CA2736956A1 - Network management system using management addresses - Google Patents

Network management system using management addresses Download PDF

Info

Publication number
CA2736956A1
CA2736956A1 CA 2736956 CA2736956A CA2736956A1 CA 2736956 A1 CA2736956 A1 CA 2736956A1 CA 2736956 CA2736956 CA 2736956 CA 2736956 A CA2736956 A CA 2736956A CA 2736956 A1 CA2736956 A1 CA 2736956A1
Authority
CA
Canada
Prior art keywords
management
network
address
private
entity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CA 2736956
Other languages
French (fr)
Other versions
CA2736956C (en
Inventor
Michael Redan
Eric Chiasson
John Petropoulos
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BCE Inc
Original Assignee
BCE Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BCE Inc filed Critical BCE Inc
Publication of CA2736956A1 publication Critical patent/CA2736956A1/en
Application granted granted Critical
Publication of CA2736956C publication Critical patent/CA2736956C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Systems and methods to manage network elements coupled to a private network are disclosed. The system may assign a management IP address to each network element, independent from the private IP address of the network element. The management IP address may be used to facilitate the exchange of network management communications between network elements and a central management system. Management IP addresses may not be physically assigned to network elements coupled to a private network yet still allow network elements to be uniquely referenced and exchange management communications with a central management system.

Description

Network Management System Using Management Addresses FIELD OF THE INVENTION

[0001] The present invention relates generally to systems and methods for managing network elements coupled to a network and more particularly to managing network elements coupled to a private network.

BACKGROUND OF THE INVENTION
[0002] Various devices attached to a private network may be managed or monitored to determine their availability, performance, etc. to optimize network performance and to take corrective action in the event of network failures or performance degradation. Similarly, various devices or network elements may be managed to ensure that installed software is current, for example, by querying the network elements and initiating the installation of software updates or patches. Management of a network may take place remotely, i.e. be undertaken by a network element at a different physical location from the network elements or network that is to be monitored or managed. For example, devices or network elements coupled to a private network may be managed from a remote location to centralize the management of various networks or to facilitate outsourcing of network management functions.
[0003] The remote management of elements connected to a private network can be more complex than the remote management of network elements (e.g.
individual computers, routers, etc.) connected directly to a public network. A
network element connected to a private network may be assigned a private IP
address locally within the private network and be accessible over the public Internet using network address translation (NAT) according to well known methods. In order to facilitate the management of a network element in many remote or centralized management schemes the private IP address of the element must be known outside the private network. This requires the management scheme to have some knowledge of the internal architecture of the private network and modifications that take place over time in order to effectively manage the elements connected to the private network.
[0004] Additionally, different private networks may assign the same private IP
addresses to network elements on each network. This is problematic and can lead to an inability to adequately manage a private network in a central management system that manages multiple private networks because each network element that is managed does not have a unique private IP address.
[0005] Various attempts to allow for more effective central (remote) management of multiple private networks that may have overlapping private IP
addresses have been attempted. For example, U.S. Patent No. 7,706,371 by Wing et al. issued April 27, 2010 discloses a tunnel identifier or VLAN tag that is used to differentiate between private networks so that the combination of a tunnel identifier or VLAN tag combined with a private IP address allows the remote management system to uniquely address a particular network element on a private network. However, these remote management schemes still require knowledge of the private IP address assigned to particular network elements, which is generally allocated by the private network and not by the remote management system, to manage the particular network elements. Consequently, the central management system requires knowledge of the architecture of the private network which complicates the management of the network, for example, when devices are added or subtracted from various private networks. Using a private IP address in combination with other measures to identify a network element on a private IP network may also raise security or privacy concerns on the private network.
[0006] The present invention aims to mitigate one or more of the problems in the prior art including those noted above.

