1. Field of the Invention
This invention relates to the field of network communication. In particular, the present invention relates to a network communication device (e.g., a switch) ingress system and method.
2. Related Art
Electronic systems and circuits have made a significant contribution towards the advancement of modern society and are utilized in a number of applications to achieve advantageous results. Numerous electronic technologies such as digital computers, calculators, audio devices, video equipment, and telephone systems facilitate increased productivity and cost reduction in analyzing and communicating data, ideas and trends in most areas of business, science, education and entertainment. Often these advantageous results are realized and maximized through the use of distributed resources that communicate with each other. However, when significant amounts of information are introduced in a network, problems often arise with establishing and supporting communications. In particular, forwarding a lot of information to a network device for processing can cause a denial of service for that device.
Network systems are being utilized in increasingly more advanced, versatile, and sophisticated applications that require significant network resources. These sophisticated applications typically require significant amounts of information to be communicated by network devices. As part of participating and facilitating communication of general purpose network frames, modern communication devices are often required to process a lot of information internally. If the amount of data to be processed exceeds a network device's capability a variety of detrimental impacts can occur. When the network device is pushed to processing capacity additional information is not able to be processed often resulting in a denial of service in the network device.
There have been various conventional attempts to prevent denial of service in network devices. One way to improve the performance of a communication network device is to increase its processing and storage capabilities. However, increased processing capability is usually expensive, harder to administer, and ultimately has some upper limit. When storage buffers are full, information is typically discarded, often indiscriminately. While this approach may prevent the system from being swamped, there can be information that is very important for proper operation of the network device that is discarded. Components coupled to a communications network often have operational constraints and it is critical to the performance of these devices that certain data be available. When there is an indiscriminate discard, on average some of the important information will be discarded which can impact the integrity of the network device.
Another traditional approach is to assign a priority to particular information for processing. Traditional prioritizing schemes usually have to be enforced network wide often making actual configuration complicated. Typically, a significant amount of resources are expended to ensure that assigned priorities are mapped correctly to one another between protocols and mean the same thing throughout the network. For example, 802.1p priority tagging is limited to 8 priorities and the tags have to be applied throughout the whole network even though the tags are not applicable to some IEEE protocols (e.g., LACP, STP). In addition, it is still possible for a malicious attack to cause a denial of service by sending a large amount of information tagged as high priority.
In another example, MAC based prioritization applies priorities to classes of traffic which can be identified by the MAC address in the packets (e.g., IEEE multicasts including LACP, STP, internal management traffic destined for a network device, etc.). Again it is still possible for a malicious attack to cause a denial of service by sending a large amount of information as a particular high priority frame type. Even with higher granularity prioritization, a malicious attack can cause a denial of service by sending a large amount of information as high priority traffic.