Patent attributes
Some embodiments of the invention provide a data-plane forwarding circuit (data plane) that can be configured to provide protection from a SYN-flood denial of service attack by validating a source of a SYN data messages before allowing future messages to be forwarded to a protected server. To perform its forwarding operations, the data plane includes several data message processing stages that are configured to process the data tuples associated with the data messages received by the data plane. In some embodiments, parts of the data plane message-processing stages are also configured to operate as a connection-validation circuit that includes (1) a SYN-processing circuit to process SYN data messages received by the data plane, and (2) an ACK-processing circuit to process ACK data messages received by the data plane.
