Denial of service mitigation with two-tier hash

Assignee

• Intel Corporation · US

Inventors

• Sameh Gobriel · Hillsboro, US
• Christian Maciocco · Portland, US
• Byron Marohn · Beaverton, US
• Ren Wang · Portland, US
• Tsung-Yuan C. Tai · Portland, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1491
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A computing apparatus for providing a node within a distributed network function, including: a hardware platform; a network interface to communicatively couple to at least one other peer node of the distributed network function; a distributor function including logic to operate on the hardware platform, including a hashing module configured to receive an incoming network packet via the network interface and perform on the incoming network packet a first-level hash of a two-level hash, the first level hash being a lightweight hash with respect to a second-level hash, the first level hash to deterministically direct a packet to one of the nodes of the distributed network function as a directed packet; and a denial of service (DoS) mitigation engine to receive notification of a DoS attack, identify a DoS packet via the first-level hash, and prevent the DoS packet from reaching the second-level hash.