CONNECTION RATE LIMITING
First Claim
1. A computer implemented method for firewall load balancing connection rate limiting, the method comprising:
- incrementing, by a computing platform of a network switch, a counter each time a new connection request for a destination firewall load balancing service is received and a firewall is selected from a plurality of firewalls of the firewall load balancing service to handle the new connection request, the request identifying the destination firewall load balancing service, the counter indicating a total number of times the destination firewall load balancing service has been requested within a predetermined time interval by examining a destination address of the request; and
directing, by the computing platform, the new destination firewall load balancing service connection request to a particular one of the plurality of firewalls of the destination firewall load balancing service, if the counter has not increased at a rate exceeding the predetermined connection rate limit.
2 Assignments
0 Petitions
Accused Products
Abstract
Each service in a computer network may have a connection rate limit. The number of new connections per time period may be limited by using a series of rules. In a specific embodiment of the present invention, a counter is increased each time a server is selected to handle a connection request. For each service, connections coming in are tracked. Therefore, the source of connection-request packets need not be examined. Only the destination service is important. This saves significant time in the examination of the incoming requests. Each service may have its own set of rules to best handle the new traffic for its particular situation.
72 Citations
24 Claims
-
1. A computer implemented method for firewall load balancing connection rate limiting, the method comprising:
-
incrementing, by a computing platform of a network switch, a counter each time a new connection request for a destination firewall load balancing service is received and a firewall is selected from a plurality of firewalls of the firewall load balancing service to handle the new connection request, the request identifying the destination firewall load balancing service, the counter indicating a total number of times the destination firewall load balancing service has been requested within a predetermined time interval by examining a destination address of the request; and directing, by the computing platform, the new destination firewall load balancing service connection request to a particular one of the plurality of firewalls of the destination firewall load balancing service, if the counter has not increased at a rate exceeding the predetermined connection rate limit. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer implemented method for firewall load balancing connection rate limiting, the method comprising:
-
incrementing, by a computing platform of a network switch, a counter each time a new connection request for a destination firewall load balancing service is received and a firewall is selected from a plurality of firewalls of the firewall load balancing service to handle the new connection request, the request identifying the destination firewall load balancing service, the counter indicating a total number of times the destination firewall load balancing service has been requested within a predetermined time interval by examining a destination address of the request; and dropping, by the computing platform, the new connection requests for the firewall load balancing service if the counter increases at a rate exceeding a predetermined connection rate limit for the firewall load balancing service. - View Dependent Claims (7, 8, 9, 10)
-
-
11. An apparatus for firewall load balancing connection rate limiting, the apparatus comprising:
-
a memory; and a computing platform of a network switch, the computing platform configured to; increment a counter each time a new connection request for a destination firewall load balancing service is received and a firewall is selected from a plurality of firewalls of the firewall load balancing service to handle the new connection request, the request identifying the destination firewall load balancing service, the counter indicating a total number of times the destination firewall load balancing service has been requested within a predetermined time interval by examining a destination address of the request; and direct the new destination firewall load balancing service connection request to a particular one of the plurality of firewalls of the destination firewall load balancing service, if the counter has not increased at a rate exceeding the predetermined connection rate limit. - View Dependent Claims (12, 13, 14, 15)
-
-
16. An apparatus for firewall load balancing connection rate limiting, the apparatus comprising:
-
a memory; and a computing platform of a network switch, the computing platform configured to; increment a counter each time a new connection request for a destination firewall load balancing service is received and a firewall is selected from a plurality of firewalls of the firewall load balancing service to handle the new connection request, the request identifying the destination firewall load balancing service, the counter indicating a total number of times the destination firewall load balancing service has been requested within a predetermined time interval by examining a destination address of the request; and drop the new connection requests for the firewall load balancing service if the counter increases at a rate exceeding a predetermined connection rate limit for the firewall load balancing service. - View Dependent Claims (17, 18, 19, 20)
-
-
21. An apparatus for firewall load balancing connection rate limiting, the apparatus comprising:
-
a memory; means for incrementing, by a computing platform of a network switch, a counter each time a new connection request for a destination firewall load balancing service is received and a firewall is selected from a plurality of firewalls of the firewall load balancing service to handle the new connection request, the request identifying the destination firewall load balancing service, the counter indicating a total number of times the destination firewall load balancing service has been requested within a predetermined time interval by examining a destination address of the request; and means for directing, by the computing platform, the new destination firewall load balancing service connection request to a particular one of the plurality of firewalls of the destination firewall load balancing service, if the counter has not increased at a rate exceeding the predetermined connection rate limit.
-
-
22. An apparatus for firewall load balancing connection rate limiting, the apparatus comprising:
-
a memory; means for incrementing, by a computing platform of a network switch, a counter each time a new connection request for a destination firewall load balancing service is received and a firewall is selected from a plurality of firewalls of the firewall load balancing service to handle the new connection request, the request identifying the destination firewall load balancing service, the counter indicating a total number of times the destination firewall load balancing service has been requested within a predetermined time interval by examining a destination address of the request; and means for dropping, by the computing platform, the new connection requests for the firewall load balancing service if the counter increases at a rate exceeding a predetermined connection rate limit for the firewall load balancing service.
-
-
23. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method for firewall load balancing connection rate limiting, the method comprising:
-
incrementing, by a computing platform of a network switch, a counter each time a new connection request for a destination firewall load balancing service is received and a firewall is selected from a plurality of firewalls of the firewall load balancing service to handle the new connection request, the request identifying the destination firewall load balancing service, the counter indicating a total number of times the destination firewall load balancing service has been requested within a predetermined time interval by examining a destination address of the request; and directing, by the computing platform, the new destination firewall load balancing service connection request to a particular one of the plurality of firewalls of the destination firewall load balancing service, if the counter has not increased at a rate exceeding the predetermined connection rate limit.
-
-
24. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method for firewall load balancing connection rate limiting, the method comprising:
-
incrementing, by a computing platform of a network switch, a counter each time a new connection request for a destination firewall load balancing service is received and a firewall is selected from a plurality of firewalls of the firewall load balancing service to handle the new connection request, the request identifying the destination firewall load balancing service, the counter indicating a total number of times the destination firewall load balancing service has been requested within a predetermined time interval by examining a destination address of the request; and dropping, by the computing platform, the new connection requests for the firewall load balancing service if the counter increases at a rate exceeding a predetermined connection rate limit for the firewall load balancing service.
-
Specification