views:

65

answers:

3

Some background first. I have a .net client agent installed on each of the machines in the lan. They are interacting with my central server [website] also on the same lan.

It is important for my website to figure out which of the machines can talk to each other. For example, machines of one subnet cannot directly talk to machines of another subnet without configuring the routers and such. But machines in the same subnet should be able to talk to each other directly.

The problem I am facing is when the lan setup is like in Figure 1.

Figure 1

Because Comp1, Comp2 and Comp3 are behind a router, they have got the ipaddress 192.168.1.2 till 192.168.1.4. My client agent on these machines report the same ipaddress back to the server. However, machines Comp4, Comp5 also have the same ipaddresses.

Thus, as far as my server is concerned, there are 2 machines with the same ipaddress. Not just that, because the subnet mask is 255.255.255.0 for all machines, my server is fooled into thinking that Comp1 can directly talk to Comp5, which is not possible.

So, how do I solve this? What do I need to change in my client or in my server, so that I can support this scenario. These two are the only things in my control.

+1  A: 

One approach is for the individual client machines to determine who they can see using a broadcast message. Have each client listen on some particular UDP port, and each client broadcast its presence to whatever the local broadcast domain is. When clients can see each other in this way, they can probably also make TCP connections to each other.

If the server needs to know which clients can talk to each other, just have the clients tell the server.

Greg Hewgill
Wouldnt this require for that particular port to be unblocked by the routers, firewalls etc? We are trying to avoid a scenario where we would have to make exceptions to the existing setup to make our app work.
Amith George
@Amith George: A broadcast domain doesn't involve any routers. It may involve firewalls (depending on what layer the firewall works at), but if you can't send a UDP packet to a machine then you probably can't make another kind of connection anyway. Dropbox uses this sort of feature; see http://www.dropbox.com/help/137 for some more details.
Greg Hewgill
+3  A: 

EDIT: Seems that the network diagram is over simplified and there could be multiple router/subnet levels. My original answer will not handle this scenario. Also, with the restriction of modifying only the client app or server app and not tampering with the routers and firewalls makes it more difficult.

EDIT2: Using 'arp -a' you can extract the MAC address of the router. If the client apps can manage to do this then the puzzle is solved!

The client app knows the local machine address and passes it to the server app.

The server app knows the remote address when a connection comes in. This would be machine address or a router address.

From these two values you can work out what you ask.

For example:

Server app receives connection from 10.10.10.2 with client supplying 192.168.1.2

Server app receives connection from 10.10.10.3 with client supplying 192.168.1.3

The 'remote address' distinguishes the subnets.

So, all you need to figure out is how to extract the remote address of a client connection. If you are using any of the popular web technologies for your server app then this is very easy.

zaf
This method doesn't work if there is more than one level of NAT in between the client and server (the diagram pictures just one level). You could have two clients with the same local address, and same NAT server address (from the web server point of view) and yet still be on separate broadcast domains.
Greg Hewgill
+1 True. Lets see if the OP has a one level or a multiple level setup.
zaf
Doing this is what I thought at first. It will work in my local lan cuz its setup this way. But this isnt a very robust solution. Its wudnt be in my control how the companies would setup their networks.
Amith George
@Amith Well, change the setup graph to reflect a real production environment!
zaf
Found a solution. Please check my updated answer.
zaf
am sorry, but could you please explain how does the mac address of the router help solve the problem?
Amith George
client apps with the same router MAC address means the computers can 'talk' with each other.
zaf
Each computer's default gateway will typically be the router. So, even though the arp -a returns multiple entries, i just need to look for the one against the default gateway. Would there be any scenario where the default gateway is not set or for that matter is set to something other than the router?
Amith George
I'm no network expert. 'arp -a' should give you all known interfaces which includes the router.
zaf
Thanks. This solution ought to work :)
Amith George
A: 

If the network diagram is complicated enough I think if would be very difficuilt to find what you need. You should also take into account that Comp1 can establish direct connection to Comp6.

The solution I can suggest is probing. Client receives list of all other clients from server and tries to establish connection to each of them. I think that would be the only way to know which clients are REALLY accessible assuming any number of routers/firewalls/NATs in the network. Doesn'r scale much for a big number of computers of course.

Fedor