System and method for implementing traffic management based on network resources
First Claim
Patent Images
1. An apparatus, comprising:
- an intrusion detection system (IDS) module coupled to a main central processing unit (CPU), the main CPU being operable to communicate a copy of one or more incoming packets to the IDS module, the IDS module having an IDS CPU, the IDS module operable to;
determine that the IDS CPU has reached a particular threshold indicating that the IDS module is low on a resource;
identify a volume associated with the incoming packets in response to the determination; and
communicate feedback information to the main CPU, the feedback information signaling that the IDS module is low on the resource, the main CPU operable to respond to the feedback information by restricting a number of additional incoming packets that are received by the main CPU.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for implementing traffic management is provided that includes communicating a copy of one or more incoming packets and identifying a volume associated with the incoming packets in order to communicate feedback information to a main central processing unit (CPU), the feedback information signaling that an intrusion detection system (IDS) module is expending a designated amount of resources. The feedback information may be responded to by restricting a number of additional incoming packets that are received by the main CPU.
25 Citations
28 Claims
-
1. An apparatus, comprising:
-
an intrusion detection system (IDS) module coupled to a main central processing unit (CPU), the main CPU being operable to communicate a copy of one or more incoming packets to the IDS module, the IDS module having an IDS CPU, the IDS module operable to; determine that the IDS CPU has reached a particular threshold indicating that the IDS module is low on a resource; identify a volume associated with the incoming packets in response to the determination; and communicate feedback information to the main CPU, the feedback information signaling that the IDS module is low on the resource, the main CPU operable to respond to the feedback information by restricting a number of additional incoming packets that are received by the main CPU. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for implementing traffic management, comprising:
-
receiving, at an intrusion detection system (IDS) module, a copy of one or more incoming packets from a main central processing unit (CPU), the IDS module having an IDS CPU; determining that the IDS CPU has reached a particular threshold indicating that the IDS module is low on a resource; identifying a volume associated with the incoming packets in response to the determination; communicating feedback information to the main CPU, the feedback information signaling that the IDS module is low on the resource; and responding to the feedback information by restricting a number of additional incoming packets that are received by the main CPU. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer hardware system for implementing traffic management, comprising:
-
means for receiving, at an intrusion detection system (IDS) module, a copy of one or more incoming packets from a main central processing unit (CPU), the IDS module having an IDS CPU; means for determining that the IDS CPU has reached a particular threshold indicating that the IDS module is low on a resource; means for identifying a volume associated with the incoming packets in response to the determination; means for communicating feedback information to the main CPU, the feedback information signaling that the IDS module is low on the resource; and means for responding to the feedback information by restricting a number of additional incoming packets that are received by the main CPU. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A computer-readable storage medium having instructions stored thereon, the instructions when executed by one or more central processing units (CPUs) are operable to:
-
receive, at an intrusion detection system (IDS) module, a copy of one or more incoming packets from a main central processing unit (CPU), the IDS module having an IDS CPU; determine that the IDS CPU has reached a particular threshold indicating that the IDS module is low on a resource; identify a volume associated with the incoming packets in response to the determination; communicate feedback information to the main CPU, the feedback information signaling that the IDS module is low on the resource; and respond to the feedback information by restricting a number of additional incoming packets that are received by the main CPU. - View Dependent Claims (23, 24, 25, 26, 27, 28)
-
Specification