| 发明名称 | Early traffic regulation techniques to protect against network flooding | ||
| 摘要 | Methods and apparatus for providing an Anti-Flooding Flow-Control (AFFC) mechanism suitable for use in defending against flooding network Denial-of-Service (N-DoS) attacks is described. Features of the AFFC mechanism include (1) traffic baseline generation, (2) dynamic buffer management, (3) packet scheduling, and (4) optional early traffic regulation. Baseline statistics on the flow rates for flows of data corresponding to different classes of packets are generated. When a router senses congestion, it activates the AFFC mechanism of the present invention. Traffic flows are classified. Elastic traffic is examined to determine if it is responsive to flow control signals. Flows of non-responsive elastic traffic is dropped. The remaining flows are compared to corresponding class baseline flow rates. Flows exceeding the baseline flow rates are subject to forced flow rate reductions, e.g., dropping of packets. | ||
| 申请公布号 | US9014002(B2) | 申请公布日期 | 2015.04.21 |
| 申请号 | US201313969341 | 申请日期 | 2013.08.16 |
| 申请人 | Palo Alto Networks, Inc. | 发明人 | Ye Baoqing |
| 分类号 | H04L12/26;H04L12/931;H04W28/02;H04W28/10;H04L12/801;H04L12/823;H04L29/06 | 主分类号 | H04L12/26 |
| 代理机构 | Van Pelt, Yi & James LLP | 代理人 | Van Pelt, Yi & James LLP |
| 主权项 | 1. A method for packet flow control, comprising: detecting traffic congestion at a first node along a packet flow path between a source device and a destination device in a network; identifying a preceding node in the packet flow path, wherein the preceding node is preceding the first node in the packet flow path; and transmitting to the preceding node a traffic regulation signal used to initiate flow rate control on flows identified from information included in the traffic regulation signal. | ||
| 地址 | Santa Clara CA US | ||