CONNECTION RATE LIMITING

US 20110082947A1
Filed: 03/12/2010
Published: 04/07/2011
Est. Priority Date: 05/03/2002
Status: Abandoned Application

First Claim

Patent Images

1. A computer implemented method for firewall load balancing connection rate limiting, the method comprising:

incrementing, by a computing platform of a network switch, a counter each time a new connection request for a destination firewall load balancing service is received and a firewall is selected from a plurality of firewalls of the firewall load balancing service to handle the new connection request, the request identifying the destination firewall load balancing service, the counter indicating a total number of times the destination firewall load balancing service has been requested within a predetermined time interval by examining a destination address of the request; and

directing, by the computing platform, the new destination firewall load balancing service connection request to a particular one of the plurality of firewalls of the destination firewall load balancing service, if the counter has not increased at a rate exceeding the predetermined connection rate limit.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Each service in a computer network may have a connection rate limit. The number of new connections per time period may be limited by using a series of rules. In a specific embodiment of the present invention, a counter is increased each time a server is selected to handle a connection request. For each service, connections coming in are tracked. Therefore, the source of connection-request packets need not be examined. Only the destination service is important. This saves significant time in the examination of the incoming requests. Each service may have its own set of rules to best handle the new traffic for its particular situation.

72 Citations

View as Search Results

24 Claims

1. A computer implemented method for firewall load balancing connection rate limiting, the method comprising:
- incrementing, by a computing platform of a network switch, a counter each time a new connection request for a destination firewall load balancing service is received and a firewall is selected from a plurality of firewalls of the firewall load balancing service to handle the new connection request, the request identifying the destination firewall load balancing service, the counter indicating a total number of times the destination firewall load balancing service has been requested within a predetermined time interval by examining a destination address of the request; and
  
  directing, by the computing platform, the new destination firewall load balancing service connection request to a particular one of the plurality of firewalls of the destination firewall load balancing service, if the counter has not increased at a rate exceeding the predetermined connection rate limit.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising resetting the counter to zero if the elapsed time since the last counter reset is greater than a predetermined time interval.
  - 3. The method of claim 2 wherein the predetermined connection rate limit is a number of transactions per predetermined time interval.
  - 4. The method of claim 1, further comprising detecting a new firewall load balancing service connection request by looking at a SYN bit of an incoming transmission control protocol (TCP) packet.
  - 5. The method of claim 1 wherein the incrementing is based at least in part on the identification of the destination firewall load balancing service.

6. A computer implemented method for firewall load balancing connection rate limiting, the method comprising:
- incrementing, by a computing platform of a network switch, a counter each time a new connection request for a destination firewall load balancing service is received and a firewall is selected from a plurality of firewalls of the firewall load balancing service to handle the new connection request, the request identifying the destination firewall load balancing service, the counter indicating a total number of times the destination firewall load balancing service has been requested within a predetermined time interval by examining a destination address of the request; and
  
  dropping, by the computing platform, the new connection requests for the firewall load balancing service if the counter increases at a rate exceeding a predetermined connection rate limit for the firewall load balancing service.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, further comprising resetting the counter to zero if the elapsed time since the last counter reset is greater than a predetermined time interval.
  - 8. The method of claim 7 wherein the predetermined connection rate limit is a number of transactions per predetermined time interval.
  - 9. The method of claim 6, further comprising detecting a new firewall load balancing service connection request by looking at a SYN bit of an incoming transmission control protocol (TCP) packet.
  - 10. The method of claim 6 wherein the incrementing is based at least in part on the identification of the destination firewall load balancing service.

11. An apparatus for firewall load balancing connection rate limiting, the apparatus comprising:
- a memory; and
  
  a computing platform of a network switch, the computing platform configured to;
  
  increment a counter each time a new connection request for a destination firewall load balancing service is received and a firewall is selected from a plurality of firewalls of the firewall load balancing service to handle the new connection request, the request identifying the destination firewall load balancing service, the counter indicating a total number of times the destination firewall load balancing service has been requested within a predetermined time interval by examining a destination address of the request; and
  
  direct the new destination firewall load balancing service connection request to a particular one of the plurality of firewalls of the destination firewall load balancing service, if the counter has not increased at a rate exceeding the predetermined connection rate limit.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The apparatus of claim 11 wherein the computing platform is further configured to reset the counter to zero if the elapsed time since the last counter reset is greater than a predetermined time interval.
  - 13. The apparatus of claim 12 wherein the predetermined connection rate limit is a number of transactions per predetermined time interval.
  - 14. The apparatus of claim 11 wherein the computing platform is further configured to detect a new firewall load balancing service connection request by looking at a SYN bit of an incoming transmission control protocol (TCP) packet.
  - 15. The method of claim 11 wherein the incrementing is based at least in part on the identification of the destination firewall load balancing service.

16. An apparatus for firewall load balancing connection rate limiting, the apparatus comprising:
- a memory; and
  
  a computing platform of a network switch, the computing platform configured to;
  
  increment a counter each time a new connection request for a destination firewall load balancing service is received and a firewall is selected from a plurality of firewalls of the firewall load balancing service to handle the new connection request, the request identifying the destination firewall load balancing service, the counter indicating a total number of times the destination firewall load balancing service has been requested within a predetermined time interval by examining a destination address of the request; and
  
  drop the new connection requests for the firewall load balancing service if the counter increases at a rate exceeding a predetermined connection rate limit for the firewall load balancing service.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The apparatus of claim 16 wherein the computing platform is further configured to reset the counter to zero if the elapsed time since the last counter reset is greater than a predetermined time interval.
  - 18. The apparatus of claim 17 wherein the predetermined connection rate limit is a number of transactions per predetermined time interval.
  - 19. The apparatus of claim 16 wherein the computing platform is further configured to detect a new firewall load balancing service connection request by looking at a SYN bit of an incoming transmission control protocol (TCP) packet.
  - 20. The apparatus of claim 16 wherein the incrementing is based at least in part on the identification of the destination firewall load balancing service.

21. An apparatus for firewall load balancing connection rate limiting, the apparatus comprising:
- a memory;
  
  means for incrementing, by a computing platform of a network switch, a counter each time a new connection request for a destination firewall load balancing service is received and a firewall is selected from a plurality of firewalls of the firewall load balancing service to handle the new connection request, the request identifying the destination firewall load balancing service, the counter indicating a total number of times the destination firewall load balancing service has been requested within a predetermined time interval by examining a destination address of the request; and
  
  means for directing, by the computing platform, the new destination firewall load balancing service connection request to a particular one of the plurality of firewalls of the destination firewall load balancing service, if the counter has not increased at a rate exceeding the predetermined connection rate limit.

22. An apparatus for firewall load balancing connection rate limiting, the apparatus comprising:
- a memory;
  
  means for incrementing, by a computing platform of a network switch, a counter each time a new connection request for a destination firewall load balancing service is received and a firewall is selected from a plurality of firewalls of the firewall load balancing service to handle the new connection request, the request identifying the destination firewall load balancing service, the counter indicating a total number of times the destination firewall load balancing service has been requested within a predetermined time interval by examining a destination address of the request; and
  
  means for dropping, by the computing platform, the new connection requests for the firewall load balancing service if the counter increases at a rate exceeding a predetermined connection rate limit for the firewall load balancing service.

23. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method for firewall load balancing connection rate limiting, the method comprising:
- incrementing, by a computing platform of a network switch, a counter each time a new connection request for a destination firewall load balancing service is received and a firewall is selected from a plurality of firewalls of the firewall load balancing service to handle the new connection request, the request identifying the destination firewall load balancing service, the counter indicating a total number of times the destination firewall load balancing service has been requested within a predetermined time interval by examining a destination address of the request; and
  
  directing, by the computing platform, the new destination firewall load balancing service connection request to a particular one of the plurality of firewalls of the destination firewall load balancing service, if the counter has not increased at a rate exceeding the predetermined connection rate limit.

24. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method for firewall load balancing connection rate limiting, the method comprising:
- incrementing, by a computing platform of a network switch, a counter each time a new connection request for a destination firewall load balancing service is received and a firewall is selected from a plurality of firewalls of the firewall load balancing service to handle the new connection request, the request identifying the destination firewall load balancing service, the counter indicating a total number of times the destination firewall load balancing service has been requested within a predetermined time interval by examining a destination address of the request; and
  
  dropping, by the computing platform, the new connection requests for the firewall load balancing service if the counter increases at a rate exceeding a predetermined connection rate limit for the firewall load balancing service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Foundry Networks LLC (Broadcom, Inc.)
Original Assignee
Foundry Networks Incorporated (Broadcom, Inc.)
Inventors
Szeto, Ronald W., Jalan, Rajkumar, Cheung, David Chun Ying

Application Number

US12/723,615
Publication Number

US 20110082947A1
Time in Patent Office

Days
Field of Search
US Class Current

709/232
CPC Class Codes

H04L 63/0218   Distributed architectures, ...

H04L 67/1001   for accessing one among a p...

H04L 67/1036   Load balancing of requests ...

H04L 67/60   Scheduling or organising th...

CONNECTION RATE LIMITING

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

CONNECTION RATE LIMITING

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links