The development of the EDVAC computer system of 1948 is often cited as the beginning of the computer era. Since that time, computer systems have evolved into extremely sophisticated devices, and computer systems may be found in many different settings. Computer systems typically include a combination of hardware (e.g., semiconductors, circuit boards, etc.) and software (e.g., computer programs). As advances in semiconductor processing and computer architecture push the performance of the computer hardware higher, more sophisticated computer software has evolved to take advantage of the higher performance of the hardware, resulting in computer systems today that are much more powerful than those that existed just a few years ago.
Other changes in technology have also profoundly affected how we use computers. For example, the widespread proliferation of computers prompted the development of computer networks that allow computers to communicate with each other. With the introduction of the personal computer (PC), computing became accessible to large numbers of people. Networks for personal computers were developed to allow individual users to communicate with each other. In this manner, a large number of people within a company, or between companies, could communicate simultaneously over a network with a software application running on a single computer system.
One significant computer network that has recently become very popular is the Internet. The Internet grew out of the modern proliferation of computers and networks, and has evolved into a sophisticated worldwide network of linked computer systems containing web pages. This system of communication networks and computer systems collectively make up the “world-wide web”, or “WWW”. A user at an individual PC (i.e., workstation) that wishes to access the WWW typically does so using a software application known as a web browser. A web browser makes a connection via the Internet to computers known as web servers, and receives information from the web servers that is displayed on the user's workstation. Information displayed to the user is typically organized into pages that are constructed using a specialized language called Hypertext Markup Language (HTML). Web browsers that use HTML are now available for almost every computer system on the market, making the WWW accessible to practically anyone who has access to a computer and a modem. Although the WWW is becoming increasingly popular, the rapid growth and expansion of computer users accessing the WWW has brought along with it concomitant problems. Some of these problems are identified in this discussion.
One outgrowth of the world wide web are server farms. The use of the term “farm” is intended to communicate that a number of devices are operatively coupled together in such a way that data may flow more or less seamlessly between the end users to any of the cooperating devices in the farm. Thus a plurality of server computer systems cooperate to divide the data-handling demands of a network. While the technology to perform such a division of function is available or is under development, problems can arise in such environments which are addressed and overcome by the invention here described. It is to be noted that the invention described hereinafter has utility in connection with a single server system as well as in a server farm. For that reason, the term “farm” will occasionally be used here to refer to a single server computer system.
The description which follows presupposes knowledge of network data communications and of the switches and routers which are used in such communications networks. In particular, the description presupposes familiarity with the OSI model of network architecture which divides network operation into layers. A typical architecture based upon the OSI model extends from Layer 1 (also sometime identified as “L1”) as the physical pathway or media through which signals are passed upwards through Layers 2–7, the last mentioned being the layer of applications programming running on a computer system linked to the network. In this document, mention of L1, L2 and so forth is intended to refer to the corresponding layer of a network architecture. The disclosure also presupposes a fundamental understanding of bit strings known as packets, frames, and cells and their handling in network communication. On the latter point, the disclosure presupposes knowledge of certain technology by which such bit strings are passed through queues provided in communication devices and computer system memory under the control of enqueuing managers. Queue management includes, in previously known processes which have come to be identified as RED and BLUE, determining the level of enqueued data maintained in a queue and determining the so-called offered rate of data moving to the queue. More discussion of this technology follows later in this disclosure.
One particular problem, addressed here, arises out of willful attempts to deny to users the resources of a particular server or server farm. A now-classic form of such an attempt is known as a “denial of service” or DOS attack. A DOS attack is typically orchestrated by an individual or group wishing to interfere with the availability of a network resource such as a subscriber service or a particular web site or data base. The attacker, using whatever resources can be marshaled, causes a rapidly-increasing number of calls to the resource to be transmitted over the network (e.g., the internet) through which the resource is linked. Where the responsiveness of the server supporting the resource is limited (as it inevitably is), a large number of demands presented nearly simultaneously will cause an overload and cause the server to either slow down its response time or, in many cases, “go down” or become unavailable. In some instances, restoring availability of the resource, or “bringing the server(s) back up”, can consume hours and person-days of technical support personnel.
It is therefore an object of the present invention to provide a system and method for facilitating the protection of a server computer system or a plurality of server computer systems joined in a server farm.