Dynamically controlling packet processing

US 7,493,657 B1
Filed: 04/19/2006
Issued: 02/17/2009
Est. Priority Date: 05/14/2001
Status: Active Grant

First Claim

Patent Images

1. A routing device comprising:

a network interface to receive inbound packets from a networka detection module to detect a traffic level of the inbound packets; and

a routing engine to process the packets by;

when the traffic level of the inbound packets does not exceed the threshold, issuing software interrupts to invoke a packet service routine as an interrupt-driven service routine to process the inbound packets; and

when the traffic level of the inbound packets exceeds a threshold, calling the packet service routine without issuing the interrupts and controlling a usage rate by which the software process uses computing resources to process the inbound packets.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A router includes a detection module to detect a presence of the network attack, such as a denial of service (DOS) attack. The detection module may, for example, include counters indicating a number of packets processed for various network protocols supported by the router. The detection module enables a rate-limiting operating mode for the router when one or more of the counters exceed a protocol-specific threshold. Under normal traffic levels, the router receives inbound packets using interrupt-driven service routines. When a network attack is detected, however, the router dynamically switches modes and processes the patents using a finely controlled software process. This allows the software process to control the computing resources allocated to servicing packets during a network attack, thereby reserving sufficient resources for lower priority software processes to process the packets and service other tasks.

22 Citations

View as Search Results

7 Claims

1. A routing device comprising:
- a network interface to receive inbound packets from a networka detection module to detect a traffic level of the inbound packets; and
  
  a routing engine to process the packets by;
  
  when the traffic level of the inbound packets does not exceed the threshold, issuing software interrupts to invoke a packet service routine as an interrupt-driven service routine to process the inbound packets; and
  
  when the traffic level of the inbound packets exceeds a threshold, calling the packet service routine without issuing the interrupts and controlling a usage rate by which the software process uses computing resources to process the inbound packets.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The routing device of claim 1, where the detection module includes a counter indicating a number of the inbound packets processed for a network protocol, wherein the detection module enables a rate-limiting operating mode of the routing engine in which the routing engine calls the packet service routine without issuing the interrupt when the counter exceeds a protocol-specific threshold.
  - 3. The routing device of claim 1, wherein the detection module comprises a network service routine invoked in response to a hardware interrupt from the network interface.
  - 4. The routing device of claim 1, wherein the software process controls the usage rate of computing resources by determining an execution period that the software process has executed without a context switch, and pausing execution of the software process for a sleep period when the execution period exceeds a threshold.
  - 5. The routing device of claim 4, wherein the software process dynamically adjusts the sleep period when the detection module detects a network attack.
  - 6. The routing device of claim 1, wherein the detection module detects the presence of a network attack based on the traffic level of inbound packets.
  - 7. The routing device of claim 6, wherein detection module detects the presence of a denial of service (DOS) attack.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Krishnaswamy, Umesh, Raghunath, Balakrishna
Primary Examiner(s)
Revak; Christopher A

Application Number

US11/406,793
Time in Patent Office

1,035 Days
Field of Search

None
US Class Current

726/22
CPC Class Codes

H04L 47/10   Flow control; Congestion co...

H04L 47/266   Stopping or restarting the ...

H04L 47/32   by discarding or delaying d...

H04L 63/1458   Denial of Service

Dynamically controlling packet processing

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamically controlling packet processing

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links