Rate limiting per-flow of traffic to CPU on network switching and routing devices

US 8,255,515 B1
Filed: 01/17/2006
Issued: 08/28/2012
Est. Priority Date: 01/17/2006
Status: Active Grant

First Claim

Patent Images

1. A network device for use in a networking system, the network device comprising:

a packet processor that;

receives a control packet at a network port of the network device, andassigns a first CPU code to the control packet from a plurality of CPU codes, the first CPU code indicative of a type of traffic associated with the control packet and the following;

a destination for the control packet, the destination corresponds to a CPU to which the control packet is directed so as to enable distributed processing in compliance with protocols at multiple CPUs in the networking system;

a quality of service (QoS) functionality including a traffic class and a drop precedence associated with the control packet; and

a statistical sampling parameter based on a packet truncation operation associated with the control packet;

the CPU being in communication with the packet processor; and

a memory in communication with the packet processor, the memory being configured to store a lookup table indexed by the plurality of CPU codes, wherein an entry in the lookup table associated with the first CPU code includes a rate limit that defines a rate at which packets associated with the type of traffic are delivered to the CPU,wherein the packet processor delivers the control packet to the CPU based on the rate limit associated with the type of traffic.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network device for use in a networking system. The network device includes a packet processor adapted to receive control packets at a network port of the network device. The packet processor is also adapted to assign a CPU code to the control packets. The network device also includes a CPU in communication with the packet processor and a lookup table indexed by the CPU code and in communication with the packet processor. According to embodiments of the present invention, one or more entries in the lookup table define a rate limit in accordance with which packets characterized by the CPU code are delivered from the packet processor to the CPU.

251 Citations

39 Claims

1. A network device for use in a networking system, the network device comprising:
- a packet processor that;
  
  receives a control packet at a network port of the network device, andassigns a first CPU code to the control packet from a plurality of CPU codes, the first CPU code indicative of a type of traffic associated with the control packet and the following;
  
  a destination for the control packet, the destination corresponds to a CPU to which the control packet is directed so as to enable distributed processing in compliance with protocols at multiple CPUs in the networking system;
  
  a quality of service (QoS) functionality including a traffic class and a drop precedence associated with the control packet; and
  
  a statistical sampling parameter based on a packet truncation operation associated with the control packet;
  
  the CPU being in communication with the packet processor; and
  
  a memory in communication with the packet processor, the memory being configured to store a lookup table indexed by the plurality of CPU codes, wherein an entry in the lookup table associated with the first CPU code includes a rate limit that defines a rate at which packets associated with the type of traffic are delivered to the CPU,wherein the packet processor delivers the control packet to the CPU based on the rate limit associated with the type of traffic.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The network device of claim 1 wherein a counter is incremented when the control packet is delivered to the CPU.
  - 3. The network device of claim 2 wherein control packet delivery to the CPU is terminated for a duration of a configurable time window after the counter reaches a configurable threshold value.
  - 4. The network device of claim 1 wherein a counter is periodically reset after a time period equal to a configurable time window.
  - 5. The network device of claim 1 wherein the lookup table is a CPU code table.
  - 6. The network device of claim 1 wherein the packet processor is configured to assign the first CPU code to the control packet based on a control protocol associated with the control packet.
  - 7. The network device of claim 1 wherein the packet processor sends an interrupt signal to the CPU indicative of an attack on the network device when control packets associated with the first CPU code were received at the network port at a rate greater than the rate limit.

8. A method of operating a network device for use in a networking system, the method comprising:
- receiving a control packet at a network port of the network device;
  
  assigning a first CPU code to the control packet from a plurality of CPU codes using a packet processor, the first CPU code indicative of a type of traffic associated with the control packet and the following;
  
  a destination for the control packet, the destination corresponds to a CPU to which the control packet is directed so as to enable distributed processing in compliance with protocols at multiple CPUs in the networking system;
  
  a quality of service (QoS) functionality including a traffic class and a drop precedence associated with the control packet; and
  
  a statistical sampling parameter based on a packet truncation operation associated with the control packet;
  
  storing a lookup table indexed by the plurality of CPU codes, wherein an entry in the lookup table associated with the first CPU code includes a rate limit that defines a rate at which packets associated with the type of traffic are delivered to a CPU; and
  
