WO2014191082A1 - Detection of an unknown host device in a communication network - Google Patents

Detection of an unknown host device in a communication network Download PDF

Info

Publication number
WO2014191082A1
WO2014191082A1 PCT/EP2014/001296 EP2014001296W WO2014191082A1 WO 2014191082 A1 WO2014191082 A1 WO 2014191082A1 EP 2014001296 W EP2014001296 W EP 2014001296W WO 2014191082 A1 WO2014191082 A1 WO 2014191082A1
Authority
WO
WIPO (PCT)
Prior art keywords
host device
host
network
address
layer
Prior art date
Application number
PCT/EP2014/001296
Other languages
French (fr)
Inventor
Sandeep Kumar
Original Assignee
Alcatel Lucent
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alcatel Lucent filed Critical Alcatel Lucent
Publication of WO2014191082A1 publication Critical patent/WO2014191082A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]

Definitions

  • the present subject matter relates to communication networks and, particularly but not exclusively, to detection of an unknown host device in a communication network.
  • a network switch may perform various functions, such as forwarding of packets to a specific port and learning of a media access control (MAC) address of host devices in a communication network.
  • a host device may be understood as a device with a unique internet protocol (IP) address connected to the communication network.
  • IP internet protocol
  • the network switch compares the MAC address of the host device with MAC addresses stored in a MAC address table. If the MAC address of the host device is not present in the MAC address table, the network switch may add the MAC address to the MAC address table with a port number through which the packet was received.
  • the network switch may compare the port number with an existing port number in the MAC address table. If the port number does not match with the existing port number, the network switch may update the port number in the MAC address table.
  • a network switch for detecting an unknown host device in a communication network.
  • the network switch comprises a processor and a receiving module coupled to the processor.
  • the receiving module receives a packet from a host device in the communication network. Further, the receiving module identifies at least one network parameter and a host IP address based on the packet.
  • the network switch further comprises a lookup module coupled to the processor to determine presence of the at least one network parameter in a layer 2 table and the host IP address in a layer 3 table. Further, the lookup module detects the host device as an unknown host device based on determining absence of at least one of the host IP address in the layer 3 table and the at least one network parameter in the layer 2 table.
  • a method for detecting an unknown host device in a communication network comprises receiving a packet from a host device in the communication network. Further, identifying at least one network parameter and a host IP address based on the packet. The method further comprises determining presence of the at least one network parameter in a layer 2 table and the host IP address in a layer 3 table. Further, detecting the host device as an unknown host device based on determining absence of at least one of the host IP address in the layer 3 table and the at least one network parameter in the layer 2 table.
  • a computer-readable medium having embodied thereon a computer program for executing a method of detecting an unknown host device in a communication network.
  • the method comprises receiving a packet from a host device in the communication network. Further, identifying at least one network parameter and a host IP address based on the packet.
  • the method further comprises determining presence of the at least one network parameter in a layer 2 table and the host IP address in a layer 3 table. Further, detecting the host device as an unknown host device based on determining absence of at least one of the host IP address in the layer 3 table and the at least one network parameter in the layer 2 table.
  • Figure 1 illustrates a network environment for detecting an unknown host device in a communication network, according to an embodiment of the present subject matter.
  • Figure 2 illustrates a method for detecting an unknown host device in a communication network, according to an embodiment of the present subject matter.
  • any block diagrams herein represent conceptual views of illustrative systems embodying the principles of the present subject matter.
  • any flow charts, flow diagrams, state transition diagrams, pseudo code, and the like represent various processes which may be substantially represented in computer readable medium and so executed by a computer or processor, whether or not such computer or processor is explicitly shown.
  • Systems and methods for detecting an unknown host device in a communication network are described.
  • the systems and the methods can be implemented in a variety of computing devices communicating through various networks.
  • the communication devices that can implement the described method(s) and systems include, but are not limited to, devices, such as a network switch, a network computer, and the like.
  • the communication networks in which the described method(s) can be implemented include, but are not limited to, any network using Internet Protocol (IP), Asynchronous Transfer Mode (ATM) networks, and the like.
  • IP Internet Protocol
  • ATM Asynchronous Transfer Mode
  • the communication network may comprise a plurality of host devices connected to multiple virtual local area networks (VLANs) through a network switch.
  • a host device may be learnt on a port of the network switch based on a packet received from the host device.
  • the network switch may capture the packet and compare various network parameters, such as a MAC address and a host internet protocol (IP) address of the host device, for learning the host device on the port of the network switch.
  • IP internet protocol
  • the network switch may further check for predefined classification rules for classifying the host device into a specific VLAN. In case none of the predefined classification rules match, the host device may be classified into a default VLAN.
  • the classification of the host device may be understood as providing an access of the VLAN to the host device.
  • the network switch For learning of the host device, the network switch generally relies on a layer
  • the layer 2 lookup is based on 3- tuples of network parameters: a MAC address of the host device, an ingress-VLAN, and an ingress-port of the host device.
  • the host device which is learnt on the network switch, may be referred to as a known host device.
  • the host device which is not learnt on the network switch or which is learnt on the network switch with an old host IP address, may be referred to as an unknown host device.
  • the host device Since the host device is being detected as the known host device or the unknown host device based on the MAC address and other network parameters, when the host IP address of the host device changes, the host device is still considered as the known host device and packets from the host device are never captured for learning. Thus, any change in the host IP address is not identified in the communication network and despite being an unknown host device, the host device is considered as a known host device in the communication network. Further, since the host device is already considered as the known host device, the network switch may not get an opportunity to learn the host device with a new host IP address.
  • the host device when the host device is a dynamic host configuration protocol (DHCP) client, the host device may not get an opportunity to get learnt on the network switch based on the host IP address.
  • DHCP client the host device connects to a software learning port of the network switch before getting a host IP address leased from a DHCP Server. Therefore, the host IP address obtained from the DHCP server may not be learnt on the network switch as the host device is already identified as the known host device based on the 3 tuples.
  • DHCP dynamic host configuration protocol
  • the host device may not get an opportunity to get learnt on the network switch based on static IP address.
  • the host device may be learnt on the basis of the 3 tuples.
  • the network administrator assigns the static IP address, for example 'a.b.c.d', the host device would not be detected as the unknown host device on the network switch and the packets received from the host device would never be trapped to the network switch for learning of the static IP address, i.e., the host IP address assigned to the host device.
  • change in the host IP address may not be learnt on the network switch, if the host device is already considered as the known host device. Once the host device is learnt on the network switch before getting the host IP address, the host device may not get a chance to undergo re-classification based on the predefined classification rules, even when the host device gets a new host IP address or the host IP address of the host device is changed. [0017] This may pose some issues in situations where a network administrator may want to provision learning of the host device on a port of the network switch based on the host IP address. For example, the network administrator may want to give specific network access, say, internet access to certain host devices by classifying the host devices into a VLAN configured for the internet access. Since, the first packet from the host device would never have the host IP address; it would never serve the purpose of an IP-based classification on the port of the network switch.
  • the MAC address of the host device is used for detecting the unknown host device and re-learning the host device on the network switch. Once the MAC address of the host device ages out, the host device may be re-learnt on the network switch. Following the aging out of the MAC address, any further packet received from the host device gets trapped to the network switch due to the layer 2 table lookup failure. Thereafter, the packet may be used to learn the host device correctly along with a current host IP address. However, till the MAC address ages out and gets correctly re-learnt using the current host IP address, the host device may continue to have incorrect network access. Moreover, if the MAC address never ages out, the host device may continue to have the incorrect network access forever.
  • systems and methods detecting an unknown host device in a communication network are described.
  • the systems and the methods can be implemented in a variety of processing and communicating devices capable of communicating with a network according to various different standards defined for the communication. Further, the systems and the methods described herein may be connected through either wired networks or wireless networks provided via different means.
  • a host IP address may be assigned to the host device.
  • the host IP address may be dynamically assigned by a DHCP server.
  • the host IP address may be statically assigned by a network administrator of the communication network.
  • the host devices learnt on the network switch with correct host IP address may be referred to as known host devices.
  • the host devices, which are not learnt on the network switch or which are learnt on the network switch with an older host IP address, may be referred to as unknown host devices.
  • the 4-tuples may include a MAC address, an ingress-VLAN, an ingress-port of the host device, and a host IP address.
  • the unknown host device may be detected based on two lookups, namely a layer 2 table lookup and a layer 3 table lookup.
  • At least one network parameters and the host IP address may be identified by analyzing the packet received.
  • the at least one parameter may include the MAC address, the ingress-VLAN, and the ingress-port of the host device.
  • the network switch may perform a layer 2 table lookup.
  • the network switch may ascertain presence of the network parameters in a layer 2 table.
  • the layer 2 lookup table generally stores previously learnt MAC addresses, ingress-VLANs, ingress-ports of the host devices. If the presence of the network parameters is not ascertained in the layer 2 table, the packet received from the host device may be captured for learning of the host device on the network switch.
  • the network switch executes a layer 3 table lookup.
  • the host IP address of the host device is ascertained in a layer 3 table.
  • the layer 3 table stores previously learnt host IP addresses corresponding to the host device previously learnt on the network switch. If the host IP address is present in the layer 3 table, the network switch may identify the host device as the known host device. If the host IP address is not present in the layer 3 table, the packet may be trapped in the network switch for learning the host device on the network switch. Therefore, all the unknown host devices are detected and learnt on the network switch in the communication network.
  • any change in the host IP address of the host device may be easily identified. This type of detection may be used in various operations in the communication network.
  • the network switch since the network switch is able to detect the unknown host devices and change in the host IP address of the host device, the host devices may be provided access to the VLAN(s) based on the host IP address.
  • IP host device in a communication network shall be implemented has been explained in details with respect to the Figure 1 and Figure 2. While aspects of described systems and methods for detecting an unknown host device in a communication network can be implemented in any number of different computing systems, transmission environments, and/or configurations, the embodiments are described in the context of the following exemplary system(s).
  • FIG. 1 illustrates a network environment 100 for detecting an unknown host device in a communication network.
  • the network environment 100 includes one or more VLANs 102-1, 102-2, and 102-N, hereinafter collectively referred to as VLANs 102 and individually referred to as VLAN 102, connected to a network 104, according to an embodiment of the present subject matter.
  • the network 104 can be implemented as one of the different types of networks, such as intranet, local area network (LAN), virtual LAN (VLAN), wide area network (WAN), and the internet.
  • the VLANs 102 and the network 104 are IP based networks.
  • the network 104 may either be a dedicated network or a shared network, which represents an association of the different types of networks that use a variety of protocols, for example, Hypertext Transfer Protocol (HTTP), Transmission Control Protocol/Internet Protocol (TCP/IP), User Datagram Protocol (UDP), and Wireless Application Protocol (WAP) to communicate with each other.
  • HTTP Hypertext Transfer Protocol
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • UDP User Datagram Protocol
  • WAP Wireless Application Protocol
  • the VLAN 102 and the network 104 may include a variety of network devices, including routers, network switches, bridges, servers, computing devices, and storage devices.
  • the network 104 may be a wireless network, or a combination of wired and wireless network.
  • the network 104 can be a collection of individual networks, interconnected with each other and functioning as a single large network (e.g., the internet or an intranet). Further, depending on the technology, the network 104 includes various network entities, such as gateways, routers; however, such details have been omitted for ease of understanding.
  • the VLANs 102 include one or more host devices. As shown in
  • the VLAN1 102-1 has a plurality of host devices 106-1, 106-2, 106-3, and 106- N, hereinafter collectively referred to as host devices 106 and individually referred to as the host device 106, according to an embodiment of the present subject matter.
  • host devices 106 individually referred to as the host device 106
  • other VLANs 102 may also have the one or more host devices 106.
  • the host devices 106 may be defined as devices, with a unique IP address, used by users to communicate with each other and to avail some services, for example, internet through the VLAN 102 and the network 104. Examples of the host devices 106 may include, without limitation, mobile phones, desktop computers, hand-held devices, laptops or other portable computers, network computers, and the like. Each of the host devices 106 work on a communication protocol as defined by the network to which the host device 106 is coupled.
  • the network environment 100 includes a network switch 108 coupled to the host devices 106 classified into various VLANs 102.
  • the network switch 108 is also coupled to a DHCP server 110.
  • the DHCP server 110 may assign a host IP address to each of the host device 106 for a predefined time, usually referred to a lease time, in the network environment 100. Once the lease time is over, the host IP address of the host device 106 may expire and the DHCP server 110 may assign a new host IP address to the host device 106.
  • the DHCP server 110 is depicted to be directly coupled to the network switch 108; in other examples, the DHCP server 110 may also be coupled to the network switch 108 through various networks.
  • the network switch 108 may capture the first packet for learning the host device 106.
  • the host device 106 which is learnt on the network switch 108, may be referred to as a known host device.
  • the host device 106 which is not learnt on the network switch 108 or which is learnt on the network switch 108 with an old host IP address, may be referred to as an unknown host device.
  • the network switch 108 includes one or more processor(s) 112, I/O interface(s) 1 14, and a memory 116 coupled to the processor 112.
  • the processor(s) 112 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions.
  • the processor(s) 112 are configured to fetch and execute computer-readable instructions stored in the memory 116.
  • processors may be provided through the use of dedicated hardware as well as hardware capable of executing software in association with appropriate software.
  • the functions may be provided by a single dedicated processor, by a single shared processor, or by a plurality of individual processors, some of which may be shared.
  • explicit use of the term "processor” should not be construed to refer exclusively to hardware capable of executing software, and may implicitly include, without limitation, network processor, application specific integrated circuit (ASIC), field programmable gate array (FPGA), read only memory (ROM) for storing software, random access memory (RAM), and non volatile storage.
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • ROM read only memory
  • RAM random access memory
  • non volatile storage Other hardware, conventional and/or custom, may also be included.
  • the I/O interface(s) 114 may include a variety of software and hardware interfaces, for example, interfaces for peripheral device(s), such as data input output devices, referred to as I/O devices, storage devices, network devices, etc.
  • the I/O device(s) may include Ethernet ports and their corresponding device drivers.
  • the I/O interface(s) 114 facilitate the communication of the network switch 108 with the one or more host devices 106 classified into the VLANs 102.
  • the memory 116 may include any non-transitory computer-readable medium known in the art including, for example, volatile memory, such as static random access memory (SRAM) and dynamic random access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes.
  • volatile memory such as static random access memory (SRAM) and dynamic random access memory (DRAM)
  • DRAM dynamic random access memory
  • non-volatile memory such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes.
  • the network switch 108 may also include various module(s) 118.
  • the module(s) 118 include routines, programs, objects, components, data structures, etc., which perform particular tasks or implement particular abstract data types.
  • the module(s) 118 may also be implemented as, signal processor(s), state machine(s), logic circuitries, and/or any other device or component that manipulate signals based on operational instructions.
  • the module(s) 1 18 can be implemented in hardware, instructions executed by a processing unit, or by a combination thereof.
  • the processing unit can comprise a computer, a processor, such as the processor 1 12, a state machine, a logic array or any other suitable devices capable of processing instructions.
  • the module(s) 118 may be machine-readable instructions (software) which, when executed by a processor/processing unit, perform any of the described functionalities.
  • the machine-readable instructions may be stored on an electronic memory device, hard disk, optical disk or other machine-readable storage medium or non-transitory medium.
  • the machine-readable instructions can be also be downloaded to the storage medium via a network connection.
  • the network switch 108 may further include data 120, which amongst other things, serves as a repository for storing data processed, received, associated, and generated by one or more of the module(s) 118.
  • the module(s) 118 further include a receiving module 122, a lookup module 124, a learning module 126, and other module(s) 128.
  • the other module(s) 128 may include programs or coded instructions that supplement applications and functions of the network switch 108.
  • the data 120 includes, for example, a layer 2 table 130, a layer 3 table 132, packet data 134, and other data 136.
  • the other data 136 includes data generated as a result of the execution of one or more modules in the other module(s) 128.
  • the receiving module 122 receives the packet from the host device 106 and identifies at least one network parameter and a host IP address of the host device 106 based on analysis of the packet.
  • the at least one network parameter may include, a MAC address, an ingress- VLAN, and an ingress-port of the host device 106.
  • the host IP address of the host device 106 may either be dynamically obtained from the DHCP server 110 or may be statically assigned by a network administrator.
  • the lookup module 124 may perform a layer 2 lookup and a layer 3 lookup.
  • the lookup module 124 may determine presence of the network parameters in a layer 2 table 130.
  • the layer 2 table 130 generally stores MAC addresses and port details of previously learnt host devices 106 on the network switch 108. If the presence of the network parameters is not determined in the layer 2 table lookup, the lookup module 124 may detect the host device 106 as the unknown host device. On the other hand, if the presence of the network parameter is determined in the layer 2 table 130, the lookup module 124 may determine the presence of the host IP address in the layer 3 table 132.
  • the lookup module 124 may detect the host device 106 as the known host device. In case, the host IP address corresponding to the host device 106 is not present in the layer 3 table 132 or the host IP address of host device 106 does not match with the host IP address in the layer 3 table 132, the lookup module 124 may detect the host device 106 as the unknown host device in the communication network. In other words, on determining absence of at least one of the host IP address in the layer 3 table 132 and the at least one network parameters in the layer 2 table 130, the host device 106 may be detected as the unknown host device in the communication network. Further, the host device 106 may be identified as the known host device on determining presence of the at least one network parameters in the layer 2 table 130 and the host IP address in the layer 3 table 132.
  • the learning module 126 may capture the packet for learning the unknown host device on the network switch 108. While learning the unknown host device, the network parameters and the host IP address may be updated in the layer 2 table 130 and the layer 3 table 132, respectively. Once the network parameters and the host IP address are updated, the unknown host device becomes the known host device in the communication network, as the unknown host device is learnt on the network switch 108 with updated host IP address. In one implementation, the learning module 126 may store the packet in the packet data 134 for analyzing to determine the network parameters and the host IP address. Thereafter, the learning module 126 may classify the host device 106 into a specific VLAN 102 based on predefined classification rules defined for the updated host IP address.
  • various operation may be performed which are based on the host IP address of the host device 106.
  • access to a VLAN such as the VLAN 102, may be performed based on the host IP addresses of the host devices 106 in the communication network.
  • the network administrator may define the predefined classification rules for classifying the host device 106 into the specific VLAN 102.
  • the network administrator may define a classification rule for classifying the host device 106 with the host IP address 'a.b.c.d' into a privileged VLAN, such as the VLAN 102-2. If the classification rule does not match for the host device 106, the host device 106 may classified into a default VLAN, such as the VLAN 102-1.
  • IP address '0.0.0.0' is sent to a port of the network switch 108. Thereafter, the lookup module 124 may perform the layer 2 table lookup. If the layer 2 table lookup fails, the learning module 126 may capture the packet for learning the host device 106 on the network switch 108. Subsequently, since the classification rule doesn't match, the learning module 126 may classify the host device 106 into the VLAN 102-1, which is the default VLAN.
  • the host device 106 may obtain the host IP address
  • the host device 106 should be classified into the privileged VLAN 102-2.
  • the layer 3 lookup may result in a failure and the packet may get captured by the learning module 126 for re-learning the host device 106 on the network switch 108.
  • the learning module 126 may classify the host device 106 into the privileged VLAN 102-2.
  • IPv4 internet protocol version 4
  • IPv6 internet protocol version 6
  • the host IP address 'FC80:0000:0000:0000:0302:B3BF:EF1E:4856' may be assigned to the host device 106 and the host device 106 may be provided access to the VLAN 102 based on the predefined classification rules defined for the host IP address, which is an IPv6 address.
  • the host devices 106 which are not learnt on the network switch 108 or which are learnt with an old host IP address are detected in the communication network.
  • the network switch 108 may re-learn the unknown host devices by trapping or capturing the packets received from each of the unknown host device.
  • any change in the host IP address of the host device 106 is timely detected and updated in the layer 3 table 132. Therefore, various operations which needs host IP address of the host device 106 may be performed in the communication network.
  • the present subject matter helps in providing an access to host devices 106 for accessing the VLAN 102 based on the predefined classification rules defined for the host IP address.
  • Figure 2 illustrates a method 200 for detecting an unknown IP host in a communication network, according to an embodiment of the present subject matter.
  • the order in which the method 200 is described is not intended to be construed as a limitation, and any number of the described method blocks can be combined in any order to implement the method 200, or any alternative methods. Additionally, individual blocks may be deleted from the method without departing from the spirit and scope of the subject matter described herein.
  • the method can be implemented in any suitable hardware, software, firmware, or combination thereof.
  • the method may be described in the general context of computer executable instructions.
  • computer executable instructions can include routines, programs, objects, components, data structures, procedures, modules, functions, etc., that perform particular functions or implement particular abstract data types.
  • the method may also be practiced in a distributed computing environment where functions are performed by remote processing devices that are linked through a communications network.
  • computer executable instructions may be located in both local and remote computer storage media, including memory storage devices.
  • program storage devices for example, digital data storage media, which are machine or computer readable and encode machine-executable or computer-executable programs of instructions, where said instructions perform some or all of the steps of the described method.
  • the program storage devices may be, for example, digital memories, magnetic storage media, such as a magnetic disks and magnetic tapes, hard drives, or optically readable digital data storage media.
  • a packet is received from the host device 106 in the communication network.
  • the receiving module 122 may receive the packet.
  • at least one network parameter and a host IP address may be identified based on the packet.
  • the receiving module 122 may analyze the packet received at the port of the network switch 108 to determine the at least one network parameter and the host IP address.
  • the at least one network parameter may include a MAC address, an ingress- VLAN, and an ingress-port of the host device 106.
  • the host IP address of the host device 106 may be provided by the DHCP server 110. In another example, the host IP address may be assigned to the host device 106 by a network administrator.
  • presence of the at least one network parameter is determined in the layer 2 table 130. If it is determined that the network parameters are present in the layer 2 table 130, the method 200 branches to block 208. On the other hand, if the network parameters are not present in the layer 2 table 130, the method 200 branches to block 212.
  • presence of the host IP address of the host device 106 is determined in the layer 3 table 132. If it is determined that the host IP address of the host device 106 is present in the layer 3 table 132, the method 200 branches to block 210. On the other hand, if the host IP address is not present in the layer 3 table 132, the method 200 branches to block 212.
  • the host device 106 is ascertained as a known host device in the communication network.
  • the network parameters and the host IP address are up to date in the layer 2 table 130 and the layer 3 table 132, respectively.
  • the host device 106 is detected as an unknown host device in the communication network.
  • the host IP address of the host device 106 or the network parameters are not learnt on the network switch 108 or an old host IP address is learnt on the network switch 108.
  • the packet is captured for learning of the unknown host device
  • the network administrator may classify the host devices 106 into VLANs 102 based on the host IP address.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Methods and systems for detecting an unknown host device in a communication network are described. In one implementation, a network switch (108) comprises a processor (112) and a receiving module (122) coupled to the processor (112). The receiving module (122) receives a packet from a host device (106) and identifies at least one network parameter and a host IP address based on the packet. The network switch (108) further comprises a lookup module (124) to determine presence of the at least one network parameter in a layer 2 table (130) and the host IP address in a layer 3 table (132). Further, the lookup module (124) detects the host device (106) as an unknown host device based on determining absence of at least one of the host IP address in the layer 3 table (132) and the at least one network parameter in the layer 2 table (130).

