Route processor adjusting of line card admission control parameters for packets destined for the route processor
First Claim
1. A routing device, comprising:
- a route processor for processing route updates; and
a plurality of line cards communicatively coupled to the route processor;
wherein the route processor includes a route processing mechanism, packet storage for storing packets received from the plurality of line cards, and one or more resource monitoring mechanisms for identifying one or more resource utilization values representative of traffic destined for the route processor and received from the plurality of line cards, wherein said one or more resource utilization values include a measurement of the storage utilization of packets stored in said storage;
wherein each of the plurality of line cards includes one or more external interfaces for sending and receiving packets;
a forwarding lookup mechanism for identifying packets of said received packets destined for the route processor; and
an admission control enforcement mechanism for limiting traffic it respectively sends to the route processor; and
wherein the route processor is configured to communicate with the plurality of line cards in order to cause said admission control enforcement mechanisms of one or more offending line card sources of said line cards to reduce traffic being sent to the route processing mechanism in response to said resource utilization values reaching or exceeding a predetermined value.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are, inter alia, methods, apparatus, data structures, computer-readable media, and mechanisms, for a route processor adjusting admission control policies for packets destined for the route processor and enforced on line cards. Individual line cards can identify offending packet flows that pass through them. However, for example, it is possible that an attack on the route processor might comprise packets being forwarded to the route processor from different line cards, with these packets belonging to a same or different packet flow. By monitoring and identifying offending packet flows, the route processor can inform at least the line cards corresponding to these offending packet flows in order to adjust their corresponding admission control policies to combat such an attack, while typically allowing legitimate traffic to continue to flow at the desired rate to the route processor.
-
Citations
18 Claims
-
1. A routing device, comprising:
-
a route processor for processing route updates; and a plurality of line cards communicatively coupled to the route processor; wherein the route processor includes a route processing mechanism, packet storage for storing packets received from the plurality of line cards, and one or more resource monitoring mechanisms for identifying one or more resource utilization values representative of traffic destined for the route processor and received from the plurality of line cards, wherein said one or more resource utilization values include a measurement of the storage utilization of packets stored in said storage; wherein each of the plurality of line cards includes one or more external interfaces for sending and receiving packets;
a forwarding lookup mechanism for identifying packets of said received packets destined for the route processor; and
an admission control enforcement mechanism for limiting traffic it respectively sends to the route processor; andwherein the route processor is configured to communicate with the plurality of line cards in order to cause said admission control enforcement mechanisms of one or more offending line card sources of said line cards to reduce traffic being sent to the route processing mechanism in response to said resource utilization values reaching or exceeding a predetermined value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A routing device, comprising:
-
a route processor for processing route updates; and a plurality of line cards communicatively coupled to the route processor; wherein the route processor includes a route processing mechanism, packet storage for storing packets received from the plurality of line cards, and one or more resource monitoring mechanisms for identifying one or more resource utilization values representative of traffic destined for the route processor and received from the plurality of line cards, wherein said packet storage stores said packets in one or more queues; and
wherein said resource utilization values include at least one measurement of a queue depth of packets stored in at least one of said queues;wherein each of the plurality of line cards includes one or more external interfaces for sending and receiving packets;
a forwarding lookup mechanism for identifying packets of said received packets destined for the route processor; and
an admission control enforcement mechanism for limiting traffic it respectively sends to the route processor; andwherein the route processor is configured to communicate with the plurality of line cards in order to cause said admission control enforcement mechanisms of one or more offending line card sources of said line cards to reduce traffic being sent to the route processing mechanism in response to said resource utilization values reaching or exceeding a predetermined value.
-
-
12. A routing device comprising:
-
a route processor for processing route updates; and a plurality of line cards communicatively coupled to the route processor, each of the plurality of line cards includes means for identifying, admission control enforcement and forwarding packets of received packets destined for the route processor, said means for admission control enforcement including means for modifying its admission control parameters in response to communication from the route processor; and wherein the route processor includes a means for processing route processor requests and route updates, means for storing packets received from the plurality of line cards, means for monitoring flows of said traffic in order to identify an offending flow, and means for communicating to said line cards to cause at least one of said line cards to modify one or more of its said admission control parameters associated with the offending flow; wherein the route processor includes means for identifying resource utilization values representative of traffic destined for the route processor and received from the plurality of line cards, said resource utilization values including a measurement of the storage utilization for said means for storing packets; and
wherein in response to the storage utilization exceeding a threshold, the route processor is configured to identify the offending flow and to communicate to said line cards to cause at least one of said line cards to modify one or more of its said admission control parameters associated with the offending flow. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
Specification