A Network Metadata Infrastructure for Locating Network Devices
Abstract (Summary)Finding the physical location of a device given only its network address is a difficult network management problem which requires collecting and correlating large amounts of data from routers, switches, and other data sources. Routers store a mapping of IP addresses to havrdware addresses in an ARP table. Switches keep a mapping between MAC addresses and prots in a CAM table. This work studies the feasibility of collecting, processing, and archiving the contents of these tables. A graphical user interface provides the ability to search through the summarized ARP and CAM data to find the physical location of a device at a given point in time. Ohio University's newtwork, consisting of 15 routers and 600 switches, served as a testbed for the system. Router data collection and processing occurred once per hour and took six minutes to complete. Switch data collection and processing occurred fourt time per our and took five minutes per sample. ARP and CAM data for several years was stored in a databased using significantly less space than the raw data. Searches for an IP or MAC address made through the graphical interface took fourteen seconds. Historical views of ARP data are useful for IP address space management, while recent ARP data can be used for network security. Intrusion detection systems can identify and IP address involved in a network attack, and the graphical interface can trace the IP address to the switch port, building, room, and user of the device.
School Location:USA - Ohio
Source Type:Master's Thesis
Date of Publication:01/01/2004