Senior Fitness - Exercise and Nutrition for Aging Men and Women
FREE Article Feed for your website.
Home Ownership Magazine
Party Planning Information
Article Marketing Resources
Bio-Medical Research Article Database
Informative Articles on Life, Love and Happiness
Tutorials on Business to Writing
Famous Quotes from Famous People
Song Lyric Information
New US Patent Information
Comprehensive List of Content by Category
Online Auctions and Shopping Related Articles
Article Search
Most Recent Articles
Title: Wireless architecture and support for process control systems
Patent Number: 7,436,797 Issued on 10/14/2008 to Shepard,   et al.

Title: Mobile-unit-dedicated data delivery assistance method
Patent Number: 7,436,796 Issued on 10/14/2008 to Takeuchi,   et al.

Title: Timer based stall avoidance mechanism for high speed wireless communication system
Patent Number: 7,436,795 Issued on 10/14/2008 to Jiang

Title: Transmission power control method and apparatus for mobile communication system
Patent Number: 7,436,794 Issued on 10/14/2008 to Takahashi,   et al.

Title: System and method for effectively performing a transmit power adjustment procedure
Patent Number: 7,436,793 Issued on 10/14/2008 to Read

Title: For-fee distribution of consumer-selected content items between different satellite radio service providers
Patent Number: 7,436,792 Issued on 10/14/2008 to Diamond

Title: Methods and apparatus for providing slot reservations for slotted messages in wireless communication networks
Patent Number: 7,436,791 Issued on 10/14/2008 to Willey,   et al.

Title: Wireless access point methods and apparatus for reduced power consumption and cost
Patent Number: 7,436,790 Issued on 10/14/2008 to Todd,   et al.

Title: Ad Hoc wireless node and network
Patent Number: 7,436,789 Issued on 10/14/2008 to Caliskan,   et al.

Title: Dynamic frequency spectrum re-allocation
Patent Number: 7,436,788 Issued on 10/14/2008 to Huschke,   et al.

Title: Transceiver for full duplex communication systems
Patent Number: 7,436,787 Issued on 10/14/2008 to Huang,   et al.

Title: Telecommunications system for minimizing the effect of white noise data packets for the generation of required white noise on transmission channel utilization
Patent Number: 7,436,786 Issued on 10/14/2008 to Ban

Title: Method and system for location based subject matter teleconferencing
Patent Number: 7,436,785 Issued on 10/14/2008 to McMullen,   et al.

Title: Resilient packet ring network for realizing MAC bridging
Patent Number: 7,436,784 Issued on 10/14/2008 to Hashimoto

Title: Method and apparatus for detecting a router that improperly responds to ARP requests
Patent Number: 7,436,783 Issued on 10/14/2008 to Cheshire,   et al.

Title: Full mesh LSP and full mesh T-LDP provisioning between provider edge routers in support of Layer-2 and Layer-3 virtual private network services
Patent Number: 7,436,782 Issued on 10/14/2008 to Ngo,   et al.

Title: Method and apparatus for determining the location of a node in a wireless system
Patent Number: 7,436,781 Issued on 10/14/2008 to Niu,   et al.

Title: Method and apparatus for approximating location of node attached to a network
Patent Number: 7,436,780 Issued on 10/14/2008 to Stephens,   et al.

Title: Method and system for controlling when a radio link layer connection to a wireless terminal is released
Patent Number: 7,436,779 Issued on 10/14/2008 to Mangal,   et al.

Title: Related-packet identification
Patent Number: 7,436,778 Issued on 10/14/2008 to Iannaccone,   et al.

Title: Failed link training
Patent Number: 7,436,777 Issued on 10/14/2008 to Lesartre

Title: Communication test device
Patent Number: 7,436,776 Issued on 10/14/2008 to Koga

Title: Software configurable cluster-based router using stock personal computers as cluster nodes
Patent Number: 7,436,775 Issued on 10/14/2008 to Jordan,   et al.

Title: Communication network connection rerouting methods and systems
Patent Number: 7,436,774 Issued on 10/14/2008 to Gunther,   et al.

Title: Packet flow control in switched full duplex ethernet networks
Patent Number: 7,436,773 Issued on 10/14/2008 to Cunningham

Title: Available bandwidth estimation
Patent Number: 7,436,772 Issued on 10/14/2008 to Padhye,   et al.