SUMMARY OF THE INVENTION
[0007] In accordance with an aspect of the invention there is provided a system to facilitate the management of a plurality of network elements on a private network, each network element having a private IP address and a management IP address, the system comprising: a network management entity coupled to the private network, the network management entity operable to:
receive management communications from a central management system, the management communications being addressed to a network element using the management IP address to identify the network element; and send the management communications to the network element over the private network using the private IP address to identify the network element.
[0008] In accordance with another aspect of the invention there is provided a system to facilitate the management of a plurality of network elements on a private network, each network element having a private IP address, the system comprising: a network management entity coupled to the private network, the network management entity operable to, receive a block of management IP
addresses from a central management system; assign a management IP
address from the block of management IP addresses to each of the plurality of network elements, the management IP address being assigned independently from the private IP address; and store an association between the management IP address and private IP address for each of the plurality of network elements.
[0009] In accordance with a further aspect of the invention there is provided a system to manage a plurality of private networks, each private network comprising a plurality of coupled network elements each having a private IP
address, the system comprising: a central management system, the central management system operable to assign a unique block of management IP
addresses to each one of a plurality of network management entities; a plurality of network management entities, each network management entity being coupled to one of the private networks, each of the network management entities operable to: receive a block of management IP addresses from the central management system; assign a management IP address from the block of management IP addresses to each of the plurality of network elements, the management IP address being assigned independently from the private IP
address; and store an association between the management IP address and private IP address for each of the plurality of network elements.
[0010] In accordance with another aspect of the invention there is provided a system to facilitate the management of a plurality of network elements on a private network, each network element having a private IP address and a management IP address, the system comprising: a central management system operable to exchange management communications with a network management entity coupled to the private network using management IP
addresses to identify each of the plurality of network elements; the network management entity operable to: determine the private IP address of each of the plurality of network elements using the management IP address; and exchange management communications with each of the plurality of network elements using the private IP address to identify each of the plurality of network elements on the private network.
[0011] In accordance with yet another aspect of the invention there is provided a method to facilitate management of a plurality of network elements within a private network, each network element having a private IP address and a management IP address, the method comprising: exchanging management communications between a central management system and a network management entity coupled to the private network using the management IP
address to identify each of the plurality of network elements; establishing an association between the management IP address and the private IP address for each of the plurality of network elements; and exchanging management communications between the network management entity and the plurality of network elements using the private IP address to identify each of the plurality of network elements.
[0012] In accordance with an additional aspect of the invention there is provided a method to facilitate management of a plurality of network elements, each network element having a private IP address and a management IP
address, within a private network, the method comprising: receiving a management communication from a central management system using the management IP address to identify a network element; determining the private IP
address of the network element using the management IP address; and sending the management communication to the network element using the private IP
address to identify the network element.
[0013] In accordance with an additional aspect of the invention there is provided a method to facilitate management of a plurality of network elements within a private network, each network element being assigned a private IP
address, the method comprising: receiving a unique block of management IP
addresses from a central management system; assigning a management IP
address from the block of management IP addresses to each of the plurality of network elements within the private network, the management IP address being assigned independently from the private IP address of each of the network elements; and storing an association between the management IP address and private IP address for each of the plurality of network elements.
[0014] In accordance with a further aspect of the invention there is provided a network management entity comprising: a private network interface operable to communicate with a plurality of network elements within a private network, each network element having a private IP address and a management IP address; a public network interface operable to communicate with a central management system; a processing entity coupled to the private and public network interfaces;
a data structure accessible by the processing entity and operable to maintain an association between the private IP address and management IP address of each of the network elements; the processing entity operable to: receive a management communication that uses a management IP address to identify one of the network elements from the central management network via the public network interface; determine the private IP address of the network element using the data structure and the management IP address; and send a management communication to the network element via the private network interface using the private IP address to identify the network element.
[0015] Other aspects and features of the present invention will become apparent to those of ordinary skill in the art upon review of the following description of specific embodiments of the invention in conjunction with the accompanying figures.

BRIEF DESCRIPTION OF THE DRAWINGS
[0016] In the figures which illustrate by way of example only, embodiments of the present invention, [0017] FIG. 1 is an embodiment of a network management system;
[0018] FIG. 2 is a schematic diagram illustrating certain components of an embodiment of a network management entity;
[0019] FIG. 3 is a schematic diagram illustrating certain components of an embodiment of a central management system;
[0020] FIG. 4 is an embodiment of a central management system that is managing two private networks;
[0021] FIG. 5 is a packet structure used to exchange management communications according to one embodiment; and [0022] FIG. 6 is an alternative embodiment of a network management system.

