System and method to access and use layer 2 and layer 3 information used in communications

US 8,819,271 B2
Filed: 05/24/2007
Issued: 08/26/2014
Est. Priority Date: 05/24/2007
Status: Active Grant

First Claim

Patent Images

1. A method of reviewing network information comprising:

receiving communication information for a plurality of network elements from routers and switches within a plurality of local area networks, wherein the communication information includes layer 2 information including media access controller identifiers of elements within a network, layer 3 information including network addresses used by the elements within the network, and coupling identifiers corresponding to couplings between different elements within the network;

storing the communication information;

determining that a portion of the layer 2 information and the layer 3 information is expected information;

determining, by utilizing instructions from memory that are executed by a processor, whether a particular piece of the layer 2 and layer 3 information matches a corresponding piece of expected information to identify stored information that is incorrect, and policy violations, wherein the particular piece of the layer 2 and layer 3 information is determined to match the corresponding piece of the expected information when at least a portion of the particular piece of the layer 2 and layer 3 information matches a subset of the corresponding piece of the expected information, wherein the subset includes a description of an expected port name that includes a description of a type of each of the plurality of network elements;

compiling, if the particular piece of the layer 2 and layer 3 information is determined to not match the corresponding piece of expected information, a list that indicates that the particular piece of the layer 2 and layer 3 information does not match the corresponding piece of the expected information; and

correcting the communication information if the particular piece of the layer 2 and layer 3 information is determined to not match the corresponding piece of expected information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method can be used to collect communication information including Layer 2 and Layer 3 information during normal communications between devices or other elements within a network. In a particular embodiment, the information can be generated as address resolution protocol tables and media access control tables, which are used to keep track of which elements are connected to other elements and to map network addresses to media access control identifiers. The communication information can be used in performing an action, such as servicing the system, auditing the system, checking for security breaches or policy violations, or other suitable action.

Citations

19 Claims

1. A method of reviewing network information comprising:
- receiving communication information for a plurality of network elements from routers and switches within a plurality of local area networks, wherein the communication information includes layer 2 information including media access controller identifiers of elements within a network, layer 3 information including network addresses used by the elements within the network, and coupling identifiers corresponding to couplings between different elements within the network;
  
  storing the communication information;
  
  determining that a portion of the layer 2 information and the layer 3 information is expected information;
  
  determining, by utilizing instructions from memory that are executed by a processor, whether a particular piece of the layer 2 and layer 3 information matches a corresponding piece of expected information to identify stored information that is incorrect, and policy violations, wherein the particular piece of the layer 2 and layer 3 information is determined to match the corresponding piece of the expected information when at least a portion of the particular piece of the layer 2 and layer 3 information matches a subset of the corresponding piece of the expected information, wherein the subset includes a description of an expected port name that includes a description of a type of each of the plurality of network elements;
  
  compiling, if the particular piece of the layer 2 and layer 3 information is determined to not match the corresponding piece of expected information, a list that indicates that the particular piece of the layer 2 and layer 3 information does not match the corresponding piece of the expected information; and
  
  correcting the communication information if the particular piece of the layer 2 and layer 3 information is determined to not match the corresponding piece of expected information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein receiving the layer 2 information and the layer 3 information comprises receiving information obtained from address resolution protocol tables and media access control tables of the different elements within the network.
  - 3. The method of claim 1, further comprising:
    - receiving domain name service identifiers; and
      
      determining whether or not the particular piece of the layer 2 and layer 3 information matches the corresponding piece of expected information comprises determining that a particular domain name service identifier associated with a particular element of the network is unresolved.
  - 4. The method of claim 1, further comprising performing an action in response to determining the particular piece of the layer 2 and layer 3 information does not match the corresponding piece of the expected information.
  - 5. The method of claim 4, wherein performing the action comprises investigating why the particular piece of the layer 2 and layer 3 information does not match the corresponding piece of the expected information.
  - 6. The method of claim 4, wherein performing the action comprises locating a particular element of the network.
  - 7. The method of claim 4, wherein performing the action further comprises isolating or deactivating a particular element of the network.
  - 8. The method of claim 4, wherein performing the action further comprises determining whether a potential security breach or policy violation of the network has occurred.