  delivering, by the packet processor, the control packet to the CPU based on the rate limit associated with the type of traffic.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8 wherein the rate limit is determined utilizing a configurable time window, a counter, and a configurable threshold value.
  - 10. The method of claim 9 wherein the counter is incremented when the control packet is delivered to the CPU.
  - 11. The method of claim 10 wherein control packet delivery to the CPU is terminated for a duration of the configurable time window after the counter reaches the configurable threshold value.
  - 12. The method of claim 9 wherein the counter is periodically reset after a time period equal to the configurable time window.
  - 13. The method of claim 8 wherein the lookup table is a CPU code table.
  - 14. The method of claim 8 further comprising assigning the first CPU code to the control packet based on a control protocol associated with the control packet.

15. A method of managing control packets in a communications network, the method comprising:
- receiving a control packet at a network device including a CPU;
  
  providing a CPU code table indexed by a plurality of CPU codes, the plurality of CPU codes respectively associated with a plurality of entries of the CPU code table, wherein an entry of the CPU code table comprises a rate limiting attribute defining a rate at which control packets associated with respective types of traffic are delivered to the CPU; and
  
  assigning a CPU code from the plurality of CPU codes to the control packet, the CPU code indicative of a type of traffic associated with the control packet and the following;
  
  a destination for the control packet, the destination corresponds to a CPU to which the control packet is directed so as to enable distributed processing in compliance with protocols at multiple CPUs in the networking system;
  
  a quality of service (QoS) functionality including a traffic class and a drop precedence associated with the control packet; and
  
  a statistical sampling parameter based on a packet truncation operation associated with the control packet; and
  
  routing the control packet to the CPU in accordance with the rate limiting attribute associated with the type of traffic.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method of claim 15 wherein the rate limiting attribute comprises a CPU code rate limiter.
  - 17. The method of claim 16 wherein the CPU code rate limiter comprises a predetermined time value, a counter, and a predetermined threshold value.
  - 18. The method of claim 17 wherein the counter is incremented in response to the routing of the control packet to the CPU.
  - 19. The method of claim 17 wherein routing of the control packet to the CPU is ceased when a number of packets routed to the CPU during the predetermined time value equals the predetermined threshold value.
  - 20. The method of claim 17 wherein the counter is periodically reset after a time period equal to the predetermined time value.
  - 21. The method of claim 15 further comprising assigning the CPU code to the control packet based on a control protocol associated with the control packet.

22. A network device configured to manage control packets in a communications network, the network device comprising:
- an ingress pipeline configured to receive a control packet at the network device, wherein the network device includes a CPU;
  
  a memory configured to store a CPU code table indexed by a plurality of CPU codes, the plurality of CPU codes respectively associated with a plurality of entries of the CPU code table, each entry of the CPU code table comprising a rate limiting attribute defining a rate at which control packets associated with respective types of traffic are delivered to the CPU; and
  
  a packet processor configured to assign a CPU code from the plurality of CPU codes to the control packet, the CPU code indicative of a type of traffic associated with the control packet and the following;
  
  a destination for the control packet, the destination corresponds to a CPU to which the control packet is directed so as to enable distributed processing in compliance with protocols at multiple CPUs in the networking system;
  
  a quality of service (QoS) functionality including a traffic class and a drop precedence associated with the control packet; and
  
  a statistical sampling parameter based on a packet truncation operation associated with the control packet,wherein the packet processor routes the control packet to the CPU in accordance with the rate limiting attribute associated with the type of traffic.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The network device of claim 22 wherein the rate limiting attribute comprises a CPU code rate limiter.
  - 24. The network device of claim 23 wherein the CPU code rate limiter comprises a predetermined time value, a counter, and a predetermined threshold value.
  - 25. The network device of claim 24 wherein the counter is incremented in response to the routing of the control packet to the CPU.
  - 26. The network device of claim 24 wherein the packet processor is configured to cease routing of the control packet to the CPU when a number of packets routed to the CPU during the predetermined time value equals the predetermined threshold value.
  - 27. The network device of claim 24 wherein the counter is periodically reset after a time period equal to the predetermined time value.

