公开(公告)号：US08001279B2

公开(公告)日：2011-08-16

申请号：US10317522

申请日：2002-12-12

Applicant: Jean-Marc Berthaud ,  Pascal Chauffour ,  Jean-Claude Dispensa ,  Valerie Mahe

Inventor： Jean-Marc Berthaud ,  Pascal Chauffour ,  Jean-Claude Dispensa ,  Valerie Mahe

IPC: G06F15/16

CPC classification number: H04L63/0218 ,  H04L63/20

Abstract: A method of synchronizing firewalls in a communication system comprising a server farm wherein any user connected to the Internet can access customer servers, and at least two firewalls using a Virtual Router Redundancy Protocol (VRRP) to set up as primary interface firewall the firewall which owns the primary interface of the VRRP group of interfaces to at least one customer server. The method includes initializing, in a secondary interface firewall, a synchronization message exchange with the primary firewall after receiving a packet for a connection having a state which is incompatible with the received packet or after the standard firewall processing of a packet corresponding to a new connection, and registering in a common connection table the state of any connection if the connection is new or if the connection state has changed.

Abstract translation: 一种在包括服务器场的通信系统中同步防火墙的方法，其中连接到因特网的任何用户可以访问客户服务器，以及使用虚拟路由器冗余协议（VRRP）至少两个防火墙来建立作为主接口防火墙的防火墙， 接口的VRRP组的主界面至少一个客户服务器。 该方法包括：在二级接口防火墙中，在接收到具有与接收到的分组不兼容的状态的连接的分组之后或在对应于新连接的分组的标准防火墙处理之后，在辅助接口防火墙中初始化与主防火墙的同步消息交换 并且如果连接是新的或者连接状态已经改变，则在公共连接表中注册任何连接的状态。

公开(公告)号：US5870397A

公开(公告)日：1999-02-09

申请号：US695280

申请日：1996-08-06

Applicant: Pascal Chauffour ,  Bernard Pucci ,  Gerard Richter ,  Maurice Duault

Inventor： Pascal Chauffour ,  Bernard Pucci ,  Gerard Richter ,  Maurice Duault

IPC: G10L19/012 ,  H04B1/46 ,  H04L12/70 ,  H04Q11/04 ,  H04T3/17

CPC classification number: G10L19/012 ,  H04Q11/0478 ,  H04B1/46 ,  H04L2012/5616 ,  H04L2012/5647 ,  H04L2012/5652 ,  H04L2012/5671 ,  H04Q2213/13034 ,  H04Q2213/13056 ,  H04Q2213/13166 ,  H04Q2213/13201 ,  H04Q2213/13216 ,  H04Q2213/1329

Abstract: A method and an apparatus for removing the silence from the digitalized voice signals conveyed through packets or cells switching networks. The silence samples are neither packetized nor sent over the network but are regenerated at the output of the network. The silence samples generated are white noise samples, where the level is adapted to the background noise of the silence samples received at the input node of the network. For long periods of silence, the white noise level is periodically refreshed to be adapted to the last silence samples received at the input node of the network. The method provides also a control of packet or cell loss. The method uses are not control packets; in the later case, it can be used for ATM networks with AAL1. The method is implemented as a program executed in a Digital Signal Processor located on adapter cards dedicated to voice processing in the network access nodes.

Abstract translation: 一种用于从通过分组或小区交换网络传送的数字化语音信号中去除静音的方法和装置。 沉默样本既不打包也不通过网络发送，而是在网络的输出端重新生成。 产生的静音样本是白噪声样本，其中该电平适应于在网络的输入节点接收的静音样本的背景噪声。 对于长时间的静音，白噪声电平被周期性刷新以适应于在网络的输入节点处接收到的最后沉默样本。 该方法还提供了分组或信元丢失的控制。 该方法使用的不是控制包; 在后一种情况下，它可以用于具有AAL1的ATM网络。 该方法被实现为位于专用于网络接入节点中的语音处理的适配卡上的数字信号处理器中执行的程序。

公开(公告)号：US07991914B2

公开(公告)日：2011-08-02

申请号：US12332196

申请日：2008-12-10

Applicant: Pascal Chauffour ,  Eric Lebrun ,  Valerie Mahe

Inventor： Pascal Chauffour ,  Eric Lebrun ,  Valerie Mahe

IPC: G06F15/16

CPC classification number: H04L63/0209 ,  H04L29/06 ,  H04L29/12009 ,  H04L29/1233 ,  H04L29/12367 ,  H04L29/12415 ,  H04L61/2514 ,  H04L61/2532 ,  H04L67/1002 ,  H04L67/1008 ,  H04L67/1029 ,  H04L67/1031 ,  H04L67/1034 ,  H04L69/329 ,  H04L2029/06054

Abstract: A single firewall or cluster of firewalls with a public IP address is interfaced to an internet public subnet to receive service requests for a cluster of network servers. A first private subnet with a plurality of private IP addresses is interfaced to the single firewall or cluster of firewalls to receive the service requests after passing through a firewall. A plurality of redundant load balancers with a respective plurality of private IP addresses are interfaced to the first private subnet to receive the service requests after passing through the first private subnet. The load balancers are interfaced to a second private subnet. The network servers with respective private IP addresses are interfaced to the second private subnet to receive the service requests from the load balancers. At an initialization time, a private IP address is defined for the network load balancer system within the internet access subnet. When one of the load balancers becomes primary at the initialization time or switches from a standby state to an active state, the network load balancer system private IP address is defined as an alias in an interface table to be recognized by the one load balancer. When the one network load balancer switches from the active state to a standby state, the network load balancer system private IP address previously defined as the alias is released from the interface table.

Abstract translation: 具有公共IP地址的单个防火墙或防火墙集群连接到互联网公共子网，以接收针对一组网络服务器的服务请求。 具有多个专用IP地址的第一个私有子网与单个防火墙或防火墙集群接口，以在通过防火墙后接收服务请求。 具有相应多个私有IP地址的多个冗余负载平衡器被连接到第一私人子网，以在通过第一私人子网之后接收服务请求。 负载平衡器连接到第二个私有子网。 具有相应私有IP地址的网络服务器连接到第二私人子网，以从负载平衡器接收服务请求。 在初始化时间内，为互联网接入子网中的网络负载平衡器系统定义专用IP地址。 当其中一个负载平衡器在初始化时间变为初级时间或从备用状态切换到活动状态时，网络负载均衡器系统专用IP地址被定义为接口表中的别名，以由一个负载均衡器识别。 当一个网络负载平衡器从活动状态切换到待机状态时，先前定义为别名的网络负载平衡器系统专用IP地址从接口表中释放。

公开(公告)号：US07475162B2

公开(公告)日：2009-01-06

申请号：US11955479

申请日：2007-12-13

Applicant: Jean-Marc Berthaud ,  Pascal Chauffour ,  Jean-Claude Dispensa ,  Valerie Mahe

Inventor： Jean-Marc Berthaud ,  Pascal Chauffour ,  Jean-Claude Dispensa ,  Valerie Mahe

IPC: G06F15/16 ,  H04L12/28

CPC classification number: H04L63/0209 ,  H04L29/06 ,  H04L67/1002 ,  H04L67/1034 ,  H04L2029/06054

Abstract: A method of preserving symmetrical routing in a communication system comprising a server farm connected to the Internet through an Internet access router. The server farm includes at least two customer cabinets with at least a WEB server and at least two firewalls. The firewalls use a Virtual Router Redundancy Protocol (VRRP) to set up one firewall as being the primary firewall. The method includes checking in each firewall whether there is a change of the VRRP state from primary to secondary or reciprocally. Such a change indicates that a link between the primary firewall and one of the customer cabinets has failed. The link is disabled from the network to the firewall the state of which has changed from primary to secondary or the link is enabled from the Internet network to the firewall the state of which has changed from secondary to primary.

Abstract translation: 一种在通信系统中保持对称路由的方法，包括通过因特网接入路由器连接到因特网的服务器场。 服务器场至少包括两个具有至少一个WEB服务器和至少两个防火墙的客户机柜。 防火墙使用虚拟路由器冗余协议（VRRP）将一个防火墙设置为主要防火墙。 该方法包括在每个防火墙中检查VRRP状态是否从主要到次要的或相互的变化。 这种变化表明主防火墙和其中一个客户机柜之间的链接失败。 该链路从网络禁用到防火墙，其状态从主要变为次要，或链路从互联网到防火墙，其状态从次要更改为主。

公开(公告)号：US07908355B2

公开(公告)日：2011-03-15

申请号：US10460443

申请日：2003-06-12

Applicant: Pascal Chauffour ,  Eric Lebrun ,  Valerie Mahe

Inventor： Pascal Chauffour ,  Eric Lebrun ,  Valerie Mahe

IPC: G06F15/173 ,  G06F9/46

CPC classification number: H04L67/1008 ,  H04L29/06 ,  H04L67/1002 ,  H04L67/101 ,  H04L67/1029 ,  H04L2029/06054

Abstract: A method for improving network server load balancing in a system that has a plurality of network servers connected by an Internet access LAN to the Internet, a back-end access LAN connected to several database servers, and a network load balancer for selecting one of the network servers according to weights associated with the network servers. Link connectivity is monitored cyclically from each network server, and a status indicator is set to UP if all of the links associated with the network server are available, or to DOWN if at least one link is unavailable. The network servers send their status indicators to the network load balancer. The network load balancer changes the weight associated with a network server to a non-eligible value if the associated status indicator changes from UP to DOWN.

Abstract translation: 一种用于在具有由因特网接入LAN连接到因特网的多个网络服务器的系统中改善网络服务器负载平衡的方法，连接到多个数据库服务器的后端接入局域网，以及网络负载均衡器，用于选择 网络服务器根据与网络服务器相关联的权重。 从每个网络服务器循环监视链路连接，如果与网络服务器相关联的所有链路都可用，状态指示器将设置为UP，如果至少有一个链路不可用，则将状态指示器设置为DOWN。 网络服务器将其状态指示器发送到网络负载平衡器。 如果相关联的状态指示器从UP更改为DOWN，则网络负载平衡器将与网络服务器相关联的权重更改为不合格值。

公开(公告)号：US07359378B2

公开(公告)日：2008-04-15

申请号：US10263213

申请日：2002-10-02

Applicant: Jean-Marc Berthaud ,  Pascal Chauffour ,  Patrick Gayrard ,  Eric Lebrun

Inventor： Jean-Marc Berthaud ,  Pascal Chauffour ,  Patrick Gayrard ,  Eric Lebrun

IPC: H04L12/56 ,  H04L9/00

CPC classification number: H04L47/10 ,  H04L47/2408 ,  H04L63/1408

Abstract: A security system for a communication system that includes an IP network and groups of servers in a farm, wherein each group is associated with a customer. A user connected to the network can access information provided by a customer from a server within the group of servers associated with this customer through a dispatching device. The security system comprises setting means in each of the switches which are located between the dispatching device and the customer servers for setting a field of bits in the IP header of potentially irregular packets transmitted from a customer server and the dispatching device, means in the dispatching device for identifying any packet wherein the field of bits has been set to the predefined value, and means for deleting or logging the potentially irregular packet when the destination of the packet is not the dispatching device.

Abstract translation: 一种用于通信系统的安全系统，其包括农场中的IP网络和服务器组，其中每个组与客户相关联。 连接到网络的用户可以通过调度设备从与该客户关联的服务器组内的服务器中访问由客户提供的信息。 安全系统包括位于调度设备和客户服务器之间的每个交换机中的设置装置，用于设置从客户服务器和调度设备发送的潜在不规则分组的IP报头中的位的字段，调度中的装置 用于识别其中所述比特位已被设置为所述预定义值的任何分组的装置，以及用于当分组的目的地不是分派装置时删除或记录潜在不规则分组的装置。

公开(公告)号：US5519703A

公开(公告)日：1996-05-21

申请号：US368070

申请日：1995-01-03

Applicant: Pascal Chauffour ,  Michel Froissart ,  Dominique Vinot

Inventor： Pascal Chauffour ,  Michel Froissart ,  Dominique Vinot

IPC: H04L29/08 ,  H04Q11/04 ,  H04L7/10

CPC classification number: H04Q11/0457

Abstract: Method for automatically adapting and configuring the speed of a terminal adapter (30) to the rate 56 Kbps or 64 Kbps which is used by a calling adapter (20). After sending the CONNECT message via the ISDN NETWORK to the calling terminal adapter (20) in accordance with CCITT Q.931 Recommendations, the called TA (30) is initialized to a rate of 64 Kbps and then continuously transmits (204) an alignment pattern ALL.sub.-- ONES while starting a first timing process (T1). This first timing process will cause the called TA to switch to a 56 Kbps speed if the 64 Kbps validation process does not succeed. The method then involves the step of checking (206) the reception of a ALL.sub.-- ZEROS pattern coming from said calling adapter (20) before the end of said first predetermined period (T1). If this case, a 64 Kbps validation process will be performed which comprises the checking whether a ALL.sub.-- ONES pattern is received within a second period (T2), in which case the 64 Kbps rate configuration will be validated. On the contrary, if the ALL.sub.-- ZEROS pattern is not received at the end of the first period (T1), a 56 Kbps rate validation process is initiated which is based on the detection of a so-called 56 Kbps pattern within the data flow. The 56 Kbps pattern is defined as being a number of n bytes with the first bit of every byte being set to a one. Additionally, the 64 Kbps validation process involves the checking (210) of the continuous receiving of said ALL.sub.-- ZEROS pattern during said first period (T1) as long as the ALL.sub.-- ONES pattern is not yet received, and at the end of said first period (T1) validating (209, 213) the 64 Kbps rate.

Abstract translation: 用于自动调整并将终端适配器（30）的速度配置为由呼叫适配器（20）使用的速率56Kbps或64Kbps的方法。 根据CCITT Q.931建议书，通过ISDN网络向主叫终端适配器（20）发送CONNECT消息后，将被叫TA（30）初始化为64Kbps的速率，然后连续发送（204）对准模式 ALL-ONES在开始第一个定时过程（T1）时。 如果64 Kbps验证过程不成功，则此第一个定时过程将导致被叫TA切换到56 Kbps速度。 该方法包括在所述第一预定时段（T1）结束之前检查（206）接收来自所述呼叫适配器（20）的ALL-ZEROS模式的步骤。 如果这种情况，将执行64Kbps的验证过程，其中包括检查在第二时段（T2）内是否接收到ALL-ONES模式，在这种情况下，64Kbps速率配置将被验证。 相反，如果在第一周期（T1）结束时未接收到ALL-ZEROS模式，则启动56 Kbps速率验证过程，其基于在数据流内检测所谓的56Kbps模式 。 56Kbps模式被定义为n字节数，每个字节的第一位被设置为1。 此外，64Kbps验证过程涉及在所述第一时段（T1）期间连续接收所述ALL-ZEROS模式的检查（210），只要ALL-ONES模式尚未被接收，并且在所述第一时间段 （T1）验证（209,213）64Kbps速率。

公开(公告)号：US07454489B2

公开(公告)日：2008-11-18

申请号：US10753175

申请日：2004-01-06

Applicant: Pascal Chauffour ,  Paolo Gerosa ,  Eric Lebrun ,  Valerie Mahe

Inventor： Pascal Chauffour ,  Paolo Gerosa ,  Eric Lebrun ,  Valerie Mahe

IPC: G06F15/173

CPC classification number: H04L67/1027 ,  H04L67/1002 ,  H04L67/1023 ,  H04L67/1029

Abstract: A cluster system and method accesses from an internet network, a network server within one or a plurality of clusters, each cluster being identified by a single cluster public Internet Protocol (IP) address. The cluster system has a plurality of network servers organized in one of a plurality of clusters and a network load balancer system for selecting a destination network server in a cluster. Each cluster has one or a plurality of identical network servers, the network load balancer system being connected on one hand to an access routing device and on another hand to the plurality of network servers through a private network server subnet. The method includes the steps of at initialization time, on each network server defining, as a non-advertising alias, in an interface table, the public IP address of each cluster to which the network server belongs, and upon reception, by the network load balancing system, of a datagram having an IP header including a destination IP address field and a medium access control (MAC) header including a destination MAC address field, selecting a destination network server within the cluster corresponding to the cluster public IP address identified in the destination IP address field of the datagram IP header, replacing the destination medium access control (MAC) address field of the datagram MAC header by the MAC address of the selected destination network server, and sending the datagram through the private network server subnet, using the MAC address of the selected destination network server. Upon reception, by the destination network server, of the datagram sent by the network load balancing system, the MAC address in the destination MAC address field of the datagram MAC header is identified as being the MAC address of the selected destination network server, and the IP datagram is processed if the identified cluster public IP address in the destination IP address field of the datagram IP header, is defined as a non-advertising alias in the interface table of the destination network server.

公开(公告)号：US07359992B2

公开(公告)日：2008-04-15

申请号：US10317397

申请日：2002-12-12

Applicant: Jean-Marc Berthaud ,  Pascal Chauffour ,  Jean-Claude Dispensa ,  Valerie Mahe

Inventor： Jean-Marc Berthaud ,  Pascal Chauffour ,  Jean-Claude Dispensa ,  Valerie Mahe

IPC: G06F15/16 ,  H04L12/28

CPC classification number: H04L63/0209 ,  H04L29/06 ,  H04L67/1002 ,  H04L67/1034 ,  H04L2029/06054

Abstract: A method of preserving symmetrical routing in a communication system comprising a server farm connected to the Internet through an Internet access router. The server farm includes at least two customer cabinets with at least a WEB server and at least two firewalls. The firewalls use a Virtual Router Redundancy Protocol (VRRP) to set up one firewall as being the primary firewall. The method includes checking in each firewall whether there is a change of the VRRP state from primary to secondary or reciprocally. Such a change indicates that a link between the primary firewall and one of the customer cabinets has failed. The link is disabled from the network to the firewall the state of which has changed from primary to secondary or the link is enabled from the Internet network to the firewall the state of which has changed from secondary to primary.

Abstract translation: 一种在通信系统中保持对称路由的方法，包括通过因特网接入路由器连接到因特网的服务器场。 服务器场至少包括两个具有至少一个WEB服务器和至少两个防火墙的客户机柜。 防火墙使用虚拟路由器冗余协议（VRRP）将一个防火墙设置为主要防火墙。 该方法包括在每个防火墙中检查VRRP状态是否从主要到次要的或相互的变化。 这种变化表明主防火墙和其中一个客户机柜之间的链接失败。 该链路从网络禁用到防火墙，其状态从主要变为次要，或链路从互联网到防火墙，其状态从次要更改为主。

公开(公告)号：US07231462B2

公开(公告)日：2007-06-12

申请号：US10317652

申请日：2002-12-12

Applicant: Jean-Marc Berthaud ,  Pascal Chauffour ,  Jean-Claude Dispensa ,  Valerie Mahe

Inventor： Jean-Marc Berthaud ,  Pascal Chauffour ,  Jean-Claude Dispensa ,  Valerie Mahe

IPC: G06F15/173 ,  G06F15/16 ,  H04L12/28 ,  H04L12/56

CPC classification number: H04L45/00 ,  H04L45/22 ,  H04L45/28 ,  H04L45/586 ,  H04L63/0209

Abstract: A method of preserving symmetrical routing in a communication system comprising a server farm connected to the Internet by an Internet access router IAR. The server farm includes at least two customer cabinets each having a WEB server, and at least two firewalls. The firewalls use Virtual Router Redundancy Protocol (VRRP) to set up a primary firewall that supports communication between a customer server and an Internet user. The IAR selects the firewall to be used as being the firewall corresponding to the interface having the lowest weight in a routing table. The cost assigned to each interface associated with a firewall is automatically generated, at the initial time, according to the priority assigned by the VRRP protocol to said interface associated with said firewall.

Abstract translation: 一种在通信系统中保持对称路由的方法，包括由因特网接入路由器IAR连接到因特网的服务器场。 服务器场包括至少两个具有WEB服务器的客户机柜和至少两个防火墙。 防火墙使用虚拟路由器冗余协议（VRRP）设置支持客户服务器和Internet用户之间通信的主要防火墙。 IAR选择防火墙作为与路由表中权重最小的接口相对应的防火墙。 根据由VRRP协议分配给与所述防火墙相关联的所述接口的优先级，自动生成分配给与防火墙相关联的每个接口的成本。