Title: System for refining network utilization and data block sizes in the transfer of data over a network
Patent Number: 7,436,771 Issued on 10/14/2008 to Roberts,   et al.

Title: Metering packet flows for limiting effects of denial of service attacks
Patent Number: 7,436,770 Issued on 10/14/2008 to Sterne,   et al.

Title: Method of throttling data flow through a router
Patent Number: 7,436,769 Issued on 10/14/2008 to Loader,   et al.

Title: Method, apparatus and computer program for transmitting a packet
Patent Number: 7,436,768 Issued on 10/14/2008 to Yun

Title: Method and apparatus for controlling the transmission of cells across a network
Patent Number: 7,436,767 Issued on 10/14/2008 to Wei

Title: Telecommunication network support for service based policy in roaming configurations
Patent Number: 7,436,766 Issued on 10/14/2008 to Alfano,   et al.

Title: Method and apparatus for dynamically allocating upstream bandwidth in passive optical networks
Patent Number: 7,436,765 Issued on 10/14/2008 to Sisto,   et al.

Title: Notification of control information in wireless communication system
Patent Number: 7,436,764 Issued on 10/14/2008 to Lee,   et al.

Title: Data communication apparatus with a dual mode protection switching system
Patent Number: 7,436,763 Issued on 10/14/2008 to Phelps,   et al.

Title: Mobile communication network system for managing the location of a mobile IP terminal
Patent Number: 7,436,762 Issued on 10/14/2008 to Oka,   et al.

Title: Apparatus and method for connecting fibre channel devices via bypass buffers
Patent Number: 7,436,761 Issued on 10/14/2008 to Winter,   et al.

Title: Method for reading sensor
Patent Number: 7,436,760 Issued on 10/14/2008 to Chen

Title: Reception apparatus and method, and channel response measurement apparatus for receiving an orthogonal frequency divisional multiplexing signal
Patent Number: 7,436,759 Issued on 10/14/2008 to Hayashi,   et al.

Title: Apparatus and method for transmitting/receiving pilot pattern set to distinguish base station in orthogonal frequency division multiplexing (OFDM) communication system
Patent Number: 7,436,758 Issued on 10/14/2008 to Suh,   et al.

Title: Scattered pilot and filtering for channel estimation
Patent Number: 7,436,757 Issued on 10/14/2008 to Wilson,   et al.

Title: Record carrier and apparatus enabling seamless playback
Patent Number: 7,436,756 Issued on 10/14/2008 to Bernsen

Title: Optical information recording medium, recording and reproduction methods using the same, optical information recording device, and optical information reproduction device
Patent Number: 7,436,755 Issued on 10/14/2008 to Takamori,   et al.

Title: Information-recording medium and method
Patent Number: 7,436,754 Issued on 10/14/2008 to Kojima,   et al.

Title: Contact probe storage FET sensor
Patent Number: 7,436,753 Issued on 10/14/2008 to Mejia,   et al.

Title: Method and apparatus for signal equalization in a light storage system
Patent Number: 7,436,752 Issued on 10/14/2008 to He

Title: Disposable article with containment structure
Patent Number: 6,790,202 Issued on 09/14/2004 to Klemp,   et al.

Title: Method and apparatus for securing a computer-based game of chance
Patent Number: 6,790,139 Issued on 09/14/2004 to Walker,   et al.

Title: Compensation for power variation along patient cables
Patent Number: 6,790,206 Issued on 09/14/2004 to Panescu

Title: Methods and apparatus for recirculating air in a controlled ventilated environment
Patent Number: 6,790,136 Issued on 09/14/2004 to Sharp,   et al.

Title: Health instrument
Patent Number: 6,790,194 Issued on 09/14/2004 to Katane,   et al.

Title: Method and device for transventricular mechanical circulatory support
Patent Number: 6,790,171 Issued on 09/14/2004 to Grundeman,   et al.

Title: Gaming system with individualized centrally generated random number generator seeds
Patent Number: 6,790,143 Issued on 09/14/2004 to Crumby

Title: Adjustable striking bag training apparatus
Patent Number: 6,790,167 Issued on 09/14/2004 to Carlin,   et al.

