NETCONF/DMI-based secure network device discovery

US 9,100,296 B1
Filed: 12/23/2013
Issued: 08/04/2015
Est. Priority Date: 10/24/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining, by a network device, that a device has been added to a network management system associated with the network device,the device utilizing a network management protocol that requires the device to initiate a connection with the network device;

generating, by the network device, configuration information for establishing the connection between the network device and the device;

accessing, by the network device, the device,accessing the device including logging into the device using secure shell version 2 (SSH v2) credentials;

providing, by the network device and based on accessing the device, the configuration information for establishing the connection to the device to cause the device to establish the connection;

logging off, by the network device, from the device based on the configuration information having been provided to the device;

determining, by the network device, that the device has established the connection;

receiving, by the network device, device configuration information from the device via the connection; and

providing, by the network device, the device configuration information to the network management system,the device configuration information being usable by the network management system to manage the device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system receives discovery rule inputs that include addresses, verifies one or more device identifiers for one or more addresses, obtains device information from each verified device associated with the one or more verified device identifiers, determines whether each verified device is a discovered device based on the device information, and automatically adds each verified device as a discovered device to a management system without human intervention when it is determined that the verified device is discovered. The system further creates device configuration information, creates an identifier and password, provides device configuration information, the identifier, and the password, to each of the discovered devices based on the NETCONF or the Device Management Interface standards, waits for a connection from the discovered devices, imports device configuration information from the discovered devices when the connection has been established, and indicates that the discovered devices are managed devices.

Citations

20 Claims

1. A method comprising:
- determining, by a network device, that a device has been added to a network management system associated with the network device,the device utilizing a network management protocol that requires the device to initiate a connection with the network device;
  
  generating, by the network device, configuration information for establishing the connection between the network device and the device;
  
  accessing, by the network device, the device,accessing the device including logging into the device using secure shell version 2 (SSH v2) credentials;
  
  providing, by the network device and based on accessing the device, the configuration information for establishing the connection to the device to cause the device to establish the connection;
  
  logging off, by the network device, from the device based on the configuration information having been provided to the device;
  
  determining, by the network device, that the device has established the connection;
  
  receiving, by the network device, device configuration information from the device via the connection; and
  
  providing, by the network device, the device configuration information to the network management system,the device configuration information being usable by the network management system to manage the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, where providing the configuration information includes:
    - providing, to the device, an identifier and a password to be utilized to establish the connection; and
      
      where determining that the device has established the connection includes;
      
      authenticating the device based on the identifier and the password, anddetermining that the device has established the connection based on authenticating the device.
  - 3. The method of claim 1, where the device configuration information includes one or more of:
    - information identifying hardware associated with the device,information identifying software associated with the device,information identifying one or more licenses associated with the device,state information associated with the device, orinformation associated with a configuration of the device.
  - 4. The method of claim 1, further comprising:
    - generating the configuration information for the device,where the configuration information triggers the device to establish the connection.
  - 5. The method of claim 4, where generating the configuration information includes:
    - generating an outbound secure shell configuration.
  - 6. The method of claim 5, where the outbound secure shell configuration includes:
    - an Internet Protocol (IP) address, anda port number.
  - 7. The method of claim 1, where accessing the device comprises:
    - logging into the device using a SSH v2 fingerprint.
  - 8. The method of claim 1, where the network management protocol includes a Network Configuration (NETCONF) protocol.
  - 9. The method of claim 1, where the network management protocol includes a Device Management Interface (DMI) protocol.