DETAILED DESCRIPTION
[0023] Network Address Translation (NAT) may be used to allow network elements within a private network to connect to other network elements accessible over a public network, such as the Internet, according to known methods. The central or remote management of private networks is complicated due to the fact that, for example, each network element does not have a unique public IP address and may have a private IP address that is duplicated in other private networks. Overlapping private IP addresses may occur when a central management system manages multiple private networks with the result being that the private IP address of a network element may not necessarily uniquely identify the network element. In order to effectively manage a private network or a plurality of private networks a central management system needs to be able to uniquely identify each network element and be able to exchange management communications with each network element.
[0024] Figure 1 discloses an exemplary embodiment of a network management system that may be used to manage at least one private network, where the network elements within the private network may have private Internet Protocol (IP) addresses. Private network 10 may be comprised of network elements 12 and18 coupled to a network management entity 30, for example, using an IP network. A plurality of other network elements (not shown) may also be coupled within private network 10 and be managed in a similar fashion.
Moreover, there may also be other network elements (not shown) within private network 10 that are not managed by the network management system. A first network element 12 may have a private IP address 14 and a management IP
address 16. Similarly, a second network element 18 may have a private IP
address 20 and a management IP address 22. Management IP addresses 16 and 22 may be implemented such that they are virtual IP addresses in the sense that they are not physically assigned to network elements 12 and 18, as will be described below. Network elements 12 and 18 may be, for example, a firewall, a router, a computing apparatus, a networked telephone, or any other device that is addressable via a networking protocol such as IP or Ethernet. In certain embodiments, only certain devices, for example, firewalls and routers, may be managed by the network management system. Moreover, the present invention is not limited to devices using IP, and may be adapted to function with other networking schemes where network elements are referenced using a unique addressing system.
[0025] A network address translation (NAT) entity 70 may also be coupled to private network 10 and public network 60. A NAT entity may be, for example, a router or a proxy server that functions to translate private IP addresses 14 and 20 of network elements 12 and 18 into an address and port number that allows network elements 12 and 18 to communicate with other devices outside of private network 10 in a known manner. Data communications to network elements 12 and 18 pass through NAT entity 70, which may be configured and operated by a separate entity than the entity operating the central management system 100. For example, NAT entity 70 may be operated by the owner of private network 10 and central management system 100 may be operated by another entity, for example, a network management service provider.
[0026] Network management entity 30 may be coupled to a central management system 100 over a public network 60 (e.g. the public internet) using a tunnel 50 to create a virtual private network. Virtual private networks and tunnels are known in the art and are used to enhance security by encapsulating encrypted packets that are transmitted over the public network 60 to prevent other devices on public network 60 from becoming aware of the packet contents and the source and destination addresses of the network elements exchanging communications. A virtual private network may be implemented using, for example, the IPSec/NAT-T protocol or other suitable protocols depending on the particular application. Alternatively, network management entity 30 and central management system 100 may be connected over other types of networks.
[0027] Central management system 100 may also be configured to manage other private networks, such as private network 150, and a plurality of other private networks (not shown). Private network 150 may be configured in a similar manner to private network 10 such that it has a NAT entity and network management entity coupled to the private network.
[0028] Generally, private etwork 10 may be configured such that data communications are routed between network elements 12 and 18 and external network elements (not shown, e.g. web servers, network elements on other private networks) via NAT entity 70. Management communications may be routed between network elements 12 and 18 and external network elements (e.g.
central management system 100) via network management entity 30. In this manner, the control of management and data communications is separated and may provide greater flexibility in network operation and increase security.
[0029] Central management system 100 may exchange (send and receive) network management communications by exchanging packets with network elements 12 and 18 via tunnel 50. Network management entity 30 may act as a gateway to facilitate establishing a virtual private network between the central management system 100 and network elements 12 and 18 within private network in certain embodiments. Specifically, central management system 100 may exchange network management communications with network element 12 using management IP address 16 to identify and address network element 12.
Provided central management system 100 ensures that management IP address 16 is unique to network element 12, the central management system 100 and network management entity 30 may uniquely identify and exchange network management communications with network element 12 using management IP
address 16.
[0030] For example, central management system 100 may send a management communication to network element 12 using management IP
address 16 to identify network element 12. The management communication may be received by the network management entity 30, which may determine the private IP address 14 of network element by, for example, querying a data structure (e.g. MIP Table 40; described below) stored on network management entity 30. Network management entity 30 may then send the network management communication to network element 12 over the private network using the private IP address 14 to identify network element 12. Similarly, network management entity 30 may receive a network management communication from network element 12 using private IP address 14 to identify network element 12.
Network management entity 30 may then query a data structure to determine the management IP address 16 of network element 12. Network management entity 30 may then send the management communication to central management system 100 using management IP address 16 to identify network element 12.
More generally, communications between the central management system 100 and network management entity 30 may use management IP addresses to identify network elements and communications between the network management entity 30 and network elements coupled to private network 10 may use private IP addresses to identify the network elements.
[0031] In certain embodiments the association between the private IP
addresses and management IP addresses for each network element may be established by the network management entity 30 when management IP
addresses are assigned during configuration. Alternatively, the central management system may determine the association between private IP
addresses and management IP addresses for managed devices on a particular private network and provide this information to the network management entity associated with that private network.
[0032] Certain advantages may be realized by employing management IP
addresses to identify network elements from the perspective of the central management system 100 without physically assigning the management IP
addresses to network elements on private network 10. For example, by using "virtual" management IP addresses that are translated to private IP addresses by network management entity 30, the routing tables of the private network are not complicated by the addition of management IP addresses and the network elements themselves are unchanged. Additionally, the use of management IP
addresses allows central management system 100 to manage multiple private networks that may have overlapping private IP addresses because the central management system references network elements using management IP
addresses that may be assigned to ensure that they uniquely reference network elements. Further, the use of virtual management IP addresses rather than physically assigning management IP addresses to network elements on a private network mitigates against routing problems that could be created by overlapping management IP addresses and private IP addresses used on the private network.
[0033] To ensure that management IP address 16 is unique, central management system 100 may assign a unique block of management IP
