System and method of defense against denial of service of attacks

US 8,027,252 B2
Filed: 03/03/2008
Issued: 09/27/2011
Est. Priority Date: 03/02/2007
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a transmission buffer having a first threshold level for data frames having the lowest priority, a second threshold level greater than the first threshold level for data frames having a medium priority, and a third threshold level greater than the second threshold level for data frames having the highest priority; and

means for differentiating a data frame as having lowest, medium or highest priority and storing the data frame in the transmission buffer in response to the respective threshold levels not being reached, and discarding the data frame in response to reaching the respective threshold levels;

wherein storing the data frame comprises storing the data frame in a first, second or third buffer in response to the priority of the data frame and the respective threshold of the respective buffer not being exceeded,wherein differentiating the data frame comprises determining whether the data flame is a general broadcast data frame and whether the data frame is destined for a network processor,wherein when the data frame is determined to be the general broadcast frame, differentiating further comprises;

determining whether the general broadcast frame is a routing protocol frame; and

storing the routing protocol frame in the third buffer having the highest threshold in response to the highest threshold not being exceeded,wherein when the general broadcast frame is determined not be the routing protocol frame differentiating further comprises;

determining an MCAST_ID value of the general broadcast frame, the MCAST ID value indicative of whether the frame is a multicast frame for MAC learning purposes;

storing the general broadcast frame in the first buffer having the lowest threshold in response to the lowest threshold not being exceeded and the MCAST_ID value being zero; and

discarding the general broadcast if the MCAST_ID value is greater than zero.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method comprise a first buffer having a first capacity and a first threshold level adapted to store data frames having the lowest priority, a second buffer having a second capacity greater than the first capacity and a second threshold level greater than the first threshold level adapted to store data frames having a medium priority, a third buffer having a third capacity greater than the second capacity and a third threshold level greater than the second threshold level adapted to store data frames having the highest priority. The system further includes means for differentiating a data frame as having lowest, medium or highest priority and storing the data frame in the respective first, second or third buffer, and discarding the data frame in response to the first, second or third buffer reaching the respective threshold level.

Citations

17 Claims

1. A system comprising:
- a transmission buffer having a first threshold level for data frames having the lowest priority, a second threshold level greater than the first threshold level for data frames having a medium priority, and a third threshold level greater than the second threshold level for data frames having the highest priority; and
  
  means for differentiating a data frame as having lowest, medium or highest priority and storing the data frame in the transmission buffer in response to the respective threshold levels not being reached, and discarding the data frame in response to reaching the respective threshold levels;
  
  wherein storing the data frame comprises storing the data frame in a first, second or third buffer in response to the priority of the data frame and the respective threshold of the respective buffer not being exceeded,wherein differentiating the data frame comprises determining whether the data flame is a general broadcast data frame and whether the data frame is destined for a network processor,wherein when the data frame is determined to be the general broadcast frame, differentiating further comprises;
  
  determining whether the general broadcast frame is a routing protocol frame; and
  
  storing the routing protocol frame in the third buffer having the highest threshold in response to the highest threshold not being exceeded,wherein when the general broadcast frame is determined not be the routing protocol frame differentiating further comprises;
  
  determining an MCAST_ID value of the general broadcast frame, the MCAST ID value indicative of whether the frame is a multicast frame for MAC learning purposes;
  
  storing the general broadcast frame in the first buffer having the lowest threshold in response to the lowest threshold not being exceeded and the MCAST_ID value being zero; and
  
  discarding the general broadcast if the MCAST_ID value is greater than zero.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, wherein the transmission buffer comprises:
    - a first buffer having a first capacity and the first threshold level adapted to store data frames having the lowest priority;
      
      a second buffer having a second capacity greater than the first capacity and the second threshold level greater than the first threshold level adapted to store data frames having a medium priority; and
      
      a third buffer having a third capacity greater than the second capacity and the third threshold level greater than the second threshold level adapted to store data frames having the highest priority.
  - 3. The system of claim 2, wherein the first buffer is adapted to store general broadcast data frames, and the third buffer is adapted to store network management data frames and routing protocol data frames.
  - 4. The system of claim 2, wherein the third buffer is adapted to store data frames destined for a network processor.
  - 5. The system of claim 1, where means for differentiating a data frame comprises backpressure means for handling data frames having the highest priority in response to reaching the highest threshold value.