9. An information handling system comprising:
- local area networks operable to be used by subscribers of a service provider; and
  
  a management system coupled to the local area networks, the management system comprising;
  
  a storage device comprising layer 2 information, layer 3 information, and coupling identifiers, wherein the layer 2 information includes media access controller identifiers, the layer 3 information includes network addresses, and coupling identifiers corresponding to couplings between different elements within the network, wherein the layer 2 information and the layer 3 information has been provided by routers and switches in a plurality of local area networks, and the layer 2 information and the layer 3 information relates to a plurality of network elements in the local area networks, wherein the layer 2 information and layer 3 information are contained within communication information; and
  
  a processor that executes instructions from memory to perform operations, the operations comprising;
  
  determining that a portion of the layer 2 information and the layer 3 information is expected information;
  
  determining whether a particular piece of the layer 2 information or the layer 3 information matches a corresponding piece of the expected information to identify stored information that is incorrect, and policy violations, wherein the particular piece of the layer 2 and layer 3 information is determined to match the corresponding piece of the expected information when at least a portion of the particular piece of the layer 2 and layer 3 information matches a subset of the corresponding piece of the expected information, wherein the subset includes a description of an expected port name that includes a description of a type of each of the plurality of network elements;
  
  compiling, if the particular piece of the layer 2 and layer 3 information is determined to not match the corresponding piece of expected information, a list that indicates that the particular piece of the layer 2 and layer 3 information does not match the corresponding piece of the expected information; and
  
  correcting the communication information if the particular piece of the layer 2 and layer 3 information is determined to not match the corresponding piece of expected information.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the operations further comprise:
    - receiving domain name service identifiers; and
      
      determining whether or not the particular piece of the layer 2 and layer 3 information matches the corresponding piece of expected information comprises determining that a particular domain name service identifier associated with a particular element of the network is unresolved.
  - 11. The system of claim 9, wherein the operations further comprise performing an action in response to determining the particular piece of the layer 2 and layer 3 information does not match the corresponding piece of the expected information.
  - 12. The system of claim 11, wherein performing the action further comprises investigating why the particular piece of the layer 2 and layer 3 information does not match the corresponding piece of the expected information.
  - 13. The system of claim 11, wherein performing the action further comprises locating a particular element of the network.
  - 14. The system of claim 11, wherein performing the action further comprises isolating or deactivating a particular element of the network.
  - 15. The system of claim 11, wherein performing the action further comprises determining whether a potential security breach or policy violation of the network has occurred.

16. A non-transitory storage medium including instructions that are executed by a processor to perform operations, the operations comprising:
- receiving communication information for a plurality of network elements from routers and switches within a plurality of local area networks, wherein the communication information includes layer 2 information including media access controller identifiers of elements within a network, layer 3 information including network addresses used by the elements within the network, and coupling identifiers corresponding to couplings between different elements within the network;
  
  storing the communication information;
  
  determining that a portion of the layer 2 information and the layer 3 information is expected information; and
  
  determining whether a particular piece of the layer 2 and layer 3 information matches a corresponding piece of expected information to identify stored information that is incorrect, and policy violations, wherein the particular piece of the layer 2 and layer 3 information is determined to match the corresponding piece of the expected information when at least a portion of the particular piece of the layer 2 and layer 3 information matches a subset of the corresponding piece of the expected information, wherein the subset includes a description of an expected port name that includes a description of a type of each of the plurality of network elements;
  
  compiling, if the particular piece of the layer 2 and layer 3 information is determined to not match the corresponding piece of expected information, a list that indicates that the particular piece of the layer 2 and layer 3 information does not match the corresponding piece of the expected information; and
  
  correcting the communication information if the particular piece of the layer 2 and layer 3 information is determined to not match the corresponding piece of expected information.
- View Dependent Claims (17, 18, 19)
- - 17. The non-transitory storage medium of claim 16, wherein in receiving the layer 2 information and the layer 3 information, wherein the operations further comprises receiving information obtained from address resolution protocol tables and media access control tables of the different elements within the network.
  - 18. The non-transitory storage medium of claim 16, wherein the operations further comprises:
    - receiving domain name service identifiers; and
      
      determining whether or not the particular piece of the layer 2 and layer 3 information matches the corresponding piece of expected information comprises determining that a particular domain name service identifier associated with a particular element of the network is unresolved.
  - 19. The non-transitory storage medium of claim 16, the operations further comprises:
    - performing an action in response to determining the particular piece of the layer 2 and layer 3 information does not match the corresponding piece of the expected information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Knowledge Ventures, L.P. (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Hilving, James P., Forsyth, James W., Henry, David A.
Primary Examiner(s)
Mejia, Anthony

Application Number

US11/753,238
Publication Number

US 20080295158A1
Time in Patent Office

2,651 Days
Field of Search

709/224, 709/230, 709/238, 709/220, 709/223, 709/249, 370/253, 370/469, 370/252, 370/254, 370/395.52, 713/166, 717/139, 715/737
US Class Current

709/238
CPC Class Codes

H04L 12/4675   Dynamic sharing of VLAN inf...

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 61/103   across network layers, e.g....

H04L 63/1416   Event detection, e.g. attac...

H04L 69/16   Implementation or adaptatio...

System and method to access and use layer 2 and layer 3 information used in communications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method to access and use layer 2 and layer 3 information used in communications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links