Title: Flexible shaft plug insert
Patent Number: 6,790,144 Issued on 09/14/2004 to Talesky

Title: Apparatus for controlling vehicle drive system including engine with turbocharger, and lock-up clutch
Patent Number: 6,790,157 Issued on 09/14/2004 to Tabata

Title: Implantable prosthesis
Patent Number: 6,790,213 Issued on 09/14/2004 to Cherok,   et al.

Title: Apparatus for controlling vehicle drive system including engine with turbocharger, and lock-up clutch
Patent Number: 6,790,158 Issued on 09/14/2004 to Tabata

Title: On-vehicle display device
Patent Number: 6,795,757 Issued on 09/21/2004 to Sadahiro

Title: Fixing device controlling method, fixing device, and image forming apparatus for forming fixed images of desired glossiness
Patent Number: 6,795,681 Issued on 09/21/2004 to Onodera,   et al.

Title: Developer regulating member and developing apparatus including the same
Patent Number: 6,795,672 Issued on 09/21/2004 to Yamamoto,   et al.

Title: Safety syringe for taking blood
Patent Number: 6,911,021 Issued on 06/28/2005 to Yang,   et al.

Title: Apparatus for forming concrete foundations
Patent Number: 6,899,535 Issued on 05/31/2005 to Mihelcic,   et al.

Title: Dual action mechanical assisted connector
Patent Number: 6,899,554 Issued on 05/31/2005 to Osada

Title: Threat image projection system
Patent Number: 6,899,540 Issued on 05/31/2005 to Neiderman,   et al.

Title: Secondary air turbocharger with sound absorbing insulating material
Patent Number: 6,899,531 Issued on 05/31/2005 to Hummel

Title: Gear-driven shears provided with a curved plate on a movable jaw
Patent Number: 6,935,031 Issued on 08/30/2005 to Huang

Title: Semiconductor device and manufacturing method thereof
Patent Number: 6,972,460 Issued on 12/06/2005 to Aida,   et al.

Title: Test pad array for contact resistance measuring of ACF bonds on a liquid crystal display panel
Patent Number: 6,940,301 Issued on 09/06/2005 to Chen

Title: Clutch protection system
Patent Number: 6,943,676 Issued on 09/13/2005 to Mack

Title: X-ray CT Apparatus and exposure dose calculating method
Patent Number: 6,954,513 Issued on 10/11/2005 to Horiuchi

Title: System for transferring data between application systems
Patent Number: 6,971,106 Issued on 11/29/2005 to Nakamura,   et al.

Title: Method for synthesis of n-[(s)-1-carboxybutyl]-(s)-alanine esters and use in synthesis of perindopril
Patent Number: 6,818,788 Issued on 11/16/2004 to Souvie

Title: Tunneling-effect energy converters
Patent Number: 6,946,596 Issued on 09/20/2005 to Kucherov,   et al.

Title: Inflammation inducible hybrid promoters, vectors comprising them and uses thereof
Patent Number: 6,870,044 Issued on 03/22/2005 to Massaad,   et al.

System and method for protecting a TCP connection serving system from high-volume of TCP connection requests Number:7,143,180 from the United States Patent and Trademark Office (PTO) owispatent

Home    Author Login    Submit Article    Article Search    Add Your Link    Edit Your Link    Contact Us    Advertising    Disclaimer

   

 
Web LinkGrinder.com

Top Breaking News
     Greek, Cypriot Leaders Resume Unification Talks in Nicosia by Nathan Morley
     Indonesia Tobacco Sales Grow, Raising Health Fears
     South Korea Allows Top Defector to Travel Overseas by VOA News

Title: System and method for protecting a TCP connection serving system from high-volume of TCP connection requests

Abstract: To prevent system crashes, as by denial-of-service attacks, of TCP/IP (Transmission Control Protocol/Internet Protocol) networks, this invention regulates the volume of TCP connection requests that await service at a TCP/IP connection control table. For this purpose, the usage of the system is monitored on a dynamic basis, the time-out value T.sub.ho is dynamically computed, and requests that have been awaiting service for a period of time that exceeds T.sub.ho are removed from the TCP/IP connection control table.

Patent Number: 7,143,180 Issued on 11/28/2006 to Chaar,   et al.

Inventors: Chaar; Jarir K. (Tarrytown, NY), George; David A. (Somers, NY), Lingafelt; C. Steven (Durham, NC), Maruyama; Kiyoshi (Chappaqua, NY), Mei; Mark (Yorktown Heights, NY)
Assignee: International Business Machines Corporation (Armonk, NY)
Appl. No.: 09/931,225
Filed: August 16, 2001

Current U.S. Class: 709/235 ; 709/224; 709/227
Current International Class: G06F 15/16 (20060101)
Field of Search: 709/223-237,200,203,248 713/201,200 370/236,242,389-394

References Cited [Referenced By]
U.S. Patent Documents
5802106 September 1998 Packer
6178450 January 2001 Ogishi et al.
6424624 July 2002 Galand et al.
6609205 August 2003 Bernhard et al.
6725378 April 2004 Schuba et al.
6775704 August 2004 Watson et al.
6816910 November 2004 Ricciulli
6823387 November 2004 Srinivas
6851062 February 2005 Hartmann et al.
6958997 October 2005 Bolton
2002/0075895 June 2002 Yamaguchi et al.
2002/0103916 August 2002 Chen et al.
Primary Examiner: Tran; Philip
Assistant Examiner: Nawaz; Asad Muhammed
Attorney, Agent or Firm: Buchenhorner; Michael J. August; Casey P.
Claims


What is claimed is:

1. A method of regulating TCP/IP connection requests which await service in a system by a TCP/IP connection control table to prevent overload thereof, said method comprising the steps of: monitoring usage of said system on a dynamic basis, based upon said usage, dynamically computing a time-out value T.sub.ho which defines the time duration that a TCP connection request may await service by said system, removing from said TCP/IP connection control table all TCP/IP connection requests which have been awaiting service in said TCP/IP stack for a duration exceeding T.sub.ho; and setting T.sub.ho=T.sub.min when N>N.sub.abs, when N>N.sub.limit setting T.sub.ho=max {T.sub.min, T'.sub.ho/A}, where T'.sub.ho is a previously existing value of T.sub.ho, where A>1, where N is the current usage of the table, and where 0.ltoreq.N.sub.limit.ltoreq.N.sub.size, and when N.ltoreq.N.sub.limit, setting T.sub.ho=min{T.sub.max, A*T'.sub.ho/A}; wherein said TCP/IP connection control table has size N.sub.size and an upper bound for usable table size of N.sub.abs.ltoreq.N.sub.size, and where values of T.sub.ho are dynamically computed in a range [T.sub.min, T.sub.max].

2. A method as set forth in claim 1, comprising the steps of: a) defining a plurality of table usage value N.sub.i spanning an increasing range of N.sub.i=0 to N.sub.i=N.sub.size, b) associating a corresponding plurality of time durations T.sub.i spanning a decreasing range of T.sub.i=T.sub.max to T.sub.i=T.sub.min, and c) comparing current table usage N to N.sub.ho and setting T.sub.ho to a corresponding value T.sub.i.

3. A method as set forth in claim 1, wherein T.sub.min has a value in a range of 0.01 to 1.0 secs. and wherein T.sub.max has a value in a range of 60 to 120 secs.
Description


FIELD OF THE INVENTION

The present invention relates generally to the TCP/IP (Transmission Control Protocol/Internet Protocol) based networks and systems and more particularly to those systems and components that keeps TCP connection related status information, such as the TCP connection control table, for the management of connections. Those management may include serving, filtering, load balancing, routing, redirecting, etc. of TCP connections.

DESCRIPTION OF THE PRIOR ART

The TCP/IP is a foundation for the world's largest network, Internet, as well as for the intranet and extranet, and it has become the core for data/voice/video communications and streaming. It has also become the major default communications protocols for connecting variety of digital entities.

When a networked digital entity that keeps track of TCP connection states receives a very high-volume of legitimate and/or illegitimate TCP connection requests, it runs the risk of flooding its TCP connection-related tables, which often leads to system quiescence or system crash. Such digital entities include today's servers, storage area networks, network attached storage and clusters of such entities. Future entities may include memory subsystems, storage subsystems and more general I/O subsystems that can be independently deployed throughout the network to form the distributed components of a digital entity that are connected together via high-bandwidth networks.

