Method and system for handling computer network attacks

US 20130019311A1
Filed: 01/18/2012
Published: 01/17/2013
Est. Priority Date: 07/19/2000
Status: Active Grant

First Claim

Patent Images

1. (canceled)

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for serving content requests using global and local load balancing techniques is provided. Web site content is cached using two or more point of presences (POPs), wherein each POP has at least one DNS server. Each DNS server is associated with the same anycast IP address. A domain name resolution request is transmitted to the POP in closest network proximity for resolution based on the anycast IP address. Once the domain name resolution request is received at a particular POP, local load balancing techniques are performed to dynamically select the appropriate Web server at the POP for use in resolving the domain name resolution request. Approaches are described for handling bursts of traffic at a particular POP, security, and recovering from the failure of various components of the system.

Citations

27 Claims

1. (canceled)

2. A computer-implemented method for handling attacks, comprising:
- at a domain name service (DNS) server, receiving a first request to resolve a hostname from a client;
  
  with the DNS server, sending a first set of one or more IP addresses to the client in response to the first request, the first set of IP addresses being associated with one or more web servers;
  
  determining that at least one IP address in the first set of IP addresses is under attack;
  
  at the DNS server, and after the determination that the at least one IP address in the first set of IP addresses is under attack, receiving a second request to resolve the hostname from the same or another client;
  
  with the DNS server, sending a second set of one or more IP addresses to the client that made the second request, the second set of IP addresses including at least one IP address that is different than any of the one or more IP addresses in the first set of IP addresses.
- View Dependent Claims (3, 4, 5, 6, 7, 8)
- - 3. The method of claim 2, wherein the second set of IP addresses are associated with the same one or more web servers as the first set of IP addresses.
  - 4. The method of claim 2, wherein the second set of IP addresses does not include the at least one IP address in the first set of IP addresses that was determined to be under attack.
  - 5. The method of claim 2, wherein the one or more web servers comprise one or more proxy servers in a content delivery network that is operated by a content delivery network service provider on behalf of customers who have content to be delivered via the content delivery network.
  - 6. The method of claim 2, wherein the one or more web servers comprise one or more origin servers associated with a customer of a service provider who operates the DNS server.
  - 7. The method of claim 2, wherein the attack is a denial of service (DOS) attack.
  - 8. The method of claim 2, comprising:
    - determining information about any of (i) load on a service provided by the one or more web servers and (ii) availability of a service provided by the one or more web servers, and reporting the information to the DNS server.

9. A system for handling attacks, comprising:
- one or more computers communicatively coupled to a computer network, each with circuitry forming one or more processors and memory storing instructions for execution by the one or more processors, the one or more computers including;
  
  a domain name service (DNS) server that receives from a client a first request to resolve a hostname;
  
  the DNS server sending a first set of one or more IP addresses to the client in response to the first request, the first set of IP addresses being associated with one or more web servers;
  
  after a determination that the at least one IP address in the first set of IP addresses is under attack, the DNS server receiving a second request to resolve the hostname from the same or another client;
  
  with the DNS server, sending a second set of one or more IP addresses to the client that made the second request, the second set of IP addresses including at least one IP address that is different than any of the one or more IP addresses in the first set of IP addresses.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the second set of IP addresses are associated with the same one or more web servers as the first set of IP addresses.
  - 11. The system of claim 9, wherein the second set of IP addresses does not include the at least one IP address in the first set of IP addresses that was determined to be under attack.
  - 12. The system of claim 9, wherein the one or more web servers comprise one or more proxy servers in a content delivery network that is operated by a content delivery network service provider on behalf of customers who have content to be delivered via the content delivery network.
  - 13. The system of claim 9, wherein the one or more web servers comprise one or more origin servers associated with a customer of a service provider who operates the DNS server.
  - 14. The system of claim 9, wherein the attack is a denial of service (DOS) attack.
  - 15. The system of claim 9, wherein the one or more computers further comprise a probe server that determines information about any of (i) load on a service provided by the one or more web servers, and (ii) availability of a service provided by the one or more web servers, and reports the information to the DNS server.

16. A non-transitory computer-readable storage medium storing program instructions, wherein execution of the program instructions by one or more processors causes:
- at a domain name service (DNS) server, receiving from a client a first request to resolve a hostname;
  
  with the DNS server, sending a first set of one or more IP addresses to the client in response to the first request, the first set of IP addresses being associated with one or more web servers;
  
  determining that at least one IP address in the first set of IP addresses is under attack;
  
  at the DNS server, and after the determination that the at least one IP address in the first set of IP addresses is under attack, receiving a second request to resolve the hostname from the same or another client;
  
  with the DNS server, sending a second set of one or more IP addresses to the client that made the second request, the second set of IP addresses including at least one IP address that is different than any of the one or more IP addresses in the first set of IP addresses.

17. A computer-implemented method, comprising:
- at a domain name service (DNS) server, receiving from a client a first request to resolve a hostname;
  
  with the DNS server, sending a first set of one or more IP addresses to the client in response to the first request, the first set of IP addresses being associated with one or more web servers;
  
  determining that at least one IP address in the first set of IP addresses is unavailable for servicing client requests;
  
  at the DNS server, and after the determination that the at least one IP address in the first set of IP addresses has become unavailable for servicing client requests, receiving a second request to resolve the hostname from the same or another client;
  
  with the DNS server, sending a second set of one or more IP addresses to the client that made the second request, the second set of IP addresses including at least one IP address that is different than any of the one or more IP addresses in the first set of IP addresses.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The method of claim 17, wherein the unavailability of the at least one IP address is due to an attack.
  - 19. The method of claim 17, wherein the second set of IP addresses are associated with the same one or more web servers as the first set of IP addresses.
  - 20. The method of claim 17, wherein the second set of IP addresses does not include the at least one IP address in the first set of IP addresses that was determined to be unavailable.
  - 21. The method of claim 17, wherein the one or more web servers comprise any of:
    - (i) one or more proxy servers in a content delivery network that is operated by a content delivery network service provider on behalf of customers who have content to be delivered via the content delivery network, and (ii) one or more origin servers associated with a customer of a service provider who operates the DNS server.

22. A system, comprising:
- one or more computers communicatively coupled to a computer network, each with circuitry forming one or more processors and memory storing instructions for execution by the one or more processors, the one or more computers including;
  
  a domain name service (DNS) server that receives from a client a first request to resolve a hostname;
  
  the DNS server sending a first set of one or more IP addresses to the client in response to the first request, the first set of IP addresses being associated with one or more web servers;
  
  after a determination that the at least one IP address in the first set of IP addresses has become unavailable for servicing client requests, the DNS server receiving a second request to resolve the hostname from the same or another client;
  
  with the DNS server, sending a second set of one or more IP addresses to the client that made the second request, the second set of IP addresses including at least one IP address that is different than any of the one or more IP addresses in the first set of IP addresses.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The system of claim 22, wherein the unavailability of the at least one IP address is due to an attack.
  - 24. The system of claim 22, wherein the second set of IP addresses are associated with the same one or more web servers as the first IP address.
  - 25. The system of claim 22, wherein the second set of IP addresses does not include the at least one IP address in the first set of IP addresses that was determined to be unavailable.
  - 26. The system of claim 22, wherein the one or more web servers comprise any of:
    - (i) one or more proxy servers in a content delivery network that is operated by a content delivery network service provider on behalf of customers who have content to be delivered via the content delivery network, and (ii) one or more origin servers associated with a customer of a service provider who operates the DNS server.
  - 27. The system of claim 22, wherein the one or more computers further comprise a probe server that determines information about the availability of a service provided by the one or more web servers and reports the information to the DNS server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Akamai Technologies, Inc.
Original Assignee
Akamai Technologies, Inc.
Inventors
Swildens, Eric Sven-Johan, Liu, Zaide, Day, Richard David

Granted Patent

US 8,612,564 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 2209/5016   Session

G06F 2209/508   Monitor

G06F 9/505   considering the load

H04L 41/5029   Service quality level-based...

H04L 41/509   wherein the managed service...

H04L 43/00   Arrangements for monitoring...

H04L 43/0829   Packet loss

H04L 43/0852   Delays

H04L 43/12   Network monitoring probes

H04L 43/55   Testing of service level qu...

H04L 61/4511   using domain name system [DNS]

H04L 61/4552   Lookup mechanisms between a...

H04L 67/02   based on web technology, e....

H04L 67/1001   for accessing one among a p...

H04L 67/101   based on network conditions

H04L 67/1036   Load balancing of requests ...

H04L 67/142   Managing session states for...

Method and system for handling computer network attacks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for handling computer network attacks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links