Weighted fair queuing-based methods and apparatus for protecting against overload conditions on nodes of a distributed network
First Claim
15. In a network device, the improvement for controlling throughput comprising a scheduler that schedules one or more packets of at least a selected class for throughput as a function of a dynamic weight of that class and dynamic weights of one or more other classes, any of a leaky bucket mechanism and a token bucket mechanism (collectively, “
- token bucket mechanism”
) coupled to the scheduler that (i) uses for each class a bucket whose volume is a function of a history of traffic of packets in the respective class received by the network device, and (ii) determines the dynamic weight of each class as a function of the volume of the respective bucket.
4 Assignments
0 Petitions
Accused Products
Abstract
An improved network device that controls throughput of packets received thereby, e.g., to downstream devices or to downstream logic contained within the same network device. The network device comprises a scheduler that schedules one or more packets of a selected class for throughput as a function of a weight of that class and weights of one or more other classes. The weight of at least the selected class is dynamic and is a function of a history of volume of packets received by the network device in the selected class. An apparatus for protecting against overload conditions on a network, e.g., of the type caused by DDoS attacks, has a scheduler and a token bucket mechanism, e.g., as described above. Such apparatus can also include a plurality of queues into which packets of the respective classes are placed on receipt by the apparatus. Those packets are dequeued by the scheduler, e.g., in the manner described above, for transmittal to downstream devices (e.g., potential victim nodes) on the network.
-
Citations
83 Claims
-
15. In a network device, the improvement for controlling throughput comprising
a scheduler that schedules one or more packets of at least a selected class for throughput as a function of a dynamic weight of that class and dynamic weights of one or more other classes, any of a leaky bucket mechanism and a token bucket mechanism (collectively, “ - token bucket mechanism”
) coupled to the scheduler that (i) uses for each class a bucket whose volume is a function of a history of traffic of packets in the respective class received by the network device, and (ii) determines the dynamic weight of each class as a function of the volume of the respective bucket. - View Dependent Claims (16, 17, 18, 19)
- token bucket mechanism”
-
20. In a network device, the improvement for controlling throughput comprising
a scheduler that schedules one or more packets of at least a selected class for throughput as a function of a dynamic weight of that class and dynamic weights of one or more other classes, any of a leaky bucket mechanism and a token bucket mechanism (collectively, “ - token bucket mechanism”
) coupled to the scheduler that (i) uses for each class a bucket whose volume is a function of a history of traffic of packets in the respective class received by the network device, and (ii) determines the dynamic weight of each class as a function of the volume of the respective bucket,the token bucket mechanism models each bucket as (i) filling at a rate associated with the respective class, (ii) having a minimum capacity associated with that class, and a maximum capacity associated with that class, and the token bucket mechanism reduces each bucket proportionally to a volume of packets throughput for the respective class by the scheduler, the scheduler schedules for throughput at a time t a volume of packets of the selected class that is proportional to a content of the bucket for that class at that time.
- token bucket mechanism”
-
21. In the network device of claim 21, the further improvement wherein scheduler (i) schedules for throughput only whole packets of the selected class, and (ii) credits the bucket associated with the selected class if the volume of packets of that class that would be scheduled for throughput includes a fraction of a packet.
-
22. In a method of operating a network device, the improvement for controlling throughput comprising the step of scheduling packets, if any, in each of a plurality of classes for throughput,
the scheduling step including A. allowing throughput bursts of packets from the respective classes so long as each an average rate therefrom does not exceed a first selected level, B. discriminating against throughput of streams of packets that exceed an average for more than a selected period, where a stream comprises a plurality of packets from a given source to a given destination, C. exercising (A) and (B) only to an extent substantially necessary to keep overall throughput under a second selected level.
-
25-1. In the method of any of claims 23-25, the further improvement comprising determining the dynamic weights by rate-limiting.
-
36. An apparatus for protecting against overload conditions on a network comprising
a plurality of queues, a scheduler coupled to the queues that schedules packets therein for dequeuing for output as a function of a dynamic weight of associated with each queue, any of a leaky bucket mechanism and a token bucket mechanism (collectively, “ - token bucket mechanism”
) coupled to the scheduler that (i) uses for each queue a bucket whose volume is a function of a history of traffic of packets received by the network device and placed in the respective queue, and (ii) determines the dynamic weight of each queue as a function of the volume of the respective bucket. - View Dependent Claims (37, 38, 39, 40, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
- token bucket mechanism”
-
41. An apparatus for protecting against overload conditions on a network, comprising
a plurality of queues, a scheduler coupled to the queues that schedules packets therein for dequeuing for output as a function of a dynamic weight of associated with each queue, any of a leaky bucket mechanism and a token bucket mechanism (collectively, “ - token bucket mechanism”
) coupled to the scheduler that (i) uses for each queue a bucket whose volume is a function of a history of traffic of packets received by the apparatus and placed in the respective queue, and (ii) determines the dynamic weight of each queue as a function of the volume of the respective bucket,the token bucket mechanism models each bucket as (i) filling at a rate associated with the respective queue, (ii) having a minimum capacity associated with that queue, and a maximum capacity associated with that queue, and the token bucket mechanism reduces each bucket proportionally to a volume of packets throughput for the respective queue by the scheduler, the scheduler schedules for dequeuing at a time t a volume of packets of the selected queue that is proportional to a content of the bucket for that queue at that time. - View Dependent Claims (42)
- token bucket mechanism”
-
63. In a network device, the improvement for controlling throughput comprising
a scheduler that schedules one or more packets of a selected class for throughput as a function of a weight of that class and weights of one or more other classes, a marking mechanism that transmits a cookie to a packet source on the network and causes that source to include the cookie in packets transmitted by it to on the network to a destination coupled to the network device.
-
71. In a network device, the improvement for controlling throughput comprising
a scheduler that schedules one or more packets of a selected class for throughput as a function of a weight of that class and weights of one or more other classes, an authentication module that transmits a challenge to a source on the network and that analyzes a response thereto to determine the suspiciousness of the source.
Specification