DHCP integration

If parts of your network are managed by DHCP address allocation, then host machines may be assigned new IP addresses when their leases expire. In order to develop and display the profile of a host’s activity, the NetProfiler must continue to track the connection behavior of the host when its IP address lease expires and the DHCP server assigns it a new IP address.  

The NetProfiler uses lease information from the DHCP server as the basis for tracking hosts. This requires a mechanism for transferring lease information from the DHCP server to the NetProfiler. The specifics of the mechanism depend on the DHCP implementation. Riverbed provides instructions for several popular DHCP packages.

Lease data file format

The NetProfiler accepts DHCP data in two formats.

Alcatel-Lucent QIP-compatible format

This format contains one lease record per line in the following order:

IP Address | MAC address | DNS name | domain | lease-start date time | lease-end date time | status

For example (on one line):

192.168.10.1|aa:bb:cc:dd:0a:01|host-10-1|example.com|2007-05-01 15:26:15Z|2007-05-08 15:26:15Z|Active

Note that time stamps are expected to be in UTC format. To specify time stamps in local time, use the "20070501 15:26" format instead:

For example:

192.168.10.1|aa:bb:cc:dd:0a:01|host-10-1|example.com|20070501 15:26|20070508 15:26|Active

ISC-compatible format

This format is compatible with POSIX-compliant DHCP packages distributed by Internet Systems Consortium, Inc. (www.isc.org).

lease 10.128.2.219 {

   starts 2 2006/08/15 16:09:09;

   ends 2 2006/08/15 20:09:09;

   tstp 2 2006/08/15 20:09:09;

   binding state free;

   hardware ethernet 00:02:a5:ba:53:9b;

   uid "\001\000\002\245\272S\233";

}

lease 192.168.255.100 {

   starts 1 2007/02/19 01:28:33;

   ends 1 2007/02/19 13:28:33;

   tstp 1 2007/02/19 13:28:33;

   binding state free;

   hardware ethernet 00:04:23:c4:02:30;

}

Transfer mechanism

When transferring DHCP lease data to the NetProfiler from a DHCP package that uses one of the data formats NetProfiler supports, you can transfer the data in its native format to the NetProfiler.  

When integrating with a Windows DHCP domain controller, you need to convert the data format. Riverbed provides a conversion script and instructions for its use.   

Typically, the transfer of lease information to the NetProfiler is implemented as follows:

  1. Enable the DHCP server to log in to the NetProfiler via SSH. SSH on the NetProfiler must be configured with the public key of the DHCP server. On the NetProfiler, SSH configuration files are in /usr/mazu/var/dhcp/.ssh.  The NetProfiler supports SSH v2.

  2. Set up a script on the DHCP server so that every n minutes, a client process obtains lease information from the DHCP server and writes it into a file. In the case of a Windows DHCP implementation, use the Riverbed script to convert the data format before transferring the file to the NetProfiler.

  3. Set up a scheduler to execute the scripts to dump, convert (if Windows), and transfer the DHCP lease data information to the NetProfiler.  The lease data file must be transferred to the NetProfiler as a file named data. Typically, it is transferred into the NetProfiler DHCP data directory.

  4. After the scheduler has transferred the lease data, it must transfer a file named data-new into the same directory as the data file. This file indicates to NetProfiler that the new lease data is available.

The data and data-new files can be transferred using commands such as:

scp <dump_file> dhcp@<NetProfiler _name>:/usr/mazu/var/dhcp/data

scp  data-new  dhcp@<NetProfiler _name>:/usr/mazu/var/dhcp/data-new

or

scp <dump_file> dhcp@<NetProfiler _name>:./data

scp  data-new  dhcp@<NetProfiler _name>:./data-new

Both the data and data-new files are removed after the NetProfiler has imported the new lease data. They must be written again by each subsequent data transfer.

If the NetProfiler receives an IP address in flow data that does not appear in the lease data file, it assumes the address to be static.

Riverbed provides integration notes with instructions for integrating NetProfiler with QIP, ISC and Windows DHCP software.

Update intervals

The interval for updating NetProfiler DHCP information can be based on DHCP lease times, lease update intervals and the times when new leases are most frequently requested on your network. A DHCP client on a network with no outages may update its lease when half the lease time has expired. That is, it obtains a new lease at an interval of lease-length/2.

Update scheduling can vary widely, depending on network conditions and security policies. Some general guidelines for sending the NetProfiler new DHCP data are as follows.

  • If your script for sending DHCP information to the NetProfiler sends incremental updates (i.e., just what has changed since the last update), have it send the NetProfiler updates every hour.

  • If your script sends complete DHCP lease information for every update, have it send the NetProfiler updates based on the length of the leases, as follows:

Lease length

NetProfiler update interval

More than 4 days

1 update per day (around 10:00 AM)

4 days

2 updates per day

24 hours

6 updates per day

12 hours

12 updates per day

6 hours

24 updates per day

Less than 6 hours

24 updates per day

 

Integrating with other products

General Settings

Downloads