Method for protecting digital subscriber line access multiplexer, DSLAM and XDSL single service board
First Claim
1. A method for protecting a Digital Subscriber Line Access Multiplexer (DSLAM), comprising:
- capturing, by hardware of a Digital Subscriber Line (XDSL) single service board, specific protocol packets at an XDSL port; and
sending, by the hardware of the XDSL single service board, the specific protocol packets captured to a Central Processing Unit (CPU) of the XDSL single service board;
determining, by the CPU of the XDSL single service board, whether the traffic amount of the specific protocol packets in a time unit exceeds a predefined threshold, and if the traffic amount of the specific protocol packets does not exceed the predefined threshold, submitting the specific protocol packets to a CPU of a host for processing;
otherwise, stopping submitting the specific protocol packets to the CPU of the host, upon stopping submitting the specific protocol packets to the CPU of the host, sending, by the CPU of the XDSL single service board, to the host a message indicating that there is an attack on the XDSL port, and adding the XDSL port into a blacklist, after adding the XDSL port into the blacklist by the host, determining, by the CPU of the XDSL single service board, whether the traffic amount of the specific protocol packets in a time unit still exceeds the predefined threshold, and if the traffic amount of the specific protocol packets does not exceed the predefined threshold, sending a message by the CPU of the XDSL single service board to the host indicating that there is no attack on the XDSL port, removing, by the host, the XDSL port out of the blacklist, receiving and processing the specific protocol packets by the host;
otherwise, sending no message to the host by the CPU of the XDSL single service board.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for protecting a Digital Subscriber Line Access Multiplexer (DSLAM) includes: capturing specific protocol packets at an XDSL port by hardware of an XDSL single service board; and sending the captured specific protocol packets to a CPU of the XDSL single service board; determining whether the traffic amount of the specific protocol packets in a time unit exceeds a predefined threshold, if the traffic amount does not exceed the predefined threshold, submitting the specific protocol packets to a CPU of the host; otherwise stopping submitting the specific protocol packets to the CPU of the host. The method and the XDSL single service board provided by embodiments of the present invention need not manually set Media Access Control (MAC) address or maximum MAC address learning number for each XDSL port, which cuts down the maintenance workload, and on the other hand, reduces the loss of important protocol packets and lowers the load of the CPU.
-
Citations
14 Claims
-
1. A method for protecting a Digital Subscriber Line Access Multiplexer (DSLAM), comprising:
-
capturing, by hardware of a Digital Subscriber Line (XDSL) single service board, specific protocol packets at an XDSL port; and sending, by the hardware of the XDSL single service board, the specific protocol packets captured to a Central Processing Unit (CPU) of the XDSL single service board; determining, by the CPU of the XDSL single service board, whether the traffic amount of the specific protocol packets in a time unit exceeds a predefined threshold, and if the traffic amount of the specific protocol packets does not exceed the predefined threshold, submitting the specific protocol packets to a CPU of a host for processing;
otherwise, stopping submitting the specific protocol packets to the CPU of the host, upon stopping submitting the specific protocol packets to the CPU of the host, sending, by the CPU of the XDSL single service board, to the host a message indicating that there is an attack on the XDSL port, and adding the XDSL port into a blacklist, after adding the XDSL port into the blacklist by the host, determining, by the CPU of the XDSL single service board, whether the traffic amount of the specific protocol packets in a time unit still exceeds the predefined threshold, and if the traffic amount of the specific protocol packets does not exceed the predefined threshold, sending a message by the CPU of the XDSL single service board to the host indicating that there is no attack on the XDSL port, removing, by the host, the XDSL port out of the blacklist, receiving and processing the specific protocol packets by the host;
otherwise, sending no message to the host by the CPU of the XDSL single service board. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A Digital Subscriber Line (XDSL) single service board, comprising:
-
an XDSL port; an element configured to capture specific protocol packets at the XDSL port and send the specific protocol packets; a Central Processing Unit (CPU), configured to determine whether the traffic amount of the specific protocol packets in a time unit exceeds a predefined threshold, submit the specific protocol packets to a CPU of the host for processing if the traffic amount of the specific protocol packets does not exceed the predefined threshold, and stop submitting the specific protocol packets to the CPU of the host if the traffic amount of the specific protocol packets exceeds the predefined threshold, upon stopping submitting the specific protocol packets to the CPU of the host, sending, by the CPU of the XDSL single service board, to the host a message indicating that there is an attack on the XDSL port, and adding the XDSL port into a blacklist, after adding the XDSL port into the blacklist by the host, determining, by the CPU of the XDSL single service board, whether the traffic amount of the specific protocol packets in a time unit still exceeds the predefined threshold, and if the traffic amount of the specific protocol packets does not exceed the predefined threshold, sending a message by the CPU of the XDSL single service board to the host indicating that there is no attack on the XDSL port, removing, by the host, the XDSL port out of the blacklist, receiving and processing the specific protocol packets by the host;
otherwise, sending no message to the host by the CPU of the XDSL single service board. - View Dependent Claims (8, 9)
-
-
10. A Digital Subscriber Line Access Multiplexer (DSLAM), comprising:
-
a host, equipped with a Central Processing Unit (CPU), and configured to process specific protocol packets; a Digital Subscriber Line (XDSL) single service board, connected with the host, and configured to capture specific protocol packets and determine whether the traffic amount of the specific protocol packets in a time unit exceeds a predefined threshold, if the traffic amount of the specific protocol packets does not exceed the predefined threshold, submit the specific protocol packets to the CPU of the host for processing;
otherwise, stop submitting the specific protocol packets to the CPU of the host, upon stopping submitting the specific protocol packets to the CPU of the host, sending, by the CPU of the XDSL single service board, to the host a message indicating that there is an attack on the XDSL port, and adding the XDSL port into a blacklist, after adding the XDSL port into the blacklist by the host, determining by the CPU of the XDSL single service board, whether the traffic amount of the specific protocol packets in a time unit still exceeds the predefined threshold, and if the traffic amount of the specific protocol packets does not exceed the predefined threshold, sending a message by the CPU of the XDSL single service board to the host indicating that there is no attack on the XDSL port, removing, by the host, the XDSL port out of the blacklist, receiving and processing the specific protocol packets by the host;
otherwise, sending no message to the host by the CPU of the XDSL single service board. - View Dependent Claims (11, 12, 13, 14)
-
Specification