Method for protecting digital subscriber line access multiplexer, DSLAM and XDSL single service board

US 7,680,066 B2
Filed: 01/10/2007
Issued: 03/16/2010
Est. Priority Date: 04/04/2006
Status: Active Grant

First Claim

Patent Images

1. A method for protecting a Digital Subscriber Line Access Multiplexer (DSLAM), comprising:

capturing, by hardware of a Digital Subscriber Line (XDSL) single service board, specific protocol packets at an XDSL port; and

sending, by the hardware of the XDSL single service board, the specific protocol packets captured to a Central Processing Unit (CPU) of the XDSL single service board;

determining, by the CPU of the XDSL single service board, whether the traffic amount of the specific protocol packets in a time unit exceeds a predefined threshold, and if the traffic amount of the specific protocol packets does not exceed the predefined threshold, submitting the specific protocol packets to a CPU of a host for processing;

otherwise, stopping submitting the specific protocol packets to the CPU of the host, upon stopping submitting the specific protocol packets to the CPU of the host, sending, by the CPU of the XDSL single service board, to the host a message indicating that there is an attack on the XDSL port, and adding the XDSL port into a blacklist, after adding the XDSL port into the blacklist by the host, determining, by the CPU of the XDSL single service board, whether the traffic amount of the specific protocol packets in a time unit still exceeds the predefined threshold, and if the traffic amount of the specific protocol packets does not exceed the predefined threshold, sending a message by the CPU of the XDSL single service board to the host indicating that there is no attack on the XDSL port, removing, by the host, the XDSL port out of the blacklist, receiving and processing the specific protocol packets by the host;

otherwise, sending no message to the host by the CPU of the XDSL single service board.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for protecting a Digital Subscriber Line Access Multiplexer (DSLAM) includes: capturing specific protocol packets at an XDSL port by hardware of an XDSL single service board; and sending the captured specific protocol packets to a CPU of the XDSL single service board; determining whether the traffic amount of the specific protocol packets in a time unit exceeds a predefined threshold, if the traffic amount does not exceed the predefined threshold, submitting the specific protocol packets to a CPU of the host; otherwise stopping submitting the specific protocol packets to the CPU of the host. The method and the XDSL single service board provided by embodiments of the present invention need not manually set Media Access Control (MAC) address or maximum MAC address learning number for each XDSL port, which cuts down the maintenance workload, and on the other hand, reduces the loss of important protocol packets and lowers the load of the CPU.

Citations

14 Claims

1. A method for protecting a Digital Subscriber Line Access Multiplexer (DSLAM), comprising:
- capturing, by hardware of a Digital Subscriber Line (XDSL) single service board, specific protocol packets at an XDSL port; and
  
  sending, by the hardware of the XDSL single service board, the specific protocol packets captured to a Central Processing Unit (CPU) of the XDSL single service board;
  
  determining, by the CPU of the XDSL single service board, whether the traffic amount of the specific protocol packets in a time unit exceeds a predefined threshold, and if the traffic amount of the specific protocol packets does not exceed the predefined threshold, submitting the specific protocol packets to a CPU of a host for processing;
  
  otherwise, stopping submitting the specific protocol packets to the CPU of the host, upon stopping submitting the specific protocol packets to the CPU of the host, sending, by the CPU of the XDSL single service board, to the host a message indicating that there is an attack on the XDSL port, and adding the XDSL port into a blacklist, after adding the XDSL port into the blacklist by the host, determining, by the CPU of the XDSL single service board, whether the traffic amount of the specific protocol packets in a time unit still exceeds the predefined threshold, and if the traffic amount of the specific protocol packets does not exceed the predefined threshold, sending a message by the CPU of the XDSL single service board to the host indicating that there is no attack on the XDSL port, removing, by the host, the XDSL port out of the blacklist, receiving and processing the specific protocol packets by the host;
  
  otherwise, sending no message to the host by the CPU of the XDSL single service board.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - determining, by the CPU of the XDSL single service board, the type of the specific protocol packets after the hardware of the XDSL single service board sends the specific protocol packets captured to the CPU of the XDSL single service board; and
      
      the process of determining whether the traffic amount of the specific protocol packets in a time unit exceeds a predefined threshold comprising;
      
      determining, by the CPU of the XDSL single service board, whether the traffic amount of each type of the specific protocol packets in a time unit exceeds a respective predefined threshold, and if the traffic amount of each type of the specific protocol packets does not exceed their respective predefined threshold, submitting each type of the specific protocol packets to the CPU of the host for further processing;
      
      otherwise, stopping submitting each type of the specific protocol packets to the CPU of the host.
  - 3. The method of claim 1, wherein the process of determining whether the traffic amount of the specific protocol packets in a time unit still exceeds the predefined threshold by the CPU of the XDSL single service board is performed at regular intervals.
  - 4. The method of claim 1, further comprising:
    - upon stopping submitting the specific protocol packets to the CPU of the host, discarding, by the CPU of the XDSL single service board, the specific protocol packets.
  - 5. The method of claim 1, wherein the specific protocol packets include one or any combination of the followings:
    - Address Resolution Protocol (ARP) packet, Internet Group Management Protocol (IGMP) packet, PPP over Ethernet (PPPOE) packet and Dynamic Host Configuration Protocol (DHCP) packet.
  - 6. The method of claim 1, wherein the specific protocol packets are Address Resolution Protocol (ARP) packets, or Internet Group Management Protocol (IGMP) packets, or PPP over Ethernet (PPPOE) packets, or Dynamic Host Configuration Protocol (DHCP) packets.