6. A method comprising:
- receiving a data frame from a memory subsystem;
  
  differentiating the data frame as having lowest, medium or highest priority;
  
  storing the data frame in a transmit buffer having lowest, medium, and highest thresholds in response to the priority of the data frame and the respective threshold not being exceeded; and
  
  discarding the data frame in response to the respective threshold of the data frame being exceeded,wherein storing the data frame comprises storing the data frame in a first, second or third buffer in response to the priority of the data frame and the respective threshold of the respective buffer not being exceeded,wherein differentiating the data frame comprises determining whether the data flame is a general broadcast data frame and whether the data frame is destined for a network processor,wherein when the data frame is determined to be the general broadcast frame, differentiating further comprises;
  
  determining whether the general broadcast frame is a routing protocol frame; and
  
  storing the routing protocol frame in the third buffer having the highest threshold in response to the highest threshold not being exceeded,wherein when the general broadcast frame is determined not be the routing protocol frame differentiating further comprises;
  
  determining an MCAST_ID value of the general broadcast frame, the MCAST ID value indicative of whether the frame is a multicast frame for MAC learning purposes;
  
  storing the general broadcast frame in the first buffer having the lowest threshold in response to the lowest threshold not being exceeded and the MCAST_ID value being zero; and
  
  discarding the general broadcast if the MCAST_ID value is greater than zero.
- View Dependent Claims (7, 8, 9, 10, 17)
- - 7. The method of claim 6, wherein differentiating the data frame comprises determining whether the data frame is a general broadcast data frame having the lowest priority.
  - 8. The method of claim 6, wherein differentiating the data frame comprises determining whether the data frame is a routing protocol data frame having the highest priority.
  - 9. The method of claim 6, wherein differentiating the data frame comprises determining whether the data frame is destined for a network processor indicating the data frame has the highest priority.
  - 10. The method of claim 6, further comprising exerting backpressure against the memory subsystem in response to the highest threshold being reached.
  - 17. The method of claim 6, further comprising:
    - storing the data frame in one of the first buffer and the second buffer in response to the respective thresholds not being exceeded and when the data frame is destined for the network processor and not the general broadcast data frame; and
      
      discarding the data frame when the data frame is not destined for the network processor and not the general broadcast data frame.

11. A non transitory computer-readable medium having encoded thereon a method, comprising:
- receiving a data frame from a computer network;
  
  differentiating the data frame as having lowest, medium or highest priority;
  
  storing the data frame in a transmit buffer having lowest, medium, and highest thresholds in response to the priority of the data frame and the respective threshold not being exceeded; and
  
  discarding the data frame in response to the respective threshold of the data frame being exceeded,wherein storing the data frame comprises storing the data frame in a first, second or third buffer in response to the priority of the data frame and the respective threshold of the respective buffer not being exceeded,wherein differentiating the data frame comprises determining whether the data flame is a general broadcast data frame and whether the data frame is destined for a network processor,wherein when the data frame is determined to be the general broadcast frame, differentiating further comprises;
  
  determining whether the general broadcast frame is a routing protocol frame; and
  
  storing the routing protocol frame in the third buffer having the highest threshold in response to the highest threshold not being exceeded,wherein when the general broadcast frame is determined not be the routing protocol frame differentiating further comprises;
  
  determining an MCAST_ID value of the general broadcast frame, the MCAST_ID value indicative of whether the frame is a multicast frame for MAC learning purposes;
  
  storing the general broadcast frame in the first buffer having the lowest threshold in response to the lowest threshold not being exceeded and the MCAST_ID value being zero; and
  
  discarding the general broadcast if the MCAST_ID value is greater than zero.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The non-transitory computer-readable medium of claim 11, wherein storing the data frame comprises storing the data frame in a first, second or third buffer in response to the priority of the data frame and the respective threshold of the respective buffer not being exceeded.
  - 13. The non-transitory computer-readable medium of claim 11, wherein differentiating the data frame comprises determining whether the data frame is a general broadcast data frame having the lowest priority.
  - 14. The non-transitory computer-readable medium of claim 11, wherein differentiating the data frame comprises determining whether the data frame is a routing protocol data frame having the highest priority.
  - 15. The non-transitory computer-readable medium of claim 11, wherein differentiating the data frame comprises determining whether the data frame is destined for a network processor indicating the data frame has the highest priority.
  - 16. The non-transitory computer-readable medium of claim 11, further comprising exerting backpressure against the memory subsystem in response to the highest threshold being reached.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ADVA Optical Networking SE (ADTRAN Holdings, Inc.)
Original Assignee
ADVA Optical Networking SE (ADTRAN Holdings, Inc.)
Inventors
Sankey, Wayne Robert, Woehler, Ralf
Primary Examiner(s)
Sheikh; Ayaz
Assistant Examiner(s)
Sloms; Nicholas

Application Number

US12/041,476
Publication Number

US 20080212469A1
Time in Patent Office

1,303 Days
Field of Search

None
US Class Current

370/230
CPC Class Codes

H04L 47/10   Flow control; Congestion co...

H04L 47/2433   Allocation of priorities to...

H04L 47/2441   relying on flow classificat...

H04L 47/29   using a combination of thre...

H04L 47/30   in combination with informa...

H04L 47/32   by discarding or delaying d...

H04L 47/6215   Individual queue per QOS, r...

H04L 49/90   Buffering arrangements

System and method of defense against denial of service of attacks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of defense against denial of service of attacks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links