Rate limiting in a decentralized control plane of a computing system

US 10,191,686 B2
Filed: 06/28/2016
Issued: 01/29/2019
Est. Priority Date: 06/28/2016
Status: Active Grant

First Claim

Patent Images

1. A method of processing a request for a service of a control plane in a computer system, comprising:

receiving the request, from a client, at a service host process executing on a software platform of the computer system;

generating an operation object in the service host process that encapsulates a request/response pattern started by the request, the operation object including a plurality of fields that store a context for the request/response pattern within the service host process;

determining a key based on the context stored by the plurality of fields;

obtaining a rate limit associated with the key; and

permitting or denying the request for the service based on whether a rate of requests targeting the service exceeds the rate limit.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of processing a request for a service of a control plane in a computer system includes receiving the request, from a client, at a service host process executing on a software platform of the computer system; generating an operation object in the service host process that encapsulates a request/response pattern started by the request, the operation object including a plurality of fields that store a context for the request/response pattern within the service host process; determining a key based on the context stored by the plurality of fields; obtaining a rate limit associated with the key; and permitting or denying the request for the service based on whether a rate of requests targeting the service exceeds the rate limit.

51 Citations

20 Claims

1. A method of processing a request for a service of a control plane in a computer system, comprising:
- receiving the request, from a client, at a service host process executing on a software platform of the computer system;
  
  generating an operation object in the service host process that encapsulates a request/response pattern started by the request, the operation object including a plurality of fields that store a context for the request/response pattern within the service host process;
  
  determining a key based on the context stored by the plurality of fields;
  
  obtaining a rate limit associated with the key; and
  
  permitting or denying the request for the service based on whether a rate of requests targeting the service exceeds the rate limit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the context includes a service identifier of another service managed by the service host process, wherein the plurality of fields includes a field that stores the service identifier, and wherein the step of determining comprises setting the key to the service identifier.
  - 3. The method of claim 2, wherein the other service is a user service having a state to stores an identity of a user of the control plane.
  - 4. The method of claim 2, wherein the other service is a tenant service having a state that stores an identity of a tenant of the control plane, the tenant including a plurality of users.
  - 5. The method of claim 1, wherein the context includes a context identifier, wherein the plurality of fields includes a field that stores the context identifier, and wherein the step of determining comprises setting the key to the context identifier.
  - 6. The method of claim 5, wherein the context identifier is obtained from the request.
  - 7. The method of claim 5, further comprising:
    - generating the context identifier in response to at least one value of the context.
  - 8. The method of claim 7, wherein the at least one value of the context includes an identifier of a role that relates a user group assigned to a user and a resource group assigned to a plurality of services of the control plane.
  - 9. The method of claim 1, wherein the step of permitting or denying the request for the service comprises:
    - invoking a handler of the service using the operation object as parametric input in response to the rate of requests targeting the service not exceeding the rate limit; and
      
      sending a response of the request/response pattern to the client in response to the rate of requests targeting the service exceeding the rate limit.
  - 10. The method of claim 1, wherein the rate limit and the key are members of a plurality of rate limits and a plurality of keys, respectively, in a map stored by the service host process that relates the plurality of keys with the plurality of rate limits.

11. A non-transitory computer readable medium comprising instructions, which when executed in a computer system, causes the computer system to carry out a method of processing a request for a service of a control plane in a computer system, comprising:
- receiving the request, from a client, at a service host process executing on a software platform of the computer system;
  
  generating an operation object in the service host process that encapsulates a request/response pattern started by the request, the operation object including a plurality of fields that store a context for the request/response pattern within the service host process;
  
  determining a key based on the context stored by the plurality of fields;
  
  obtaining a rate limit associated with the key; and
  
  permitting or denying the request for the service based on whether a rate of requests targeting the service exceeds the rate limit.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The non-transitory computer readable medium of claim 11, wherein the context includes a service identifier of another service managed by the service host process, wherein the plurality of fields includes a field that stores the service identifier, and wherein the step of determining comprises setting the key to the service identifier.
  - 13. The non-transitory computer readable medium of claim 12, wherein the other service is a user service having a state to stores an identity of a user of the control plane.
  - 14. The non-transitory computer readable medium of claim 12, wherein the other service is a tenant service having a state that stores an identity of a tenant of the control plane, the tenant including a plurality of users.
  - 15. The non-transitory computer readable medium of claim 11, wherein the context includes a context identifier, wherein the plurality of fields includes a field that stores the context identifier, and wherein the step of determining comprises setting the key to the context identifier.
  - 16. The non-transitory computer readable medium of claim 15, wherein the context identifier is obtained from the request.
  - 17. The non-transitory computer readable medium of claim 15, further comprising:
    - generating the context identifier in response to at least one value of the context.
  - 18. The non-transitory computer readable medium of claim 17, wherein the at least one value of the context includes an identifier of a role that relates a user group assigned to a user and a resource group assigned to a plurality of services of the control plane.
  - 19. The non-transitory computer readable medium of claim 11, wherein the step of permitting or denying the request for the service comprises:
    - invoking a handler of the service using the operation object as parametric input in response to the rate of requests targeting the service not exceeding the rate limit; and
      
      sending a response of the request/response pattern to the client in response to the rate of requests targeting the service exceeding the rate limit.

20. A computer system, comprising:
- a hardware platform having a central processing unit (CPU), memory, and storage;
  
  a software platform executing on the hardware platform, the software platform includes a service host process of a control plane, the service host process executable by the CPU to;
  
  receive a request for a service, from a client, at the service host process;
  
  generate an operation object in the service host process that encapsulates a request/response pattern started by the request, the operation object including a plurality of fields that store a context for the request/response pattern within the service host process;
  
  determine a key based on the context stored by the plurality of fields;
  
  obtain a rate limit associated with the key; and
  
  permit or deny the request for the service based on whether a rate of requests targeting the service exceeds the rate limit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Chrysanthakopoulos, Georgios, Noordhuis, Pieter
Primary Examiner(s)
Vostal, Ondrej C

Application Number

US15/195,540
Publication Number

US 20170374177A1
Time in Patent Office

945 Days
Field of Search

709226
US Class Current
CPC Class Codes

G06F 16/2228   Indexing structures

G06F 16/23   Updating

G06F 16/245   Query processing

G06F 2209/5011   Pool

G06F 3/0608   Saving storage space on sto...

G06F 3/064   Management of blocks

G06F 3/0647   Migration mechanisms

G06F 3/0652   Erasing, e.g. deleting, dat...

G06F 3/0659   Command handling arrangemen...

G06F 3/0673   Single storage device

G06F 8/315   Object-oriented languages

G06F 9/5027   the resource being a machin...

G06F 9/541   via adapters, e.g. between ...

G06F 9/542   Event management; Broadcast...

H04L 41/0893   Assignment of logical group...

H04L 41/20   Network management software...

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 67/104   Peer-to-peer [P2P] networks

H04L 67/1095 : Replication or mirroring of...

H04L 67/51 : Discovery or management the...

H04L 67/60 : Scheduling or organising th...

H04L 67/63 : Routing a service request d...

View All

Rate limiting in a decentralized control plane of a computing system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Rate limiting in a decentralized control plane of a computing system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links