1. Field
This application relates to communication networks and, more particularly, to a method and apparatus for control plane CPU overload protection.
2. Description of the Related Art
Data communication networks may include various switches, nodes, routers, and other devices coupled to and configured to pass data to one another. These devices will be referred to herein as “network elements”. Data is communicated through the data communication network by passing protocol data units, such as frames, packets, cells, or segments, between the network elements by utilizing one or more communication links. A particular protocol data unit may be handled by multiple network elements and cross multiple communication links as it travels between its source and its destination over the network.
The various network elements on the communication network communicate with each other using predefined sets of rules, referred to herein as protocols. Different protocols are used to govern different aspects of the communication, such as how signals should be formed for transmission between network elements, various aspects of what the protocol data units should look like, how packets should be handled or routed through the network by the network elements, and how information associated with routing information should be exchanged between the network elements.
Typically, a network element includes a control plane containing one or more CPUs which run applications that control how the network element operates on the network. The network element also includes a data plane that is implemented in hardware and optimized to handle packets of data being forwarded on the network. The applications executing in the control plane are used to program the data plane so that the data plane handles traffic correctly based on the current state of the network. The network elements exchange control packets with each other so that the network elements have a synchronized view of the network topology and can handle traffic in a coherent manner. When a control packet is received by the data plane, the data plane will forward the control packet to the control plane for processing so that state associated with the associated control application can be updated based on the content of the control packet.
For example, a routing application such a link state routing protocol application may be run in the control plane to control operation of the network element on the network. Example link state routing protocols include Open Shortest Path First (OSPF) and Intermediate System to Intermediate System (IS-IS). Alternatively, a bridging protocol such as Spanning Tree Protocol (STP) may be run in the control plane. To implement protocols of this nature, network elements send out control packets identifying the links to which they are connected. For instance, STP uses control packets that are commonly referred to as Bridged Protocol Data Units or BPDUs for short. When the network element receives a BPDU, the data plane will forward the BPDU to the bridging process in the control plane to enable the bridging process to use the information contained in the BPDU to update a bridging database maintained by the control plane. The updates to the bridging database may then be used by the control process to update forwarding information programmed in the data plane, to adjust how the network element is operating on the network.
Thus, in a typical network element, the control plane runs at least one instance of control plane software which executes functions such as managing the hardware resources within that network element, as well as processing network protocols to allow communications among networks of switches.
The control plane software may run on one or more hardware CPU cores. A given CPU core has a limited or fixed resource capacity, due to its operating clock frequency and size of memory. This translates into a fixed overall budget for the number of CPU instructions and buffers that the CPU has available to process control packets, which further determines the maximum packet processing rate beyond which the CPU core is overloaded. To ensure real time processing of control packets, it is preferable to prevent the CPU core from becoming overloaded.
Several approaches have been proposed to prevent the control plane software running on the CPU core from being overloaded. For example, one common method is to use statically configured filter rules, commonly referred to as Access Control Lists (ACL) to filter control packets associated with unsupported protocols. Although this technique can prevent overloading of the CPU core, it suffers from denial of service to legitimate control packets in the presence of traffic anomalies due to loops and malicious attacks. For example, if a loop occurs in the network, or a denial of service attack is launched, a given network element may be inundated with control packets. Use of statically configured filter rules will limit the number of control packets that are passed to the control plane, potentially causing legitimate control packets to be dropped before they are able to be processed by the control plane. This results in a situation where the network element is not able to be controlled, since control packets are not reaching the control software. Further, this lack of control unfortunately coincides with a situation where control of the network element is imperative to enable the routing loop to be corrected or to enable the denial of service attack to be quashed.
Another approach to CPU overload protection is to use policers to rate limit different traffic types destined to the control plane. The problem with this approach is that it does not dynamically adapt to changes in the control plane system configurations.