Description

DETECTION OF AN UNKNOWN HOST DEVICE IN A COMMUNICATION NETWORK
FIELD OF INVENTION
[0001] The present subject matter relates to communication networks and, particularly but not exclusively, to detection of an unknown host device in a communication network.
BACKGROUND
[0002] A network switch may perform various functions, such as forwarding of packets to a specific port and learning of a media access control (MAC) address of host devices in a communication network. A host device may be understood as a device with a unique internet protocol (IP) address connected to the communication network. In an example, for learning the MAC address, on receiving a packet from the host device, the network switch compares the MAC address of the host device with MAC addresses stored in a MAC address table. If the MAC address of the host device is not present in the MAC address table, the network switch may add the MAC address to the MAC address table with a port number through which the packet was received. In case, the MAC address is identified in the MAC address table, the network switch may compare the port number with an existing port number in the MAC address table. If the port number does not match with the existing port number, the network switch may update the port number in the MAC address table.
SUMMARY
[0003] This summary is provided to introduce concepts related to systems and methods for detecting an unknown host device in a communication network. This summary is neither intended to identify essential features of the claimed subject matter nor is it intended for use in determining or limiting the scope of the claimed subject matter.
[0004] In one implementation, a network switch for detecting an unknown host device in a communication network is described. The network switch comprises a processor and a receiving module coupled to the processor. The receiving module receives a packet from a host device in the communication network. Further, the receiving module identifies at least one network parameter and a host IP address based on the packet. The network switch further comprises a lookup module coupled to the processor to determine presence of the at least one network parameter in a layer 2 table and the host IP address in a layer 3 table. Further, the lookup module detects the host device as an unknown host device based on determining absence of at least one of the host IP address in the layer 3 table and the at least one network parameter in the layer 2 table.
[0005] In another implementation, a method for detecting an unknown host device in a communication network is described. The method comprises receiving a packet from a host device in the communication network. Further, identifying at least one network parameter and a host IP address based on the packet. The method further comprises determining presence of the at least one network parameter in a layer 2 table and the host IP address in a layer 3 table. Further, detecting the host device as an unknown host device based on determining absence of at least one of the host IP address in the layer 3 table and the at least one network parameter in the layer 2 table.
[0006] In yet another implementation, a computer-readable medium having embodied thereon a computer program for executing a method of detecting an unknown host device in a communication network. The method comprises receiving a packet from a host device in the communication network. Further, identifying at least one network parameter and a host IP address based on the packet. The method further comprises determining presence of the at least one network parameter in a layer 2 table and the host IP address in a layer 3 table. Further, detecting the host device as an unknown host device based on determining absence of at least one of the host IP address in the layer 3 table and the at least one network parameter in the layer 2 table.
BRIEF DESCRIPTION OF THE FIGURES
[0007] The detailed description is described with reference to the accompanying figures. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The same numbers are used throughout the figures to reference like features and components. Some embodiments of system and/or methods in accordance with embodiments of the present subject matter are now described, by way of example only, and with reference to the accompanying figures, in which:
[0008] Figure 1 illustrates a network environment for detecting an unknown host device in a communication network, according to an embodiment of the present subject matter.
[0009] Figure 2 illustrates a method for detecting an unknown host device in a communication network, according to an embodiment of the present subject matter. [0010] It should be appreciated by those skilled in the art that any block diagrams herein represent conceptual views of illustrative systems embodying the principles of the present subject matter. Similarly, it will be appreciated that any flow charts, flow diagrams, state transition diagrams, pseudo code, and the like, represent various processes which may be substantially represented in computer readable medium and so executed by a computer or processor, whether or not such computer or processor is explicitly shown.
DESCRIPTION OF EMBODIMENTS
[0011] Systems and methods for detecting an unknown host device in a communication network are described. The systems and the methods can be implemented in a variety of computing devices communicating through various networks. The communication devices that can implement the described method(s) and systems include, but are not limited to, devices, such as a network switch, a network computer, and the like. The communication networks in which the described method(s) can be implemented include, but are not limited to, any network using Internet Protocol (IP), Asynchronous Transfer Mode (ATM) networks, and the like.
[0012] Typically, the communication network may comprise a plurality of host devices connected to multiple virtual local area networks (VLANs) through a network switch. A host device may be learnt on a port of the network switch based on a packet received from the host device. The network switch may capture the packet and compare various network parameters, such as a MAC address and a host internet protocol (IP) address of the host device, for learning the host device on the port of the network switch. The network switch may further check for predefined classification rules for classifying the host device into a specific VLAN. In case none of the predefined classification rules match, the host device may be classified into a default VLAN. The classification of the host device may be understood as providing an access of the VLAN to the host device.
[0013] For learning of the host device, the network switch generally relies on a layer
2 table lookup. Whenever, there is a failure in the layer 2 table lookup, the packet received from the host device is captured for learning. Typically, the layer 2 lookup is based on 3- tuples of network parameters: a MAC address of the host device, an ingress-VLAN, and an ingress-port of the host device. The host device, which is learnt on the network switch, may be referred to as a known host device. On the other hand, the host device, which is not learnt on the network switch or which is learnt on the network switch with an old host IP address, may be referred to as an unknown host device. Once the host device host is learnt on the switch based on the 3 tuples, further packets from the host device would get detected as packets from the known host device. Since the host device is being detected as the known host device or the unknown host device based on the MAC address and other network parameters, when the host IP address of the host device changes, the host device is still considered as the known host device and packets from the host device are never captured for learning. Thus, any change in the host IP address is not identified in the communication network and despite being an unknown host device, the host device is considered as a known host device in the communication network. Further, since the host device is already considered as the known host device, the network switch may not get an opportunity to learn the host device with a new host IP address.
[0014] In one implementation, when the host device is a dynamic host configuration protocol (DHCP) client, the host device may not get an opportunity to get learnt on the network switch based on the host IP address. In case of DHCP client, the host device connects to a software learning port of the network switch before getting a host IP address leased from a DHCP Server. Therefore, the host IP address obtained from the DHCP server may not be learnt on the network switch as the host device is already identified as the known host device based on the 3 tuples.