10. A network device comprising:
- a memory storing instructions,a processor that executes the instructions to;
  
  determine that a device has been added to a network management system,the device utilizing a network management protocol that requires the device to initiate a connection with the network device,the network management system being associated with the network device;
  
  generate, based on the device having been added to the network management system, configuration information for establishing the connection between the network device and the device;
  
  access the device based on logging into the device using secure shell version 2 (SSH v2) credentials;
  
  provide, based on accessing the device, the configuration information for establishing the connection to the device to cause the device to establish the connection;
  
  log off from the device based on the configuration information having been provided to the device;
  
  receive, via the connection established by the device, device configuration information from the device; and
  
  provide the device configuration information to the network management system,the device configuration information being usable by the network management system to manage the device.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The network device of claim 10, where, when providing the configuration information, the processor is to:
    - provide, to the device, an identifier and a password to be utilized by the device when establishing the connection; and
      
      where the processor is further to;
      
      authenticate the device based on the identifier and the password; and
      
      determine that the device has established the connection based on authenticating the device.
  - 12. The network device of claim 10, where the device configuration information includes one or more of:
    - information identifying a hardware inventory,information identifying a software inventory,information identifying a license inventory,state information associated with the device, orconfiguration information associated with the device.
  - 13. The network device of claim 10, where the processor is further to:
    - generate the configuration information for the device,where the configuration information is generated specifically for the device, andwhere the configuration information triggers the device to establish the connection.
  - 14. The network device of claim 13, where, when generating the configuration information, the processor is to:
    - generate an outbound secure shell configuration.
  - 15. The network device of claim 14, where the outbound secure shell configuration includes at least one of:
    - an Internet Protocol (IP) address associated with the network device, ora port number associated with the network device.

16. A non-transitory computer-readable medium storing instructions, the instructions comprising:
- one or more instructions that, when executed by a processor of a network device, cause the processor to;
  
  determine that a device has been added to a network management system associated with the network device,the device utilizing a network management protocol that requires the device to initiate a connection with the network device;
  
  generate, based on the device having been added to the network management system, configuration information for establishing the connection between the network device and the device;
  
  access the device based on logging into the device using secure shell version 2 (SSH v2) credentials;
  
  provide, based on accessing the device, the configuration information for establishing the connection to the device to cause the device to establish the connection;
  
  log off from the device based on the configuration information having been provided to the device;
  
  determine that the device has established the connection;
  
  receive device configuration information from the device via the connection; and
  
  provide the device configuration information to the network management system,the device configuration information being usable by the network management system to manage the device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer-readable medium of claim 16, where the one or more instructions to provide the configuration information include:
    - one or more instructions that, when executed by the processor, cause the processor to;
      
      provide, to the device, an identifier and a password to be utilized to establish the connection; and
      
      where the one or more instructions to determine that the device has established the connection include;
      
      one or more instructions that, when executed by the processor, cause the processor to;
      
      authenticate the device based on the identifier and the password, anddetermine that the device has established the connection based on authenticating the device.
  - 18. The non-transitory computer-readable medium of claim 16, where the one or more instructions to receive the device configuration information include:
    - one or more instructions that, when executed by the processor, cause the processor to;
      
      receive, from the device, one or more of;
      
      information identifying hardware associated with the device,information identifying software associated with the device,information identifying one or more licenses associated with the device,state information associated with the device, orconfiguration information associated with the device.
  - 19. The non-transitory computer-readable medium of claim 16, where the instructions further comprise:
    - one or more instructions that, when executed by the processor, cause the processor to;
      
      generate the configuration information for the device,where the configuration information triggers the device to establish the connection.
  - 20. The non-transitory computer-readable medium of claim 19, where the one or more instructions to generate the configuration information include:
    - one or more instructions that, when executed by the processor, cause the processor to;
      
      generate an outbound secure shell configuration that includes an Internet Protocol (IP) address and a port number associated with the network device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Kishore, Uday, Joyce, Roshan
Primary Examiner(s)
Ho, Dao

Application Number

US14/139,016
Time in Patent Office

589 Days
Field of Search

726/4, 726/26
US Class Current

1/1
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 12/1886   with traffic restrictions f...

H04L 41/0213   Standardised network manage...

H04L 41/0803   Configuration setting

H04L 41/0806   for initial configuration o...

H04L 41/0866   Checking the configuration

H04L 41/12   Discovery or management of ...

H04L 43/10   Active monitoring, e.g. hea...

H04L 63/0823   using certificates cryptogr...

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

NETCONF/DMI-based secure network device discovery

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

NETCONF/DMI-based secure network device discovery

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links