CN102238030A - Signal security data network system and network management system - Google Patents
Signal security data network system and network management system Download PDFInfo
- Publication number
- CN102238030A CN102238030A CN2011101253066A CN201110125306A CN102238030A CN 102238030 A CN102238030 A CN 102238030A CN 2011101253066 A CN2011101253066 A CN 2011101253066A CN 201110125306 A CN201110125306 A CN 201110125306A CN 102238030 A CN102238030 A CN 102238030A
- Authority
- CN
- China
- Prior art keywords
- switch
- network
- net
- net layer
- security data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a signal security data network system and a network management system. The signal security data network system comprises station TCCs (Train Control Centers), CBI (Computer Based Interlocking), relay TCCs, RBCs (Radio Block Centers), TSRSs (Temporary Speed Restriction Servers), a plurality of left network two-layer switches, a plurality of right network two-layer switches, a plurality of left network relays, a plurality of right network two-layer switches and a plurality of right network relays, wherein the station TCCs and the CBI are positioned on a plurality of stations; the left network two-layer switches are connected in series; the right network two-layer switches and the left network relays are connected in series; the right network two-layer switches and the right network relays are connected in series; and the left network two-layer switches, the right network two-layer switches, the left network relays and the right network relays constitute a signal security data network with a redundant double-ring structure. The network management system comprises a plurality of network management monitoring systems, a telecommunication monitoring center and the signal security data network system, wherein the signal security data network system is connected with the plurality of network management monitoring systems respectively. According to the invention, the reliability, security, instantaneity and maintainability of the data network are enhanced.
Description
Technical field
The present invention relates to the track traffic technology and the communication technology, relate in particular to a kind of signals security data network system and network management system.
Background technology
Along with the continuous upgrading of track traffic technology, China railways has been passed through several times significantly speed-raising, and the speed of high-speed railway has surpassed per hour 350 kilometers at present, and the minimum tracking time foreshortens to 3 minutes.Therefore, high-speed, the high density of train, high security, high-quality operation are had higher requirement to reliability, availability, maintainability and the fail safe of signal communication net.At present, in the C3 train control system, the ground train control system mainly comprises radio block center (Radio Block Center; Hereinafter to be referred as: RBC), temporary speed limitation server (Temporary Speed Restriction Server; Hereinafter to be referred as: TSRS), computer interlock (Computer Based Interlooking; Hereinafter to be referred as: CBI) with row control center (Train Control Center; Hereinafter to be referred as: TCC).These row control equipment rooms adopt Ethernet to carry out information interaction, and its data communication has following characteristics: these equipment are installed on the railway station along the line or on the relay station, and the information span is bigger; The real-time of data demand is higher; The network reliability height; The information security data network is maintainable strong, in case break down, must recover in the extremely short time, in order to avoid influence the operation of train.Network construction characteristic at the signals security data network, how to set up signals security data network and network management system thereof effectively, when guaranteeing real-time communication, reliability, fail safe, can carry out network management and plant maintenance easily again, become Chinese train operation control system (Chinese Train Control System; Hereinafter to be referred as: CTCS)-3 stubborn problem relatively in (being the C3 train control system).
Signals security data network of the prior art adopts the Single-ring network structure usually, this structure can satisfy that the information space span is less, plant maintenance is more convenient, to require be not extra high most application scenarios to the redundancy of network, as wind-powered electricity generation unit monitoring system, the subway control system, the thermal power plant.
Yet the C3 train control system is real-time train control system, and its information interaction amount is big, spatial extent is big, plant maintenance is difficulty relatively, and higher to data network reliability, fail safe and real-time, Single-ring network structure of the prior art and network management system can't satisfy these demands.
Summary of the invention
The invention provides a kind of signals security data network system and network management system, solve the defective that the information interaction amount is big, spatial extent big, plant maintenance is relatively more difficult that Single-ring network structure of the prior art can't satisfy C3 train control system demand, improve reliability, fail safe and the real-time of data network.
The invention provides a kind of signals security data network system, comprise the station row control center TCC and the computer interlock CBI that are positioned at a plurality of stations, be positioned at relay station TCC and the radio block center RBC and the temporary speed limitation server TSRS of a plurality of relay stations, also comprise: a plurality of left net Layer 2 switch and left net repeaters that are one another in series and connect, a plurality of right net Layer 2 switch and right net repeaters that are one another in series and connect, described left net Layer 2 switch, described right net Layer 2 switch and described left net repeater and described right net repeater constitute the signals security data network of redundant twin nuclei, wherein:
The side of a described station TCC and a described CBI links to each other with a described left net Layer 2 switch, and its opposite side links to each other with a described right net Layer 2 switch; The side of a described relay station TCC links to each other with a described left net Layer 2 switch, and its opposite side links to each other with a described right net Layer 2 switch; The side of a described RBC links to each other with a described left net Layer 2 switch, and its opposite side links to each other with a described right net Layer 2 switch; The side of a described TSRS links to each other with a described left net Layer 2 switch, and its opposite side links to each other with a described right net Layer 2 switch;
Described left net repeater is used for connecting two left net Layer 2 switch that distance surpasses default distance threshold on the circuitous loop of left side net, and described right net repeater is used for connecting two right net Layer 2 switch that distance surpasses default distance threshold on the circuitous loop of right side net; Left side main line passage optical cable is adopted in the described data interaction that is one another in series between the left net Layer 2 switch that connects, right side main line passage optical cable is adopted in data interaction between the described left net repeater, right side main line passage optical cable is adopted in data interaction between described left net repeater and the left net Layer 2 switch, right side main line passage optical cable is adopted in the described data interaction that is one another in series between the right net Layer 2 switch that connects, left side main line passage optical cable is adopted in data interaction between the described right net repeater, and left side main line passage optical cable is adopted in the data interaction between described right net repeater and the right net Layer 2 switch.
The invention provides a kind of network management system, comprise a plurality of webmaster monitoring systems, electric affair monitoring center and above-mentioned signals security data network system, described signals security data network system links to each other with a plurality of webmaster monitoring systems respectively, described webmaster monitoring system links to each other with described electric affair monitoring center by signal system secure data webmaster monitoring network, the data of described a plurality of webmaster monitoring systems are redundancy backup each other, wherein:
Described webmaster monitoring system comprises network management system server, monitoring network switch and router, described router links to each other with described monitoring network switch with described network management system server respectively, and described electric affair monitoring center comprises the network switch and the webmaster terminal that is connected with each other;
A plurality of left net Layer 2 switch in the described signals security data network system links to each other with router in described a plurality of webmaster monitoring systems respectively, and a plurality of right net Layer 2 switch in the described signals security data network system links to each other with router in described a plurality of webmaster monitoring systems respectively.
Signals security data network system of the present invention and network management system, by a plurality of left net Layer 2 switch that are one another in series and connect are set, a plurality of right net Layer 2 switch and repeaters that are one another in series and connect, and described left net Layer 2 switch, described right net Layer 2 switch and described repeater constitute the signals security data network of redundant twin nuclei, the invention solves Single-ring network structure of the prior art, can't to satisfy the information interaction amount of C3 train control system demand big, spatial extent is big, plant maintenance is the defective of difficulty relatively, has improved the reliability of data network, fail safe, real-time and maintainability.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do one to the accompanying drawing of required use in embodiment or the description of the Prior Art below introduces simply, apparently, accompanying drawing in describing below is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the group-network construction schematic diagram of signals security data network system embodiment of the present invention;
Fig. 2 divides schematic diagram for the subnet of signals security data network system embodiment of the present invention;
Fig. 3 is the branch line structural representation of signals security data network system embodiment of the present invention;
Fig. 4 is the structural representation of network management system embodiment of the present invention.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
Fig. 1 is the group-network construction schematic diagram of signals security data network system embodiment of the present invention, as shown in Figure 1, present embodiment provides a kind of signals security data network system, can specifically be adapted in the C3 train control system, this system applies is in enclosed environment, and this signals security data network system can specifically comprise station TCC 1 and a plurality of CBI 2, the relay station TCC 3 that is positioned at a plurality of relay stations, RBC 4 and the TSRS 5 that is positioned at a plurality of stations.Wherein, only be provided with usually in station on a cover station TCC 1 and 2, one relay stations of CBI a relay station TCC 3 also only is set usually.Article one, Line for Passenger Transportation has only several RBC 4 and several TSRS 5, and its concrete quantity is decided on the scale of Line for Passenger Transportation, and RBC 4 and TSRS 5 all are placed on the station that is easier in the Line for Passenger Transportation manage.The signals security data network system that present embodiment provides also comprises a plurality of left net Layer 2 switch 6 and left net repeater 81, a plurality of right net Layer 2 switch 7 and right net repeater 82 that is one another in series and is connected that are one another in series and connect, and left net Layer 2 switch 6, right net Layer 2 switch 7, left net repeater 81 and right net repeater 82 can constitute the signals security data network of redundant twin nuclei.The signals security data network system that present embodiment provides adopts independently the network equipment, passage independently, adopt Industrial Ethernet switch and railway both sides to lay optical fiber along the railway and constitute two redundant ring network structures, two nets are on-line operation simultaneously, and two looped networks are from physically isolating.