[0015] Similarly, when a static IP address is assigned to the host device by a network administrator, the host device may not get an opportunity to get learnt on the network switch based on static IP address. In an example, if a first packet received from the host device has the static IP address = 0.0.0.0, the host device may be learnt on the basis of the 3 tuples. Further, if the network administrator assigns the static IP address, for example 'a.b.c.d', the host device would not be detected as the unknown host device on the network switch and the packets received from the host device would never be trapped to the network switch for learning of the static IP address, i.e., the host IP address assigned to the host device.
[0016] Thus, change in the host IP address may not be learnt on the network switch, if the host device is already considered as the known host device. Once the host device is learnt on the network switch before getting the host IP address, the host device may not get a chance to undergo re-classification based on the predefined classification rules, even when the host device gets a new host IP address or the host IP address of the host device is changed. [0017] This may pose some issues in situations where a network administrator may want to provision learning of the host device on a port of the network switch based on the host IP address. For example, the network administrator may want to give specific network access, say, internet access to certain host devices by classifying the host devices into a VLAN configured for the internet access. Since, the first packet from the host device would never have the host IP address; it would never serve the purpose of an IP-based classification on the port of the network switch.
[0018] In one approach, for detecting the unknown host device and re-learning the host device on the network switch, the MAC address of the host device is used. Once the MAC address of the host device ages out, the host device may be re-learnt on the network switch. Following the aging out of the MAC address, any further packet received from the host device gets trapped to the network switch due to the layer 2 table lookup failure. Thereafter, the packet may be used to learn the host device correctly along with a current host IP address. However, till the MAC address ages out and gets correctly re-learnt using the current host IP address, the host device may continue to have incorrect network access. Moreover, if the MAC address never ages out, the host device may continue to have the incorrect network access forever.
[0019] According to an implementation of the present subject matter, systems and methods detecting an unknown host device in a communication network are described. As described before, the systems and the methods can be implemented in a variety of processing and communicating devices capable of communicating with a network according to various different standards defined for the communication. Further, the systems and the methods described herein may be connected through either wired networks or wireless networks provided via different means.
[0020] In one embodiment, there may be a plurality of host devices classified into various VLANs in a communication network. Each of the plurality of host devices has a MAC address. Further, a host IP address may be assigned to the host device. In one implementation, the host IP address may be dynamically assigned by a DHCP server. In another implementation, the host IP address may be statically assigned by a network administrator of the communication network. The host devices learnt on the network switch with correct host IP address may be referred to as known host devices. The host devices, which are not learnt on the network switch or which are learnt on the network switch with an older host IP address, may be referred to as unknown host devices.
[0021] In the present subject, for learning of the host device with an existing host IP address, 4-tuples may be used. The 4-tuples may include a MAC address, an ingress-VLAN, an ingress-port of the host device, and a host IP address. The unknown host device may be detected based on two lookups, namely a layer 2 table lookup and a layer 3 table lookup.
[0022] In one implementation, initially, when a packet is received at the network switch from the host device, at least one network parameters and the host IP address may be identified by analyzing the packet received. The at least one parameter may include the MAC address, the ingress-VLAN, and the ingress-port of the host device. Thereafter, the network switch may perform a layer 2 table lookup. In the layer 2 table lookup, the network switch may ascertain presence of the network parameters in a layer 2 table. The layer 2 lookup table generally stores previously learnt MAC addresses, ingress-VLANs, ingress-ports of the host devices. If the presence of the network parameters is not ascertained in the layer 2 table, the packet received from the host device may be captured for learning of the host device on the network switch.
[0023] On the other hand, if the network parameters are present in the layer 2 lookup table, the network switch executes a layer 3 table lookup. In the layer 3 table lookup, the host IP address of the host device is ascertained in a layer 3 table. The layer 3 table stores previously learnt host IP addresses corresponding to the host device previously learnt on the network switch. If the host IP address is present in the layer 3 table, the network switch may identify the host device as the known host device. If the host IP address is not present in the layer 3 table, the packet may be trapped in the network switch for learning the host device on the network switch. Therefore, all the unknown host devices are detected and learnt on the network switch in the communication network. Further, with the present subject matter, any change in the host IP address of the host device may be easily identified. This type of detection may be used in various operations in the communication network. In an example, since the network switch is able to detect the unknown host devices and change in the host IP address of the host device, the host devices may be provided access to the VLAN(s) based on the host IP address.
[0024] It should be noted that the description and figures merely illustrate the principles of the present subject matter. It will thus be appreciated that those skilled in the art will be able to devise various arrangements that, although not explicitly described or shown herein, embody the principles of the present subject matter and are included within its spirit and scope. Additionally, the word "connected" and "coupled" is used throughout for clarity of the description and can include either a direct connection or an indirect connection.
[0025] The manner in which the systems and the methods for detecting an unknown
IP host device in a communication network shall be implemented has been explained in details with respect to the Figure 1 and Figure 2. While aspects of described systems and methods for detecting an unknown host device in a communication network can be implemented in any number of different computing systems, transmission environments, and/or configurations, the embodiments are described in the context of the following exemplary system(s).
[0026] Figure 1 illustrates a network environment 100 for detecting an unknown host device in a communication network. The network environment 100 includes one or more VLANs 102-1, 102-2, and 102-N, hereinafter collectively referred to as VLANs 102 and individually referred to as VLAN 102, connected to a network 104, according to an embodiment of the present subject matter. According to an example, the network 104 can be implemented as one of the different types of networks, such as intranet, local area network (LAN), virtual LAN (VLAN), wide area network (WAN), and the internet. The VLANs 102 and the network 104 are IP based networks. The network 104 may either be a dedicated network or a shared network, which represents an association of the different types of networks that use a variety of protocols, for example, Hypertext Transfer Protocol (HTTP), Transmission Control Protocol/Internet Protocol (TCP/IP), User Datagram Protocol (UDP), and Wireless Application Protocol (WAP) to communicate with each other. Further, the VLAN 102 and the network 104 may include a variety of network devices, including routers, network switches, bridges, servers, computing devices, and storage devices.
[0027] The network 104 may be a wireless network, or a combination of wired and wireless network. The network 104 can be a collection of individual networks, interconnected with each other and functioning as a single large network (e.g., the internet or an intranet). Further, depending on the technology, the network 104 includes various network entities, such as gateways, routers; however, such details have been omitted for ease of understanding.
[0028] Further, the VLANs 102 include one or more host devices. As shown in
Figure 1, the VLAN1 102-1 has a plurality of host devices 106-1, 106-2, 106-3, and 106- N, hereinafter collectively referred to as host devices 106 and individually referred to as the host device 106, according to an embodiment of the present subject matter. Similarly, it may be understood by the person skilled in the art that other VLANs 102 may also have the one or more host devices 106.
[0029] The host devices 106 may be defined as devices, with a unique IP address, used by users to communicate with each other and to avail some services, for example, internet through the VLAN 102 and the network 104. Examples of the host devices 106 may include, without limitation, mobile phones, desktop computers, hand-held devices, laptops or other portable computers, network computers, and the like. Each of the host devices 106 work on a communication protocol as defined by the network to which the host device 106 is coupled.
[0030] Further, as shown Figure 1, the network environment 100 includes a network switch 108 coupled to the host devices 106 classified into various VLANs 102. The network switch 108 is also coupled to a DHCP server 110. In one implementation, the DHCP server 110 may assign a host IP address to each of the host device 106 for a predefined time, usually referred to a lease time, in the network environment 100. Once the lease time is over, the host IP address of the host device 106 may expire and the DHCP server 110 may assign a new host IP address to the host device 106. Although in Figure 1, the DHCP server 110 is depicted to be directly coupled to the network switch 108; in other examples, the DHCP server 110 may also be coupled to the network switch 108 through various networks.
[0031] In one implementation, whenever a first packet is received at the network switch 108 from the host device 106, the network switch 108 may capture the first packet for learning the host device 106. The host device 106, which is learnt on the network switch 108, may be referred to as a known host device. Similarly, the host device 106, which is not learnt on the network switch 108 or which is learnt on the network switch 108 with an old host IP address, may be referred to as an unknown host device.
[0032] For detecting the unknown host device in the communication network, the network switch 108 includes one or more processor(s) 112, I/O interface(s) 1 14, and a memory 116 coupled to the processor 112. The processor(s) 112 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions. Among other capabilities, the processor(s) 112 are configured to fetch and execute computer-readable instructions stored in the memory 116.
[0033] The functions of the various elements shown in the figures, including any functional blocks labeled as "processor(s)", may be provided through the use of dedicated hardware as well as hardware capable of executing software in association with appropriate software. When provided by a processor, the functions may be provided by a single dedicated processor, by a single shared processor, or by a plurality of individual processors, some of which may be shared. Moreover, explicit use of the term "processor" should not be construed to refer exclusively to hardware capable of executing software, and may implicitly include, without limitation, network processor, application specific integrated circuit (ASIC), field programmable gate array (FPGA), read only memory (ROM) for storing software, random access memory (RAM), and non volatile storage. Other hardware, conventional and/or custom, may also be included.
[0034] The I/O interface(s) 114 may include a variety of software and hardware interfaces, for example, interfaces for peripheral device(s), such as data input output devices, referred to as I/O devices, storage devices, network devices, etc. The I/O device(s) may include Ethernet ports and their corresponding device drivers. The I/O interface(s) 114 facilitate the communication of the network switch 108 with the one or more host devices 106 classified into the VLANs 102.
[0035] The memory 116 may include any non-transitory computer-readable medium known in the art including, for example, volatile memory, such as static random access memory (SRAM) and dynamic random access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes.
[0036] The network switch 108 may also include various module(s) 118. The module(s) 118, amongst other things, include routines, programs, objects, components, data structures, etc., which perform particular tasks or implement particular abstract data types. The module(s) 118 may also be implemented as, signal processor(s), state machine(s), logic circuitries, and/or any other device or component that manipulate signals based on operational instructions. [0037] Further, the module(s) 1 18 can be implemented in hardware, instructions executed by a processing unit, or by a combination thereof. The processing unit can comprise a computer, a processor, such as the processor 1 12, a state machine, a logic array or any other suitable devices capable of processing instructions. In another aspect of the present subject matter, the module(s) 118 may be machine-readable instructions (software) which, when executed by a processor/processing unit, perform any of the described functionalities. The machine-readable instructions may be stored on an electronic memory device, hard disk, optical disk or other machine-readable storage medium or non-transitory medium. In one implementation, the machine-readable instructions can be also be downloaded to the storage medium via a network connection.
[0038] The network switch 108 may further include data 120, which amongst other things, serves as a repository for storing data processed, received, associated, and generated by one or more of the module(s) 118.
[0039] The module(s) 118 further include a receiving module 122, a lookup module 124, a learning module 126, and other module(s) 128. The other module(s) 128 may include programs or coded instructions that supplement applications and functions of the network switch 108. The data 120 includes, for example, a layer 2 table 130, a layer 3 table 132, packet data 134, and other data 136. The other data 136 includes data generated as a result of the execution of one or more modules in the other module(s) 128.
[0040] In operation, when the host device 106 sends a packet to the network switch
108, the receiving module 122 receives the packet from the host device 106 and identifies at least one network parameter and a host IP address of the host device 106 based on analysis of the packet. The at least one network parameter may include, a MAC address, an ingress- VLAN, and an ingress-port of the host device 106. The host IP address of the host device 106 may either be dynamically obtained from the DHCP server 110 or may be statically assigned by a network administrator.
[0041] Thereafter, based on the network parameters and the host IP address, the lookup module 124 may perform a layer 2 lookup and a layer 3 lookup. In the layer 2 table lookup, the lookup module 124 may determine presence of the network parameters in a layer 2 table 130. The layer 2 table 130 generally stores MAC addresses and port details of previously learnt host devices 106 on the network switch 108. If the presence of the network parameters is not determined in the layer 2 table lookup, the lookup module 124 may detect the host device 106 as the unknown host device. On the other hand, if the presence of the network parameter is determined in the layer 2 table 130, the lookup module 124 may determine the presence of the host IP address in the layer 3 table 132. In case, the host IP address corresponding to the host device 106 is present in the layer 3 table 132, the lookup module 124 may detect the host device 106 as the known host device. In case, the host IP address corresponding to the host device 106 is not present in the layer 3 table 132 or the host IP address of host device 106 does not match with the host IP address in the layer 3 table 132, the lookup module 124 may detect the host device 106 as the unknown host device in the communication network. In other words, on determining absence of at least one of the host IP address in the layer 3 table 132 and the at least one network parameters in the layer 2 table 130, the host device 106 may be detected as the unknown host device in the communication network. Further, the host device 106 may be identified as the known host device on determining presence of the at least one network parameters in the layer 2 table 130 and the host IP address in the layer 3 table 132.
[0042] Further, in situations, where the host device 106 is ascertained as the unknown host device, the learning module 126 may capture the packet for learning the unknown host device on the network switch 108. While learning the unknown host device, the network parameters and the host IP address may be updated in the layer 2 table 130 and the layer 3 table 132, respectively. Once the network parameters and the host IP address are updated, the unknown host device becomes the known host device in the communication network, as the unknown host device is learnt on the network switch 108 with updated host IP address. In one implementation, the learning module 126 may store the packet in the packet data 134 for analyzing to determine the network parameters and the host IP address. Thereafter, the learning module 126 may classify the host device 106 into a specific VLAN 102 based on predefined classification rules defined for the updated host IP address.
[0043] Since, with the present subject matter, the host IP addresses of the host devices
