An approach to establish connections between clusters having overlapping IP address ranges. A method includes receiving, at a service discovery server, from a first node in a first cluster, a service discovery request including a unique name, determining, at the service discovery server, that the unique name resolves to a destination IP address of a second node in a second cluster, determining that the destination IP address overlaps with an IP address range associated with the first cluster, in response to determining that the destination IP address overlaps with the IP address range belonging to the first cluster, configuring a gateway to expect a network connection request from the first node that includes an IP address of the gateway, and sending a service discovery response to the first node, the service discovery response including the IP address of the gateway, but not the destination IP address.

An approach to establish connections between clusters having overlapping IP address ranges. A method includes receiving, at a service discovery server, from a first node in a first cluster, a service discovery request including a unique name, determining, at the service discovery server, that the unique name resolves to a destination IP address of a second node in a second cluster, determining that the destination IP address overlaps with an IP address range associated with the first cluster, in response to determining that the destination IP address overlaps with the IP address range belonging to the first cluster, configuring a gateway to expect a network connection request from the first node that includes an IP address of the gateway, and sending a service discovery response to the first node, the service discovery response including the IP address of the gateway, but not the destination IP address.

The disclosed technology is directed towards locating and counting unused nodes, such as free Internet Protocol version 4 (IPv4) address blocks. A hierarchical structure of nodes is created from an origin block to a specified lower level, and the hierarchical structure is processed using mapping and eliminating to locate free nodes. A first node group comprises node(s) in use, a second node group identifies intermediate subnets between the first node of the first node group and the specified origin block, and a third node group identifies any subnets hierarchically below node(s) in use. Unused (free) node count information is obtained based on nodes below the origin block that are not in the first node group, the second node group, or the third node group.

The disclosed technology is directed towards locating and counting unused nodes, such as free Internet Protocol version 4 (IPv4) address blocks. A hierarchical structure of nodes is created from an origin block to a specified lower level, and the hierarchical structure is processed using mapping and eliminating to locate free nodes. A first node group comprises node(s) in use, a second node group identifies intermediate subnets between the first node of the first node group and the specified origin block, and a third node group identifies any subnets hierarchically below node(s) in use. Unused (free) node count information is obtained based on nodes below the origin block that are not in the first node group, the second node group, or the third node group.

Systems, methods and products for identifying IP mass hosts and determining whether they are good or bad. One embodiment is a method including selecting a first candidate IP address, identifying a set of domains hosted at the IP address, and identifying registrants of the domains. A number of unique ones of the registrants is determined and if the number of unique registrants exceeds a threshold number, the candidate IP address is deemed an IP mass host. Otherwise, the candidate IP address is deemed not to be an IP mass host. For an IP mass host, domains that have bad reputations are identified, and it is determined whether the bad domains comprise at least a threshold percentage of the total hosted domains. If the IP mass host has at least the threshold percentage of bad domains, the IP mass host is deemed a bad mass host.

Systems, methods and products for identifying IP mass hosts and determining whether they are good or bad. One embodiment is a method including selecting a first candidate IP address, identifying a set of domains hosted at the IP address, and identifying registrants of the domains. A number of unique ones of the registrants is determined and if the number of unique registrants exceeds a threshold number, the candidate IP address is deemed an IP mass host. Otherwise, the candidate IP address is deemed not to be an IP mass host. For an IP mass host, domains that have bad reputations are identified, and it is determined whether the bad domains comprise at least a threshold percentage of the total hosted domains. If the IP mass host has at least the threshold percentage of bad domains, the IP mass host is deemed a bad mass host.

A method includes receiving, from a first user, a request to create an Internet Protocol (IP) template for a device connected to a network. The method further includes receiving an IP schema for the network. The method further includes receiving a list of IP template parameters associated with the network, wherein the IP template parameters includes information about a part of the network. The method further includes determining whether the first user is authorized to create the IP template. The method further includes generating, in response to a determination that the first user is authorized, an IP template based on the IP template parameters and the IP schema for the part of the network. The method further includes generating an IP address based on the IP template.

A method includes receiving, from a first user, a request to create an Internet Protocol (IP) template for a device connected to a network. The method further includes receiving an IP schema for the network. The method further includes receiving a list of IP template parameters associated with the network, wherein the IP template parameters includes information about a part of the network. The method further includes determining whether the first user is authorized to create the IP template. The method further includes generating, in response to a determination that the first user is authorized, an IP template based on the IP template parameters and the IP schema for the part of the network. The method further includes generating an IP address based on the IP template.

Technology described herein determines whether a device is Internet facing. An Internet facing device is a device where traffic coming from the Internet is routable to the device. The technology described herein may comprise two components that work together to identify Internet-facing devices. The first component is a monitoring agent installed on organizational devices. The second component is an Internet-facing management service, which may be cloud based. The monitoring agent communicates connection-event notices to the Internet-facing management service. The source IP address in the connection-event notice is compared to a list of organizational IP addresses. If the source IP address is not on the list, then the computing device associated with the notice is added to a list of Internet-facing devices because the connection originated from the Internet. Software listed in the connection-event notice may be added to a list of internet-facing software instances.

Technology described herein determines whether a device is Internet facing. An Internet facing device is a device where traffic coming from the Internet is routable to the device. The technology described herein may comprise two components that work together to identify Internet-facing devices. The first component is a monitoring agent installed on organizational devices. The second component is an Internet-facing management service, which may be cloud based. The monitoring agent communicates connection-event notices to the Internet-facing management service. The source IP address in the connection-event notice is compared to a list of organizational IP addresses. If the source IP address is not on the list, then the computing device associated with the notice is added to a list of Internet-facing devices because the connection originated from the Internet. Software listed in the connection-event notice may be added to a list of internet-facing software instances.