Security system for preventing unauthorized packet transmission between customer servers in a server farm
First Claim
1. A security system in a communication system including an IP network and a plurality of groups of servers in a server farm, each of said groups being associated with a customer, and wherein a user connected to said IP network can access information provided by a customer from a server within the group of servers associated with said customers through a dispatching device adapted to select a server amongst the servers of said group of servers according to a predefined algorithm, said dispatching device being connected to the servers through switches adapted to control the data transmission exchanged between said dispatching device and said servers, said security system comprising:
- setting means in each one of said switches for setting, to a predefined value, a field of bits in an IP header of a potentially irregular packet transmitted from a customer server;
identifying means in said dispatching device for identifying any packet wherein said field of bits has been set to said predefined value;
relaying means for relaying a packet from a server in the server farm to a user via the Internet in the case that the packet is not identified as a potentially irregular packet; and
disposing means for disposing said potentially irregular packet as being an irregular packet because the destination of such a packet is a server in the server farm.
3 Assignments
0 Petitions
Accused Products
Abstract
A security system for a communication system that includes an IP network and groups of servers in a farm, wherein each group is associated with a customer. A user connected to the network can access information provided by a customer from a server within the group of servers associated with this customer through a dispatching device. The security system comprises setting means in each of the switches which are located between the dispatching device and the customer servers for setting a field of bits in the IP header of potentially irregular packets transmitted from a customer server and the dispatching device, means in the dispatching device for identifying any packet wherein the field of bits has been set to the predefined value, and means for deleting or logging the potentially irregular packet when the destination of the packet is not the dispatching device.
12 Citations
7 Claims
-
1. A security system in a communication system including an IP network and a plurality of groups of servers in a server farm, each of said groups being associated with a customer, and wherein a user connected to said IP network can access information provided by a customer from a server within the group of servers associated with said customers through a dispatching device adapted to select a server amongst the servers of said group of servers according to a predefined algorithm, said dispatching device being connected to the servers through switches adapted to control the data transmission exchanged between said dispatching device and said servers, said security system comprising:
-
setting means in each one of said switches for setting, to a predefined value, a field of bits in an IP header of a potentially irregular packet transmitted from a customer server; identifying means in said dispatching device for identifying any packet wherein said field of bits has been set to said predefined value; relaying means for relaying a packet from a server in the server farm to a user via the Internet in the case that the packet is not identified as a potentially irregular packet; and disposing means for disposing said potentially irregular packet as being an irregular packet because the destination of such a packet is a server in the server farm. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification