TECHNIQUES FOR TRAFFIC DIVERSION IN SOFTWARE DEFINED NETWORKS FOR MITIGATING DENIAL OF SERVICE ATTACKS
First Claim
1. A method for mitigating of denial of service (DoS) attacks in a software defined network (SDN), comprising:
- receiving a DoS attack indication performed against at least one destination server;
programming each network element in the SDN to forward a packet based on a diversion value designated in a packet diversion field, upon reception of the DoS attack indication;
instructing at least one peer network element in the SDN to mark a diversion field in each packet in the incoming traffic addressed to the destination server, wherein each network element in the SDN receiving the packet with the marked diversion field is programmed to divert the packet to a security server; and
instructing edge network elements in the SDN to unmark the diversion field of each packet output by the security server, wherein each network element in the SDN is programmed to forward the unmarked packets processed by the security server to the at least one destination server.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for mitigating of denial of service (DoS) attacks in a software defined network (SDN). The method comprises receiving a DoS attack indication performed against at least one destination server; programming each network element in the SDN to forward a packet based on a diversion value designated in a packet diversion field, upon reception of the DoS attack indication; instructing at least one peer network element in the SDN to mark a diversion field in each packet in the incoming traffic addressed to the destination server to allow diversion of the packet to a security server; and instructing edge network elements in the SDN to unmark the diversion field of each packet output by the security server, wherein each network element in the SDN is programmed to forward the unmarked packets processed by the security server to the at least one destination server.
-
Citations
22 Claims
-
1. A method for mitigating of denial of service (DoS) attacks in a software defined network (SDN), comprising:
-
receiving a DoS attack indication performed against at least one destination server; programming each network element in the SDN to forward a packet based on a diversion value designated in a packet diversion field, upon reception of the DoS attack indication; instructing at least one peer network element in the SDN to mark a diversion field in each packet in the incoming traffic addressed to the destination server, wherein each network element in the SDN receiving the packet with the marked diversion field is programmed to divert the packet to a security server; and instructing edge network elements in the SDN to unmark the diversion field of each packet output by the security server, wherein each network element in the SDN is programmed to forward the unmarked packets processed by the security server to the at least one destination server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for mitigating of denial of service (DoS) attacks in a software defined networking (SDN) based network, comprising:
-
a processor; a network-interface module connected to a SDN and configured to communicate and program network elements of the SDN; a memory connected to the processor and configured to contain a plurality of instructions that when executed by the processor configure the system to; receive a DoS attack indication performed against at least one destination server; generate instructions for programming at least one peer network element in the SDN to mark a diversion field in each packet in the incoming traffic addressed to the destination server, wherein each network element in the SDN receiving the packet with the marked diversion field is programmed to divert the packet to a security server; and generate instructions for programming edge network elements in the SDN connected to the security server to unmark the diversion field of each packet output by the security server, wherein each network element in the SDN is programmed to forward the unmarked packets processed by the security server to the at least one destination server. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification