Method for Protecting a Firewall Load Balancer From a Denial of Service Attack
1 Assignment
0 Petitions
Accused Products
Abstract
A method for protecting firewall load balancers from a denial of service attack is provided. Packets are received by the firewall load balancer. Each packet has a source and a destination. The firewall load balancer is equipped with a connection database that can contain entries about the packets. Upon receipt of a packet, the connection database is queried to determine whether or not there is an entry for the received packet. If an entry is found in the database, the packet is forwarded to its destination. Otherwise, if the packet was received from a firewall, then a new connection entry for the packet is built and is saved to the connection database and the packet is forwarded on to its destination. If the packet does not have an entry (match) in the connection database and the packet was not received from a firewall, then the packet is forwarded to a firewall.
-
Citations
27 Claims
-
1. (canceled)
-
2. (canceled)
-
3. (canceled)
-
4. (canceled)
-
5. (canceled)
-
6. (canceled)
-
7. An apparatus, comprising:
an outbound firewall load balancer that is operable to receive a packet and to determine whether the packet is associated with an open connection such that resources are being consumed as reflected by an entry in an outbound connection database, wherein if the entry is not present in the outbound connection database then a new entry is not recorded for the outbound firewall load balancer, and wherein the packet is forwarded to a selected one of a plurality of firewalls coupled to the outbound firewall load balancer in the case where the entry is present in the outbound connection database, the packet being received by the selected firewall and then communicated to an inbound firewall load balancer, the inbound firewall load balancer being further operable to generate a new entry for the packet once it has received it from the selected firewall, the new entry being provided in an inbound connection database such that resources for the inbound firewall load balancer are then being consumed for an open flow associated with the packet. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
14. A method for enlisting one or more end users in a network environment in which loadbalancing occurs, comprising:
-
enlisting one or more end users in a billing plan associated with network communications; generating a bill associated with one or more of the end users, the bill being based on the billing plan; and facilitating network communications for one or more of the end users in response to the end users being enlisted in the billing plan, whereby the network communications includes a protocol that comprises; receiving a packet at an outbound firewall load balancer; determining whether the packet is associated with an open connection such that resources are being consumed as reflected by an entry in an outbound connection database, wherein if the entry is not present in the outbound connection database then a new entry is not recorded for the outbound firewall load balancer; and forwarding the packet to a selected one of a plurality of firewalls coupled to the outbound firewall load balancer in the case where the entry is present in the outbound connection database, wherein the packet may be received by the selected firewall and then communicated to an inbound firewall load balancer, wherein the inbound firewall load balancer is operable to generate a new entry for the packet once it has received it from the selected firewall, the new entry being provided in an inbound connection database such that resources for the inbound firewall load balancer are then being consumed for an open flow associated with the packet. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. Software for communicating data, the software being embodied in a computer readable medium and comprising computer code such that when executed is operable to:
-
receive a packet at an outbound firewall load balancer; determine whether the packet is associated with an open connection such that resources are being consumed as reflected by an entry in an outbound connection database, wherein if the entry is not present in the outbound connection database then a new entry is not recorded for the outbound firewall load balancer; and forward the packet to a selected one of a plurality of firewalls coupled to the outbound firewall load balancer in the case where the entry is present in the outbound connection database, wherein the packet may be received by the selected firewall and then communicated to an inbound firewall load balancer, wherein the inbound firewall load balancer is operable to generate a new entry for the packet once it has received it from the selected firewall, the new entry being provided in an inbound connection database such that resources for the inbound firewall load balancer are then being consumed for an open flow associated with the packet. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
Original AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
InventorsAlbert, Mark, O'Rourke, Chris, Menditto, Louis F., Sutton, Michael S., Batz, Robert M., Tiwari, Pranav K., Gray, Richard, Tsang, Tzu-Ming, Hull, Sean W., Shah, Gaurang K.
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current726/11
-
CPC Class CodesH04L 63/02 for separating internal fro...H04L 63/0227 Filtering policies mail mes...H04L 63/1458 Denial of ServiceH04L 67/1001 for accessing one among a p...H04L 67/1036 Load balancing of requests ...