106 are updated on detecting the unknown host devices in the communication network, various operation may performed which are based on the host IP address of the host device 106. In an example, access to a VLAN, such as the VLAN 102, may be performed based on the host IP addresses of the host devices 106 in the communication network.
[0044] Further, an example has been described to illustrate classification of the host device 106 into a specific VLAN 102 in accordance with the present subject matter. In the communication network, the network administrator may define the predefined classification rules for classifying the host device 106 into the specific VLAN 102. For example, the network administrator may define a classification rule for classifying the host device 106 with the host IP address 'a.b.c.d' into a privileged VLAN, such as the VLAN 102-2. If the classification rule does not match for the host device 106, the host device 106 may classified into a default VLAN, such as the VLAN 102-1.
[0045] In cases, where the host device 106 is a DHCP client, a packet having a host
IP address '0.0.0.0' is sent to a port of the network switch 108. Thereafter, the lookup module 124 may perform the layer 2 table lookup. If the layer 2 table lookup fails, the learning module 126 may capture the packet for learning the host device 106 on the network switch 108. Subsequently, since the classification rule doesn't match, the learning module 126 may classify the host device 106 into the VLAN 102-1, which is the default VLAN.
[0046] Further, after some time, the host device 106 may obtain the host IP address
'a.b.c.d' from the DHCP server 110. Now, as per the classification rule, the host device 106 should be classified into the privileged VLAN 102-2. With the present subject matter, as soon as the host IP address 'a.b.c.d' is assigned to the host device 106, the layer 3 lookup may result in a failure and the packet may get captured by the learning module 126 for re-learning the host device 106 on the network switch 108. Thereafter, based on the classification rule, the learning module 126 may classify the host device 106 into the privileged VLAN 102-2. Although, examples herein are explained with internet protocol version 4 (IPv4) addresses, it may be understood that the examples described are also applicable in case of internet protocol version 6 (IPv6) addresses. In an example, the host IP address 'FC80:0000:0000:0000:0302:B3BF:EF1E:4856' may be assigned to the host device 106 and the host device 106 may be provided access to the VLAN 102 based on the predefined classification rules defined for the host IP address, which is an IPv6 address.
[0047] Thus, with the present subject matter, the host devices 106 which are not learnt on the network switch 108 or which are learnt with an old host IP address are detected in the communication network. Once, such unknown host devices are detected, the network switch 108 may re-learn the unknown host devices by trapping or capturing the packets received from each of the unknown host device. With the present subject matter, any change in the host IP address of the host device 106 is timely detected and updated in the layer 3 table 132. Therefore, various operations which needs host IP address of the host device 106 may be performed in the communication network. Further, the present subject matter helps in providing an access to host devices 106 for accessing the VLAN 102 based on the predefined classification rules defined for the host IP address.
[0048] Figure 2 illustrates a method 200 for detecting an unknown IP host in a communication network, according to an embodiment of the present subject matter. The order in which the method 200 is described is not intended to be construed as a limitation, and any number of the described method blocks can be combined in any order to implement the method 200, or any alternative methods. Additionally, individual blocks may be deleted from the method without departing from the spirit and scope of the subject matter described herein. Furthermore, the method can be implemented in any suitable hardware, software, firmware, or combination thereof.
[0049] The method may be described in the general context of computer executable instructions. Generally, computer executable instructions can include routines, programs, objects, components, data structures, procedures, modules, functions, etc., that perform particular functions or implement particular abstract data types. The method may also be practiced in a distributed computing environment where functions are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, computer executable instructions may be located in both local and remote computer storage media, including memory storage devices.
[0050] A person skilled in the art will readily recognize that steps of the method can be performed by programmed computers. Herein, some embodiments are also intended to cover program storage devices, for example, digital data storage media, which are machine or computer readable and encode machine-executable or computer-executable programs of instructions, where said instructions perform some or all of the steps of the described method. The program storage devices may be, for example, digital memories, magnetic storage media, such as a magnetic disks and magnetic tapes, hard drives, or optically readable digital data storage media.
[0051] At block 202, a packet is received from the host device 106 in the communication network. In one implementation, when the host device 106 connects to the network switch 108 and send the packet to a port of the network switch 108, the receiving module 122 may receive the packet. [0052] At block 204, at least one network parameter and a host IP address may be identified based on the packet. In one implementation, the receiving module 122 may analyze the packet received at the port of the network switch 108 to determine the at least one network parameter and the host IP address. The at least one network parameter may include a MAC address, an ingress- VLAN, and an ingress-port of the host device 106. Further, in an example, the host IP address of the host device 106 may be provided by the DHCP server 110. In another example, the host IP address may be assigned to the host device 106 by a network administrator.
[0053] At block 206, presence of the at least one network parameter is determined in the layer 2 table 130. If it is determined that the network parameters are present in the layer 2 table 130, the method 200 branches to block 208. On the other hand, if the network parameters are not present in the layer 2 table 130, the method 200 branches to block 212.
[0054] At block 208, presence of the host IP address of the host device 106 is determined in the layer 3 table 132. If it is determined that the host IP address of the host device 106 is present in the layer 3 table 132, the method 200 branches to block 210. On the other hand, if the host IP address is not present in the layer 3 table 132, the method 200 branches to block 212.
[0055] At block 210, the host device 106 is ascertained as a known host device in the communication network. In case of the known host device, the network parameters and the host IP address are up to date in the layer 2 table 130 and the layer 3 table 132, respectively.
[0056] At block 212, the host device 106 is detected as an unknown host device in the communication network. In case of the unknown host device, the host IP address of the host device 106 or the network parameters are not learnt on the network switch 108 or an old host IP address is learnt on the network switch 108.
[0057] At block 214, the packet is captured for learning of the unknown host device
106 on the network switch 108. Depending upon failure in the lookup, current network parameters, and the host IP address are updated in the layer 2 table 130 and the layer 3 table 132, respectively. In case of a layer 2 lookup failure, the network parameters are updated in the layer 2 table 130 and the host device 106 is learnt on the network switch 108. In case of a layer 3 lookup failure, the host IP address corresponding to the host device 106 is updated in the layer 3 table 132 for learning of the host device 106 on the network switch 108. Since, with the present subject matter, unknown host devices are detected in the communication network and current host IP addresses of the host devices 106 are learnt on the network switch 108, this may prove useful in situation where IP based operations are performed in the communication network. For example, with the network switch 108 of the present subject matter, the network administrator may classify the host devices 106 into VLANs 102 based on the host IP address.
[0058] Although embodiments for methods and systems for detecting an unknown IP host in a communication network have been described in a language specific to structural features and/or methods, it is to be understood that the invention is not necessarily limited to the specific features or methods described. Rather, the specific features and methods are disclosed as exemplary embodiments for detecting an unknown IP host in a communication network.

