NETWORK NODE WITH CONTROL PLANE PROCESSOR OVERLOAD PROTECTION
First Claim
1. Network node comprising at least one data plane processor (101) for handling data packets of a first type (144) and for redirecting and rate-limiting data packets of a second type (142), and a control plane processor (102) for handling said data packets of a second type (142) redirected by said at least one data plane processor (101), CHARACTERIZED IN THAT said control plane processor (102) comprises overload protection means (124) adapted to identify individual flows of data packets of said second type for enhanced rate-limiting by said at least one data plane processor (101).
1 Assignment
0 Petitions
Accused Products
Abstract
A network node comprises at least one data plane processor (101) for handling data packets of a first type (144) and for redirecting and rate-limiting data packets of a second type (142). A control plane processor (102) in the network node handles the data packets of a second type (142) redirected by the data plane processor (101). In order to protect the control plane processor (102) against overload, e.g. caused by Denial of Service (DoS) attacks, individual flows of data packets of the second type are identified for enhanced rate-limiting by the data plane processor (101).
-
Citations
10 Claims
-
1. Network node comprising at least one data plane processor (101) for handling data packets of a first type (144) and for redirecting and rate-limiting data packets of a second type (142), and a control plane processor (102) for handling said data packets of a second type (142) redirected by said at least one data plane processor (101),
CHARACTERIZED IN THAT said control plane processor (102) comprises overload protection means (124) adapted to identify individual flows of data packets of said second type for enhanced rate-limiting by said at least one data plane processor (101).
-
10. Method for overload protection of a control plane processor (102) inside a network node wherein at least one data plane processor (101) handles data packets of a first type (144) and redirects and rate-limits data packets of a second type (142), and wherein said control plane processor (102) handles said data packets of a second type (142) redirected by said at least one data plane processor (101),
CHARACTERIZED IN THAT said method comprises identifying in said control plane processor (102) individual flows of data packets of said second type for enhanced rate-limiting by said at least one data plane processor (101).
Specification