Network communication rate limiter
First Claim
1. A non-transitory machine readable storage medium having instructions embodied thereon, wherein the instructions, when executed by a processor, cause the processor to:
- receive a request for a token granting permission to perform a network action, wherein the request is associated with an IP (Internet Protocol) address used to identify a source network;
identify k rate limiters for the source network by generating k hash values from the IP address using k hash functions where the k hash values identify k memory locations containing the k rate limiters and where k is a natural number greater than zero, a given rate limiter being included in a group of rate limiters having a time counter where each rate limiter has a capacity to store a number of tokens and where tokens are added to each of the rate limiters in the group of rate limiters according to the time counter, wherein a predetermined number of tokens are added to each of the rate limiters in the group of rate limiters as a result of the request for the token being received and a value of the time counter being zero;
determine a respective token balance for each of the k rate limiters for the source network in response to the request;
determine that at least one token balance for a k rate limiter is greater than zero; and
provide a token in response to the request.
1 Assignment
0 Petitions
Accused Products
Abstract
A technology is described for limiting the rate at which a number of requests to perform a network action are granted using rate limiters. An example method may include receiving a request for a token granting permission to perform a network action via a computer network. In response, rate limiters may be identified by generating hash values using hash functions and a network address representing a source network where the hash values identify memory locations for the rate limiters. The rate limiters may have a computer memory capacity to store tokens that are distributed in response to the request. Token balances for the rate limiters may be determined, and permission to perform the network action may be granted as a result of at least one of the token balances being greater than zero.
-
Citations
20 Claims
-
1. A non-transitory machine readable storage medium having instructions embodied thereon, wherein the instructions, when executed by a processor, cause the processor to:
-
receive a request for a token granting permission to perform a network action, wherein the request is associated with an IP (Internet Protocol) address used to identify a source network; identify k rate limiters for the source network by generating k hash values from the IP address using k hash functions where the k hash values identify k memory locations containing the k rate limiters and where k is a natural number greater than zero, a given rate limiter being included in a group of rate limiters having a time counter where each rate limiter has a capacity to store a number of tokens and where tokens are added to each of the rate limiters in the group of rate limiters according to the time counter, wherein a predetermined number of tokens are added to each of the rate limiters in the group of rate limiters as a result of the request for the token being received and a value of the time counter being zero; determine a respective token balance for each of the k rate limiters for the source network in response to the request; determine that at least one token balance for a k rate limiter is greater than zero; and provide a token in response to the request. - View Dependent Claims (2, 3)
-
-
4. A computer implemented method, comprising:
-
receiving a request for a token granting permission to process a network communication via a computer network; identifying, using a processor, k rate limiters for a source network by generating k hash values using k hash functions and a network address representing the source network where the k hash values identify k memory locations for the k rate limiters, the k rate limiters having a computer memory capacity to store tokens that are distributed in response to the request, wherein k is a natural number greater than zero; determining that at least one token balance for the k rate limiters stored in the computer memory is greater than zero in response to the request using the processor; granting permission to process the network communication; and decrementing the at least one token balance. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system comprising:
-
a processor; a memory device including instructions that, when executed by the processor, cause the system to; identify k rate limiters for a source network by generating k hash values from a network address representing the source network using k hash functions where the k hash values identify k memory locations containing the k rate limiters where k is a natural number greater than zero; include a rate limiter of the k rate limiters in a group of rate limiters having a countdown timer, where each rate limiter of the k rate limiters can store a number of tokens used to grant permission to forward a network communication, wherein tokens are added to each rate limiter in the group of rate limiters according to a time counter of the group; determine respective token balances for the k rate limiters, wherein a predetermined number of tokens are added to each of the token balances of the rate limiters included in the group of rate limiters as a result of an expiration of a time unit as determined by the time counter; expiration of at least one time unit is checked for as a result of checking the token balances of the k rate limiters and adding the predetermined number of tokens to the token balances of the rate limiters included in the group of rate limiters for each time unit that has expired; provide a token as a result of at least one of the token balances of the k rate limiters being greater than zero; and decrement a token balance for a rate limiter included in the k rate limiters as a result of providing a token. - View Dependent Claims (18, 19, 20)
-
Specification