Topology discovery of a private network

US 7,903,585 B2
Filed: 02/15/2006
Issued: 03/08/2011
Est. Priority Date: 02/15/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a discovery request from a Network Management System (NMS) transmitted to a public internet Protocol (IP) address associated with a private network, wherein said discovery request includes a request to identify devices of said private network, and wherein said NMS is connected with a public network;

identifying said devices of said private network;

transmitting a private IP address for each of said devices to said NMS;

receiving an access request from said NMS to add a Port Address Translation (PAT) entry for one or more of said devices, wherein said access request includes said private IP address and designates a port for communication with said one or more devices, and wherein said access request is accompanied by a password;

verifying said password and adding said PAT entry to a translation table, wherein said PAT entry includes said private IP address and said designated port;

receiving a second discovery request from said NMS to said designated port, wherein said second discovery request includes a request to identify additional devices known by said one or more devices;

forwarding said second discovery request to said one or more devices to additionally identify devices of said private network and unknown to the NMS; and

removing said PAT entry from said translation table after said one or more devices have been discovered by said NMS.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a method and system for determining devices connected to a private network through a gateway. A Network Management System (NMS) through the use of inquiries and Port Address Translation (PAT) commands is able to determine the topology of the network of devices within a private network and thus communicate with them. This is achieved through the use of Port Address Translation (PAT) initiated by the NMS to set a port for each device connected to the gateway.

77 Citations

View as Search Results

18 Claims

1. A method comprising:
- receiving a discovery request from a Network Management System (NMS) transmitted to a public internet Protocol (IP) address associated with a private network, wherein said discovery request includes a request to identify devices of said private network, and wherein said NMS is connected with a public network;
  
  identifying said devices of said private network;
  
  transmitting a private IP address for each of said devices to said NMS;
  
  receiving an access request from said NMS to add a Port Address Translation (PAT) entry for one or more of said devices, wherein said access request includes said private IP address and designates a port for communication with said one or more devices, and wherein said access request is accompanied by a password;
  
  verifying said password and adding said PAT entry to a translation table, wherein said PAT entry includes said private IP address and said designated port;
  
  receiving a second discovery request from said NMS to said designated port, wherein said second discovery request includes a request to identify additional devices known by said one or more devices;
  
  forwarding said second discovery request to said one or more devices to additionally identify devices of said private network and unknown to the NMS; and
  
  removing said PAT entry from said translation table after said one or more devices have been discovered by said NMS.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein said password comprises a Simple Network Management Protocol.
  - 3. The method of claim 1, further comprising configuring both an access control list and a command authorization list to allow a limited set of commands from an authorized NMS.
  - 4. The method of claim 1, further comprising configuring a unique IP address for communication with said NMS to add said PAT entry.
  - 5. The method of claim 1, wherein said access request includes an identification of said designated port.
  - 6. The method of claim 1, wherein said discovery request is received at a public IP address of a router, and wherein said router acts as a gateway between said public network and said private network.
  - 7. The method of claim 6, wherein said PAT entry maps said private IP address of said one or more devices to said public IP address of said router.
  - 8. The method of claim 1, wherein access to said one or more devices from said public network is restricted to said designated port.

9. A network management system (NMS) comprising one or more processors, wherein said one or more processors are configured to:
- transmit a discovery request to a public Internet Protocol (IP) address of a gateway, wherein said gateway connects a public network of said NMS to a private network including one or more devices, and wherein an identity of said one or more devices are unknown to said NMS when said discovery request is transmitted;
  
  receive a private IP address for each of said one or more devices in response to said discovery request, wherein said private IP address discloses said identity to said NMS;
  
  transmit an access request to said gateway to add a Port Address Translation (PAT) entry for said one or more devices, wherein said PAT entry includes said private IP address and a designated port of said gateway;
  
  transmit a second discovery request to said designated port, wherein said second discovery request is routed to said one or more devices;
  
  receive an identification of additional devices connected to said one or more devices in response to said second discovery request, wherein the additional devices are in the private network and are unknown to the NMS; and
  
  remove said PAT entry once the one or more devices referenced by said PAT entry have been discovered.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The system of claim 9, wherein said one or more processors are further configured to set a Simple Network Management Protocol (SNMP) community string in said gateway to a value not equal to public.
  - 11. The system of claim 9, wherein said one or more processors are further configured to establish both an access control list and a command authorization list for said NMS to allow a limited set of commands from an authorized NMS.
  - 12. The system of claim 9, wherein said one or more processors are further configured to maintain an NMS database to map each of said one or more devices to its PAT entry.
  - 13. The system of claim 9, wherein said one or more processors are further configured to select said designated port on said gateway from a set of infrequently used port numbers.
  - 14. The system of claim 9, wherein said one or more processors are further configured to access a port translation table residing on said gateway for determining said designated port.
  - 15. The system of claim 9, wherein said one or more processors are further configured to provide a unique IP address solely for communication between said gateway and said NMS.
  - 16. The system of claim 9, wherein a different port of said private network is designated for each of said additional devices.
  - 17. The system of claim 9, wherein said access request comprises a telnet or secure shell (ssh) encrypted protocol.

18. A non-transitory computer readable medium having stored thereon computer executable instructions that, if executed by a system, cause the system to perform a method for determining a topology of a private network from a public network, said method comprising:
- querying a gateway to discover private network devices to which it is connected;
  
  receiving a private Internet Protocol (IP) address for each of said private network devices in response to said gateway query;
  
  transmitting a request to said gateway to configure a static PAT entry for one or more of said private network devices, wherein said request includes said private IP address and designates a gateway port;
  
  querying said one or more private network devices through the use of said PAT entry and said designated gateway port to discover additional devices to which said private network devices are connected, wherein the additional devices are in the private network and the gateway is outside the private network; and
  
  transmitting a request to said gateway to remove said PAT entry if one or more additional devices are discovered.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Feng, FuJen, Chow, Ming
Primary Examiner(s)
Patel; Jayanti K
Assistant Examiner(s)
HASSAN, SAAD K

Application Number

US11/355,730
Publication Number

US 20070189190A1
Time in Patent Office

1,847 Days
Field of Search

370/254, 370/255, 370/351, 370/401
US Class Current

370/255
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 41/12   Discovery or management of ...

H04L 41/122   of virtualised topologies, ...

H04L 45/02   Topology update or discovery

H04L 61/2571   for identification, e.g. fo...

Topology discovery of a private network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

77 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Topology discovery of a private network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

77 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others