It is known that the purpose of a SYN (synchronization) flood (i.e., sending of large volume of "false" TCP connection requests) is to create a large number of long-lasting half-open TCP connections to fill the TCP connection control table in order for no other new connection requests to be accepted. This is known as a denial of service attack. A half-open connection is a connection whose 3-way hand shake hasn't been completed yet.

Every TCP connection establishment will experience some time duration for the half-open state before the associated TCP connection has been established. The duration of the half-open state depends on a number of parameters. Some of them include the conditions of two parties, how far two parties are located, what networks are being used to connect these two parties, congestion of these networks, the speed at which these two parties are connected to networks, and whether or not the intent of connection establishment is "sincere". In general, the half-open duration of a TCP connection establishment is short and is usually less than a second or so. A TCP connection request (from now on, simply a request or requests) associated with the SYN flood, for example, will eventually time-out. A typical time-out value is anywhere between 60 seconds and 120 seconds. In this patent application, the term "legitimate" or "good" is used to reference a "sincere" TCP connection request, and the term "illegitimate" or "bad" is used to reference a "not-sincere" TCP connection request.

A simple way to avoid filling up the TCP connection control table is to start discarding (or redirecting) future requests once a certain threshold of table utilization has been reached. This approach works well when no differentiation among TCP connection requests is needed. Some of major problems of this approach are (1) there is no way to differentiate legitimate requests from illegitimate requests (a preferable approach is to discard illegitimate requests first and then legitimates requests next if needed) and (2) the implementation of this approach requires some modification of existing systems, thus making its deployment more difficult.

The way to determine whether or not a TCP connection request is legitimate is to accept the connection request (assuming the requester has a valid IP address and port number) and observe whether or not its TCP half-open connection state moves to the "connected" state or it simply faces the half-open time-out. Not every "timed-out" half-open request is illegitimate or "not sincere". However, it is a good practice to discard or reset those TCP connection requests that stay in the half-open state unreasonably long.

In the TCP/IP protocols, there is a time-out parameter for controlling the duration of the half-open state called "half-open time-out". T.sub.ho shall hereinafter denote this "half-open time-out". Clearly, by changing the value of T.sub.ho, one can control the maximum duration for each TCP connection request to stay in the half-open state. Once a connection request faces its time-out, the corresponding entry will be removed from the control table. The removed TCP connection request could be either simply discarded or reset. Therefore, the management of T.sub.ho leads to the management of the use (or usage) of the TCP connection control table. The Lucent Access Point (AP) product (www.lucent.com/products) allows a user to choose one of two operation modes corresponding to the half-open time-out. One mode corresponding to a normal operation and another corresponding to a critical mode called "SYN Defender". This "SYN Defender" mode can be invoked to protect systems from SYN Flood type denial of service attacks. The SYN Defender mode uses a very small value for T.sub.ho, thus limiting the life cycle of the half-open connection state for TCP connection request. The major limitations of this approach are that its operation mode is invoked manually, it supports only two states (normal and SYN Defender) and it is not adaptable to changes in operation environment.

BRIEF SUMMARY OF THE INVENTION

The object of this invention is to provide a system and method that protect a TCP connection serving system from high-volume of TCP connection requests (both good and bad) which often lead to system quiescence or crash by dynamically adjusting the half-open connection time-out T.sub.ho, that is used to "clean up" the TCP connection control table. A T.sub.ho is defined for each TCP connection control table and it is dynamically adjusted. This invention has a means to observe the use (or usage) of the TCP connection control table(s), a means to compute the next T.sub.ho, value and a means to inform the value to any existing TCP/IP "stack". The T.sub.ho, value ranges between the minimum T.sub.min and the maximum T.sub.max.

Another object of this invention is to make the system and method adaptable to different operating environment by dynamically adjusting the range [T.sub.min, T.sub.max] in which T.sub.ho can operate. This invention has a means to derive both T.sub.min and T.sub.max. Examples of operating environment of this invention include Internet, intranet, extranet, back-end network infrastructure, and storage area network.

Yet another object of this invention is to provide an optional means that can be used to further protect a system with the TCP connection control table by preventing from fully utilizing the TCP connection control table by providing a means to throttle newly arriving TCP connection requests in the event that the table utilization had reached a predetermined level.

Accordingly, the present invention broadly provides a method of regulating TCP/IP connection requests which await service in a system by a TCP/IP connection control table to prevent overload thereof, the aforesaid method comprising the steps of: a) monitoring usage of the aforesaid system on a dynamic basis, b) based upon the aforesaid usage, dynamically computing a time-out value T.sub.ho which defines the time duration that a TCP connection request may await service by the system, c) removing from the aforesaid TCP/IP connection control table all TCP/IP connection requests which have been awaiting service in said TCP/IP stack for a duration exceeding T.sub.ho

Preferably, the aforesaid TCP/IP connection control table has a size N.sub.size and an upper bound for usable table size of N.sub.abs.ltoreq.N.sub.size, and where values of T.sub.ho are dynamically computed in a range [T.sub.min, T.sub.max]

According to a preferred embodiment, the method according t a preferred embodiment of the invention comprises the steps of: i) setting T.sub.ho=T.sub.min when N>N.sub.abs ii) when N>N.sub.limit setting T.sub.ho=max{T.sub.min, T'.sub.ho/A}, where T'.sub.ho is a previously existing value of T.sub.ho, where A>1, where N is the current usage of the table, and where 0.ltoreq.N.sub.limit.ltoreq.N.sub.size, and iii) when N.ltoreq.N.sub.limit, setting T.sub.ho=min{T.sub.max, A*T'.sub.ho}.

According to another preferred embodiment, the method comprises the steps of: a) defining a plurality of table usage value N.sub.i spanning an increasing range of N.sub.1=0 to N.sub.1=N.sub.size b) associating a corresponding plurality of time durations T.sub.1 spanning a decreasing range of T.sub.1=T.sub.max to T.sub.1=T.sub.min, and c) comparing current table usage N to N.sub.1 and setting T.sub.ho to a corresponding value T.sub.i.

As an illustrative example, T.sub.min may have a value in a range of 0.01 to 1.0 secs. and T.sub.max may have a value in a range of 60 to 120 secs.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates the definition of the size of a TCP connection control table.

FIG. 2 illustrates an exemplary range of half-open time-out, T.sub.ho

FIG. 3 illustrates the overall system and method, according to an embodiment of the invention

FIG. 4 illustrates a preferred algorithm that is used for managing the half-open connection time-out, T.sub.ho.

FIG. 5 illustrates another algorithm that can be used for managing the half-open connection time-out, T.sub.ho.

DETAILED DESCRIPTION OF THE INVENTION

FIG. 1 illustrates the definition of the size of a TCP connection control table. The value N.sub.size represents the size of the table and N represents the current use of the table. N is bounded by 0 (zero) and N.sub.size.

FIG. 2 illustrates the value range of the half-open time-out T.sub.ho. T.sub.ho is bounded by the minimum time-out value T.sub.min and the maximum time-out value T.sub.max. The T.sub.min value is usually less than 1 second and the T.sub.max value often used is either 60 seconds or 120 seconds depending on the installed TCP/IP stack.

FIG. 3 illustrates the overall system and method of this invention. The invented system 300 interact with any existing system 301 that monitors the half-open TCP connections and manages them using the half-open connection time-out T.sub.ho. Table Use Monitor (TUM) 302 monitors the use or usage of the TCP connection control table in a system 301. Half-open Connection Time-out Manager (HCTM) 303 computes the new value for T.sub.ho using the table use information made available by Table Use Monitor (TUM) 302, and then it informs the new value T.sub.ho to a system 301. Algorithms for computing T.sub.ho are described later. The components 302 and 303 are required components. Connection Time Range Adjuster (CTRA) 304 is an optional component and it re-computes the time range [T.sub.min, T.sub.max]. CTRA 304 makes the invented system and method adaptable to different operating environments. CTRA 304 continuously monitors the shortest duration T.sub.short of any half-open TCP connection and the longest duration T.sub.long of any half-open TCP connection that didn't time-out. After observing T.sub.short and T.sub.long, T.sub.min is set to T.sub.short and T.sub.max is set to T.sub.long, respectively. TCP Connection Request Throttler (TCRT) 305 is another optional component. The responsibility of this component is to discard or reset any newly arriving TCP connection requests had the table use level reached a predefined level of usage or use. TCRT 305 operations can be performed for every newly arriving TCP connection request by checking the current TCP connection table usage in a system 301.

