Patents by Inventor Pascal Chauffour
Pascal Chauffour has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8001279Abstract: A method of synchronizing firewalls in a communication system comprising a server farm wherein any user connected to the Internet can access customer servers, and at least two firewalls using a Virtual Router Redundancy Protocol (VRRP) to set up as primary interface firewall the firewall which owns the primary interface of the VRRP group of interfaces to at least one customer server. The method includes initializing, in a secondary interface firewall, a synchronization message exchange with the primary firewall after receiving a packet for a connection having a state which is incompatible with the received packet or after the standard firewall processing of a packet corresponding to a new connection, and registering in a common connection table the state of any connection if the connection is new or if the connection state has changed.Type: GrantFiled: December 12, 2002Date of Patent: August 16, 2011Assignee: International Business Machines CorporationInventors: Jean-Marc Berthaud, Pascal Chauffour, Jean-Claude Dispensa, Valerie Mahe
-
Patent number: 7991914Abstract: A single firewall or cluster of firewalls with a public IP address is interfaced to an internet public subnet to receive service requests for a cluster of network servers. A first private subnet with a plurality of private IP addresses is interfaced to the single firewall or cluster of firewalls to receive the service requests after passing through a firewall. A plurality of redundant load balancers with a respective plurality of private IP addresses are interfaced to the first private subnet to receive the service requests after passing through the first private subnet. The load balancers are interfaced to a second private subnet. The network servers with respective private IP addresses are interfaced to the second private subnet to receive the service requests from the load balancers. At an initialization time, a private IP address is defined for the network load balancer system within the internet access subnet.Type: GrantFiled: December 10, 2008Date of Patent: August 2, 2011Assignee: International Business Machines CorporationInventors: Pascal Chauffour, Eric Lebrun, Valerie Mahe
-
Patent number: 7908355Abstract: A method for improving network server load balancing in a system that has a plurality of network servers connected by an Internet access LAN to the Internet, a back-end access LAN connected to several database servers, and a network load balancer for selecting one of the network servers according to weights associated with the network servers. Link connectivity is monitored cyclically from each network server, and a status indicator is set to UP if all of the links associated with the network server are available, or to DOWN if at least one link is unavailable. The network servers send their status indicators to the network load balancer. The network load balancer changes the weight associated with a network server to a non-eligible value if the associated status indicator changes from UP to DOWN.Type: GrantFiled: June 12, 2003Date of Patent: March 15, 2011Assignee: International Business Machines CorporationInventors: Pascal Chauffour, Eric Lebrun, Valerie Mahe
-
Publication number: 20090144444Abstract: A single firewall or cluster of firewalls with a public IP address is interfaced to an internet public subnet to receive service requests for a cluster of network servers. A first private subnet with a plurality of private IP addresses is interfaced to the single firewall or cluster of firewalls to receive the service requests after passing through a firewall. A plurality of redundant load balancers with a respective plurality of private IP addresses are interfaced to the first private subnet to receive the service requests after passing through the first private subnet. The load balancers are interfaced to a second private subnet. The network servers with respective private IP addresses are interfaced to the second private subnet to receive the service requests from the load balancers. At an initialization time, a private IP address is defined for the network load balancer system within the internet access subnet.Type: ApplicationFiled: December 10, 2008Publication date: June 4, 2009Applicant: International Business Machines CorporationInventors: Pascal Chauffour, Eric Lebrun, Valerie Mahe
-
Patent number: 7480737Abstract: A single firewall or cluster of firewalls with a public IP address is interfaced to an internet public subnet to receive service requests for a cluster of network servers. A first private subnet with a plurality of private IP addresses is interfaced to the single firewall or cluster of firewalls to receive the service requests after passing through a firewall. A plurality of redundant load balancers with a respective plurality of private IP addresses are interfaced to the first private subnet to receive the service requests after passing through the first private subnet. The load balancers are interfaced to a second private subnet. The network servers with respective private IP addresses are interfaced to the second private subnet to receive the service requests from the load balancers. At an initialization time, a private IP address is defined for the network load balancer system within the internet access subnet.Type: GrantFiled: September 30, 2003Date of Patent: January 20, 2009Assignee: International Business Machines CorporationInventors: Pascal Chauffour, Eric Lebrun, Valerie Mahe
-
Patent number: 7475162Abstract: A method of preserving symmetrical routing in a communication system comprising a server farm connected to the Internet through an Internet access router. The server farm includes at least two customer cabinets with at least a WEB server and at least two firewalls. The firewalls use a Virtual Router Redundancy Protocol (VRRP) to set up one firewall as being the primary firewall. The method includes checking in each firewall whether there is a change of the VRRP state from primary to secondary or reciprocally. Such a change indicates that a link between the primary firewall and one of the customer cabinets has failed. The link is disabled from the network to the firewall the state of which has changed from primary to secondary or the link is enabled from the Internet network to the firewall the state of which has changed from secondary to primary.Type: GrantFiled: December 13, 2007Date of Patent: January 6, 2009Assignee: International Business Machines CorporationInventors: Jean-Marc Berthaud, Pascal Chauffour, Jean-Claude Dispensa, Valerie Mahe
-
Patent number: 7454489Abstract: A cluster system and method accesses from an internet network, a network server within one or a plurality of clusters, each cluster being identified by a single cluster public Internet Protocol (IP) address. The cluster system has a plurality of network servers organized in one of a plurality of clusters and a network load balancer system for selecting a destination network server in a cluster. Each cluster has one or a plurality of identical network servers, the network load balancer system being connected on one hand to an access routing device and on another hand to the plurality of network servers through a private network server subnet.Type: GrantFiled: January 6, 2004Date of Patent: November 18, 2008Assignee: International Business Machines CorporationInventors: Pascal Chauffour, Paolo Gerosa, Eric Lebrun, Valerie Mahe
-
Publication number: 20080109892Abstract: A method of preserving symmetrical routing in a communication system comprising a server farm connected to the Internet through an Internet access router. The server farm includes at least two customer cabinets with at least a WEB server and at least two firewalls. The firewalls use a Virtual Router Redundancy Protocol (VRRP) to set up one firewall as being the primary firewall. The method includes checking in each firewall whether there is a change of the VRRP state from primary to secondary or reciprocally. Such a change indicates that a link between the primary firewall and one of the customer cabinets has failed. The link is disabled from the network to the firewall the state of which has changed from primary to secondary or the link is enabled from the Internet network to the firewall the state of which has changed from secondary to primary.Type: ApplicationFiled: December 13, 2007Publication date: May 8, 2008Inventors: Jean-Marc Berthaud, Pascal Chauffour, Jean-Claude Dispensa, Valerie Mahe
-
Patent number: 7359378Abstract: A security system for a communication system that includes an IP network and groups of servers in a farm, wherein each group is associated with a customer. A user connected to the network can access information provided by a customer from a server within the group of servers associated with this customer through a dispatching device. The security system comprises setting means in each of the switches which are located between the dispatching device and the customer servers for setting a field of bits in the IP header of potentially irregular packets transmitted from a customer server and the dispatching device, means in the dispatching device for identifying any packet wherein the field of bits has been set to the predefined value, and means for deleting or logging the potentially irregular packet when the destination of the packet is not the dispatching device.Type: GrantFiled: October 2, 2002Date of Patent: April 15, 2008Assignee: International Business Machines CorporationInventors: Jean-Marc Berthaud, Pascal Chauffour, Patrick Gayrard, Eric Lebrun
-
Patent number: 7359992Abstract: A method of preserving symmetrical routing in a communication system comprising a server farm connected to the Internet through an Internet access router. The server farm includes at least two customer cabinets with at least a WEB server and at least two firewalls. The firewalls use a Virtual Router Redundancy Protocol (VRRP) to set up one firewall as being the primary firewall. The method includes checking in each firewall whether there is a change of the VRRP state from primary to secondary or reciprocally. Such a change indicates that a link between the primary firewall and one of the customer cabinets has failed. The link is disabled from the network to the firewall the state of which has changed from primary to secondary or the link is enabled from the Internet network to the firewall the state of which has changed from secondary to primary.Type: GrantFiled: December 12, 2002Date of Patent: April 15, 2008Assignee: International Business Machines CorporationInventors: Jean-Marc Berthaud, Pascal Chauffour, Jean-Claude Dispensa, Valerie Mahe
-
Patent number: 7231462Abstract: A method of preserving symmetrical routing in a communication system comprising a server farm connected to the Internet by an Internet access router IAR. The server farm includes at least two customer cabinets each having a WEB server, and at least two firewalls. The firewalls use Virtual Router Redundancy Protocol (VRRP) to set up a primary firewall that supports communication between a customer server and an Internet user. The IAR selects the firewall to be used as being the firewall corresponding to the interface having the lowest weight in a routing table. The cost assigned to each interface associated with a firewall is automatically generated, at the initial time, according to the priority assigned by the VRRP protocol to said interface associated with said firewall.Type: GrantFiled: December 12, 2002Date of Patent: June 12, 2007Assignee: International Business Machines CorporationInventors: Jean-Marc Berthaud, Pascal Chauffour, Jean-Claude Dispensa, Valerie Mahe
-
Publication number: 20050005006Abstract: A cluster system and method accesses from an internet network, a network server within one or a plurality of clusters, each cluster being identified by a single cluster public Internet Protocol (IP) address. The cluster system has a plurality of network servers organized in one of a plurality of clusters and a network load balancer system for selecting a destination network server in a cluster. Each cluster has one or a plurality of identical network servers, the network load balancer system being connected on one hand to an access routing device and on another hand to the plurality of network servers through a private network server subnet.Type: ApplicationFiled: January 6, 2004Publication date: January 6, 2005Applicant: International Business Machines CorporationInventors: Pascal Chauffour, Paolo Gerosa, Eric Lebrun, Valerie Mahe
-
Publication number: 20040133690Abstract: A single firewall or cluster of firewalls with a public IP address is interfaced to an internet public subnet to receive service requests for a cluster of network servers. A first private subnet with a plurality of private IP addresses is interfaced to the single firewall or cluster of firewalls to receive the service requests after passing through a firewall. A plurality of redundant load balancers with a respective plurality of private IP addresses are interfaced to the first private subnet to receive the service requests after passing through the first private subnet. The load balancers are interfaced to a second private subnet. The network servers with respective private IP addresses are interfaced to the second private subnet to receive the service requests from the load balancers. At an initialization time, a private IP address is defined for the network load balancer system within the internet access subnet.Type: ApplicationFiled: September 30, 2003Publication date: July 8, 2004Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATONInventors: Pascal Chauffour, Eric Lebrun, Valerie Mahe
-
Publication number: 20030236888Abstract: A method for improving network server load balancing in a system that has a plurality of network servers connected by an Internet access LAN to the Internet, a back-end access LAN connected to several database servers, and a network load balancer for selecting one of the network servers according to weights associated with the network servers. Link connectivity is monitored cyclically from each network server, and a status indicator is set to UP if all of the links associated with the network server are available, or to DOWN if at least one link is unavailable. The network servers send their status indicators to the network load balancer. The network load balancer changes the weight associated with a network server to a non-eligible value if the associated status indicator changes from UP to DOWN.Type: ApplicationFiled: June 12, 2003Publication date: December 25, 2003Applicant: International Business Machines CorporationInventors: Pascal Chauffour, Eric Lebrun, Valerie Mahe
-
Publication number: 20030126268Abstract: A method of preserving symmetrical routing in a communication system comprising a server farm connected to the Internet by an Internet access router IAR. The server farm includes at least two customer cabinets each having a WEB server, and at least two firewalls. The firewalls use Virtual Router Redundancy Protocol (VRRP) to set up a primary firewall that supports communication between a customer server and an Internet user. The IAR selects the firewall to be used as being the firewall corresponding to the interface having the lowest weight in a routing table. The cost assigned to each interface associated with a firewall is automatically generated, at the initial time, according to the priority assigned by the VRRP protocol to said interface associated with said firewall.Type: ApplicationFiled: December 12, 2002Publication date: July 3, 2003Applicant: International Business Machines CorporationInventors: Jean-Marc Berthaud, Pascal Chauffour, Jean-Claude Dispensa, Valerie Mahe
-
Publication number: 20030120788Abstract: A method of preserving symmetrical routing in a communication system comprising a server farm connected to the Internet through an Internet access router. The server farm includes at least two customer cabinets with at least a WEB server and at least two firewalls. The firewalls use a Virtual Router Redundancy Protocol (VRRP) to set up one firewall as being the primary firewall. The method includes checking in each firewall whether there is a change of the VRRP state from primary to secondary or reciprocally. Such a change indicates that a link between the primary firewall and one of the customer cabinets has failed. The link is disabled from the network to the firewall the state of which has changed from primary to secondary or the link is enabled from the Internet network to the firewall the state of which has changed from secondary to primary.Type: ApplicationFiled: December 12, 2002Publication date: June 26, 2003Applicant: International Business Machines CorporationInventors: Jean-Marc Berthaud, Pascal Chauffour, Jean-Claude Dispensa, Valerie Mahe
-
Publication number: 20030120816Abstract: A method of synchronizing firewalls in a communication system comprising a server farm wherein any user connected to the Internet can access customer servers, and at least two firewalls using a Virtual Router Redundancy Protocol (VRRP) to set up as primary interface firewall the firewall which owns the primary interface of the VRRP group of interfaces to at least one customer server. The method includes initializing, in a secondary interface firewall, a synchronization message exchange with the primary firewall after receiving a packet for a connection having a state which is incompatible with the received packet or after the standard firewall processing of a packet corresponding to a new connection, and registering in a common connection table the state of any connection if the connection is new or if the connection state has changed.Type: ApplicationFiled: December 12, 2002Publication date: June 26, 2003Applicant: International Business Machines CorporationInventors: Jean-Marc Berthaud, Pascal Chauffour, Jean-Claude Dispensa, Valerie Mahe
-
Publication number: 20030072307Abstract: A security system for a communication system that includes an IP network and groups of servers in a farm, wherein each group is associated with a customer. A user connected to the network can access information provided by a customer from a server within the group of servers associated with this customer through a dispatching device. The security system comprises setting means in each of the switches which are located between the dispatching device and the customer servers for setting a field of bits in the IP header of potentially irregular packets transmitted from a customer server and the dispatching device, means in the dispatching device for identifying any packet wherein the field of bits has been set to the predefined value, and means for deleting or logging the potentially irregular packet when the destination of the packet is not the dispatching device.Type: ApplicationFiled: October 2, 2002Publication date: April 17, 2003Applicant: International Business Machines CorporationInventors: Jean-Marc Berthaud, Pascal Chauffour, Patrick Gayrard, Eric Lebrun
-
Patent number: 5870397Abstract: A method and an apparatus for removing the silence from the digitalized voice signals conveyed through packets or cells switching networks. The silence samples are neither packetized nor sent over the network but are regenerated at the output of the network. The silence samples generated are white noise samples, where the level is adapted to the background noise of the silence samples received at the input node of the network. For long periods of silence, the white noise level is periodically refreshed to be adapted to the last silence samples received at the input node of the network. The method provides also a control of packet or cell loss. The method uses are not control packets; in the later case, it can be used for ATM networks with AAL1. The method is implemented as a program executed in a Digital Signal Processor located on adapter cards dedicated to voice processing in the network access nodes.Type: GrantFiled: August 6, 1996Date of Patent: February 9, 1999Assignee: International Business Machines CorporationInventors: Pascal Chauffour, Bernard Pucci, Gerard Richter, Maurice Duault
-
Patent number: 5519703Abstract: Method for automatically adapting and configuring the speed of a terminal adapter (30) to the rate 56 Kbps or 64 Kbps which is used by a calling adapter (20). After sending the CONNECT message via the ISDN NETWORK to the calling terminal adapter (20) in accordance with CCITT Q.931 Recommendations, the called TA (30) is initialized to a rate of 64 Kbps and then continuously transmits (204) an alignment pattern ALL.sub.-- ONES while starting a first timing process (T1). This first timing process will cause the called TA to switch to a 56 Kbps speed if the 64 Kbps validation process does not succeed. The method then involves the step of checking (206) the reception of a ALL.sub.-- ZEROS pattern coming from said calling adapter (20) before the end of said first predetermined period (T1). If this case, a 64 Kbps validation process will be performed which comprises the checking whether a ALL.sub.-- ONES pattern is received within a second period (T2), in which case the 64 Kbps rate configuration will be validated.Type: GrantFiled: January 3, 1995Date of Patent: May 21, 1996Assignee: International Business machines CorporationInventors: Pascal Chauffour, Michel Froissart, Dominique Vinot