DOS DETECTION AND MITIGATION IN A LOAD BALANCER
First Claim
1. A method for a load balancer to detect and mitigate a Denial of Service (DOS) attack directed at one or more tenant addresses, the load balancer being placed in a data path of network data packets being transmitted between one or more sources and the one or more tenant addresses, the method comprising:
- an act of analyzing one or more performance parameters regarding network data packets received at the load balancer that is placed in the data path, the network data packets being structured so as to be directed to one or more tenant addresses, the one or more performance parameters describing network data packet flow to the one or more tenant addresses;
an act of detecting, based on the analysis of the one or more performance parameters, that one or more of the tenant addresses is being subjected to a DOS attack; and
an act of performing a mitigation operation to isolate the one or more tenant address being subjected to the DOS attack.
3 Assignments
0 Petitions
Accused Products
Abstract
A load balancer that is able to detect and mitigate a Denial of Service (DOS) attack. The load balancer is placed in the flow path of network data packets that are destined for one or more tenant addresses. The load balancer analyzes performance parameters regarding the network data packets that are destined for the one or more tenant addresses and are received at the load balancer. The performance parameters describe network data packet flow to the tenant addresses. The load balancer detects, based on the analysis of the performance parameters, that one or more of the tenant addresses are being subjected to a DOS attack. The load balancer performs a mitigation operation to isolate the one or more tenant addresses being subjected to the DOS attack.
-
Citations
20 Claims
-
1. A method for a load balancer to detect and mitigate a Denial of Service (DOS) attack directed at one or more tenant addresses, the load balancer being placed in a data path of network data packets being transmitted between one or more sources and the one or more tenant addresses, the method comprising:
-
an act of analyzing one or more performance parameters regarding network data packets received at the load balancer that is placed in the data path, the network data packets being structured so as to be directed to one or more tenant addresses, the one or more performance parameters describing network data packet flow to the one or more tenant addresses; an act of detecting, based on the analysis of the one or more performance parameters, that one or more of the tenant addresses is being subjected to a DOS attack; and an act of performing a mitigation operation to isolate the one or more tenant address being subjected to the DOS attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product comprising one or more computer-readable storage media having stored thereon computer-executable instructions that are structured such that, when executed by one or more processors associated with a load balancer that is placed in a data path of network data packets being transmitted between one or more source addresses and a one or more tenant addresses, cause the load balancer to detect and mitigate a Denial of Service (DOS) attack directed at one or more of the tenant addresses, the method comprising:
-
an act of collecting one or more performance parameters regarding network data packets received at the load balancer that is placed in the data path, the network data packets being structured so as to be directed to one or more tenant addresses, the one or more performance parameters describing network data packet flow to the one or more tenant addresses; an act of comparing the collected performance parameters with performance thresholds; an act of detecting, based on the comparison of the one or more performance parameters with the performance thresholds, that at least one of the one or more of the tenant addresses is being subjected to a DOS attack; an act of identifying which of the one or more tenant addresses is being subjected to the DOS attack; and an act of performing a mitigation operation to isolate the one or more tenant address being subjected to the DOS attack. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A system, the system comprising:
-
one or more tenants each having a tenant address that identifies the tenant as an intended recipient of network data packets sent from one or more sources; a performance threshold repository that holds performance threshold values that are indicative of a Denial of Service (DOS) attack; one or more processors; an edge router configured to receive one or more network data packets destined for one or more of the tenant addresses; and a load balancer that is configured to receive the one or more network data packets from the edge router and to distribute the one or more network data packets to the tenant address, the load balancer being in the data flow path of the one or more network data packets, the load balancer configured to detect and mitigate a DOS attack on at least one of the one or more of the tenant addresses, the load balancer comprising; a detection module configured to perform the following; collect one or more performance parameters regarding network data packets received at the load balancer, the network data packets being destined for one or more tenant addresses, the one or more performance parameters describing network data packet flow to the one or more tenant addresses; compare the collected performance parameters with the performance thresholds values; detect, based on the comparison of the one or more performance parameters with the performance threshold values, that one or more of the tenant addresses is being subjected to a DOS attack; identifying which of the one or more tenant addresses is being subjected to the DOS attack; and a mitigation module configured to perform the following; perform a mitigation operation to isolate the one or more tenant address being subjected to the DOS attack. - View Dependent Claims (20)
-
Specification