Rate policing algorithm for packet flows

Information

  • Patent Application
  • 20030206522
  • Publication Number
    20030206522
  • Date Filed
    May 02, 2002
    22 years ago
  • Date Published
    November 06, 2003
    21 years ago
Abstract
A rate policing algorithm for packet flows is based on counters and threshold checking. The rate policing algorithm utilizes a state machine having four links: (1) compliant state to compliant state; (2) transition from compliant state to non-compliant state; (3) non-compliant state to non-compliant state; and (4) transition from non-compliant state to compliant state. Depending on the values obtained from the counters and utilizing the threshold values, it is determined whether a flow rate for packets is compliant or non-compliant.
Description


BACKGROUND OF THE INVENTION

[0001] 1. Technical Field


[0002] The present invention generally relates to a rate policing algorithm. More particularly, an embodiment of the present invention relates to a rate policing algorithm for packet flows based on counters and threshold checking that may be implemented directly in silicon.


[0003] 2. Discussion of the Related Art


[0004] Clients who pay for bandwidth to run their high-speed network applications want proof that they are receiving the bandwidth rates that they are purchasing. Most rate policing implementations perform complex calculations based on the “leaky bucket” algorithm, which is commonly used to measure rates for Asynchronous Transfer Mode (ATM) cells. (Traffic Management Specification version 4.1 of the ATM Forum, AF-TM-0121.000, March 1999.) “Leaky bucket” is a term used as a description of the algorithm used for conformance checking of cell flows from a user or network. The “leaky hole in the bucket” applies to the sustained rate at which cells may be accommodated, while the “bucket depth” refers to the tolerance to cell bursting over a given time period.


[0005] These types of algorithms are complex and difficult to implement in hardware for higher number of flows. Accordingly, there is a need for a rate policing solution that is simpler to implement in hardware, particularly for a high number of flows.







BRIEF DESCRIPTION OF THE DRAWINGS

[0006]
FIG. 1 illustrates a rate-based policing state machine for packet flows according to an embodiment of the present invention;


[0007]
FIG. 2 illustrates a flow chart diagram of non-compliancy checking while in a compliant state according to an embodiment of the present invention; and


[0008]
FIG. 3 illustrates a flow chart diagram of compliancy checking while in a non-compliant state according to an embodiment of the present invention.







DETAILED DESCRIPTION

[0009]
FIG. 1 illustrates a rate-based policing state machine for packet flows according to an embodiment of the present invention. For packets, rate policing is based on a maximum number of bytes received over a certain period of time, and this receipt over Z consecutive times. A compliant state 110 means that the flow rate is below its programmed threshold; that is, the flow rate policy is met and subsequent packets are not tagged. A non-compliant state 120 means that the flow rate is above its programmed threshold; that is, the flow rate policy is violated and subsequent packets are tagged or dropped. According to an embodiment of the present invention, the state machine 100 has four links: (1) compliant state 110 to compliant state 110; (2) compliant state 110 to non-compliant state 120 (transition state 112); (3) non-compliant state 120 to non-compliant state 120; and (4) non-compliant state 120 to compliant state 110 (transition state 122).


[0010] For each flow, counters and threshold values (context information/values) are stored in a control memory regarding rate policy checking. The counters may include: (1) an integration window time counter (WCNT); (2) a multiple windows counter (MWCNT); (3) a time stamp (TS); and (4) a data counter (MBCNT). The thresholds may include: (1) a data counter threshold in compliant state (MBCNT_C_INIT); (2) an integration window time threshold in compliant state (WCNT_C_INIT); (3) a multiple windows counter threshold in compliant state (MWCNT_C_INIT); (4) a data counter threshold in non-compliant state (MBCNT_N_INIT); (5) an integration window time threshold in non-compliant state (WCNT_N_INIT); and (6) a multiple windows counter threshold in non-compliant state (MWCNT_N_INIT).


[0011] The integration window time counter (WCNT) is the time interval remaining for flow rate compliancy or non-compliancy checking within an integration window for an amount of data. Each integration window, being a cycle in which compliancy or non-compliancy is checked for a “chunk” of data (e.g., M-bytes of data) in a flow, is sliding (i.e., a new window may be opened before the preceding one is completed) when in the compliant state 110.


[0012] The multiple windows counter (MWCNT) is utilized for probability checking. That is, the multiple windows counter (MWCNT) indicates the number of Z consecutive non-compliant or compliant windows that have occurred. The multiple windows counter (MWCNT) may be implemented as a down-counter, counting down to zero for each occurrence of consecutive non-compliant or compliant windows.


[0013] The data counter (MBCNT) indicates the receipt of an amount of data (e.g., M-bytes of data) for a particular flow, e.g., flow X. M may be of different values, such as 1 (a byte counter), 4 (a 4-byte counter), 8 (an 8-byte counter), etc. The value of M may be configured based on the level of accuracy required of the receive data flow rating.


[0014] The time stamp (TS) is a value indicating the preceding arrival time of the data, e.g., the M-byte of data for this particular flow.


[0015] The data counter threshold in compliant state (MBCNT_C_INIT) is the threshold value for flow rate non-compliancy checking to determine whether the flow rate (byte/second) is greater than (MBCNT_C_INIT * M)/(WCNT_C_INIT * clock period), where “*” is a multiplier.


[0016] The integration window time threshold in compliant state (WCNT_C_INIT) is the maximum integration window (maximum time interval) for flow rate non-compliancy checking where the integration time is WCNT_C_INIT*clock period.


[0017] The multiple windows counter threshold in compliant state (MWCNT_C_INIT) is the number of consecutive sliding windows that violate the flow rate that is necessary to declare a state of non-compliancy.


[0018] The data counter threshold in non-compliant state (MBCNT_N_INIT) is the threshold value for flow rate compliancy checking to determine whether the flow rate (byte/second) is less than (MBCNT_N_INIT*M)/(WCNT_N_INIT*clock period).


[0019] The integration window time threshold in non-compliant state (WCNT_N_INIT) is the maximum integration window (maximum time interval) for flow rate compliancy checking where the integration time is WCNT_N_INIT * clock period.


[0020] The multiple windows counter threshold in non-compliant state (MWCNT_N_INIT) is the number of consecutive sliding windows that do not violate the flow rate that is necessary to declare a state of compliancy.


[0021] All of the threshold (INIT) parameters are static parameters (initial values) configured by the network management functions when the flow connection is set up (i.e., these parameters provide to a particular flow its rate policing values). The WCNT, MWCNT, MBCNT, and TS values are counter values/parameters that are updated per flow every time an M-byte chunk of data is received/processed for a particular packet flow. These counters, including the time stamp (TS), are preferably implemented on-chip. Every time the context of a particular flow is retrieved from the control memory (i.e., when M-byte data is received for this flow), the three on-chip counters are updated with the parameters of this particular flow that were stored in the context/control memory. After rate compliancy processing for this flow, the counter values are written back to the control memory of this particular flow. Then, if the next M-byte chunk of data to be processed belongs to a different flow, the on-chip counters and packet rate compliancy machine are loaded with the retrieved context of this different packet flow (information coming from the same context/control memory).


[0022] The M value discussed above indicates the granularity used by the packet rate policing. The M value defines the granularity or the number of byte(s) used as the smallest unit to be accounted for in the rate policing calculation. The M value is not specific per flow usually, but is typically a global parameter.


[0023]
FIG. 2 illustrates a flow chart diagram of non-compliancy checking while in a compliant state according to an embodiment of the present invention. M-byte data from flow X is received 210 at present time (T) for a current integration window. It is determined 220 whether the integration window time counter (WCNT) has expired. That is, the integration window time counter (WCNT) is subtracted by a lapsed time interval. The lapsed time interval is determined by subtracting the present time value (T) by the time stamp value (TS); the time stamp value (TS) being the arrival time of the previous M-byte data from flow X. The integration window time counter has expired if the value of the integration window time counter (WCNT) subtracted by the lapsed time interval is less than or equal to zero (WCNT−(T−TS)≦0). The integration window time counter has not expired if the value of the integration window time counter (WCNT) subtracted by the lapsed time interval is greater than zero (WCNT−(T−TS)>0).


[0024] If the integration window time counter (WCNT) has expired, then the current integration window is declared 230 compliant and a new integration window is opened. The integration window time counter (WCNT) is set to the integration window time threshold in compliant state (WCNT_C_INIT), the multiple windows counter (MWCNT) is set to the multiple windows counter threshold in compliant state (MWCNT_C_INIT), the data counter (MBCNT) is set to the data counter threshold in compliant state (MBCNT_C_INIT), and the time stamp value (TS) is updated to the present time value (T).


[0025] If the integration window time counter (WCNT) has not expired and the data counter (MBCNT) is at one (at one count from expiring only one more M-byte is allowed), then if the multiple windows counter (down-counter) (MWCNT) is at one (at one count from expiring), the flow is declared 240 non-compliant and transitions to the non-compliant state 120. In the transition state 112 to the non-compliant state 120, the integration window time counter (WCNT) is set to the integration window time threshold in non-compliant state (WCNT_N_INIT), the multiple windows counter (MWCNT) is set to the multiple windows counter threshold in non-compliant state (MWCNT_N_INIT), the data counter (MBCNT) is set to the data counter threshold in non-compliant state (MBCNT_N_INIT), and the time stamp value (TS) is updated to the present time value (T).


[0026] Alternatively, if the integration window time counter (WCNT) has not expired and the data counter (MBCNT) is at one (at one count from expiring), then if the multiple windows counter (MWCNT) is greater than one (at least two counts from expiring), the current integration window is declared 250 non-compliant and a new integration window is opened. The multiple windows counter (down-counter) (MWCNT) is decremented by one (MWCNT−1), the integration window time counter (WCNT) is set to the integration window time threshold in compliant state (WCNT_C_INIT), the data counter (MBCNT) is set to the data counter threshold in compliant state (MBCNT_C_INIT), and the time stamp value (TS) is updated to the present time value (T).


[0027] Finally, if the integration window time counter (WCNT) has not expired and the data counter (MBCNT) is greater than one (at least two counts from expiring), then non-compliancy is continued to be checked 260 and the current integration window is maintained open. The integration window time counter (WCNT) is set to the integration window time counter subtracted by the lapsed time interval (WCNT−(T−TS)), the data counter (MBCNT) is decremented by one (MBCNT−1), the multiple windows counter (MWCNT) does not change, and the time stamp value (TS) is updated to the present time value (T).


[0028]
FIG. 3 illustrates a flow chart diagram of compliancy checking while in a non-compliant state according to an embodiment of the present invention. M-byte data from flow X is received 310 at present time (T) for a current integration window. It is determined 320 whether the integration window time counter (WCNT) has expired. That is, the integration window time counter (WCNT) is subtracted by a lapsed time interval. The lapsed time interval is determined by subtracting the present time value (T) by the time stamp value (TS); the time stamp value (TS) being the arrival time of the previous M-byte data from flow X. The integration window time counter has expired if the value of the integration window time counter (WCNT) subtracted by the lapsed time interval is less than or equal to zero (WCNT−(T−TS)≦0). The integration window time counter (WCNT) has not expired if the value of the integration window time counter (WCNT) subtracted by the lapsed time interval is greater than zero (WCNT−(T−TS)>0).


[0029] If the integration window time counter (WCNT) has expired and the data counter (MBCNT) is at one or less (at one-or-less count from expiring), then the current integration window is declared 330 non-compliant and a new integration window is opened. The integration window time counter (WCNT) is set to the integration window time threshold in non-compliant state (WCNT_N_INIT), the multiple windows counter (MWCNT) is set to the multiple windows counter threshold in non-compliant state (MWCNT_N_INIT), the data counter (MBCNT) is set to the data counter threshold in non-compliant state (MBCNT_N_INIT), and the time stamp value (TS) is updated to the present time value (T).


[0030] If the integration window time counter (WCNT) has expired and the data counter (MBCNT) is greater than one (at least two counts from expiring), then if the multiple windows counter (down-counter) (MWCNT) is at one (at one count from expiring), the flow is declared 340 compliant and transitions to the compliant state 110. In the transition state 122 to the compliant state 110, the integration window time counter (WCNT) is set to the integration window time threshold in compliant state (WCNT_C_INIT), the multiple windows counter is set to the multiple windows counter threshold in compliant state (MWCNT_C_INIT), the data counter (MBCNT) is set to the data counter threshold in compliant state (MBCNT_C_INIT), and the time stamp value (TS) is updated to the present time value (T).


[0031] Alternatively, if the integration window time counter (WCNT) has expired and the data counter (MBCNT) is greater than one (at least two counts from expiring), then if the multiple windows counter (down-counter) (MWCNT) is greater than one (at least two counts from expiring), the current integration window is declared 350 compliant and a new integration window is opened. The multiple windows counter (MWCNT) is decremented by one (MWCNT−1), the integration window time counter (WCNT) is set to the integration window time threshold in non-compliant state (WCNT_N_INIT), the data counter (MBCNT) is set to the data counter threshold in non-compliant state (MBCNT_N_INIT), and the time stamp value (TS) is updated to the present time value (T).


[0032] Finally, if the integration window time counter (WCNT) has not expired, then compliancy is continued to be checked 260 and the current integration window is maintained open. The integration window time counter (WCNT) is set to the integration window time counter subtracted by the lapsed time interval (WCNT−(T−TS)), the data counter (MBCNT) is decremented by one (MBCNT−1) if the data counter (MBCNT) is greater than one (at least two counts from expiring), the data counter (MBCNT) is set to zero (MBCNT=0) if the data counter is not greater than one (at one-or-less count from expiring), and the time stamp value (TS) is updated to the present time value (T).


[0033] As discussed above, the threshold values (INIT) are fixed, but may be individually adjusted for each application depending on the level of accuracy required. Each of the above ten parameters are preferably defined for each flow and are stored in an external control memory.


[0034] In one particular example, the following values are set:


[0035] WCNT_C_INIT=WCNT_N_INIT=integration window maximum size (unit=number of clock cycles)=I=2exp(W), with W coded over 5 bits


[0036] WCNT=integration window counter (number of clock cycles), with 32-bit coding


[0037] TS=time stamp value, with 32-bit encoding


[0038] MBCNT_C_INIT (X)=MBCNT_N_INIT (Y)=threshold value for compliancy/non-compliancy checking (unit is number of M-byte of data)=2exp(N), with N coded over 4 bits (e.g., from 0 to 14)


[0039] MBCNT=receive data M-byte counter (14-bit)


[0040] MWCNT_C_INIT=MWCNT_N_INIT=C=minimum number of consecutive windows violating/not-violating (non-compliant/compliant with) the rate policing (3-bit)


[0041] MWCNT=consecutive windows counter (3-bit)


[0042] State Machine Status=flow rate violated/not violated


[0043] These parameters may be defined for each flow, and preferably stored in an external control memory. Therefore, if there are more than X*M bytes received over an integration time of WCNT_C_INIT clock periods, and this occurrence for C consecutive times, then the current flow is violating its rate policing (the maximum allowed rate) and it is in the non-compliant state 110 (see FIG. 1). When in the non-compliant state 110, if less than Y*M bytes are received over an integration period of WCNT_N_INIT clock periods, the rate is not violated and it is in the compliant state 120 (see FIG. 1). The violation or non-compliant state typically only changes across packet boundaries.


[0044] The parameters in the above example are set in this specific instance where WCNT_C_INIT=WCNT_N_INIT, MBCNT_C_INIT=MBCNT_N_INIT, and MWCNT_C_INIT=MWCNT_N_INIT in order to limit the number of control bit information to be stored in the control memory for a particular flow to check its rate compliancy. For example, there may be up to 256K packet flows to process, and it is necessary to store 256,000×UU control bits in the control memory, such as in an external Synchronous Static Random Access Memory (SSRAM), or any suitable memory device. In this above example, 91 bits are sufficient to be stored per packet flow, however, more control bits would provide greater accuracy for the rate policing algorithm.


[0045] Finer granularity enables more accurate rate policing, although it will increase the complexity and the amount of information to store in the control memory. The granularity described above is generally sufficient for most applications. The M value discussed above indicates the granularity used by the packet rate policing. The M value defines the granularity or the number of byte(s) used as the smallest unit to be accounted for in the rate policing calculation. The M value is not specific per flow usually, but is typically a global parameter.


[0046] While the description above refers to particular embodiments of the present invention, it will be understood that many modifications may be made without departing from the spirit thereof. The accompanying claims are intended to cover such modifications as would fall within the true scope and spirit of the present invention. The presently disclosed embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims, rather than the foregoing description, and all changes that come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.


Claims
  • 1. A method of flow rate-based policy checking for non-compliancy, comprising: receiving data from a flow at a present time for a current integration window; determining whether an integration window time counter has expired based on a lapsed time interval; declaring the current integration window compliant and opening a new integration window if the integration window time counter has expired; declaring the flow non-compliant and transitioning to a non-compliant state if the integration window time counter has not expired, one more unit of data is remaining, and one more integration window cycle is remaining; declaring the current integration window non-compliant and opening the new integration window if the integration window time counter has not expired, one more unit of data is remaining, and at least two integration window cycles are remaining; and continuing to check for non-compliancy and maintaining the current integration window open if the integration window time counter has not expired and at least two units of data are remaining.
  • 2. The method according to claim 1, wherein the lapsed time interval is the present time subtracted by a previous time stamp.
  • 3. A method of flow rate-based policy checking for compliancy, comprising: receiving data from a flow at a present time for a current integration window; determining whether an integration window time counter has expired based on a lapsed time interval; declaring the current integration window non-compliant and opening a new integration window if the integration window time counter has expired and one-or-less unit of data is remaining; declaring the flow compliant and transitioning to a compliant state if the integration window time counter has expired, at least two units of data are remaining, and one more integration window cycle is remaining; declaring the current integration window compliant and opening the new integration window if the integration window time counter has expired, at least two units of data are remaining, and at least two integration window cycles are remaining; and continuing to check for compliancy and maintaining the current integration window open if the integration window time counter has not expired.
  • 4. The method according to claim 3, wherein the lapsed time interval is the present time subtracted by a previous time stamp.
  • 5. A program code storage device, comprising: a machine-readable storage medium; and machine-readable program code, stored on the machine-readable storage medium, having instructions to receive data from a flow at a present time for a current integration window; determine whether an integration window time counter has expired based on a lapsed time interval; declare the current integration window compliant and open a new integration window if the integration window time counter has expired; declare the flow non-compliant and transition to a non-compliant state if the integration window time counter has not expired, one more unit of data is remaining, and one more integration window cycle is remaining; declare the current integration window non-compliant and open the new integration window if the integration window time counter has not expired, one more unit of data is remaining, and at least two integration window cycles are remaining; and continue to check for non-compliancy and maintain the current integration window open if the integration window time counter has not expired and at least two units of data are remaining.
  • 6. The program code storage device according to claim 5, wherein the lapsed time interval is the present time subtracted by a previous time stamp.
  • 7. A program code storage device, comprising: a machine-readable storage medium; and machine-readable program code, stored on the machine-readable storage medium, having instructions to receive data from a flow at a present time for a current integration window; determine whether an integration window time counter has expired based on a lapsed time interval; declare the current integration window non-compliant and open a new integration window if the integration window time counter has expired and one-or-less unit of data is remaining; declare the flow compliant and transition to a compliant state if the integration window time counter has expired, at least two units of data are remaining, and one more integration window cycle is remaining; declare the current integration window compliant and open the new integration window if the integration window time counter has expired, at least two units of data are remaining, and at least two integration window cycles are remaining; and continue to check for compliancy and maintain the current integration window open if the integration window time counter has not expired.
  • 8. The program code storage device according to claim 7, wherein the lapsed time interval is the present time subtracted by a previous time stamp.
  • 9. A method of flow rate-based policy checking for non-compliancy, comprising: receiving data from a flow at a present time for a current integration window; subtracting an integration window time counter by a lapsed time interval to determine whether the integration window time counter has expired; declaring the current integration window compliant and opening a new integration window if the integration window time counter has expired; declaring the flow non-compliant and transitioning to a non-compliant state if the integration window time counter has not expired, a data counter is at one, and a multiple windows counter is at one; declaring the current integration window non-compliant and opening the new integration window if the integration window time counter has not expired, the data counter is at one, and the multiple windows counter is greater than one; and continuing to check for non-compliancy and maintaining the current integration window open if the integration window time counter has not expired and the data counter is greater than one.
  • 10. The method according to claim 9, wherein the lapsed time interval is the present time subtracted by a previous time stamp.
  • 11. The method according to claim 9, wherein declaring the current integration window compliant and opening the new integration window includes: setting the integration window time counter to that of an integration window time threshold; setting the multiple windows counter to that of a multiple windows counter threshold; setting the data counter to that of a data counter threshold; and setting a previous time stamp to that of the present time.
  • 12. The method according to claim 9, wherein transitioning to the non-compliant state includes: setting the integration window time counter to that of an integration window time threshold; setting the multiple windows counter to that of a multiple windows counter threshold; setting the data counter to that of a data counter threshold; and setting a previous time stamp to that of the present time.
  • 13. The method according to claim 9, wherein declaring the current integration window non-compliant and opening the new integration window includes: decrementing the multiple windows counter by one; setting the integration window time counter to that of an integration window time threshold; setting the data counter to that of a data counter threshold; and setting a previous time stamp to that of the present time.
  • 14. The method according to claim 9, wherein continuing to check for non-compliancy and maintaining the current integration window open includes: setting the integration window time counter to that of the integration window time counter subtracted by the lapsed time interval; decrementing the data counter by one; maintaining the multiple windows counter constant; and setting a previous time stamp to that of the present time.
  • 15. A method of flow rate-based policy checking for compliancy, comprising: receiving data from a flow at a present time for a current integration window; subtracting an integration window time counter by a lapsed time interval to determine whether the integration window time counter has expired; declaring the current integration window non-compliant and opening a new integration window if the integration window time counter has expired and a data counter is at one or less; declaring the flow compliant and transitioning to a compliant state if the integration window time counter has expired, the data counter is greater than one, and a multiple windows counter is at one; declaring the current integration window compliant and opening the new integration window if the integration window time counter has expired, the data counter is greater than one, and the multiple windows counter is greater than one; and continuing to check for compliancy and maintaining the current integration window open if the integration window time counter has not expired.
  • 16. The method according to claim 15, wherein the lapsed time interval is the present time subtracted by a previous time stamp.
  • 17. The method according to claim 15, wherein declaring the current integration window non-compliant and opening the new integration window includes: setting the integration window time counter to that of an integration window time threshold; setting the multiple windows counter to that of a multiple windows counter threshold; setting the data counter to that of a data counter threshold; and setting a previous time stamp to that of the present time.
  • 18. The method according to claim 15, wherein transitioning to the compliant state includes: setting the integration window time counter to that of an integration window time threshold; setting the multiple windows counter to that of a multiple windows counter threshold; setting the data counter to that of a data counter threshold; and setting a previous time stamp to that of the present time.
  • 19. The method according to claim 15, wherein declaring the current integration window compliant and opening the new integration window includes: decrementing the multiple windows counter by one; setting the integration window time counter to that of an integration window time threshold; setting the data counter to that of a data counter threshold; and setting a previous time stamp to that of the present time.
  • 20. The method according to claim 15, wherein continuing to check for compliancy and maintaining the current integration window open includes: setting the integration window time counter to that of the integration window time counter subtracted by the lapsed time interval; decrementing the data counter by one if the data counter is greater than one; setting the data counter to zero if the data counter is not greater than one; maintaining the multiple windows counter constant; and setting a previous time stamp to that of the present time.
  • 21. A program code storage device, comprising: a machine-readable storage medium; and machine-readable program code, stored on the machine-readable storage medium, having instructions to receive data from a flow at a present time for a current integration window; subtract an integration window time counter by a lapsed time interval to determine whether the integration window time counter has expired; declare the current integration window compliant and open a new integration window if the integration window time counter has expired; declare the flow non-compliant and transition to a non-compliant state if the integration window time counter has not expired, a data counter is at one, and a multiple windows counter is at one; declare the current integration window non-compliant and open the new integration window if the integration window time counter has not expired, the data counter is at one, and the multiple windows counter is greater than one; and continue to check for non-compliancy and maintain the current integration window open if the integration window time counter has not expired and the data counter is greater than one.
  • 22. The program code storage device according to claim 21, wherein the lapsed time interval is the present time subtracted by a previous time stamp.
  • 23. The program code storage device according to claim 21, wherein the instructions to declare the current integration window compliant and open the new integration window further include instructions to: set the integration window time counter to that of an integration window time threshold; set the multiple windows counter to that of a multiple windows counter threshold; set the data counter to that of a data counter threshold; and set a previous time stamp to that of the present time.
  • 24. The program code storage device according to claim 21, wherein the instructions to transition to the non-compliant state further include instructions to: set the integration window time counter to that of an integration window time threshold; set the multiple windows counter to that of a multiple windows counter threshold; set the data counter to that of a data counter threshold; and set a previous time stamp to that of the present time.
  • 25. The program code storage device according to claim 21, wherein the instructions to declare the current integration window non-compliant and open the new integration window further include instructions to: decrement the multiple windows counter by one; set the integration window time counter to that of an integration window time threshold; set the data counter to that of a data counter threshold; and set a previous time stamp to that of the present time.
  • 26. The program code storage device according to claim 21, wherein the instructions to continue to check for non-compliancy and maintain the current integration window open further include instructions to: set the integration window time counter to that of the integration window time counter subtracted by the lapsed time interval; decrement the data counter by one; maintain the multiple windows counter constant; and set a previous time stamp to that of the present time.
  • 27. A program code storage device, comprising: a machine-readable storage medium; and machine-readable program code, stored on the machine-readable storage medium, having instructions to receive data from a flow at a present time for a current integration window; subtract an integration window time counter by a lapsed time interval to determine whether the integration window time counter has expired; declare the current integration window non-compliant and open a new integration window if the integration window time counter has expired and a data counter is at one or less; declare the flow compliant and transition to a compliant state if the integration window time counter has expired, the data counter is greater than one, and a multiple windows counter is at one; declare the current integration window compliant and open the new integration window if the integration window time counter has expired, the data counter is greater than one, and the multiple windows counter is greater than one; and continue to check for compliancy and maintain the current integration window open if the integration window time counter has not expired.
