Understanding Network Nodes
Network Nodes and Devices
A network node is a connection point that can be connected to an IP network and communicate with another system. A system uses IP address for remote network and MAC address for local network to communicate with other system. Genian ZTNA recognizes this IP and MAC address pair as one node.
A node is a logical concept different from a physical device. For example, a single device may have multiple IPs or MACs and thus be recognized as multiple nodes. E.g
- One device connected to the network via multiple LAN cards (wired LAN, wireless LAN)
- Multiple operating systems use different IP addresses through multiple boot on one device.
- Multiple IP / MAC pairs are used through a virtual machine on one device
Genian ZTNA automatically recognizes different nodes as connected to one device if:
- Nodes use the same MAC address
- Through the agent that multiple network adapters are installed on one device
This allows administrators to selectively provide node-based management view or device-based management view.
Detecting Network Nodes & Devices
Genian ZTNA detects nodes in the network through network sensors or agents. The network sensor recognizes the existence of the node through the ARP packet generated in the network. Because of its nature, ARP is broadcast over the network, so a network sensor can detect that a new network node is connected just by being connected to the network. It can also analyze Ethernet frames received over a broadcast packet such as DHCP to see if a new node is connected to the network.
Another way to recognize the node is to install the agent on the Endpoint system. The agent collects various information including the IP / MAC of the system and sends it to the policy server to be registered as a node.
Lastly, devices (MAC only) can be detected and registered through RADIUS authentication.RADIUS access-request supplies the MAC Address while accounting-request supplies the IP.
Gathering Node Information
A network sensor uses a passive method of obtaining information through a packet such as a broadcast generated in a node and a method of actively collecting information through an open port of the node.
The passive method can collect information without affecting the node through the information contained in the packets periodically generated by the node, such as DHCP, NetBIOS, UPNP, and mDNS. The policy server can also gather node information like IP address, and connected SSID through RADIUS accounting.
In the active method, the network sensor first checks the service provided by the node through the port scan, and collects the information through the request according to each service. For example, if a node provides an HTTP service over the TCP 80 port, the sensor can request the top-level page to obtain information.
The information that is actively collected can set the target item and the collection period. For more information, see Configure Collecting Networks and Node information
The network sensor can also send WMI Queries to windows nodes to gather information about hardware, software and networking properties. See: