Method for protecting an NSP data network against data overflow, according to which the NSP data network is divided to a protected sub-network and an unprotected sub-network. Connectivity to external data networks is allowed through the unprotected sub-network via a set of predefined controlled data ports. A maximum available bandwidth that can be processed by a user is determined for each user and maximal sub-bandwidth is allocated for each router. Whenever the data packet flow intended to the user exceeds the sub-bandwidth at one of the routers, the excess packet flow is filtered.
|Patent number||US7808911 B2|
|State||Published - 2010|