The access device in the present embodiment and the network equipment adopt the technical grade standard design; energy consumption is low; can adapt to environment such as extremely abominable temperature, humidity and electromagnetism; and overload and short-circuit protection have been considered in the design of equipment; can effectively prevent surge and thunderbolt; Layer 2 switch adopts the redundant power technology, and two power supplys are independently-powered, and the single supply fault can not influence the operate as normal of equipment.Customization IP address conflict monitoring mechanism in switch is opened IP address conflict simultaneously and is avoided initiatively and passive mode, prevents the IP address conflict of network.Present embodiment is customization faulted line preface netting twine detecting function in switch also, in time detects in-problem netting twine, avoids so form broadcast storm; Customization storm inhibit feature in switch prevents because the network storm that network interface fault, equipment fault cause causes network paralysis.
In the present embodiment, application apparatuss such as station TCC, CBI, relay station TCC, RBC, TSRS all possess two network interface cards, can insert simultaneously in two nets.Wherein, the side of a station TCC 1 and a CBI 2 links to each other with a left net Layer 2 switch 6, the opposite side of station TCC 1 and CBI 2 links to each other with a right net Layer 2 switch 7, a network interface card that is station TCC 1 and CBI 2 is connected left net Layer 2 switch 6, and another network interface card connects right net Layer 2 switch 7.The side of a relay station TCC 3 links to each other with a left net Layer 2 switch 6, the opposite side of relay station TCC 3 links to each other with a right net Layer 2 switch 7, a network interface card that is relay station TCC 3 connects left net Layer 2 switch 6, and another network interface card connects right net Layer 2 switch 7.The side of a RBC 4 links to each other with a left net Layer 2 switch 6, and the opposite side of RBC 4 links to each other with a right net Layer 2 switch 7, and promptly RBC 4 network interface card connects left net Layer 2 switch 6, and another network interface card connects right net Layer 2 switch 7.The side of a TSRS 5 links to each other with a left net Layer 2 switch 6, and the opposite side of TSRS 5 links to each other with a right net Layer 2 switch 7, and promptly TSRS 5 network interface card connects left net Layer 2 switch 6, and another network interface card connects right net Layer 2 switch 7.
Left net repeater in the present embodiment or right net repeater adopt two nets mode arranged in a crossed manner, avoid the repeater of dual-ring network to be placed on same website, and single station has a power failure, and causes dual-ring network to interrupt fully.Wherein, left side main line passage optical cable is adopted in the data interaction that is one another in series between the left net Layer 2 switch 6 that connects, right side main line passage optical cable is adopted in the data interaction that is one another in series between the left net repeater 81 that connects, right side main line passage optical cable is adopted in data interaction between left side net repeater 81 and the left net Layer 2 switch 6, right side main line passage optical cable is adopted in the data interaction that is one another in series between the right net Layer 2 switch 7 that connects, left side main line passage optical cable is adopted in the data interaction that is one another in series between the right net repeater 82 that connects, and left side main line passage optical cable is adopted in the data interaction between right net repeater 82 and the right net Layer 2 switch 7.In the present embodiment, adopt special-purpose monomode fiber between signals security data website, optical fiber is divided into different physical pathways is laid on the rail both sides, totally 12 core fibres, wherein 6 core fibres adopt a sidelight cable, and other 6 cores adopt the opposite side optical cable, wherein, every sidelight cable is reserved 2 core fibres as standby.Serial connection between the left net Layer 2 switch at each station adopts left side main line passage optical cable, and the left net repeater of circuitous channel adopts right side main line passage optical cable.Serial connection between the right net Layer 2 switch at each station adopts right side main line passage optical cable, and the right net repeater of circuitous channel adopts left side main line passage optical cable.Particularly, left net repeater in the present embodiment or right net repeater can be separately positioned on a plurality of different stations or relay station, cause whole network to interrupt to avoid a station or relay station to break down.Present embodiment utilizes the staggered use of different pathway optical fiber, helps preventing that under the fortuitous event, one-sided optical cable is pounded disconnected, causes using one-sided fiber network to be interrupted fully.In the present embodiment, the redundant mutually backup mutually of the data of two nets even Single Point of Faliure appears in single net even single net is paralysed fully, also can not influence the proper communication of application system.
For train control system provides " quadruple insurance ", promptly when Single Point of Faliure took place single net, single net can not cause network to interrupt to present embodiment on the structure, and the train control system operation is normal; When one sided network is paralysed fully, the opposite side network still can normally move, and guarantees that train control system normally moves.Two nets of the signals security data network of present embodiment adopt independently physical channel, and link and alternative link are made of the optical fiber of circuit both sides respectively between standing, even the optical cable that railway is one-sided is because the damage of situations such as flood, construction, two Netcoms letter can not interrupt, and train control system still moves normally.In addition, the arranged crosswise of repeater makes single station outage on the circuit, and only the row control devices communicating at the single station of influence or not the proper communication at other stations.