FIG. 4 describes a preferred algorithm HCTM1 for computing the half-open time-out T.sub.ho. In this algorithm, two thresholds N.sub.limit and N.sub.abs are used. Here, N.sub.limit is always less than N.sub.abs. N.sub.limit indicates the number of "safely" usable entries in the TCP connection control table and its value is between 0 (zero) and the table size N.sub.size. A reasonable N.sub.limit value is between 50% and 90% of N.sub.size. N.sub.abs indicates the "absolute" bound and a reasonable value is between 90% and 99% of N.sub.size. Algorithm HCTM1 uses these two thresholds for computing T.sub.ho. Algorithm HCTM1 repeats the following computation periodically. This period is preferably on the order of a second. If N is greater than N.sub.abs, then T.sub.ho is immediately set to the minimum value T.sub.min to protect a system. If N is less than or equal to N.sub.abs and if N is greater than N.sub.limit, then T.sub.ho is reduced by setting it to max{T.sub.min, T.sub.ho/A}. The max function is used to make sure that the value of T.sub.ho will never be less than the minimum bound T.sub.min. Here, A is a parameter called "acceleration" and is either a constant (e.g., 2) or a variable. The value of A must be greater than 1 (one). If N is less than or equal N.sub.limit, then T.sub.ho is increased to min{T.sub.max, A*T.sub.ho}. The min function is used to make sure that the value of T.sub.ho never exceeds the maximum value T.sub.max. The value for A may be computed from the following: 1ct n=n.sub.1|n.sub.2 where n.sub.1 indicates the number of times N has exceeded N.sub.limit in the last n observed cycles. Then, A can be set to as a function of 2*(n.sub.1/n.sub.2).

FIG. 5 illustrates yet another algorithm, Algorithm HCTM2, that can be used to compute the half-open time-out T.sub.ho in the Half-open Connection Time-out Manager (HCTM) component 303 in FIG. 3. There are m thresholds called "trigger points", N.sub.1, N.sub.2, . . . N.sub.i, . . . N.sub.m, and are in increasing order where N.sub.1 is the smallest and N.sub.m is the largest. For each trigger point N.sub.i, a half-open time-out T.sub.1 is assigned, where T1=T.sub.max, and T.sub.m=T.sub.min. Algorithm HCTM2 will repeat the following step periodically, just like Algorithm HCTM1 does. When the observed value N crosses over N.sub.1 (i.e., N is between N.sub.1 and N.sub.1+l), the half-open time-out T.sub.ho is set to T.sub.i.

While the present invention has been described with reference to preferred embodiments thereof, numerous obvious changes and variations may readily be made by persons skilled in the field of internet and other communications. Accordingly, the invention should be understood to include all such variations to the full extent embraced by the claims.

*


Free Web Sudoku Puzzles.
Solve with your browser.
7   4   8     9  
    8     9 7    
    9 6          
  3     1     5 8
                 
1 4     5     2  
          2 6    
    1 4     2    
  8     6   1   7
What is it?



Add Your Site · Terms Of Service · Privacy Policy


DISCLAIMER
Linkgrinder is a free service that searches the Internet and indexes all files found so that you may search quickly and easily for shared files. These files are created and made available individually by users whose identity we are not aware of and who we have no control over. In essence we function like a search engine tool; these files ARE NOT STORED OR SERVED BY OUR NETWORK. We are not responsible for any materials obtained by using our service. We do not monitor any of the contents of these files. These files may contain viruses, illegal materials, materials inappropriate for minors, offensive files and the like. BY USING OUR SERVICE, YOU ASSUME FULL RESPONSIBILITY FOR DOWNLOADING THESE MATERIALS AND WILL INDEMNIFY US FOR ANY DAMAGES THAT MAY BE INCURRED.

For More Specific Information VIEW OUR TERMS OF SERVICE.

Thank you and Enjoy!