Penalty-box policers for network device control plane protection

• Main Authors: Cao, Qi-Zhong, Atlas, Alia, Callon, Ross W, Grossman, Stu, Haas, Jeffrey, Scudder, John Galen
• Format: Patent
• Language: English
• Published: 29.01.2019
• Subjects: ELECTRIC COMMUNICATION TECHNIQUE; ELECTRICITY; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION

In general, techniques are described for dynamically controlling host-bound traffic by dynamically adding and updating, within the forwarding plane of a network device, network packet policers that each constrains, for one or more packet flows, an amount of host-bound traffic of the packet flows permitted to reach the control plane in accordance with available resources. In one example, a control plane of the network device detects internal congestion in the communication path from the forwarding plane to control plane (the "host-bound path"), identifies packet flows utilizing an excessive amount of host-bound path resources, computes limits for the identified packet flows, and adds "penalty-box policers" configured with the computed limits for the identified packet flows to the forwarding plane. The forwarding plane subsequently applies the policers to the identified packet flows to constrain the amount of traffic of the packet flows allowed to reach the control plane to the computed limits.