addresses to private network 10 that may not be used by another private network, e.g. private network 150, being managed by central management system 100. A block as used herein may be a contiguous or non-contiguous group of addresses. It may be advantageous to use a contiguous block of management IP addresses to simplify the routing of network management communications between network management entity 30 and central management system 100 because this may permit routing tables to be simplified.
[0034] In certain embodiments, the block of management IP addresses assigned to a network management entity coupled to a particular private network or directly to a private network may contain enough addresses to minimize the likelihood that further management IP addresses will need to be assigned to the network management entity. This may occur in embodiments where only a small subset of network elements (e.g. firewalls, routers) on a private network are managed by central management system 100.
[0035] Alternatively, a series of contiguous blocks of management IP
addresses separated by other management IP addresses assigned to other networks may be allocated to network management entity 30 and private network 10. For example, private network 10 may be allocated a block of management IP
addresses from xxx.xxx.001 to xxx.xxx.1 00 at a first point in time.
Similarly, private network 150 may be allocated a block of management IP addresses from xxx.xxx.100 to xxx.xxx.200. Subsequently, if, for example, the management IP
addresses allocated to private network 10 have all been assigned to network elements, central management system 100 may allocate a second block of management IP addresses from xxx.xxx.201 to xxx.xxx.300 that may be assigned to network elements within private network 10. Other methods to ensure that a management IP address uniquely identifies a network element located on a private network may also be used depending on the particular implementation without departing from the scope of the invention.
[0036] Central management system 100 or network management entity 30 may assign management IP addresses to network elements independently of the private IP addresses of the network elements. For example, network management entity 30 may assign network element 12 a management IP
address 16 from the block of management IP addresses allocated to private network 10 independently of private IP address 14 of network element 12. In this manner, the private IP address 14 of network element 12 may not be known by the central management system 100, which may increase the security and privacy of the network management system because information relating to the private IP addresses of network elements on private network 10 is contained within the private network and network management entity 30. Network management entity 30 may assign management IP addresses to other network elements coupled to private network 10 in the same way.
[0037] The ability to manage network elements 12 and 18 on private network employing a network management entity 30 or central management system 100 using management IP addresses 16 and 22 may assist in resolving the problem of overlapping private IP addresses as described below. Using a unique management IP address to identify each network element on a private network allows different private networks to have overlapping private IP addresses without impacting the effective management of the private networks. For example, referring to Figure 4, network element 12 coupled to privat network and network element 152 coupled to private network 150 may each be assigned the same private IP address 14 and 154 respectively. However, network elements 12 and 152 may be assigned different management IP addresses 16 and 156 permitting network elements 12 and 152 to exchange network management communications with central management system 100 via network management entities 30 and 170 using said management IP addresses to uniquely identify network elements 12 and 152. This may simplify the management of private networks and provide increased flexibility to private network operators while still permitting remote management by a central management system 100 that is capable of managing a plurality of private networks. For example, without an effective system to uniquely address each network element on a private network, the private IP addresses on a particular private network may need to be reassigned in the event of a duplicate private IP
address being detected on another private network that is also managed by the same central management system.
[0038] Network management entity 30 may also be connected to a publicly switched telephone network (PSTN) 72 to provide a redundant connection to central management system 100. In the event that communications over public network 60 are disrupted, network management entity 30 and central management system 100 may exchange communications over PSTN 72. For further details of an exemplary method of enabling a redundant connection over a PSTN see, for example, U.S. Patent No. 7,124,183 by Pekary et al. issued October 17, 2006.
[0039] An embodiment of network management entity 30 is described in greater detail with reference to Figures 1 and 2. Network management entity 30 may have a public network interface 36 that may be coupled to a public network 60 to facilitate the exchange of communications over public network 60. Public network interface 36 may function as a gateway to allow a tunnel or virtual private network to be established over public network 60, or another type of network, in a known manner. Similarly, network management entity 30 may have a private network interface 32 to allow an exchange of communications with network elements within a private network 10. Network management entity 30 may also have a processing entity 42 to control the operation of the network management entity 30. For example, processing entity 42 may be a central processing unit or a plurality of processing units and associated memory suitable for use in a server. Network management entity 30 may also be configured to run on the CentOS operating system and be configured remotely using LCFG from central management system 100 in certain embodiments.
[0040] Network management entity 30 may also have a public IP address 41, a private IP address 39, and a management IP address 38 to allow network management entity 30 to be uniquely addressed. Central management system 100 may exchange management communications with network management entity 30 using management IP address 38 to, for example, initiate the installation of a software or configuration update to network management entity 30. A data structure, such as management IP address table 40, may also be used to identify the block of management IP addresses that have been assigned to network management entity 30. The management IP address table 40 may be used to ensure each network element within private network 10 is assigned a unique management IP address and to maintain an association between the private IP address and management IP address for each managed network element within private network 10. Management IP table may also be used to store additional information in certain embodiments. A data structure, such as management IP table 40, may be accessible by processing entity 42 and may be configured to return the associated private IP address of a network element when queried with a management IP address and vice versa. Management IP address table 40 may contain a number of blocks of management IP addresses assigned to network management entity 30 to be used within private network 10, which may be separated by blocks of management IP addresses that have been assigned to other private networks that are managed by the central management system 100. Alternatively, management IP address table 40 may contain a contiguous block of management IP addresses.
[0041] Network management entity 30 may function to monitor the various network elements that are coupled to a private network that is being managed.
For example, network management entity 30 may initiate certain management tasks, for example, monitoring the performance of managed devices, and provide summary reports periodically to central management system 100.
[0042] Network management entity 30 may also request that further management IP addresses be assigned to it from central management system 100 after the management IP addresses that were previously assigned to the network management entity have all been assigned to network elements within private network 10. Central management system 100 may in turn assign another block of management IP addresses to network management entity 30 that may be stored in management IP table 40. In this fashion, network management entity 30 may manage an increasing number of network elements within private network 10 without substantial reconfiguration of the overall network management scheme.
[0043] An embodiment of central management system 100 is described with reference to Figure 3. Central management system 100 may be implemented in a variety of different configurations. For example, central management system 100 may be a single server or multiple servers, firewalls, and other network elements that operate collectively as central management system 100 depending on the particular application. Central management system 100 may have a processing entity 102 to control the operation of the central management system 100. For example, processing entity 102 may be a central processing unit, or a plurality of processors, and associated memory suitable for use in a server.