28. A method of rate limiting packet delivery to a CPU in a network device, the method comprising:
- receiving a control packet at a port of the network device;
  
  assigning a CPU code to the control packet, the CPU code is indicative of a type of traffic associated with the control packet and the following;
  
  a destination for the control packet, the destination corresponds to a CPU to which the control packet is directed so as to enable distributed processing in compliance with protocols at multiple CPUs in the networking system;
  
  a quality of service (QoS) functionality including a traffic class and a drop precedence associated with the control packet; and
  
  a statistical sampling parameter based on a packet truncation operation associated with the control packet;
  
  comparing a value stored in a counter associated with the CPU code to a threshold value stored in a memory where the counter is configured to count a number of control packets associated with the type of traffic processed by the network device during a predetermined time;
  
  delivering the control packet to the CPU and incrementing the value stored in the counter when the value stored in the counter is less than the threshold value;
  
  dropping the control packet when the value stored in the counter is greater than or equal to the threshold value; and
  
  resetting the value stored in the counter to a baseline value after the predetermined time has passed.
- View Dependent Claims (29, 30, 31, 32, 33)
- - 29. The method of claim 28 wherein the CPU code indexes a CPU code table.
  - 30. The method of claim 28 wherein the threshold value stored in the memory comprises a value stored in a CPU code rate limiter.
  - 31. The method of claim 30 wherein the CPU code rate limiter is included in a CPU code table.
  - 32. The method of claim 30 wherein the predetermined time comprises a time window associated with the CPU code rate limiter.
  - 33. The method of claim 28 further comprising assigning the CPU code to the control packet based on a control protocol associated with the control packet.

34. An apparatus that rate limits packet delivery to a CPU in a network device, the apparatus comprising:
- a port of the network device that receives a control packet; and
  
  a processor configured to;
  
  assign a CPU code to the control packet, the CPU code is indicative of a type of traffic associated with the control packet and the following;
  
  a destination for the control packet, the indicated destination corresponds to a CPU to which the control packet is directed so as to enable distributed processing in compliance with protocols at multiple CPUs in the networking system;
  
  a quality of service (QoS) functionality including a traffic class and a drop precedence associated with the control packet; and
  
  a statistical sampling parameter based on a packet truncation operation associated with the control packet;
  
  compare a value stored in a counter associated with the CPU code to a threshold value stored in a memory where the counter is configured to count a number of control packets associated with the type of traffic processed by the network device during a predetermined time;
  
  deliver the control packet to the CPU and increment the value stored in the counter when the value stored in the counter is less than the threshold value;
  
  drop the control packet when the value stored in the counter is greater than or equal to the threshold value; and
  
  reset the value stored in the counter to a baseline value after the predetermined time has passed.
- View Dependent Claims (35, 36, 37, 38, 39)
- - 35. The apparatus of claim 34 wherein the CPU code indexes a CPU code table.
  - 36. The apparatus of claim 34 wherein the threshold value stored in the memory comprises a value stored in a CPU code rate limiter.
  - 37. The apparatus of claim 36 wherein the CPU code rate limiter is included in a CPU code table.
  - 38. The apparatus of claim 36 wherein the predetermined time comprises a time window associated with the CPU code rate limiter.
  - 39. The apparatus of claim 34 wherein the processor is configured to assign the CPU code to the control packet based on a control protocol associated with the control packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Marvell Israel Limited (Marvell Technology Group Limited)
Original Assignee
Marvell Israel Limited (Marvell Technology Group Limited)
Inventors
Melman, David, Daniel, Tsahi, Regev, Eran
Primary Examiner(s)
Patel, Haresh N
Assistant Examiner(s)
Edwards, Linglan

Application Number

US11/334,184
Time in Patent Office

2,415 Days
Field of Search

709238-244, 709223-226, 709/232, 709/233, 370/235
US Class Current

709/224
CPC Class Codes

H04L 47/24 Traffic characterised by sp...

Rate limiting per-flow of traffic to CPU on network switching and routing devices

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

251 Citations

39 Claims

Specification

Use Cases

Quick Links

Others

Rate limiting per-flow of traffic to CPU on network switching and routing devices

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

251 Citations

39 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others