This invention relates generally to management of IP (Internet Protocol) data communications networks, and more particularly to systems for the automatic acquisition and recording of information about network hosts for use in network management operations.
On an IP network, network hosts (i.e. computer systems and devices) are normally identified by their IP addresses. However, it is often desired to obtain additional information about devices for network management purposes such as network monitoring or security operations. For instance, it is often desirable to obtain the hardware network address, i.e. the MAC (Media Access Control) address, of the host at a given IP address. This might be desired, for example, to allow isolation of a virus-infected host from the rest of the network. As another example, host security compliance information, as obtained by security scanning or checking tools, may be desired to control host access to a network. In general, access to various types of host-specific information may be useful or desirable for the spectrum of network management operations. Unfortunately, there is no convenient way of obtaining such information about hosts. Some types of host information might be captured in various system logs during operation of a network, but retrieving specific host information by analysis of such logs can be difficult or even impossible in practice. Some host information might be manually recorded by network administrators in a system repository, e.g. for network or system configuration details, but maintaining up-to-date information on all network hosts can involve considerable effort.
To compound the problem described above, IP addresses are often assigned dynamically in operation of IP networks. This can be done, for example, using DHCP (Dynamic Host Configuration Protocol). With this system, a DHCP server maintains a pool of IP addresses which can be allocated on request to devices joining a network. A dynamically-assigned IP address is effectively leased to a requesting host by the DHCP server. A host can renew the lease periodically to maintain its IP address allocation. Failure to renew the lease results in the IP address being returned to the pool for reallocation to another device. Dynamic DNS (Domain Name System) provides another mechanism for dealing with dynamic IP addresses. DNS is a well known and widely-used system, but it is useful at this point to give a brief explanation of the DNS system to assist understanding of the invention to be described.
DNS servers form a distributed database whose primary purpose is to map host names, in the form of fully-qualified domain names such as abc.domain.com, to IP addresses. The distributed system of DNS servers provides the mechanism for obtaining the IP address corresponding to a particular host name, for instance in a URL (Universal Resource Locator) typed into a web browser, thus allowing the application in question to communicate with that host, e.g. to retrieve a web page. Information is stored in DNS servers in records of various types which are defined by the DNS protocol. A DNS Address record specifies the IP address corresponding to a host name, but other types of DNS records may be associated with the name, and hence IP address, of a host. By way of example: multiple host names can be specified as aliases for a given IP address using Canonical Name (CNAME) records; a Host Information (HINFO) record can be set up to give operating system information for a host name; and arbitrary text can be associated with a host name in a Text (TXT) record. The DNS server(s) for a domain are typically maintained by the owner of that domain. In traditional networks with static IP addresses, all DNS record entries were made manually by network administrators, for example when devices were added to a network. With dynamic IP addresses managed by a DHCP server as described above, the DNS server contains a set of manually-entered DNS records, pointing to the corresponding addresses in the address pool of the DHCP server, for the range of IP addresses in question. As mentioned above, Dynamic DNS provides another mechanism for dealing with dynamic IP addresses. This protocol allows a host to notify the DNS server of its name and IP address whenever its IP address changes. The DNS server can then update the IP address in the DNS Address record for the host name accordingly.
Whatever the dynamic IP address mechanism, the effect is that a given host may not always have the same IP address, and a given IP address may be associated with multiple hosts over time. This is a major obstacle to obtaining reliable host information in IP networks where the primary host identifier is the IP address. Existing solutions rely on dynamic querying of individual devices when information is desired. As an illustrative scenario, a network administrator may wish to locate the host with a particular MAC address in a network. A host MAC address is not generally visible to network systems beyond the first switch or router to which the host is connected. The administrator therefore dynamically queries the routers and switches in the network, effectively asking each one “Have you seen this MAC address?” In general, the “dynamic query” approach to obtaining host information depends heavily on the brand of network devices being used and on the specific layout of the network. Furthermore, for tasks such as host-identification based on MAC address as just described, querying is needed for each device that needs to be identified, introducing additional delays and overhead when a large number of devices need to be identified.