Claims

I/We claim:
1. A network switch (108) for detection of unknown host device in a communication network, the network switch (108) comprising:
a processor (112);
a receiving module (122) coupled to the processor (112) to:
receive a packet from a host device (106) in the communication network; and identify at least one network parameter and a host internet protocol (IP) address based on the packet; and
a lookup module (124) coupled to the processor (112) to:
determine presence of the at least one network parameter in a layer 2 table
(130) and the host IP address in a layer 3 table (132); and
detect the host device (106) as an unknown host device based on determining absence of at least one of the host IP address in the layer 3 table (132) and the at least one network parameter in the layer 2 table (130).
2. The network switch (108) as claimed in claim 1, wherein the lookup module (124) detects the host device (106) as a known host device on detecting the presence of the at least one network parameter in the layer 2 table (130) and the host IP address in the layer 3 table (132).
3. The network switch (108) as claimed in claim 1, wherein the at least one network parameter includes a media access control (MAC) address, an ingress-VLAN, and an ingress-port of the host device (106).
4. The network switch (108) as claimed in claim 1 further comprises a learning module (126) coupled to the processor (112) to capture the packet for learning the unknown host device on the network switch (108).
5. The network switch (108) as claimed in claim 4, wherein the learning module (126) classify the host device (106) into a VLAN (102) based on predefined classification rules.
6. A method for detecting an unknown host device in a communication network, the method comprises:
receiving a packet from a host device (106) in the communication network;
identifying at least one network parameter and a host internet protocol (IP) address based on the packet; determining presence of at least one network parameter in a layer 2 table (130) and the host IP address in a layer 3 table (132); and
detecting the host device (106) as an unknown host device based determining absence of at least one of the host IP address in the layer 3 table (132) and the at least one network parameter in the layer 2 table (130).
7. The method as claimed in claim 6, wherein the host device (106) is detected as a known host device on identifying the presence of the at least one of network parameter in the layer 2 table (130) and the host IP address in the layer 3 table (132).
8. The method as claimed in claim 6, wherein the at least one network parameter includes a media access control (MAC) address, an ingress-VLAN, and an ingress-port of the host device (106).
9. The method as claimed in claim 6 further comprises capturing the packet for learning the unknown host device on a network switch (108).
10. The method as claimed in claim 6, wherein the host device (106) is classified into a VLAN (102) based on predefined classification rules.
11. A non-transitory computer-readable medium having embodied thereon a computer program for executing a method for detecting an unknown host device in a communication network, the method comprising:
receiving a packet from a host device (106) in the communication network;
identifying at least one network parameter and a host internet protocol (IP) address based on the packet;
determining presence of at least one network parameter in a layer 2 table (130) and the host IP address in a layer 3 table (132); and
detecting the host device (106) as an unknown host device based on determining absence of at least one of the host IP address in the layer 3 table (132) and the at least one network parameter in the layer 2 table (130).
PCT/EP2014/001296 2013-05-29 2014-05-14 Detection of an unknown host device in a communication network WO2014191082A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN1613DE2013 2013-05-29
IN1613/DEL/2013 2013-05-29

Publications (1)

Publication Number Publication Date
WO2014191082A1 true WO2014191082A1 (en) 2014-12-04

Family

ID=50732098

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2014/001296 WO2014191082A1 (en) 2013-05-29 2014-05-14 Detection of an unknown host device in a communication network

Country Status (1)

Country Link
WO (1) WO2014191082A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220124077A1 (en) * 2018-08-15 2022-04-21 Juniper Networks, Inc. Secure forwarding of tenant workloads in virtual networks
CN114650416A (en) * 2022-05-24 2022-06-21 江西火眼信息技术有限公司 Hidden camera finding method based on Internet monitoring

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090172156A1 (en) * 2007-12-29 2009-07-02 Cisco Technology, Inc. Address security in a routed access network
US20090304008A1 (en) * 2008-06-04 2009-12-10 Alaxala Networks Corporation Network relay device and network relay method
US20110149969A1 (en) * 2008-07-08 2011-06-23 Gnodal Limited Method of Controlling Data Propagation Within a Network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090172156A1 (en) * 2007-12-29 2009-07-02 Cisco Technology, Inc. Address security in a routed access network
US20090304008A1 (en) * 2008-06-04 2009-12-10 Alaxala Networks Corporation Network relay device and network relay method
US20110149969A1 (en) * 2008-07-08 2011-06-23 Gnodal Limited Method of Controlling Data Propagation Within a Network

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220124077A1 (en) * 2018-08-15 2022-04-21 Juniper Networks, Inc. Secure forwarding of tenant workloads in virtual networks
CN114650416A (en) * 2022-05-24 2022-06-21 江西火眼信息技术有限公司 Hidden camera finding method based on Internet monitoring
CN114650416B (en) * 2022-05-24 2022-08-30 江西火眼信息技术有限公司 Hidden camera finding method based on Internet monitoring

Similar Documents

Publication Publication Date Title
US11516098B2 (en) Round trip time (RTT) measurement based upon sequence number
US7633855B2 (en) System and method for resolving address conflicts in a network
US20170171065A1 (en) Dynamically generating flows with wildcard fields
US9521163B2 (en) Communication device and communication control method in communication device
US20150071072A1 (en) Traffic Flow Classification
US20200252437A1 (en) Network traffic switching for virtual machines
US20190081924A1 (en) Discovering address mobility events using dynamic domain name services
US20150295883A1 (en) Storage and retrieval of information using internet protocol addresses
US10554547B2 (en) Scalable network address translation at high speed in a network environment
WO2014191082A1 (en) Detection of an unknown host device in a communication network
US20180232248A1 (en) Correlation of network connections and processes in a virtualized computing environment
US10791092B2 (en) Firewall rules with expression matching
CN110912928B (en) Firewall implementation method and device and electronic equipment
EP3345352B1 (en) Routing device with independent service subsystem
US20240097983A1 (en) Translation of a source intent policy model to a target intent policy model
WO2021240585A1 (en) Table entry count measuring device, method, and program
US20210029004A1 (en) Packet event tracking
Levy IoT or NoT

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14724314

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC. EPO FORM 1205A DATED 04.03.16

122 Ep: pct application non-entry in european phase

Ref document number: 14724314

Country of ref document: EP

Kind code of ref document: A1