Central management system 100 may also have a IP address 104 to uniquely identify central management system 100 and facilitate the exchange of communications with other network elements, for example, network management entity 30. A data structure, such as management IP table 106, may also be used to manage the assignment of management IP addresses. For example, management IP table 106 may be configured to identify the block or blocks of management IP addresses that have been assigned to various network management entities. Similarly, management IP address table 106 may also be used to identify management IP addresses that remain available to be assigned to various network management entities.
[0044] In certain alternative embodiments, management IP table 106 may also be used to maintain an association between the private IP addresses and management IP addresses for managed devices on a variety of private networks.
This information may then be pushed (sent) to the appropriate network management entities to allow communication between the central management system 100 and plurality of network management entities to facilitate the identification of network elements between the central management system 100 and network management entities using management IP addresses to identify network elements. Maintaining an association between private IP addresses and management IP addresses at central management system 100 may increase the reliability of the overall network management system as this may facilitate recovery of the network management system in the event of a failure of a particular network management entity. However, security and privacy may be increased by not maintaining a centralized data structure, such as management IP table 106 that maintains an association between private IP addresses and management IP addresses, at the central management system 100 as noted above.
[0045] A further alternative embodiment may maintain an association between the private IP address and management IP address for each managed network element at the central management system 100 or network management entity 30. However, instead of translating management IP addresses and private IP
addresses at the network management entity 30, an alternative packet structure (not shown) could be employed that includes both the management IP address and private IP address for a particular managed network element. Such a packet structure would still facilitate each managed network element to be uniquely referenced by its management IP address, however, it would also require knowledge of the private IP address, increase overhead, and may reduce flexibility.
[0046] A public network interface 110 may also be used to facilitate communication over public network 60. Public network interface 110 may facilitate communication over a tunnel 50 to create a virtual private network.
A
user interface 108 may also be provided to allow operators to configure and control the central management system 100. User interface 108 may also facilitate the generation of status reports to provide information about various private networks. Alternatively, user interface may be configured to allow remote access to summary reports to operators of a private network over a public network according to known methods.
[0047] An embodiment of a remote network management system where a central management system 100 is configured to manage multiple private networks is illustrated in Figure 4. Private network 10 may be configured in the manner previously described with reference to Figure 1. Private network 150 may be configured to be analogous to private network 10 or take on any number of different configurations. Private network 150 may be comprised of a network management entity 170 and NAT entity 172 that operate in the same manner as network management entity 30 and NAT entity 70. Network elements 152 and 158 may be coupled within private network 150 and each may have a private IP
address 154 and 160 and a management IP address 156 and 162. Network management entity 30 may exchange communications with central management system 100 over public network 60 using, for example, tunnel 180 to implement a virtual private network according to known methods. A redundant connection between network management entity 170 and central management system 100 may also be provided over PSTN 72 to facilitate communications in the event of a disruption of communications over public network 60.
[0048] Central management system 100 may assign a first block of management IP addresses to network management entity 30 and a second block of management IP address to network management entity 170. Management IP
table 106 may be used to store the management IP addresses assigned to a particular network management entity or private network.
[0049] Suppose central management system 100 wishes to exchange management communications with network element 12. Central management system 100 may query the MIP table 106, or use another method, to determine the public IP address of the network management entity that is associated with the private network that device 12 is coupled to. In this example, public IP
address 41 of network management entity 30 would be returned because network management entity 30 is associated with private network 10. A tunnel may then be established over public network 60, if not already established, to create a virtual private network to facilitate the secure exchange of management communications between central management system 100 and network element 12.

[0050] Central management system 100 may then construct a CMS packet 207 (see Figure 5) using the IP address 104 of the central management system 100 as the source address 206 and the management IP address 16 of network element 12 as the destination address 204. The payload 202 may be used to contain the actual management instruction or command to be acted upon by network element 12 upon receipt of CMS packet 207. Public network interface 110 may then construct a packet 200 that encapsulates CMS packet 207 to be transmitted over public network 60 via tunnel 50 that is established between network management entity 30 and central management system 100. To transport packet 200 over tunnel 50, public network interface 110 may add the public IP address 41 of network management entity 30 as the tunnel destination address 208 and the IP address 104 of the central management system 100 as the tunnel source 210 address. Packet 200 may then be transmitted over public network 60.
[0051] Upon receipt of packet 200, network management entity 30 may use the management IP address 16 to determine the private IP address 14 of network element 12, for example, by querying a data structure, such as, management IP table 40. Network management entity 30 may then modify CMS
packet 207 by inserting the private IP address 14 as the destination address and the private IP address 39 of the network management entity 30 as the source address 206 before sending the packet to network element 12 on the private network 10. The appropriate action may then be taken by network element 12 responsive to the network management communication contained in payload 202.
[0052] Similarly, network element 12 may send a packet to network management entity 30 using the private IP address 14 as the source address 206 and the private IP address 39 of the network management entity 30 as the destination address 204. Upon receipt of the packet, network management entity 30 may query the MIP table 40 to determine the management IP address 16 associated with network element 12 using the private IP address 14. Network management entity 30 may then: substitute the management IP address 16 in place of the private IP address 14 as the source address 206; and substitute the IP address 104 of the central management system 100 as the destination address before sending a packet received from network element 12 to the central management system 100. The packet may then be encapsulated and encrypted and sent by the network management entity 30 over tunnel 50 to central management system 100 to increase security, as described previously. In some embodiments of the invention, only certain types of packets (allowed packets) may be sent from network element 12 to central management system 100. For example, in certain embodiments, network elements may be limited to sending authentication information to central management system 100. Limiting the type of packets that may be sent by network elements to the central management system may increase the security of the central management system and other private networks managed by the central management system. The types of allowed packets may vary depending on the particular application without departing from the scope of the invention.
[0053] Referring to Figure 4, network management entity 30 may supervise the majority of network management activities for private network 10.
Advantageously, this reduces the amount of data traffic over the public network 60 and may also increase performance because network management entity 30 may store previous solutions to similar issues that are identified with private network 10 or particular network elements within private network 10. Network management entity 30 may interact directly with the various network elements coupled to private network 10 and then provide summary information to central management system 100 on a periodic basis or upon request from central management system 100. Network management entity 170 may supervise private network 150 in an analogous fashion.
[0054] An alternative embodiment is illustrated in Figure 6 with like elements having similar functionality as previously described with reference to Figures and 2. In this embodiment network management entity 230 may be coupled to NAT entity 270 as part of private network 200, such that network management entity 230 does not have a public IP address 41 as previously described but may still have a private IP address 39. Network management entity 230 may function in a similar manner as previously described to allow the management of network elements 212 and 218 using management IP addresses to uniquely identify network elements 212 and 218 from the perspective of the central management system 100. Network management entity 230 may determine the private IP
addresses of network elements 212 and 218 from the management IP addresses and vice versa. Management communications between network elements 212 and 218 and network management entity 230 may be exchanged using the private IP addresses of the devices for communications over private network 200. Similarly, a tunnel (not shown) could be established between central management system 100 and network management entity 230 or alternatively NAT entity 270 to provide secure communications over public network 60 by encapsulating and encrypting the packets that are sent over the tunnel. Other suitable modifications will be apparent to persons skilled in the art based upon the above description.
[0055] For example, a packet may be constructed to be sent over a tunnel (not shown) between central management system 100 and network management entity 230 by using IP address 104 of central management system 100 as the tunnel source 210 and the public IP address of NAT entity 270 and a port number, to represent the private IP address 39 of network management entity 230, as the tunnel destination 208. The source address 206 may be the IP
address 104 of central management system 100 and the destination address 204 may be the management IP address 216 assigned to network element 212. Upon receipt of the packet, network management entity 230 may determine the private IP address 214 of network element 212 and substitute this as the destination address 204 and substitute the private IP address 39 of network management entity 230 as the source address 206 before sending the packet to network element 212. Similarly, network element 212 may construct a packet using private IP address 214 as the source address 206 and private IP address 39 of network management entity 230 as the destination address 204. Upon receipt of the packet, network management entity 230 may determine the management IP
address 216 associated with private IP address 214 and substitute the management IP address as the source address 206. Network management entity may also substitute the IP address 104 of the central management system 100 as the destination address before encapsulating, encrypting, and sending the packet through the tunnel.
[0056] A network management entity may perform common network management functions for a private network. For example, network management entity may monitor the operation of the private network to attempt to identify and notify operators of problems as they arise to optimize network performance.
Additionally, network management entity may manage the maintenance of the network elements coupled to a private network, for example, by providing software updates and adjusting device configuration parameters. Exemplary protocols that may be used by a network management entity to perform management tasks include SyslogNG, SNMP, NAGIOS, Traceroute, etc.
[0057] When introducing elements of the present invention or the embodiments thereof, the articles "a," "an," "the," and "said" are intended to mean that there are one or more of the elements. The terms "comprising,"
"including,"
and "having" are intended to be inclusive and mean that there may be additional elements other than the listed elements.
[0058] Of course, the above described embodiments, are intended to be illustrative only and in no way limiting. The described embodiments of carrying out the invention, are susceptible to many modifications of form, arrangement of parts, details and order of operation. The invention, rather, is intended to encompass all such modification within its scope, as defined by the claims.

