Weighted fair queuing-based methods and apparatus for protecting against overload conditions on nodes of a distributed network
First Claim
1. In a network device deployed on a network, the improvement for controlling throughput comprisinga scheduler that schedules one or more packets of at least a selected class for throughput as a function of a dynamic weight of that class and dynamic weights of one or more other classes,a bucket mechanism comprising any of a leaky bucket mechanism and a token bucket mechanism coupled to the scheduler that (i) uses for each class a bucket whose volume is a function of a history of traffic of packets in the respective class received by the network device, and (ii) determines the dynamic weight of each class as a function of the volume of the respective bucket,the bucket mechanism models each bucket as (i) filling at a rate associated with the respective class, (ii) having a minimum capacity associated with that class, and a maximum capacity associated with that class, andthe bucket mechanism reduces each bucket proportionally to a volume of packets throughput for the respective class by the scheduler,the scheduler schedules for throughput at a time t a volume of packets of the selected class that is proportional to a content of the bucket for that class at that time so as to protect against overload conditions caused by traffic on the network.
4 Assignments
0 Petitions
Accused Products
Abstract
An improved network device that controls throughput of packets received thereby, e.g., to downstream devices or to downstream logic contained within the same network device. The network device comprises a scheduler that schedules one or more packets of a selected class for throughput as a function of a weight of that class and weights of one or more other classes. The weight of at least the selected class is dynamic and is a function of a history of volume of packets received by the network device in the selected class. An apparatus for protecting against overload conditions on a network, e.g., of the type caused by DDoS attacks, has a scheduler and a token bucket mechanism, e.g., as described above. Such apparatus can also include a plurality of queues into which packets of the respective classes are placed on receipt by the apparatus. Those packets are dequeued by the scheduler, e.g., in the manner described above, for transmittal to downstream devices (e.g., potential victim nodes) on the network.
-
Citations
37 Claims
-
1. In a network device deployed on a network, the improvement for controlling throughput comprising
a scheduler that schedules one or more packets of at least a selected class for throughput as a function of a dynamic weight of that class and dynamic weights of one or more other classes, a bucket mechanism comprising any of a leaky bucket mechanism and a token bucket mechanism coupled to the scheduler that (i) uses for each class a bucket whose volume is a function of a history of traffic of packets in the respective class received by the network device, and (ii) determines the dynamic weight of each class as a function of the volume of the respective bucket, the bucket mechanism models each bucket as (i) filling at a rate associated with the respective class, (ii) having a minimum capacity associated with that class, and a maximum capacity associated with that class, and the bucket mechanism reduces each bucket proportionally to a volume of packets throughput for the respective class by the scheduler, the scheduler schedules for throughput at a time t a volume of packets of the selected class that is proportional to a content of the bucket for that class at that time so as to protect against overload conditions caused by traffic on the network.
-
3. In a method of operating a network device deployed on a network, the improvement for controlling throughput comprising the step of scheduling packets, if any, in each of a plurality of classes for throughput,
the scheduling step including A. allowing throughput bursts of packets from the respective classes so long as an average rate therefrom does not exceed a first selected level, B. discriminating against throughput of streams of packets that exceed an average for more than a selected period, where a stream comprises a plurality of packets from a given source to a given destination, so as to protect against overload conditions caused by traffic on the network, C. exercising (A) and (B) only to an extent substantially necessary to keep overall throughput under a second selected level, wherein the scheduling step includes scheduling one or more packets of a selected class for throughout as a function of a weight of that class and weights of one or more other classes, the weight of at last the selected class being a dynamic weight that is a function of a history of volume of packets received by the network device in the selected class.
-
16. An apparatus for protecting against overload conditions on a network, comprising
a plurality of queues, a scheduler coupled to the queues that schedules packets therein for dequeuing for output as a function of a dynamic weight of associated with each queue, a bucket mechanism comprising any of a leaky bucket mechanism and a token bucket mechanism coupled to the scheduler that (i) uses for each queue a bucket whose volume is a function of a history of traffic of packets received by the apparatus and placed in the respective queue, and (ii) determines the dynamic weight of each queue as a function of the volume of the respective bucket, the bucket mechanism models each bucket as (i) filling at a rate associated with the respective queue, (ii) having a minimum capacity associated with that queue, and a maximum capacity associated with that queue, and the bucket mechanism reduces each bucket proportionally to a volume of packets throughput for the respective queue by the scheduler, the scheduler schedules for dequeuing at a time t a volume of packets of the selected queue that is proportional to a content of the bucket for that queue at that time so as to protect against overload conditions caused by traffic on the network.
Specification