Dynamically controlling packet processing

US 7,051,367 B1
Filed: 05/14/2001
Issued: 05/23/2006
Est. Priority Date: 05/14/2001
Status: Active Grant

First Claim

Patent Images

1. A method for processing a network packet comprising:

receiving inbound packets from a network;

setting a rate-limiting operating mode based on a traffic level of the inbound packets; and

selectively invoking a packet service routine based on the rate-limiting operating mode by;

calling the packet service routine from a software process without issuing an interrupt when the traffic level of the inbound packets exceeds a threshold and controlling a usage rate by which the software process uses computing resources to process the packets, andissuing a software interrupt to invoke the packet service routing as an interrupt-driven service routine when the traffic level of the inbound packets does not exceed the threshold.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A router includes a detection module to detect a presence of the network attack, such as a denial of service (DOS) attack. The detection module may, for example, include counters indicating a number of packets processed for various network protocols supported by the router. The detection module enables a rate-limiting operating mode for the router when one or more of the counters exceed a protocol-specific threshold. Under normal traffic levels, the router receives inbound packets using interrupt-driven service routines. When a network attack is detected, however, the router dynamically switches modes and processes the packets using a finely controlled software process. This allows the software process to control the computing resources allocated to servicing packets during a network attack, thereby reserving sufficient resources for lower priority software processes to process the packets and service other tasks.

50 Citations

View as Search Results

14 Claims

1. A method for processing a network packet comprising:
- receiving inbound packets from a network;
  
  setting a rate-limiting operating mode based on a traffic level of the inbound packets; and
  
  selectively invoking a packet service routine based on the rate-limiting operating mode by;
  
  calling the packet service routine from a software process without issuing an interrupt when the traffic level of the inbound packets exceeds a threshold and controlling a usage rate by which the software process uses computing resources to process the packets, andissuing a software interrupt to invoke the packet service routing as an interrupt-driven service routine when the traffic level of the inbound packets does not exceed the threshold.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein controlling the usage rate comprises determining an execution period that the software process has executed without a context switch.
  - 3. The method of claim 2, wherein controlling the usage rate comprises pausing execution of the software process for a sleep period when the execution period exceeds a threshold.
  - 4. The method of claim 3, wherein pausing execution of the software process comprises dynamically adjusting the sleep period during a network attack.
  - 5. The method of claim 1, wherein processing the packets comprises invoking a packet service routine from the software process.
  - 6. The method of claim 1, wherein invoking the packet service routine comprises selecting a pointer to the packet service routine from a table of pointers to invoke packet service routines supporting a number of network protocols in response to an interrupt.
  - 7. The method of claim 1, further comprising detecting a presence of a network attack.
  - 8. The method of claim 7, wherein detecting the presence of the network attack comprises detecting the network attack based on a traffic level of inbound packets.
  - 9. The method of claim 7, wherein detecting the presence of a network attack comprises detecting a denial of service (DOS) attack.

10. A computer-readable medium comprising instructions for causing a programmable processor to:
- receive inbound packets from a network;
  
  set a rate-limiting operating mode based on a traffic level of the inbound packets;
  
  selectively invoke a packet service routine based on the rate-limiting operating mode by;
  
  calling the packet service routine from a software process without issuing an interrupt when the traffic level of the inbound packets exceeds a threshold and controlling a usage rate by which the software process uses computing resources to process packets, andissuing a software interrupt to invoke the packet service routing as an interrupt-driven service routine when the traffic level of the inbound packets does not exceed the threshold.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The computer-readable medium of claim 10, wherein the instructions cause the processor to select a pointer to the packet service routine from a table of pointers to invoke packet service routines supporting a number of network protocols in response to an interrupt.
  - 12. The computer-readable medium of claim 10, wherein the instructions cause the processor to detect a presence of a network attack.
  - 13. The computer-readable medium of claim 12, wherein the instructions cause the processor to detect the network attack based on a traffic level of inbound packets.
  - 14. The computer-readable medium of claim 12, wherein the instructions cause the processor to detect a denial of service (DOS) attack.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Raghunath, Balakrishna, Krishnaswamy, Umesh
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US09/854,810
Time in Patent Office

1,835 Days
Field of Search

713/200, 713/201, 709223-229, 718/100, 718/102, 718/103, 718/104
US Class Current

726/22
CPC Class Codes

H04L 47/10   Flow control; Congestion co...

H04L 47/266   Stopping or restarting the ...

H04L 47/32   by discarding or delaying d...

H04L 63/1458   Denial of Service

Dynamically controlling packet processing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

50 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamically controlling packet processing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links