Claims (31)

1. A system to facilitate the management of a plurality of network elements on a private network, each network element having a private IP address and a management IP address, the system comprising:
- a network management entity coupled to the private network, the network management entity operable to: receive management communications from a central management system, the management communications being addressed to a network element using the management IP address to identify the network element; and send the management communications to the network element over the private network using the private IP address to identify the network element.
2. The system of claim 1, wherein the network management entity is also operable to: receive management communications from the network element using the private IP address to identify the network element; and send the management communications to the central management system using the management IP address to identify the network element.
3. The system of any one of claims 1 and 2, wherein management IP addresses are not physically assigned to each of the plurality of network elements on the private network.
4. The system of any one of claims 1 to 3, the private network further comprising a Network Address Translation (NAT) entity, wherein the network management entity is controlled by an entity providing management services for the private network and the NAT entity is controlled by a different entity.
5. The system of claim 4, wherein data communications to network elements are routed by the NAT entity and management communications are routed by the network management entity.
6. The system of any one of claims 1 to 5, wherein the network management entity and central management system are coupled to a public network and exchange communications over the public network.
7. The system of any one of claims 1 to 6, wherein the management IP
addresses assigned to the plurality of network elements are chosen from a block of management IP address s assigned to the network management entity.
8. The system of any one of claims 1 to 7, wherein the network management entity is also operable to: receive a block of management IP addresses from the central management system; assign a management IP address from the block of management IP addresses to each of the plurality of network elements, the management IP address being assigned independently from the private IP address; and store an association between the management IP
address and private IP address for each of the plurality of network elements.
9. A system to facilitate the management of a plurality of network elements on a private network, each network element having a private IP address, the system comprising:
- a network management entity coupled to the private network, the network management entity operable to: receive a block of management IP
addresses from a central management system; assign a management IP
address from the block of management IP addresses to each of the plurality of network elements, the management IP address being assigned independently from the private IP address; and store an association between the management IP address and private IP address for each of the plurality of network elements.
10. The system of claim 9, wherein the network management entity is also operable to facilitate the exchange of network management communications between the central management system and the network elements using the management IP addresses at least in part to identify the network elements.
11. The system of any one of claims 9 and 10, wherein the network management entity is also operable to: receive management communications from the central management system, the management communications being addressed to a network element using the management IP address to identify the network element; and send the management communications message to the network element over the private network using the private IP address to identify the network element.
12. The system of any one of claims 9 to 11, wherein the network management entity is also operable to: receive management communications from the network element using the private IP address to identify the network element;
and send the management communications to the central management system using the management IP address to identify the network element.
13. The system of any one of claims 9 to 12, wherein management IP addresses are not physically assigned to each of the plurality of network elements on the private network.
14. The system of any one of claims 9 to 13, the private network further comprising a Network Address Translation (NAT) entity, wherein the network management entity is controlled by an entity providing management services for the private network and the NAT entity is controlled by a different entity.
15. The system of claim 14, wherein data communications to network elements are routed by the NAT entity and management communications are routed by the network management entity.
16. The system of any one of claims 9 to 15, wherein the network management entity and central management system are coupled to a public network and exchange communications over the public network.
17. The system of any one of claims 9 to 16, wherein the block of management IP
addresses received by the network management entity is unique to the private network.
18. The system of any one of claims 9 to 17, wherein the block of management IP
addresses is a contiguous block of IP addresses.
19. A system to manage a plurality of private networks, each private network comprising a plurality of coupled network elements each having a private IP
address, the system comprising:

- a central management system, the central management system operable to assign a unique block of management IP addresses to each one of a plurality of network management entities;
- a plurality of network management entities, each network management entity being coupled to one of the private networks, each of the network management entities operable to: receive a block of management IP
addresses from the central management system; assign a management IP address from the block of management IP addresses to each of the plurality of network elements, the management IP address being assigned independently from the private IP address; and store an association between the management IP address and private IP address for each of the plurality of network elements.
20. The system of claim 19, wherein each network management entity is also operable to facilitate the exchange of network management communications between the central management system and the network elements that are coupled to the particular network management entity using the management IP addresses at least in part to identify the network elements.
21. The system of any one of claims 19 and 20, wherein each network management entity is also operable to: receive management communications from the central management system, the management communications being addressed to a network element that is coupled to the particular network management entity using the management IP address to identify the network element; and send the management communications to the network element over the private network using the private IP address to identify the network element.
22. The system of any one of claims 19 to 21, wherein each network management entity is also operable to: receive management communications from the network element using the private IP address to identify the network element; and send the management communications to the central management system using the management IP address to identify the network element.
23. A system to facilitate the management of a plurality of network elements on a private network, each network element having a private IP address and a management IP address, the system comprising:
- a central management system operable to exchange management communications with a network management entity coupled to the private network using management IP addresses to identify each of the plurality of network elements;
- the network management entity operable to: determine the private IP
address of each of the plurality of network elements using the management IP address; and exchange management communications with each of the plurality of network elements using the private IP address to identify each of the plurality of network elements on the private network.
24. The system of claim 23, wherein the network management entity is also operable to: determine the management IP address of each of the plurality of network elements using the private IP address; and exchange management communications with the central management system using the management IP address to identify each of the plurality of network elements on the private network.
25. A method to facilitate management of a plurality of network elements within a private network, each network element having a private IP address and a management IP address, the method comprising:
- exchanging management communications between a central management system and a network management entity coupled to the private network using the management IP address to identify each of the plurality of network elements;
- establishing an association between the management IP address and the private IP address for each of the plurality of network elements; and - exchanging management communications between the network management entity and the plurality of network elements using the private IP address to identify each of the plurality of network elements.
26. A method to facilitate management of a plurality of network elements, each network element having a private IP address and a management IP address, within a private network, the method comprising:

- receiving a management communication from a central management system using the management IP address to identify a network element;
- determining the private IP address of the network element using the management IP address; and - sending the management communication to the network element using the private IP address to identify the network element.
27. The method of claim 26, further comprising:
- receiving a management communication from the network element using the private IP address to identify the network element;
- determining the management IP address of the network element using the private IP address; and - sending the management communication to the central management system using the management IP address to identify the network element.
28. A method to facilitate management of a plurality of network elements within a private network, each network element being assigned a private IP address, the method comprising:
- receiving a unique block of management IP addresses from a central management system;
- assigning a management IP address from the block of management IP
addresses to each of the plurality of network elements within the private network, the management IP address being assigned independently from the private IP address of each of the network elements; and - storing an association between the management IP address and private IP address for each of the plurality of network elements.
29. The method of claim 28, further comprising:

- requesting a second block of management IP addresses from the central management system when all management IP addresses from the block of management IP addresses have been assigned to network elements;
- receiving the second block of management IP addresses from the central management system;
- assigning a management IP address from the second block of management IP addresses to each of the plurality of network elements not already having a management IP address, the management IP address being assigned independently from the private IP address of each of the network elements; and - storing an association between the management IP address and private IP address for each of the plurality of network elements.
30. A network management entity comprising:
- a private network interface operable to communicate with a plurality of network elements within a private network, each network element having a private IP address and a management IP address;
- a public network interface operable to communicate with a central management system;
- a processing entity coupled to the private and public network interfaces;
- a data structure accessible by the processing entity and operable to maintain an association between the private IP address and management IP address of each of the network elements;
- the processing entity operable to: receive a management communication that uses a management IP address to identify one of the network elements from the central management network via the public network interface; determine the private IP address of the network element using the data structure and the management IP address; and send a management communication to the network element via the private network interface using the private IP address to identify the network element.
31. The network management entity of claim 30, wherein the processing entity is further operable to:
- receive a management communication from one of the network elements using the private IP address to identify the network element; determine the management IP address of the network element by using the data structure and the private IP address; send the management communication to the central management system via the public network interface using the management IP address to identify the network element.
CA2736956A 2010-12-31 2011-04-11 Network management system using management addresses Expired - Fee Related CA2736956C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201061429038P 2010-12-31 2010-12-31
US61/429,038 2010-12-31

Publications (2)

Publication Number Publication Date
CA2736956A1 true CA2736956A1 (en) 2012-06-30
CA2736956C CA2736956C (en) 2016-08-09

Family

ID=46383919

Family Applications (1)

Application Number Title Priority Date Filing Date
CA2736956A Expired - Fee Related CA2736956C (en) 2010-12-31 2011-04-11 Network management system using management addresses

Country Status (1)

Country Link
CA (1) CA2736956C (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220166745A1 (en) * 2020-11-25 2022-05-26 Huawei Technologies Co., Ltd. Method Related to Sending Management IP Address and System

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220166745A1 (en) * 2020-11-25 2022-05-26 Huawei Technologies Co., Ltd. Method Related to Sending Management IP Address and System
US11552926B2 (en) * 2020-11-25 2023-01-10 Huawei Technologies Co., Ltd. Method related to sending management IP address and system

Also Published As

Publication number Publication date
CA2736956C (en) 2016-08-09

Similar Documents

Publication Publication Date Title
EP1342344B1 (en) Vpn device clustering using a network flow switch
US7519721B2 (en) Computer program products for security processing inbound communications in a cluster computing environment
US10148500B2 (en) User-configured on-demand virtual layer-2 network for Infrastructure-as-a-Service (IaaS) on a hybrid cloud network
EP2569902B1 (en) Interconnecting members of a virtual network
US8046452B2 (en) Inter-network address translator that is separately addressable from address alias assignment process
US9167612B2 (en) Minimal synchronized network operations
US7991914B2 (en) Technique for addressing a cluster of network servers
US8767737B2 (en) Data center network system and packet forwarding method thereof
US20060274741A1 (en) Managing devices across NAT boundaries
JP4231773B2 (en) VRRP technology that maintains the confidentiality of VR
US20160316024A1 (en) Passing data over virtual links
EP3701682B1 (en) Methods, controller manager and controller agent for enabling a connection between a switch of a communication network and a switch controller
US9967140B2 (en) Virtual links for network appliances
US20020133602A1 (en) Methods, systems and computer program products for security processing outbound communications in a cluster computing environment
CN116458132A (en) Method and system for providing time critical services by means of a process control environment
CN1319338C (en) Method for soluting IP address conflicts in network communication
WO2012171427A1 (en) Processing method and centralized processing system for client/server application
US10924397B2 (en) Multi-VRF and multi-service insertion on edge gateway virtual machines
CA2736956C (en) Network management system using management addresses
Raad et al. Achieving sub-second downtimes in internet-wide virtual machine live migrations in LISP networks
US10164937B2 (en) Method for processing raw IP packet and device thereof
US10374834B2 (en) Modular industrial automation appliance and method for transmitting messages via a backplane bus system of the modular industrial automation appliance
Jeong et al. Experience on the development of LISP-enabled services: An ISP perspective
US20210352004A1 (en) Multi-vrf and multi-service insertion on edge gateway virtual machines
KR102103484B1 (en) Method and system for providing intranet service by customer using virtual networking technology

Legal Events

Date Code Title Description
EEER Examination request
MKLA Lapsed

Effective date: 20210412