CN113746644A - Safe and effective network Bypass control method - Google Patents
Safe and effective network Bypass control method Download PDFInfo
- Publication number
- CN113746644A CN113746644A CN202111038920.9A CN202111038920A CN113746644A CN 113746644 A CN113746644 A CN 113746644A CN 202111038920 A CN202111038920 A CN 202111038920A CN 113746644 A CN113746644 A CN 113746644A
- Authority
- CN
- China
- Prior art keywords
- network
- port
- cpld
- gpio
- bypass
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 101001128814 Pandinus imperator Pandinin-1 Proteins 0.000 claims abstract description 4
- 238000004891 communication Methods 0.000 claims description 9
- 239000003990 capacitor Substances 0.000 claims description 6
- 239000013078 crystal Substances 0.000 claims description 6
- 230000001960 triggered effect Effects 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 claims description 3
- 230000000694 effects Effects 0.000 claims description 3
- 238000011161 development Methods 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 2
- 241001391944 Commicarpus scandens Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/10—Current supply arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention relates to the technical field of electronic equipment, in particular to a safe and effective network Bypass control method. The network relay comprises a physical connection part and a control part, wherein the physical connection part comprises a plurality of bypass network ports, the bypass network ports are connected with network port signal lines, every two network port signal lines are connected with a relay, the control part comprises a trigger power supply, a single chip microcomputer and a CPLD, after the network relay is powered on and started, the single chip microcomputer sends set information to the CPLD through a GPIO (general purpose input/output) and transmits the set information to the CPLD through a custom protocol, the CPLD can actively work according to set content after receiving the set information without the intervention of the single chip microcomputer, the CPLD sends network control signals to set Pin1 and Pin8 of the network relay to control the behavior mode of the network, and the single chip microcomputer is added with a Watchdog function on the basis of the GPIO function. The invention provides a safe and effective network Bypass control method which saves space, does not need additional drive, reduces development cost and can improve safety.
Description
Technical Field
The invention relates to the technical field of electronic equipment, in particular to a safe and effective network Bypass control method.
Background
The network security device is generally applied between two or more networks, such as an intranet and an extranet, an application program in the network security device analyzes a network packet passing through the network security device to determine whether a threat exists, and forwards the packet according to a certain routing rule after processing, and if the network security device fails, such as power failure or crash, all network segments connected to the device lose contact with each other, and at this time, Bypass (network Bypass) is required. The two networks are directly and physically conducted without passing through the system of the network safety equipment through a specific trigger state (power off or dead halt). So that this network system is not affected.
Bypass is generally divided according to a control mode or a trigger mode, and can be divided into the following modes
1. Triggered by the power supply. In this manner, the Bypass function is typically turned on when the device is not powered on, and the Bypass is immediately turned off if the device is powered on. This control method cannot be flexibly set. And once the platform crashes. Bypass cannot be adjusted.
2. Controlled by GPIO. After the OS is entered, a specific port can be operated through GPIO, so that the control of the Bypass switch is realized. By using the GPIO control mode, the platform is powered on and started to enter initialization, and a period of dark time exists without entering the active control of the system. The network bypass cannot be controlled. Once power failure occurs, the network bypass cannot be controlled.
3. Controlled by a singlechip or an ARM active chip. The problem can be avoided, the singlechip or the ARM usually use the SMbus or the I2C universal serial bus to communicate with the main control chip, but the SMbus or the I2C different platforms are not universal, and need to be hung externally to drive, thereby increasing the development difficulty, and the most important is the universal interface, which is easy to break, and causes loss.
Disclosure of Invention
The invention provides a safe and effective network Bypass control method which saves space, does not need additional drive, reduces development cost and can improve safety.
The technical scheme adopted by the invention is a safe and effective network Bypass control method, which is characterized by comprising the following steps: the device comprises a physical connection part and a control part, wherein the physical connection part comprises a plurality of bypass network ports, the bypass network ports are connected with network port signal lines, every two network port signal lines are connected with a relay, the control part comprises a trigger power supply, a single chip microcomputer and a CPLD, after the device is powered on and started, the single chip microcomputer sends set information to the CPLD through a GPIO (general purpose input/output) and transmits the set information to the CPLD through a custom protocol, the CPLD can actively work according to set content after receiving the set information without intervention of the single chip microcomputer, the CPLD sends network control signals to set Pin1 and Pin8 of a network repeater to control the behavior mode of the network, the single chip microcomputer is added with a Waltdog function on the basis of the GPIO function, after the Waltdog function takes effect, the bypass network ports corresponding to the relay are opened, and the device is in a bypass state.
The GPIO connection mode on the single chip microcomputer is that a port A0 is connected with GPIO _ CFG6, a port A1 is connected with GPIO _ CFG5, a port A2 is connected with GPIO _ CFG4, a port A4 is connected with GPIO _ CFG3, a port A6 is connected with GPIO _ CFG2, a port A8 is connected with GPIO _ CFG1, a port A10 is connected with GPIO _ SENDBIT, and ports A1 to A10 respectively receive level signals of various bypass network ports.
The port A11, the port B15, the port B12, the port B10 and the port B8 on the singlechip are grounded.
The two VCCO crystal oscillators on the single chip microcomputer are connected with the CPLD, the analog signals are transmitted through the crystal oscillators, the CPLD is connected with three capacitors in series, and the three capacitors are used as filters to control the wave bands of the analog signals within a certain range.
The single chip microcomputer is connected with a first clock circuit and a second clock circuit, the first clock circuit is 200ms in one period and used for pulling up a signal input by the GPIO _ SENDBIT port, and the second clock circuit is 50ms in one period and used for pulling up a signal input by the GPIO _ SENDBIT port.
The signal output port on the singlechip is provided with four bypass modes, CFG2 to CFGn are set to be high level or low level through setting during communication, then the behavior mode of a network port is selected according to the level, the low level is set to represent PassThrough and DisableLanbypass, the high level is set to represent LanBypass mode and EnableLanbpass, the CPLD is informed of the data validity through pulling up Sendbit, the CPLD starts to receive the control information to the built-in control information storage unit, the pulling up time is about 200ms, the CPLD has 200ms time to process and receive, the validity and the integrity of the received information are ensured, then the CPLD is informed of the data failure through pulling down the Sendbit, the pulling down time is about 50ms, and the next transmission period is ready to enter.
The network Bypass control method comprises the following steps:
the method comprises the following steps: switching on a power supply;
step two: setting a network Bypass mode;
step three: the CPLD judges the state;
step four: if the state is the starting state, a normal LanBypass behavior mode is operated; and if the Watchdog is triggered, operating a WDTReset behavior mode, and if the power is cut off and the shutdown is carried out, operating a shutdown LanBypass behavior mode.
The invention has the beneficial effects that:
according to the network security product clock, the singlechip and the CPLD are used for communication control through power supply triggering, the space is saved, n GPIOs are used for communicating with the CPLD through a self-defined communication protocol, the (n-1) power of the control 2 forms a network Bypass module, all GPIOs are operated and are unrelated to a platform, additional driving is not needed, the development cost is reduced, and meanwhile, the network security product clock is safe and effective due to the self-defined communication protocol, and the security is improved.
Drawings
FIG. 1 is a schematic diagram of a single-chip microcomputer circuit of a safe and effective network Bypass control method of the present invention;
FIG. 2 is a diagram of Lan interface of a safe and effective network Bypass control method according to the present invention;
FIG. 3 is a flowchart illustrating the Bypass control process of the present invention for a secure and efficient network Bypass control method;
Detailed Description
The invention will be further explained with reference to the drawings.
A safe and effective network Bypass control method is characterized in that: the device comprises a physical connection part and a control part, wherein the physical connection part comprises a plurality of bypass network ports, the bypass network ports are connected with network port signal lines, every two network port signal lines are connected with a relay, the control part comprises a trigger power supply, a single chip microcomputer and a CPLD, after the device is powered on and started, the single chip microcomputer sends set information to the CPLD through a GPIO (general purpose input/output) and transmits the set information to the CPLD through a custom protocol, the CPLD can actively work according to set content after receiving the set information without intervention of the single chip microcomputer, the CPLD sends network control signals to set Pin1 and Pin8 of a network repeater to control the behavior mode of the network, the single chip microcomputer is added with a Waltdog function on the basis of the GPIO function, after the Waltdog function takes effect, the bypass network ports corresponding to the relay are opened, and the device is in a bypass state.
The GPIO connection mode on the single chip microcomputer is that a port A0 is connected with GPIO _ CFG6, a port A1 is connected with GPIO _ CFG5, a port A2 is connected with GPIO _ CFG4, a port A4 is connected with GPIO _ CFG3, a port A6 is connected with GPIO _ CFG2, a port A8 is connected with GPIO _ CFG1, a port A10 is connected with GPIO _ SENDBIT, and ports A1 to A10 respectively receive level signals of various bypass network ports.
The port A11, the port B15, the port B12, the port B10 and the port B8 on the singlechip are grounded.
The two VCCO crystal oscillators on the single chip microcomputer are connected with the CPLD, the analog signals are transmitted through the crystal oscillators, the CPLD is connected with three capacitors in series, and the three capacitors are used as filters to control the wave bands of the analog signals within a certain range.
The single chip microcomputer is connected with a first clock circuit and a second clock circuit, the first clock circuit is 200ms in one period and used for pulling up a signal input by the GPIO _ SENDBIT port, and the second clock circuit is 50ms in one period and used for pulling up a signal input by the GPIO _ SENDBIT port.
The signal output port on the singlechip is provided with four bypass modes, CFG2 to CFGn are set to be high level or low level through setting during communication, then the behavior mode of a network port is selected according to the level, the low level is set to represent PassThrough and DisableLanbypass, the high level is set to represent LanBypass mode and EnableLanbpass, the CPLD is informed of the data validity through pulling up Sendbit, the CPLD starts to receive the control information to the built-in control information storage unit, the pulling up time is about 200ms, the CPLD has 200ms time to process and receive, the validity and the integrity of the received information are ensured, then the CPLD is informed of the data failure through pulling down the Sendbit, the pulling down time is about 50ms, and the next transmission period is ready to enter.
The network Bypass control method comprises the following steps:
the method comprises the following steps: switching on a power supply;
step two: setting a network Bypass mode;
step three: the CPLD judges the state;
step four: if the state is the starting state, a normal LanBypass behavior mode is operated; and if the Watchdog is triggered, operating a WDTReset behavior mode, and if the power is cut off and the shutdown is carried out, operating a shutdown LanBypass behavior mode.
According to the network security product clock, the singlechip and the CPLD are used for communication control through power supply triggering, the space is saved, n GPIOs are used for communicating with the CPLD through a self-defined communication protocol, the (n-1) power of the control 2 forms a network Bypass module, all GPIOs are operated and are unrelated to a platform, additional driving is not needed, the development cost is reduced, and meanwhile, the network security product clock is safe and effective due to the self-defined communication protocol, and the security is improved.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (7)
1. A safe and effective network Bypass control method is characterized in that: the device comprises a physical connection part and a control part, wherein the physical connection part comprises a plurality of bypass network ports, the bypass network ports are connected with network port signal lines, every two network port signal lines are connected with a relay, the control part comprises a trigger power supply, a single chip microcomputer and a CPLD, after the device is powered on and started, the single chip microcomputer sends set information to the CPLD through a GPIO (general purpose input/output) and transmits the set information to the CPLD through a custom protocol, the CPLD can actively work according to set content after receiving the set information without intervention of the single chip microcomputer, the CPLD sends network control signals to set Pin1 and Pin8 of a network repeater to control the behavior mode of the network, the single chip microcomputer is added with a Waltdog function on the basis of the GPIO function, after the Waltdog function takes effect, the bypass network ports corresponding to the relay are opened, and the device is in a bypass state.
2. The method of claim 1, wherein the method comprises the following steps: the GPIO connection mode on the single chip microcomputer is that a port A0 is connected with GPIO _ CFG6, a port A1 is connected with GPIO _ CFG5, a port A2 is connected with GPIO _ CFG4, a port A4 is connected with GPIO _ CFG3, a port A6 is connected with GPIO _ CFG2, a port A8 is connected with GPIO _ CFG1, a port A10 is connected with GPIO _ SENDBIT, and ports A1 to A10 respectively receive level signals of various bypass network ports.
3. The method of claim 1, wherein the method comprises the following steps: the port A11, the port B15, the port B12, the port B10 and the port B8 on the singlechip are grounded.
4. The method of claim 1, wherein the method comprises the following steps: the two VCCO crystal oscillators on the single chip microcomputer are connected with the CPLD, the analog signals are transmitted through the crystal oscillators, the CPLD is connected with three capacitors in series, and the three capacitors are used as filters to control the wave bands of the analog signals within a certain range.
5. The method of claim 1, wherein the method comprises the following steps: the single chip microcomputer is connected with a first clock circuit and a second clock circuit, the first clock circuit is 200ms in one period and used for pulling up a signal input by the GPIO _ SENDBIT port, and the second clock circuit is 50ms in one period and used for pulling up a signal input by the GPIO _ SENDBIT port.
6. The method of claim 1, wherein the method comprises the following steps: the signal output port on the singlechip is provided with four bypass modes, CFG2 to CFGn are set to be high level or low level through setting during communication, then the behavior mode of a network port is selected according to the level, the low level is set to represent PassThrough and DisableLanbypass, the high level is set to represent LanBypass mode and EnableLanbpass, the CPLD is informed of the data validity through pulling up Sendbit, the CPLD starts to receive the control information to the built-in control information storage unit, the pulling up time is about 200ms, the CPLD has 200ms time to process and receive, the validity and the integrity of the received information are ensured, then the CPLD is informed of the data failure through pulling down the Sendbit, the pulling down time is about 50ms, and the next transmission period is ready to enter.
7. The method of claim 1, wherein the method comprises the following steps: the network Bypass control method comprises the following steps:
the method comprises the following steps: switching on a power supply;
step two: setting a network Bypass mode;
step three: the CPLD judges the state;
step four: if the state is the starting state, a normal LanBypass behavior mode is operated; and if the Watchdog is triggered, operating a WDTReset behavior mode, and if the power is cut off and the shutdown is carried out, operating a shutdown LanBypass behavior mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111038920.9A CN113746644A (en) | 2021-09-06 | 2021-09-06 | Safe and effective network Bypass control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111038920.9A CN113746644A (en) | 2021-09-06 | 2021-09-06 | Safe and effective network Bypass control method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113746644A true CN113746644A (en) | 2021-12-03 |
Family
ID=78736051
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111038920.9A Pending CN113746644A (en) | 2021-09-06 | 2021-09-06 | Safe and effective network Bypass control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113746644A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115473749A (en) * | 2022-07-26 | 2022-12-13 | 北京世宁达科技有限公司 | Method and circuit for realizing network card bypass function based on single chip microcomputer control |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110211443A1 (en) * | 2010-02-26 | 2011-09-01 | Gigamon Llc | Network switch with by-pass tap |
| CN103220040A (en) * | 2013-03-26 | 2013-07-24 | 汉柏科技有限公司 | Method and system for switching state of embedded optical port BYPASS |
| CN104461825A (en) * | 2014-12-04 | 2015-03-25 | 深圳市亿威尔信息技术股份有限公司 | Bypass processing device and method for responding power-on, power-failure and time-out incidents of system |
| CN205647540U (en) * | 2016-03-07 | 2016-10-12 | 深圳市祈飞科技有限公司 | Net gape BYPASS system of cutting off power supply controllablely |
| CN205901764U (en) * | 2016-06-14 | 2017-01-18 | 深圳市祈飞科技有限公司 | Net gape BYPASS system |
| CN107272570A (en) * | 2017-08-16 | 2017-10-20 | 郑州云海信息技术有限公司 | A kind of switching circuit based on CPLD |
| CN109301919A (en) * | 2018-09-05 | 2019-02-01 | 湖南理工学院 | A kind of uninterruptible power supply bypass adapter tube control method |
-
2021
- 2021-09-06 CN CN202111038920.9A patent/CN113746644A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110211443A1 (en) * | 2010-02-26 | 2011-09-01 | Gigamon Llc | Network switch with by-pass tap |
| CN103220040A (en) * | 2013-03-26 | 2013-07-24 | 汉柏科技有限公司 | Method and system for switching state of embedded optical port BYPASS |
| CN104461825A (en) * | 2014-12-04 | 2015-03-25 | 深圳市亿威尔信息技术股份有限公司 | Bypass processing device and method for responding power-on, power-failure and time-out incidents of system |
| CN205647540U (en) * | 2016-03-07 | 2016-10-12 | 深圳市祈飞科技有限公司 | Net gape BYPASS system of cutting off power supply controllablely |
| CN205901764U (en) * | 2016-06-14 | 2017-01-18 | 深圳市祈飞科技有限公司 | Net gape BYPASS system |
| CN107272570A (en) * | 2017-08-16 | 2017-10-20 | 郑州云海信息技术有限公司 | A kind of switching circuit based on CPLD |
| CN109301919A (en) * | 2018-09-05 | 2019-02-01 | 湖南理工学院 | A kind of uninterruptible power supply bypass adapter tube control method |
Non-Patent Citations (1)
| Title |
|---|
| 王鹏;: "Bypass技术在动态取证串联模式中的应用", 网络安全技术与应用, no. 01, pages 3 - 5 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115473749A (en) * | 2022-07-26 | 2022-12-13 | 北京世宁达科技有限公司 | Method and circuit for realizing network card bypass function based on single chip microcomputer control |
| CN115473749B (en) * | 2022-07-26 | 2024-01-16 | 北京世宁达科技有限公司 | Method and circuit for realizing network card bypass function based on single chip microcomputer control |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100725080B1 (en) | Method and apparatus for monitoring number of lanes between controller and pci express device | |
| US5644700A (en) | Method for operating redundant master I/O controllers | |
| CN107807630A (en) | A kind of method for handover control of master/slave device, its handover control system and device | |
| CN112099412B (en) | Safety redundancy architecture of micro control unit | |
| CN113746644A (en) | Safe and effective network Bypass control method | |
| CN109976489B (en) | Automatic reset implementation method and system under IIC (inter-Integrated Circuit) bus abnormal condition | |
| US5086384A (en) | Master-slave-type control system with stand-by suspending control station | |
| CN114422737A (en) | Video data distribution system and method and camera data processing system | |
| JP2728066B2 (en) | Unit switching device | |
| CN113300885B (en) | Network switching equipment and method | |
| RU2705421C1 (en) | Method of transmitting data over a bus, a communication system for realizing said method and an automatic protection device for preventing an emergency situation at a control object | |
| CN215300646U (en) | Bypass control device | |
| JP3248483B2 (en) | Alarm processing device | |
| JP2738229B2 (en) | Serial data communication controller | |
| CN115277485B (en) | Control method and device for network data and electronic equipment | |
| CN111052007A (en) | Control device and control method of slave device | |
| KR20030041804A (en) | Controller | |
| KR100295894B1 (en) | Group management control apparatus of elevator | |
| JP3320570B2 (en) | How to recover from a system error | |
| JP2706027B2 (en) | Programmable controller | |
| JPH0451734A (en) | Communication controller | |
| JPS60247760A (en) | Data communication system | |
| JP3324355B2 (en) | Operation abnormality monitoring system | |
| CN115562134A (en) | CAN bus protection module, method and system and vehicle | |
| CN118101554A (en) | Backup method and device for on-board dual-system communication link and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |