Techniques implemented by an IP address management (IPAM) system for monitoring the usage of IP addresses in networks of computing resources and automatically notifying networking devices when IP address usage has changed. The IPAM system may create pools of IP addresses (e.g., address groups), and map those pools to prefix lists that are distributed to the networking devices. The IPAM system may monitor changes in IP address usage by resources in the networks (e.g., allocations and releases of IP addresses), update the pools that are affected by the changes, carry those changes through to the appropriate prefix lists, and propagate updated prefix lists to the networking devices (e.g., firewall devices, routing devices, etc.). In this way, the IPAM system may automatically identify and apply IP address changes to prefix lists that are used for networking operations in the networks.

Some embodiments provide a method for identifying security threats to a datacenter. The method receives flow attribute sets for multiple flows from multiple host computers in the datacenter on which data compute nodes (DCNs) execute. Each flow attribute set indicates at least a source DCN for the flow. The method identifies flow attribute sets that correspond to DCNs responding to name resolution requests. For each DCN of a set of DCNs executing on the host computers, the method determines whether the DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the DCN based on the identified flow attribute sets. When a particular DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the particular DCN, the method identifies the particular DCN as a security threat to the datacenter.

Some embodiments provide a method for identifying security threats to a datacenter. The method receives flow attribute sets for multiple flows from multiple host computers in the datacenter on which data compute nodes (DCNs) execute. Each flow attribute set indicates at least a source DCN for the flow. The method identifies flow attribute sets that correspond to DCNs responding to name resolution requests. For each DCN of a set of DCNs executing on the host computers, the method determines whether the DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the DCN based on the identified flow attribute sets. When a particular DCN has sent responses to name resolution requests in a manner that deviates from a historical baseline for the particular DCN, the method identifies the particular DCN as a security threat to the datacenter.

The present application describes the generation and use of micro-pools that are assigned to various DHCP servers by an agent. In examples, each micro-pool includes a set number of IP addresses. The agent tracks which DHCP servers are assigned which micro-pools. As the IP addresses of a micro-pool are assigned to requesting computing devices, the agent may subsequently assign an additional micro-pool to a particular DHCP server.

A method for propagating a movement event message of a network entity, including: step 1) a network device maintaining a historical forwarded information list, wherein a network device capable of receiving a movement event message from an external system or device maintains an uplink port information table; step 2) after receiving the message, the network device performs matching using the table to obtain a forwarding port and forwarding information of the message, and constructs a movement event forwarding message using the information and forwards through the forwarding port; and step 3) after a device receives the message, searching for a matching forwarding port and forwarding information of the message in the information list, modifying the message using the forwarding information, and forwarding the modified message through the forwarding port. The method is able to propagate a movement event message to a network device responsible for related data transmission and forwarding.

A method for propagating a movement event message of a network entity, including: step 1) a network device maintaining a historical forwarded information list, wherein a network device capable of receiving a movement event message from an external system or device maintains an uplink port information table; step 2) after receiving the message, the network device performs matching using the table to obtain a forwarding port and forwarding information of the message, and constructs a movement event forwarding message using the information and forwards through the forwarding port; and step 3) after a device receives the message, searching for a matching forwarding port and forwarding information of the message in the information list, modifying the message using the forwarding information, and forwarding the modified message through the forwarding port. The method is able to propagate a movement event message to a network device responsible for related data transmission and forwarding.

Systems and techniques are provided for synchronizing DHCP snoop information. In some examples, a method can include, performing, by a first PE device from a plurality of PE devices, DHCP snooping of a first plurality of DHCP messages between a DHCP client and a DHCP server, wherein the plurality of PE devices is part of an ethernet segment for multihoming the DHCP client. In some aspects, the method includes determining, based on snooping the first plurality of DHCP messages, an association between an IP address corresponding to the DHCP client and a MAC address corresponding to the DHCP client. In some examples, the method includes sending, by the first PE device to at least one other PE device from the plurality of PE devices, a first route advertisement that includes the association between the IP address corresponding to the DHCP client and the MAC address corresponding to the DHCP client.

Systems and techniques are provided for synchronizing DHCP snoop information. In some examples, a method can include, performing, by a first PE device from a plurality of PE devices, DHCP snooping of a first plurality of DHCP messages between a DHCP client and a DHCP server, wherein the plurality of PE devices is part of an ethernet segment for multihoming the DHCP client. In some aspects, the method includes determining, based on snooping the first plurality of DHCP messages, an association between an IP address corresponding to the DHCP client and a MAC address corresponding to the DHCP client. In some examples, the method includes sending, by the first PE device to at least one other PE device from the plurality of PE devices, a first route advertisement that includes the association between the IP address corresponding to the DHCP client and the MAC address corresponding to the DHCP client.

An electronic device and method are disclosed. The electronic device includes memory storing identification of at least an external electronic device, to which an IPv6-based IP address is allocatable, a communication circuit, and a processor. The processor implements the method, including: receiving, from the external electronic device, a router solicitation including a link local address generated by the external electronic device, and identification information of the external electronic device, confirming whether the identification information of the external electronic device included in the router solicitation is stored in the memory, and if so, transmitting a router advertisement including information related to generation of the IP address to the external electronic device.

An electronic device and method are disclosed. The electronic device includes memory storing identification of at least an external electronic device, to which an IPv6-based IP address is allocatable, a communication circuit, and a processor. The processor implements the method, including: receiving, from the external electronic device, a router solicitation including a link local address generated by the external electronic device, and identification information of the external electronic device, confirming whether the identification information of the external electronic device included in the router solicitation is stored in the memory, and if so, transmitting a router advertisement including information related to generation of the IP address to the external electronic device.