7. A Digital Subscriber Line (XDSL) single service board, comprising:
- an XDSL port;
  
  an element configured to capture specific protocol packets at the XDSL port and send the specific protocol packets;
  
  a Central Processing Unit (CPU), configured to determine whether the traffic amount of the specific protocol packets in a time unit exceeds a predefined threshold, submit the specific protocol packets to a CPU of the host for processing if the traffic amount of the specific protocol packets does not exceed the predefined threshold, and stop submitting the specific protocol packets to the CPU of the host if the traffic amount of the specific protocol packets exceeds the predefined threshold, upon stopping submitting the specific protocol packets to the CPU of the host, sending, by the CPU of the XDSL single service board, to the host a message indicating that there is an attack on the XDSL port, and adding the XDSL port into a blacklist, after adding the XDSL port into the blacklist by the host, determining, by the CPU of the XDSL single service board, whether the traffic amount of the specific protocol packets in a time unit still exceeds the predefined threshold, and if the traffic amount of the specific protocol packets does not exceed the predefined threshold, sending a message by the CPU of the XDSL single service board to the host indicating that there is no attack on the XDSL port, removing, by the host, the XDSL port out of the blacklist, receiving and processing the specific protocol packets by the host;
  
  otherwise, sending no message to the host by the CPU of the XDSL single service board.
- View Dependent Claims (8, 9)
- - 8. The XDSL single service board of claim 7, wherein the CPU of the XDSL single service board is adapted to send to the host a message indicating that there is an attack on the XDSL port and discard the specific protocol packets when it is determined that the traffic amount of the specific protocol packets exceeds the predefined threshold.
  - 9. The XDSL single service board of claim 7, wherein the specific protocol packets are Address Resolution Protocol (ARP) packets, or Internet Group Management Protocol (IGMP) packets, or PPP over Ethernet (PPPOE) packets, or Dynamic Host Configuration Protocol (DHCP) packets.

10. A Digital Subscriber Line Access Multiplexer (DSLAM), comprising:
- a host, equipped with a Central Processing Unit (CPU), and configured to process specific protocol packets;
  
  a Digital Subscriber Line (XDSL) single service board, connected with the host, and configured to capture specific protocol packets and determine whether the traffic amount of the specific protocol packets in a time unit exceeds a predefined threshold, if the traffic amount of the specific protocol packets does not exceed the predefined threshold, submit the specific protocol packets to the CPU of the host for processing;
  
  otherwise, stop submitting the specific protocol packets to the CPU of the host, upon stopping submitting the specific protocol packets to the CPU of the host, sending, by the CPU of the XDSL single service board, to the host a message indicating that there is an attack on the XDSL port, and adding the XDSL port into a blacklist, after adding the XDSL port into the blacklist by the host, determining by the CPU of the XDSL single service board, whether the traffic amount of the specific protocol packets in a time unit still exceeds the predefined threshold, and if the traffic amount of the specific protocol packets does not exceed the predefined threshold, sending a message by the CPU of the XDSL single service board to the host indicating that there is no attack on the XDSL port, removing, by the host, the XDSL port out of the blacklist, receiving and processing the specific protocol packets by the host;
  
  otherwise, sending no message to the host by the CPU of the XDSL single service board.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The DSLAM of claim 10, wherein the XDSL single service board comprises:
    - an XDSL port;
      
      an element configured to capture specific protocol packets at the XDSL port and send the specific protocol packets;
      
      a Central Processing Unit (CPU), configured to determine whether the traffic amount of the specific protocol packets in a time unit exceeds a predefined threshold, submit the specific protocol packets to a CPU of the host for processing if the traffic amount of the specific protocol packets does not exceed the predefined threshold, and stop submitting the specific protocol packets to the CPU of the host if the traffic amount of the specific protocol packets exceeds the predefined threshold.
  - 12. The DSLAM of claim 11, wherein the CPU of the XDSL single service board is adapted to send to the host a message indicating that there is an attack on the XDSL port and discard the specific protocol packets when it is determined that the traffic amount of the specific protocol packets exceeds the predefined threshold.
  - 13. The DSLAM of claim 10, wherein the CPU of the host is further configured to adding the XDSL port into a black list when there is an attack on the XDSL port;
    - andremoving the XDSL port out of the black list when there is no attack on the XDSL port.
  - 14. The DSLAM of claim 10, wherein the specific protocol packets are Address Resolution Protocol (ARP) packets, or Internet Group Management Protocol (IGMP) packets, or PPP over Ethernet (PPPOE) packets, or Dynamic Host Configuration Protocol (DHCP) packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Zhong, Yu
Primary Examiner(s)
Pham; Chi H
Assistant Examiner(s)
Ng; Fan

Application Number

US11/621,667
Publication Number

US 20070230348A1
Time in Patent Office

1,161 Days
Field of Search

None
US Class Current

370/254
CPC Class Codes

H04L 63/1458   Denial of Service

H04M 11/062   using different frequency b...

H04Q 11/04   for time-division multiplex...

H04Q 2213/13003   Constructional details of s...

H04Q 2213/13039   Asymmetrical two-way transm...

H04Q 2213/13106   Microprocessor, CPU

H04Q 2213/13164   Traffic (registration, meas...

H04Q 2213/13166   Fault prevention

H04Q 2213/13204   Protocols

H04Q 2213/13298   Local loop systems, access ...

H04Q 2213/13339   Ciphering, encryption, secu...

Method for protecting digital subscriber line access multiplexer, DSLAM and XDSL single service board

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method for protecting digital subscriber line access multiplexer, DSLAM and XDSL single service board

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links