  • 28. The program code storage device according to claim 27, wherein the lapsed time interval is the present time subtracted by a previous time stamp.
  • 29. The program code storage device according to claim 27, wherein the instructions to declare the current integration window non-compliant and open the new integration window further include instructions to: set the integration window time counter to that of an integration window time threshold; set the multiple windows counter to that of a multiple windows counter threshold; set the data counter to that of a data counter threshold; and set a previous time stamp to that of the present time.
  • 30. The program code storage device according to claim 27, wherein the instructions to transition to the compliant state further include instructions to: set the integration window time counter to that of an integration window time threshold; set the multiple windows counter to that of a multiple windows counter threshold; set the data counter to that of a data counter threshold; and set a previous time stamp to that of the present time.
  • 31. The program code storage device according to claim 27, wherein the instructions to declare the current integration window compliant and open the new integration window further include instructions to: decrement the multiple windows counter by one; set the integration window time counter to that of an integration window time threshold; set the data counter to that of a data counter threshold; and set a previous time stamp to that of the present time.
  • 32. The program code storage device according to claim 27, wherein the instructions to continue to check for compliancy and maintain the current integration window open further include instructions to: set the integration window time counter to that of the integration window time counter subtracted by the lapsed time interval; decrement the data counter by one if the data counter is greater than one; set the data counter to zero if the data counter is not greater than one; maintain the multiple windows counter constant; and set a previous time stamp to that of the present time.
  • 33. A method of flow rate-based policy checking for non-compliancy, comprising: receiving data from a flow at a present time for a current integration window; determining whether an integration window time counter has expired based on a lapsed time interval; declaring the current integration window compliant and opening a new integration window if the integration window time counter has expired; declaring the flow non-compliant and transitioning to a non-compliant state if the integration window time counter has not expired, a data counter is one count from expiring, and a multiple windows counter is one count from expiring; declaring the current integration window non-compliant and opening the new integration window if the integration window time counter has not expired, the data counter is one count from expiring, and the multiple windows counter is at least two counts from expiring; and continuing to check for non-compliancy and maintaining the current integration window open if the integration window time counter has not expired and the data counter is at least two counts from expiring.
  • 34. The method according to claim 33, wherein the lapsed time interval is the present time subtracted by a previous time stamp.
  • 35. A method of flow rate-based policy checking for compliancy, comprising: receiving data from a flow at a present time for a current integration window; determining whether an integration window time counter has expired based on a lapsed time interval; declaring the current integration window non-compliant and opening a new integration window if the integration window time counter has expired and a data counter is one-or-less count from expiring; declaring the flow compliant and transitioning to a compliant state if the integration window time counter has expired, the data counter is at least two counts from expiring, and a multiple windows counter is one count from expiring; declaring the current integration window compliant and opening the new integration window if the integration window time counter has expired, the data counter is at least two counts from expiring, and the multiple windows counter is at least two counts from expiring; and continuing to check for compliancy and maintaining the current integration window open if the integration window time counter has not expired.
  • 36. The method according to claim 35, wherein the lapsed time interval is the present time subtracted by a previous time stamp.
  • 37. A program code storage device, comprising: a machine-readable storage medium; and machine-readable program code, stored on the machine-readable storage medium, having instructions to receive data from a flow at a present time for a current integration window; determine whether an integration window time counter has expired based on a lapsed time interval; declare the current integration window compliant and open a new integration window if the integration window time counter has expired; declare the flow non-compliant and transition to a non-compliant state if the integration window time counter has not expired, a data counter is one count from expiring, and a multiple windows counter is one count from expiring; declare the current integration window non-compliant and open the new integration window if the integration window time counter has not expired, the data counter is one count from expiring, and the multiple windows counter is at least two counts from expiring; and continue to check for non-compliancy and maintain the current integration window open if the integration window time counter has not expired and the data counter is at least two counts from expiring.
  • 38. The program code storage device according to claim 37, wherein the lapsed time interval is the present time subtracted by a previous time stamp.
  • 39. A program code storage device, comprising: a machine-readable storage medium; and machine-readable program code, stored on the machine-readable storage medium, having instructions to receive data from a flow at a present time for a current integration window; determine whether an integration window time counter has expired based on a lapsed time interval; declare the current integration window non-compliant and open a new integration window if the integration window time counter has expired and a data counter is one-or-less count from expiring; declare the flow compliant and transition to a compliant state if the integration window time counter has expired, the data counter is at least two counts from expiring, and a multiple windows counter is one count from expiring; declare the current integration window compliant and open the new integration window if the integration window time counter has expired, the data counter is at least two counts from expiring, and the multiple windows counter is at least two counts from expiring; and continue to check for compliancy and maintain the current integration window open if the integration window time counter has not expired.
  • 40. The program code storage device according to claim 39, wherein the lapsed time interval is the present time subtracted by a previous time stamp.