Share via

Using Network Configuration Detection

  • Article

The Forefront TMG network configuration detection (NCD) mechanism allows application filters to react to network configuration changes without restarting a service. It specifically applies to changes related to Plug and Play network devices. The Forefront TMG NCD mechanism issues notifications of network configuration changes, and application filters can register to receive those notifications. This mechanism also maintains a consistent view of network information in a single location.

Network Configuration Detection Mechanism

When the NCD mechanism is initialized, it constructs an initial view of the relevant network configuration information. A view of the network configuration at a single point in time is referred to as a snapshot. When changes occur in the network configuration, the NCD mechanism undergoes a synchronization, at which time a new snapshot is created.

Note  Snapshots do not include enterprise networks or enterprise network sets, and no notifications are generated for changes in enterprise networks or enterprise network sets.

NCD clients such as application filters register with the NCD mechanism and provide a sink interface for NCD notifications. NCD sends notifications of any changes in the network configuration to all its clients. Each client handles the notifications that it is interested in.

Note  When a client registers, the NCD mechanism sends a series of notifications that creates a picture of the current network configuration, in a logical order.

Network Configuration Detection Interfaces

The NCD interfaces defined in the SDK file Wspfwext.idl are:

Network Configuration Detection Events

When an NCD event occurs, the Microsoft Firewall service calls the NotifyNetworkChange method on the IFWXNetConfigDetectionNotification interface of each application filter that has registered to receive NCD notifications and provides information about the event, including its specific type and its parameters, in an FwxNcdEvent structure. The event is then handled by the implementation of the NotifyNetworkChange method in the appplication filter.

The type of NCD event, such as the addition or removal of a network adapter, is specified by a value from the FwxNcdEventType enumerated type.

NCD Approaches

There are two ways to use the NCD mechanism:

  • Respond to incremental notifications.
  • Respond to a synchronization notification using a snapshot of the network configuration.

Use the incremental approach when the NCD client has to perform an action as a response to a single notification, and this action is not dependent on future notifications. To use the incremental approach, use the GetContext and SetContext methods of the applicable network configuration interface (such as IFWXNetworkAddress) to get and set the information and act appropriately when receiving a notification.

Use the synchronization approach when the NCD client needs to examine a complete and consistent picture of the network configuration before performing an action. When you receive an incremental notification that you are interested in, set a flag. When you receive a notification for an event of the fwx_ncd_SyncConfig type, as defined in the FwxNcdEventType enumerated type, which indicates that NCD synchronization took place and an updated snapshot is available, examine your flags and examine the snapshot (IFWXNetConfigDetectionSnapshot), to determine how to act.

 

 

Build date: 7/12/2010