EARLY TRAFFIC REGULATION TECHNIQUES TO PROTECT AGAINST NETWORK FLOODING
First Claim
1. A packet flow control method comprising the steps of:
- detecting congestion in a first node along a packet flow path between a source device and a destination device;
identifying a node in said path preceding said first node; and
transmitting to said preceding network node a traffic regulation signal used to initiate flow rate control on flows identified from information included in said traffic regulation signal.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for providing an Anti-Flooding Flow-Control (AFFC) mechanism suitable for use in defending against flooding network Denial-of-Service (N-DoS) attacks is described. Features of the AFFC mechanism include (1) traffic baseline generation, (2) dynamic buffer management, (3) packet scheduling, and (4) optional early traffic regulation. Baseline statistics on the flow rates for flows of data corresponding to different classes of packets are generated. When a router senses congestion, it activates the AFFC mechanism of the present invention. Traffic flows are classified. Elastic traffic is examined to determine if it is responsive to flow control signals. Flows of non-responsive elastic traffic is dropped. The remaining flows are compared to corresponding class baseline flow rates. Flows exceeding the baseline flow rates are subject to forced flow rate reductions, e.g., dropping of packets.
-
Citations
20 Claims
-
1. A packet flow control method comprising the steps of:
-
detecting congestion in a first node along a packet flow path between a source device and a destination device;
identifying a node in said path preceding said first node; and
transmitting to said preceding network node a traffic regulation signal used to initiate flow rate control on flows identified from information included in said traffic regulation signal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of implementing flow control in a communications network including a first node, a second node and a destination node, the first node being located upstream of the second node on a communications path to said destination device, the method comprising the steps of:
-
operating the second node to detect when the second node is saturated with traffic for a period of time;
in response to detecting that said second node is saturated with traffic for said period of time, operating the second node to send a first traffic regulation signal to the first node to trigger said first node to perform traffic regulation of flow rates on flows of packets directed to said destination device. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A communications system for communicating information as flows of packets, the system comprising:
-
a first network node including;
i. congestion control means for detecting congestion at said network node;
ii. traffic flow path determination means for determining the path of at least one packet flow causing congestion at said first network node; and
iii. early traffic regulation signaling means for transmitting a traffic regulation signal to initiate traffic regulation at an upstream network node; and
an upstream network node, the upstream network node being coupled to the first network node, the upstream network node including;
i. means for receiving traffic regulation signals from said first network node; and
ii. flow control means for performing flow rate reduction operations on one or more traffic flows identified from information included in received traffic flow control messages. - View Dependent Claims (19, 20)
-
Specification