DISTRIBUTED LEARNING AND AGING FOR MANAGEMENT OF INTERNET PROTOCOL (IP) ADDRESSES

摘要

A device includes a security process unit (SPU) associated with a logical ring of SPUs. The SPU receives a packet with an address associated with a malicious source, and creates, based on the packet, an entry in a data structure associated with the SPU. The entry includes information associated with the packet. The SPU provides an install message to a next SPU in the logical ring. The install message instructs the next SPU to create the entry in another data structure, and forward the install message to another SPU. The SPU receives the install message from a last SPU, and sets a state of the entry to active in the data structure based on receiving the install message from the last SPU. The SPU performs a particular action on another packet, associated with the malicious source, based on the setting the state of the entry to active.

主权项

1. A method comprising:
receiving, by a device, a packet with an address associated with a malicious source,
the device including a plurality of security process units (SPUs) arranged in a logical ring of SPUs, anda particular SPU, of the logical ring of SPUs, receiving the packet, creating, by the particular SPU and based on the packet, an action entry in a data structure associated with the particular SPU,
the action entry including information associated with the packet; setting, by the particular SPU, a state of the action entry to pending in the data structure; providing, by the particular SPU and based on setting the state of the action entry to pending, an install message to a next SPU in the logical ring of SPUs,
the install message instructing the next SPU to:
create the action entry in another data structure associated with the next SPU, andforward the install message to another SPU in the logical ring of SPUs; receiving, by the particular SPU, the install message from a last SPU in the logical ring of SPUs; and setting, by the particular SPU, the state of the action entry to active in the data structure based on receiving the install message from the last SPU,
the device performing a particular action on another packet, associated with the malicious source, based on setting the state of the action entry to active.