Rate limiting data traffic in a network

US 7,389,537 B1
Filed: 05/08/2003
Issued: 06/17/2008
Est. Priority Date: 10/09/2001
Status: Active Grant

First Claim

Patent Images

1. A network device, comprising:

a receiver configured to receive data from a network; and

logic configured to;

detect an attack based on the received data, andtransmit first control information to at least one other network device in the network after detecting the attack, the first control information identifying a plurality of categories of data and rate limits associated with forwarding data for each of the plurality of categories.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network device coordinates with other devices in a network to create a distributed filtering system. The device detects an attack in the network, such as a distributed denial of service attack, and forwards attack information to the other devices. The devices may categorize data into one or more groups and rate limit the amount of data being forwarded based on rate limits for the particular categories. The rate limits may also be updated based on the network conditions. The rate limits may further be used to guarantee bandwidth for certain categories of data.

248 Citations

16 Claims

1. A network device, comprising:
- a receiver configured to receive data from a network; and
  
  logic configured to;
  
  detect an attack based on the received data, andtransmit first control information to at least one other network device in the network after detecting the attack, the first control information identifying a plurality of categories of data and rate limits associated with forwarding data for each of the plurality of categories.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The network device of claim 1, wherein the receiver is further configured to:
    - receive additional data from the network after the first control information has been transmitted, and wherein the logic is further configured to;
      
      determine whether the additional data exceeds a threshold, andtransmit second control information to the at least one other network device, the second control information instructing the at least one other network device to adjust a rate at which it forwards data.
  - 3. The network device of claim 1, wherein the logic is configured to assign different rate limits for at least two of the plurality of categories of traffic.
  - 4. The network device of claim 1, wherein the logic is further configured to:
    - receive additional data from the network after the first control information has been transmitted,generate updated rate limit information at predetermined intervals based on at least one of a processing capability of the network device, a processing capability of a device to which the received additional data is destined and a rate at which the received additional data is received, andtransmit the updated rate limit information to the at least one other network device.
  - 5. The network device of claim 1, wherein the logic is further configured to:
    - transmit second control information to the at least one other network device, the second control information identifying a first category of data and including information indicating that the at least one other network device is to guarantee a data bandwidth for the first category of data.
  - 6. The network device of claim 5, wherein the first category of data comprises data from known sources.

7. A network device, comprising:
- a receiver configured to;
  
  receive and forward data in a network, andreceive first control information from at least one other network device, the first control information indicating that an attack has been detected; and
  
  logic configured to;
  
  classify data in one of a plurality of categories based on at least one parameter associated with the data,set different rate limits for at least two of the plurality of categories, andlimit an amount of data that is forwarded based on the classifying.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The network device of claim 7, wherein the receiver is further configured to:
    - receive second control information from the at least one other network device, the second control information including updated rate limit information, and wherein the logic is further configured to;
      
      adjust a rate at which the logic forwards data based on the updated rate limit information.
  - 9. The network device of claim 7, wherein when limiting an amount of data, the logic is further configured to:
    - filter data classified in a first one of the plurality of categories based on a corresponding rate limit for the first category.
  - 10. The network device of claim of claim 7, wherein the first control information comprises information identifying a first one of the plurality of categories of data and a corresponding rate limit for the first category and wherein the logic is further configured to:
    - filter data corresponding to the first category based on the rate limit for the first category.
  - 11. The network device of claim 7, wherein the logic is further configured to:
    - identify data corresponding to a first category one of the plurality of categories,forward substantially all of the identified data corresponding to the first category of data after the attack has been detected, andrate limit data forwarded in a second one of the plurality of categories after the attack has been detected.
  - 12. The network device of claim 11, wherein the first category of data comprises data received from at least one of known and trusted sources.

13. A system for responding to a network attack, comprising:
- means for receiving first control information indicating that an attack has been detected;
  
  means for receiving data after the first control information has been received;
  
  means for classifying the received data in one of a plurality of categories based on at least one parameter associated with the received data; and
  
  means for filtering the classified data based on a rate limit associated with the corresponding category, wherein at least two of the plurality of categories have different rate limits.
- View Dependent Claims (14)
- - 14. The system of claim 13, further comprising:
    - means for receiving second control information comprising updated rate limit information; and
      
      means for adjusting the means for filtering based on the updated rate limit information.

15. A network device, comprising:
- a receiver configured to;
  
  receive and forward data in a network, andreceive first control information from at least one other network device, the first control information indicating that an attack has been detected; and
  
  logic configured to;
  
  identify a first category of data based on at least one parameter associated with the received data, andguarantee that at least a first amount of the identified data corresponding to the first category of data will be forwarded after the attack has been detected.
- View Dependent Claims (16)
- - 16. The network device of claim 15, wherein the first category of data comprises data received from at least one of known and trusted sources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Callon, Ross W., Kastenholz, Frank
Primary Examiner(s)
Barron; Gilberto
Assistant Examiner(s)
PATEL, NIRAV B

Application Number

US10/431,395
Time in Patent Office

1,867 Days
Field of Search

726 11- 13, 726 22- 25, 713151-154, 709/224, 709/229, 709232-234, 370/237, 370/351, 370/356
US Class Current

726/22
CPC Class Codes

H04L 47/10   Flow control; Congestion co...

H04L 63/0218   Distributed architectures, ...

H04L 63/0263   Rule management

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 63/1458   Denial of Service

Rate limiting data traffic in a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

248 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Rate limiting data traffic in a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

248 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links