device transmits to the DHCP server a MAC address, e.g., MAC address 1606. The transmitted MAC address, included in the data field 1615 of an Ethernet frame may be faked. The DHCP server will assign an IP address based on the communicated, possibly fake, MAC address. It also stores the assigned IP address, associated MAC address and lease time information in a DHCP server database. The assigned IP address is communicated to the requesting device, along with lease time, e.g., duration (lease expiration), information by way of the edge router.
In existing systems, when an edge router receives an IP address which is not already in its address resolution table, e.g., due to the receipt of a previous message directed to the IP address, it will broadcast an ARP (address resolution protocol) message over the LAN asking for the device which owns the IP address to respond and identify itself. Normally, the device to which the IP address was assigned will respond to the ARP message with its true MAC address. The information from the ARP message response is used to populate the edge router's address resolution table. As a result of the use of ARP and a faked MAC address, the edge router's address resolution table may end up being inconsistent with the DHCP server's database.
In view of the above discussion, there is a need for methods and apparatus for monitoring improving security with regard to IP address assignments and Layer 2/Layer 3 routing tables in edge routes.
Beyond the issue of making sure IP address assignments are based on accurate MAC address information there are several other security/access control issues relating to the use of IP addresses which may be leased. These issues come up independent of the issue of possible IP address leases being based on inaccurate MAC address information.
There are a large number of applications, e.g., security related applications, where it would be useful if the physical location of a device using an IP address could be determined from its IP address in a reliable manner. However, the complexities of dynamic IP address assignment along with the complexities of determining the location of a device using an IP address have made it difficult to obtain reliable location information based on an IP address. There are still other applications which could be implemented if, in addition to device location information, a reliable device identifier such as a MAC address corresponding to a device using an IP address could be determined. Such device identification information when combined with location information could be used to provide services which require both device and location information, e.g., services such as locating stolen computer devices.
In view of the above discussion, it should be apparent that there is a need for a reliable way of determining physical location information corresponding to a device using an IP address which may have been dynamically assigned, e.g., assigned to the device for a limited time period. There is also a need for a wide range of security applications and methods assuming device location information can be determined in a reliable manner. There is also a need for various applications which require both reliable device identifier and location information.