Fig. 2 divides schematic diagram for the subnet of signals security data network system embodiment of the present invention, as shown in Figure 2, the signals security data network system that present embodiment provides can also comprise a plurality of three-tier switch, three-tier switch can be used for the signals security data network is divided into a plurality of signals security data subnets, promptly for the long Line for Passenger Transportation of circuit, the situation that the station is many can come data network is carried out the subnet division by three-tier switch is set.Particularly, system node in system, be that layer 2-switched quantity surpasses default amount threshold, can amount threshold be set to 60 herein, when layer 2-switched quantity surpasses 60, by isolating points the signals security data network is divided into a plurality of signals security data subnets, to isolate, adopt routing to communicate between different sub-network, isolating points herein is specially the technical grade three-tier switch.Three-tier switch in the present embodiment can specifically comprise left net three-tier switch 91 and right net three-tier switch 92.Wherein, each left net three-tier switch 91 links to each other with the left net Layer 2 switch 6 that is positioned at each signals security data subnet edge respectively between two signals security data subnets adjacent one another are.Each right net three-tier switch 92 links to each other with the right net Layer 2 switch 7 that is positioned at each signals security data subnet edge respectively between two signals security data subnets adjacent one another are.A plurality of left net three-tier switch in the present embodiment is arranged on the different websites, and a plurality of right net three-tier switch also are arranged on the different websites.Particularly, the three-tier switch that is used for every side subnet isolation in the present embodiment is for being staggeredly placed, and the same side three-tier switch adopts the mode of aggregated links to connect, promptly adopt the mode of aggregated links to connect between two left net three-tier switch, adopt the mode of aggregated links to connect between two right net three-tier switch.Wherein, aggregated links is made of the optical fiber in different paths, and the fault of single link can not cause communication interruption.This shows that present embodiment is divided different VLANs for management data and different business datums, has further dwindled the broadcast storm scope, has improved the reliability of system.
When the incompatible looped network agreement of the network equipment maybe should not get involved looped network, present embodiment adopted a line structure to be connected in the looped network.Fig. 3 is the branch line structural representation of signals security data network system embodiment of the present invention, as shown in Figure 3, the signals security data network system that present embodiment provides can also comprise branch line left side net Layer 2 switch 13 and the branch line right side net Layer 2 switch 14 that line structure, this line structure comprise branch line station TCC 11 and branch line CBI 12, link to each other with branch line CBI 12 with branch line station TCC 11.Wherein, branch line left side net Layer 2 switch 13 is connected with the mode of the left net Layer 2 switch 6 that is positioned at described signals security data network edge by aggregated links, and the right net Layer 2 switch 14 of branch line is connected with the mode of the right net Layer 2 switch 7 that is positioned at described signals security data network edge by aggregated links.
Looped network agreement in the present embodiment has been given up traditional RSTP (Rapid Spaning Tree Protocol; Hereinafter to be referred as: RSTP), adopted super redundancy loop proprietary protocol, made that looped network can rapidly self-healing.And crucial link adopts link aggregation, and link aggregation protocols is selected the static link aggregation protocol for use, the raising system reliability.The mode that Routing Protocol in the present embodiment selects for use static routing protocol and dynamic routing protocol to combine, when dynamic routing protocol lost efficacy, static routing can work on by seamless switching.In addition, because network configuration more complicated such as hinge, a large amount of critical datas are finished by gateway, adopt the redundant gateway agreement that the reliability of webmaster may greatly be provided, two three-tier switch of virtual gateway have been disposed, for applied host machine is transparent, and any three-tier switch machine of delaying can not influence the route and the forwarding of train control system critical data.Restorability fast when the network coupled technology that adopts present embodiment has realized between the regional branching networks redundant the connection is no more than 500ms recovery time.
Present embodiment adopts advanced super redundancy loop technology, guarantees the looped network self-healing time less than 50ms, and inter-network recovery time is less than 500ms.For the data communication of striding route, present embodiment adopts the metric of static routing protocol and reduction Routing Protocol to reduce the switch expense, improves the forwarding speed of switch.Present embodiment is also optimized the trend of optical-fibre channel, has reduced the number of times that continues of optical fiber, has guaranteed channel quality, has improved the real-time of system.
Fig. 4 is the structural representation of network management system embodiment of the present invention, as shown in Figure 4, present embodiment provides a kind of network management system, present embodiment causes the network management system paralysis in order to prevent the NM server fault, adopt redundancy scheme in the network management system, promptly network management system can comprise the signals security data network system 403 shown in a plurality of webmaster monitoring systems 401, electric affair monitoring center 402 and above-mentioned Fig. 1, Fig. 2 or Fig. 3.Wherein, signals security data network system 403 links to each other with a plurality of webmaster monitoring systems 401 respectively, webmaster monitoring system 401 links to each other with electricity affair monitoring center 402 by signal system secure data webmaster monitoring network, and the data of a plurality of webmaster monitoring systems 401 are redundancy backup each other.Wherein, webmaster monitoring system 401 can specifically comprise network management system server 411, monitoring network switch 421 and router four 31, router four 31 links to each other with monitoring network switch 421 with network management system server 411 respectively, and electric affair monitoring center 402 can specifically comprise the network switch 412 and the webmaster terminal 422 that is connected with each other.Signals security data network system 403 can comprise left-side signal secure data net and right-side signal secure data net.A plurality of left net Layer 2 switch 6 in the signals security data network system links to each other with router four 31 in a plurality of webmaster monitoring systems 401 respectively, and a plurality of right net Layer 2 switch 7 in the signals security data network system 403 links to each other with router four 31 in a plurality of webmaster monitoring systems 401 respectively.
Particularly, it is the IP address of the same network segment that the router four 31 in the present embodiment specifically is used for the IP address spaces of left net Layer 2 switch 6 and right net Layer 2 switch 7, and adopts network address translation (Network Address Translation; Hereinafter to be referred as: NAT) map addresses strategy and Access Control List (ACL) (Access Control List; Hereinafter to be referred as: ACL) filtering policy carries out isolation processing to the data of left net Layer 2 switch 6 and right net Layer 2 switch 7, makes the left and right sides complete network of signals security data network isolate, and can not carry out mutual communication.In the present embodiment,, then different IP address spaces is become the address of the same network segment, reduced the network interface card quantity of NM server by router because left and right sides signals security data network adopts different address field IP address.And the router four in the present embodiment 31 adopts strict routing policy, make the webmaster terminal can only visit the network management system server, and direct calling-on signal secure data net, effectively improved the fail safe of system, and the mutual backup by many set of network administration systems server, the webmaster terminal can be visited any set of network administration systems server simultaneously.
Further, the webmaster monitoring system 401 in the gateway system in the present embodiment can also comprise fire compartment wall 441, and fire compartment wall 441 is arranged between network management system server 411 and the router four 31 and between router four 31 and the monitoring network switch 421.Present embodiment is by between network management system server 411 and the router four 31, add hardware firewall between monitoring network switch 421 and the router four 31, fire compartment wall 441 adopts transparent bridge technology, open common anti-attack strategies, and open the ports filter function, close down no port.Present embodiment starts attack protection and restrict access strategy by fire compartment wall is set on fire compartment wall in network management system, effectively resist various disc operating system (Disk Operating System; Hereinafter to be referred as: DoS)/distributed denied access (Distributed Denial of Service; Hereinafter to be referred as: DDoS) attack, it can discern and defend attacks such as syn flood, icmp flood, udp flood, tcp scan, udpscan, ping sweep, teardrop, land, ping of death, the worm-type virus that depth-type filtration spreads through the internet, thereby the fail safe of assurance secure data net.Present embodiment can also be in network management system the network management system server and the webmaster terminal on the antivirus software of regular update is installed.
In the present embodiment, under the situation of not dividing subnet, on router, make the NAT address transition, the address of network management system server is mapped to respectively in two looped networks, such two looped networks are not connected, and the switch in the looped network can be by NAT address visit NM server.When divided subnet in looped network, the address of network management system server is mapped to respectively after two looped networks, in order to keep the independence of two looped networks, the gateway of network management system can be arranged on and adopt ACL to isolate on the webmaster router.If do not adopt ACL, then the gateway of network management can not be arranged on the router, and should be arranged on the three-tier switch of isolating subnet.In addition, be provided with at the webmaster router and only allow remote network management terminal access network management system server, do not allow directly two looped networks of visit of network management system server, guarantee the fail safe of signals security data network.
Further, network management system server 411 in the network management system in the present embodiment is provided with time server, this time server is used to the equipment in the described network management system that the time synchronized service is provided, and makes that whole network equipment and time server are synchronous, can make things convenient for searching and locating of fault.
Network management system in the present embodiment is made of network management system server 411, fire compartment wall 441, router four 31, webmaster monitoring network and webmaster terminal 422.The all-network management information that a left side net Layer 2 switch 6 and right net Layer 2 switch 7 obtain is compiled by the gigabit up going port and is routed to network management system server 411 unified processing, and draws the topological diagram of the whole network.In case device fails or passage interrupt, network management system server 411 is reported to the police immediately, and preserves detailed log information, for the investigation of fault provides foundation.Network management system server 411 adopts professional server hardware configuration, stable performance, disposal ability brilliance.Software adopts professional webmastering software, can handle the network management information of thousands of switches simultaneously, and network state is implemented monitoring.In addition, situation at the place remote visit, present embodiment adopts " client-server " pattern to set up the network management system long distance service system, the webmaster terminal obtains the state information of visual network by signal system secure data net monitoring network from NM server, can realize the real-time monitoring to network state and equipment state like a cork.
Present embodiment is by utilizing the port security strategy of equipment, close no port, and by with port and fixed ip address even the method for binding with fixing MAC Address, limit the terminal equipment that uses switch ports themselves, fundamentally stop the disabled user and insert in the communication network of Line for Passenger Transportation from each station.Present embodiment can also be provided with switch by the cryptoguard mechanism of switch itself; safety with protection switch itself; prevent that unauthorized user is configured modification, security settings modification by variety of ways such as network, WEB to equipment, and normal setting and management work can be by authorizing special-purpose management work station operate the network equipment.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (8)
1. signals security data network system, comprise the station row control center TCC and the computer interlock CBI that are positioned at a plurality of stations, be positioned at relay station TCC and the radio block center RBC and the temporary speed limitation server TSRS of a plurality of relay stations, it is characterized in that, also comprise: a plurality of left net Layer 2 switch and left net repeaters that are one another in series and connect, a plurality of right net Layer 2 switch and right net repeaters that are one another in series and connect, described left net Layer 2 switch, described right net Layer 2 switch, described left net repeater and described right net repeater constitute the signals security data network of redundant twin nuclei, wherein:
The side of a described station TCC and a described CBI links to each other with a described left net Layer 2 switch, and its opposite side links to each other with a described right net Layer 2 switch; The side of a described relay station TCC links to each other with a described left net Layer 2 switch, and its opposite side links to each other with a described right net Layer 2 switch; The side of a described RBC links to each other with a described left net Layer 2 switch, and its opposite side links to each other with a described right net Layer 2 switch; The side of a described TSRS links to each other with a described left net Layer 2 switch, and its opposite side links to each other with a described right net Layer 2 switch;
Described left net repeater is used for connecting two left net Layer 2 switch that distance surpasses default distance threshold on the circuitous loop of left side net, and described right net repeater is used for connecting two right net Layer 2 switch that distance surpasses default distance threshold on the circuitous loop of right side net; Left side main line passage optical cable is adopted in the described data interaction that is one another in series between the left net Layer 2 switch that connects, right side main line passage optical cable is adopted in data interaction between the described left net repeater, right side main line passage optical cable is adopted in data interaction between described left net repeater and the left net Layer 2 switch, right side main line passage optical cable is adopted in the described data interaction that is one another in series between the right net Layer 2 switch that connects, left side main line passage optical cable is adopted in data interaction between the described right net repeater, and left side main line passage optical cable is adopted in the data interaction between described right net repeater and the right net Layer 2 switch.
2. signals security data network according to claim 1 system is characterized in that also comprise a plurality of three-tier switch, described three-tier switch is used for the signals security data network is divided into a plurality of signals security data subnets; Described three-tier switch comprises left net three-tier switch and right net three-tier switch, described left net three-tier switch links to each other with the described left net Layer 2 switch that is positioned at each described signals security data subnet edge respectively between two described signals security data subnets adjacent one another are; Described right net three-tier switch links to each other with the described right net Layer 2 switch that is positioned at each described signals security data subnet edge respectively between two described signals security data subnets adjacent one another are; Adopt the mode of aggregated links to connect between two described left net three-tier switch or between two described right net three-tier switch.
3. signals security data network according to claim 1 and 2 system, it is characterized in that, also comprise a line structure, described line structure comprises branch line station TCC and branch line CBI, branch line left side net Layer 2 switch that links to each other with branch line CBI with described branch line station TCC and the right net Layer 2 switch of branch line, described branch line left side net Layer 2 switch is connected with the mode of the described left net Layer 2 switch that is positioned at described signals security data network edge by aggregated links, and the right net Layer 2 switch of described branch line is connected with the mode of the described right net Layer 2 switch that is positioned at described signals security data network edge by aggregated links.
4. signals security data network according to claim 2 system, it is characterized in that, described left net repeater is separately positioned on the different station or relay station with right net repeater, and described left net three-tier switch is separately positioned on the different websites with described right net three-tier switch.
5. network management system, it is characterized in that, comprise among a plurality of webmaster monitoring systems, electric affair monitoring center and the aforesaid right requirement 1-4 each described signals security data network system, described signals security data network system links to each other with a plurality of webmaster monitoring systems respectively, described webmaster monitoring system links to each other with described electric affair monitoring center by signal system secure data webmaster monitoring network, the data of described a plurality of webmaster monitoring systems are redundancy backup each other, wherein:
Described webmaster monitoring system comprises network management system server, monitoring network switch and router, described router links to each other with described monitoring network switch with described network management system server respectively, and described electric affair monitoring center comprises the network switch and the webmaster terminal that is connected with each other;
A plurality of left net Layer 2 switch in the described signals security data network system links to each other with router in described a plurality of webmaster monitoring systems respectively, and a plurality of right net Layer 2 switch in the described signals security data network system links to each other with router in described a plurality of webmaster monitoring systems respectively.
6. network management system according to claim 5, it is characterized in that, the IP address that it is the same network segment that described router is used for described left net Layer 2 switch and the layer 2-switched IP address spaces of described right net, and adopt network address translation NAT map addresses strategy and access control list ACL filtering policy that described left net Layer 2 switch and the layer 2-switched data of described right net are carried out isolation processing.
7. according to claim 5 or 6 described network management systems, it is characterized in that described webmaster monitoring system also comprises fire compartment wall, be arranged between described network management system server and the described router and described router and described monitoring network switch between.
8. according to claim 5 or 6 described network management systems, it is characterized in that described network management system server is provided with time server, described time server is used to the equipment in the described network management system that the time synchronized service is provided.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101253066A CN102238030B (en) | 2011-05-16 | 2011-05-16 | Signal security data network system and network management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101253066A CN102238030B (en) | 2011-05-16 | 2011-05-16 | Signal security data network system and network management system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102238030A true CN102238030A (en) | 2011-11-09 |
| CN102238030B CN102238030B (en) | 2013-11-13 |
Family
ID=44888277
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011101253066A Active CN102238030B (en) | 2011-05-16 | 2011-05-16 | Signal security data network system and network management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102238030B (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104065515A (en) * | 2014-07-03 | 2014-09-24 | 上海自仪泰雷兹交通自动化系统有限公司 | Multi-loop system for DCS system |
| CN104065516A (en) * | 2014-07-03 | 2014-09-24 | 上海自仪泰雷兹交通自动化系统有限公司 | Double-ring switching method for DCS backbone network |
| CN107171715A (en) * | 2017-05-31 | 2017-09-15 | 中铁第四勘察设计院集团有限公司 | A kind of railway signal data web frame and attaching method thereof |
| CN107948037A (en) * | 2017-11-23 | 2018-04-20 | 中车株洲电力机车有限公司 | A kind of data transmission network based on vehicle and a kind of vehicle |
| CN110380935A (en) * | 2019-07-23 | 2019-10-25 | 杭州数梦工场科技有限公司 | Port scanning method and device |
| CN110933054A (en) * | 2019-11-19 | 2020-03-27 | 北京西南交大盛阳科技有限公司 | Data network security protection method and device, computer equipment and storage medium |
| CN111585979A (en) * | 2020-04-22 | 2020-08-25 | 广州锦行网络科技有限公司 | Complex multi-structure network isolation technology implementation method based on network mapping |
| CN112100000A (en) * | 2020-11-11 | 2020-12-18 | 卡斯柯信号(北京)有限公司 | Data recovery method and device based on security critical system |
| CN112272202A (en) * | 2020-09-18 | 2021-01-26 | 苏州浪潮智能科技有限公司 | Method and system for communication between management software server and system internal components |
| CN112787836A (en) * | 2019-11-07 | 2021-05-11 | 比亚迪股份有限公司 | Information security network topology and method for implementing information security |
| CN113973046A (en) * | 2021-09-06 | 2022-01-25 | 交控科技股份有限公司 | Wired safety data network and train-ground communication mobile block signal network for train operation station |
| CN113973046B (en) * | 2021-09-06 | 2024-05-03 | 交控科技股份有限公司 | Wired safety data network and train ground communication mobile blocking signal network for train operation station |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060215546A1 (en) * | 2005-03-28 | 2006-09-28 | Fujitsu Limited | Data relay apparatus and failure recovery method |
| CN101262402A (en) * | 2007-11-08 | 2008-09-10 | 北京东土科技股份有限公司 | A method for realizing redundant backup between loop networks |
| CN101420380A (en) * | 2008-11-28 | 2009-04-29 | 西安邮电学院 | Double-layer double-loop on chip network topology construction |
-
2011
- 2011-05-16 CN CN2011101253066A patent/CN102238030B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060215546A1 (en) * | 2005-03-28 | 2006-09-28 | Fujitsu Limited | Data relay apparatus and failure recovery method |
| CN101262402A (en) * | 2007-11-08 | 2008-09-10 | 北京东土科技股份有限公司 | A method for realizing redundant backup between loop networks |
| CN101420380A (en) * | 2008-11-28 | 2009-04-29 | 西安邮电学院 | Double-layer double-loop on chip network topology construction |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104065516A (en) * | 2014-07-03 | 2014-09-24 | 上海自仪泰雷兹交通自动化系统有限公司 | Double-ring switching method for DCS backbone network |
| CN104065515A (en) * | 2014-07-03 | 2014-09-24 | 上海自仪泰雷兹交通自动化系统有限公司 | Multi-loop system for DCS system |
| CN107171715A (en) * | 2017-05-31 | 2017-09-15 | 中铁第四勘察设计院集团有限公司 | A kind of railway signal data web frame and attaching method thereof |
| CN107171715B (en) * | 2017-05-31 | 2023-10-31 | 中铁第四勘察设计院集团有限公司 | Railway signal data network system and connection method thereof |
| CN107948037A (en) * | 2017-11-23 | 2018-04-20 | 中车株洲电力机车有限公司 | A kind of data transmission network based on vehicle and a kind of vehicle |
| CN107948037B (en) * | 2017-11-23 | 2021-02-05 | 中车株洲电力机车有限公司 | Data transmission network based on vehicle and vehicle |
| CN110380935A (en) * | 2019-07-23 | 2019-10-25 | 杭州数梦工场科技有限公司 | Port scanning method and device |
| CN112787836A (en) * | 2019-11-07 | 2021-05-11 | 比亚迪股份有限公司 | Information security network topology and method for implementing information security |
| CN110933054A (en) * | 2019-11-19 | 2020-03-27 | 北京西南交大盛阳科技有限公司 | Data network security protection method and device, computer equipment and storage medium |
| CN110933054B (en) * | 2019-11-19 | 2022-04-15 | 北京西南交大盛阳科技有限公司 | Data network security protection method and device, computer equipment and storage medium |
| CN111585979A (en) * | 2020-04-22 | 2020-08-25 | 广州锦行网络科技有限公司 | Complex multi-structure network isolation technology implementation method based on network mapping |
| CN112272202A (en) * | 2020-09-18 | 2021-01-26 | 苏州浪潮智能科技有限公司 | Method and system for communication between management software server and system internal components |
| CN112272202B (en) * | 2020-09-18 | 2022-11-15 | 苏州浪潮智能科技有限公司 | Method and system for communication between management software server and system internal components |
| CN112100000B (en) * | 2020-11-11 | 2021-04-13 | 卡斯柯信号(北京)有限公司 | Data recovery method and device based on security critical system |
| CN112100000A (en) * | 2020-11-11 | 2020-12-18 | 卡斯柯信号(北京)有限公司 | Data recovery method and device based on security critical system |
| CN113973046A (en) * | 2021-09-06 | 2022-01-25 | 交控科技股份有限公司 | Wired safety data network and train-ground communication mobile block signal network for train operation station |
| CN113973046B (en) * | 2021-09-06 | 2024-05-03 | 交控科技股份有限公司 | Wired safety data network and train ground communication mobile blocking signal network for train operation station |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102238030B (en) | 2013-11-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102238030B (en) | Signal security data network system and network management system | |
| CN102984057B (en) | A kind of Multi-service integration dual-redundancy network system | |
| CN110426971B (en) | Rail transit control network data acquisition and management method and system | |
| CN103095569B (en) | A kind of thermal capacitance calamity wide area network architecture of highly redundant low cost and its implementation | |
| CN213521957U (en) | Network access system based on digital ship network security | |
| CN101951367A (en) | Method for preventing campus network from virus attacks | |
| CN106102074A (en) | Express highway all-way is wireless WIFI covering system | |
| CN108668308A (en) | A kind of LTE PTN transmission nets and its static routing guard method | |
| CN102223277B (en) | A kind of design scheme for inter-station communication network of passenger dedicated railway | |
| CN104506614A (en) | Design method for distributed multi-activity data center based on cloud computing | |
| Hadley et al. | Software-defined networking redefines performance for ethernet control systems | |
| CN106060840A (en) | Expressway entire wireless WIFI coverage method | |
| CN115766335A (en) | Networking system for sharing technical research result information | |
| CN103873469B (en) | Broadcast control system | |
| CN107659582B (en) | Deep defense system for effectively treating APT attack | |
| CN113676469A (en) | Enterprise network security management method | |
| CN203827363U (en) | Distribution communication network structure | |
| CN110417725B (en) | Multi-layer cooperative defense model suitable for source network load control private network | |
| CN104113434A (en) | Data center network redundancy control device by adopting multi-chassis cluster system | |
| CN112804131B (en) | Access control method based on VLAN structure | |
| Skendzic et al. | Extending the substation LAN beyond substation boundaries: Current capabilities and potential new protection applications of wide-area Ethernet | |
| Ujcich et al. | Thoughts on the Internet architecture from a modern enterprise network outage | |
| CN114401155B (en) | Network security protection method and system | |
| CN104901883A (en) | Method and device for configuring router, and main and standby service routers | |
| CN111917700A (en) | Method for solving problems of management and control vulnerability and environmental compatibility caused by single access technology based on hybrid access technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee | ||
| CP03 | Change of name, title or address |
Address after: 100070, No. 12, building 188, zone 1, South Fourth Ring Road, Fengtai District, Beijing Patentee after: BEIJING NATIONAL RAILWAY RESEARCH & DESIGN INSTITUTE OF SIGNAL & COMMUNICATION GROUP LTD. Address before: 100073, Beijing, Fengtai District Huayuan one mile No. 18 building Patentee before: Beijing Quanlu Communication Signals Research and Design Institute Co., Ltd. |