CN103078844A - Bidirectional communication isolating device of power plant - Google Patents
Bidirectional communication isolating device of power plant Download PDFInfo
- Publication number
- CN103078844A CN103078844A CN2012105487594A CN201210548759A CN103078844A CN 103078844 A CN103078844 A CN 103078844A CN 2012105487594 A CN2012105487594 A CN 2012105487594A CN 201210548759 A CN201210548759 A CN 201210548759A CN 103078844 A CN103078844 A CN 103078844A
- Authority
- CN
- China
- Prior art keywords
- spacer assembly
- way communication
- network
- power plant
- monoblock
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a bidirectional communication isolating device of a power plant. With the adoption of the bidirectional communication isolating device, communication isolation between multiple unit plant control systems is realized, and meanwhile, bidirectional data exchange between multiple unit plants and a public system is realized. The main functions of the bidirectional communication isolating device are as follows: TCP (transmission control protocol) connection between unit plant application gateways is prohibited to be directly and indirectly established; TCP connection is established between the application gateways of the unit plants and the public system as well as inside and outside network cards of the insolating device; and the inside and outside network cards of the insolating device are in non-networked connection in the device, so that complete physical isolation between multiple unit plant control networks is realized, and meanwhile, bidirectional data exchange is realized between the unit plants and the public system in a non-networked mode; comprehensive message filter and assess control based on an IP, a transmission protocol, a transmission port and a communication direction are supported by adopting a transparent message monitoring mode without an IP address and an MAC (multi-access computer) address; a customized application layer protocol function is supported; and the bidirectional communication isolating device has safe and easy-to-use maintaining and managing manner, and has a graphical maintaining and managing tool based on a centralized safe management manner, so that the requirements on the maintainability and usability of the process system are satisfied.
Description
Technical field
The invention belongs to control technology field, power plant, being particularly related to the two-way communication spacer assembly can realize realizing Network Isolation between power plant unit control system, realize bidirectional data exchange between monoblock and synergic system simultaneously, guarantee system safety stable operation.
Background technology
Along with the continuous increase of power plant unit capacity, the stable operation of monoblock security of operation more and more comes into one's own.Monoblock supervisory control system data network is as the important infrastructure in power plant.Not only relevant with electrical production, operation and service, and closely related with the safe operation of dispatching of power netwoks and control system, be the important component part of power system security.
The Power Plant supervisory control system has very high safety requirements, many units are arranged in operation in the general power plant, there is synergic system in two or more units, require the control network data not share between the unit unit, but realize bidirectional data exchange between requirement and synergic system.Common measure has configuring firewalls, increase IP and ports filter rule, divide the modes such as VLAN by three-tier switch or router, but these measures have certain limitation, can not well play isolation effect, therefore realize that physical isolation as a kind of safely and effectively isolation method, more and more comes into one's own.Physical isolation apparatus delimited clear and definite secure border, so that the controllability of network strengthens, be convenient to internal control.
Comprehensive foregoing, the present invention proposes a kind of power plant two-way communication spacer assembly.Can realize the internetwork physical isolation of power plant unit control by this device, concentrate the security control access mode by the two-way communication spacer assembly, realize monoblock and the internetwork bidirectional data exchange of synergic system.Improved the fail safe of power plant monoblock supervisory control system.
Summary of the invention
For solving the above problem that exists in the prior art, the invention discloses power plant two-way communication spacer assembly.In physically-isolated situation between assurance power plant monoblock application system, realize realizing bidirectional data exchange between monoblock application network and synergic system network.
The present invention is specifically by the following technical solutions:
A kind of power plant two-way communication spacer assembly, described two-way communication spacer assembly is arranged between the two monoblock application networks, and has interface and be connected to the synergic system network that a plurality of units share, and it is characterized in that:
Described power plant two-way communication spacer assembly comprises fully independently CPU of two physical structures, i.e. a CPU and the 2nd CPU;
Wherein a CPU comprises two independently network interface cards, i.e. the first lan interfaces LAN1 and the second lan interfaces LAN2, wherein, the first lan interfaces LAN1 is connected with 1# monoblock application network, the second lan interfaces LAN2 is connected with the synergic system application network, does not exist between the first lan interfaces LAN1 and the second lan interfaces LAN2 indirectly or the straight-forward network connection;
The 2nd CPU comprises two independently network interface cards, i.e. the 3rd lan interfaces LAN3 and the 4th lan interfaces LAN4, wherein, the 3rd lan interfaces LAN3 is connected with 2# monoblock application network, the 4th lan interfaces LAN4 is connected with the synergic system application network, and the 3rd lan interfaces LAN3 does not exist indirectly with the 4th lan interfaces LAN4 or straight-forward network connects;
Two CPU of described power plant two-way communication spacer assembly structurally are separate physical hardware, in actual applications, the one CPU is responsible for finishing the exchanges data between 1# monoblock and synergic system, the 2nd CPU is responsible for finishing the exchanges data between 2# monoblock and synergic system, synergic system is distinguished the data of different units unit by the virtual address of a CPU and the 2nd CPU, the synergic system network data is then given different monoblock by the second lan interfaces LAN2 among the CPU in each two-way communication spacer assembly of power plant with the 4th lan interfaces LAN4 among the 2nd CPU simultaneously;
Power plant two-way communication spacer assembly based on above-mentioned structure has guaranteed between monoblock it is complete physical isolation, realizes bidirectional data exchange between each monoblock and synergic system simultaneously;
Described power plant two-way communication spacer assembly is forbidden directly or indirectly setting up between monoblock application network and the synergic system application network TCP and is connected, the exchanges data of the safety of physical isolation and non-network mode between the realization application network.
Described power plant two-way communication spacer assembly adopts transparent message monitoring mode, supports customized application layer protocol function, has message synthetic filter function.
The present invention also further comprises following optimal technical scheme.
Described power plant two-way communication spacer assembly adopts transparent message monitoring mode, supports customized application layer protocol function, has message synthetic filter function.
The two-way communication spacer assembly can receive all-network data from monoblock application network and synergic system application network by the UDP multicast mode, and the two-way communication spacer assembly adopts different multicast address towards monoblock and synergic system; After the two-way communication spacer assembly received data, at first by packet filtering, the message that meets the specific format requirement was resolved, and the message that does not meet call format is simply discarded.
Described power plant two-way communication spacer assembly adopts the way to manage of concentrating security control, supports the maintenance management instrument of all-graphic; All data accesses all pass through the two-way communication spacer assembly, and described two-way communication spacer assembly adopts the customized application layer protocol, and the application protocol that only meets feature could be by the two-way communication spacer assembly.
The two-way communication spacer assembly is provided with security access mechanism, the monoblock application network can be concentrated at described spacer assembly and realize safe access control, monoblock application network and synergic system network need not just can realize secure access by encrypted ones and identification authentication mode, the two-way communication spacer assembly has based on Java or standard C ++ the patterned maintenance management instrument of exploitation, can be by Java and standard C ++ carry out spacer assembly configuration, debugging, system diagnostics and maintenance work.
Do not set up directly between monoblock application network and the synergic system application network or indirectly TCP connection, be connected TCP with the spacer assembly network interface card by the gateway device of application network and connect, realize that physical layer connects the fully isolation of side.Realize the transmitted in both directions of data between unit control system and common control system by power plant two-way communication spacer assembly.
Described power plant two-way communication spacer assembly adopts transparent message monitoring mode, supports customized application layer protocol function, has message synthetic filter function.All data accesses all pass through network isolating device, and spacer assembly adopts the customized application layer protocol, and the application protocol that only meets feature could pass through network isolating device, so that network environment becomes is safer.
Beneficial effect of the present invention is as follows:
Two-way communication spacer assembly in power plant satisfies " regulation of electrical network and power plant's computer supervisory control system and dispatching data network security protection " requirement, the physical isolation between power plant unit control system can be realized, the bidirectional data transfers between monoblock and general-purpose system can be realized again simultaneously.Improved greatly the fail safe of power plant monoblock supervisory control system.
Description of drawings
Fig. 1 is power plant two-way communication spacer assembly network connection schematic diagram;
Fig. 2 is power plant two-way communication spacer assembly network structure;
Fig. 3 is power plant two-way communication spacer assembly functional flow diagram.
Embodiment
Below in conjunction with the explanation accompanying drawing technical scheme of the present invention is described in further detail.
Be illustrated in figure 1 as power plant two-way communication spacer assembly network connection schematic diagram.Many units are arranged in operation in the general power plant, there is synergic system in two or more units, require the control network data not share between the unit unit, but realize bidirectional data exchange between requirement and synergic system.Described power plant two-way communication spacer assembly by two independently physical hardware form, built-in two network interface cards of each physical hardware, monoblock application network and synergic system application network are resolved into inside and outside two application gateways, set up two TCP virtual junctions with two network interface cards of spacer assembly respectively.Two built-in network interface cards of each physical hardware of spacer assembly are non-network connections in device inside, and allow the data double-way transmission; It is separate forming between two physical hardwares of spacer assembly, does not have indirect or direct network connection, can guarantee that like this application network between monoblock is relevant independent, can guarantee again can carry out data interaction between monoblock and synergic system.
Be illustrated in figure 2 as power plant two-way communication spacer assembly network structure.Described power plant two-way communication spacer assembly comprises fully independently CPU of two physical structures, be respectively CPU1 and CPU2, integrated two independent network interface cards on each CPU board, if two monoblock share a cover synergic system in the power plant, CPU1 is responsible for finishing the exchanges data between #1 monoblock and synergic system, LAN1 network interface card on the CPU1 connects 1# monoblock application network, and the LAN2 network interface connects the synergic system application network.CPU2 is responsible for finishing the exchanges data between #2 monoblock application network and synergic system.LAN3 network interface card on the CPU2 connects 2# monoblock application network, and the LAN4 network interface connects the synergic system application network.Synergic system is divided data from the different units unit by virtual spacer assembly address area, and the network data of synergic system then sends to the two-way communication spacer assembly simultaneously by LAN2 and LAN4.The two-way communication spacer assembly supports at most 4 monoblock to share a cover synergic system.
Described power plant two-way communication spacer assembly is forbidden directly or indirectly setting up between monoblock application network and the synergic system application network TCP and is connected, the exchanges data of the safety of physical isolation and non-network mode between the realization application network.Do not set up directly between monoblock application network and the synergic system application network or indirectly TCP connection, be connected gateway device with the synergic system application network by monoblock and set up TCP with spacer assembly LAN mouth and be connected, realize that physical layer connects the fully isolation of side.
Described power plant two-way communication spacer assembly adopts transparent message monitoring mode, supports customized application layer protocol function, has message synthetic filter function.Described power plant two-way communication spacer assembly adopts the way to manage of concentrating security control, supports the maintenance management instrument of all-graphic; All data accesses all pass through the two-way communication spacer assembly, and described two-way communication spacer assembly adopts the customized application layer protocol, and the application protocol that only meets feature could be by the two-way communication spacer assembly.
In the application's preferred embodiment, the two-way communication spacer assembly adopts transparent message monitoring mode, supports customized application layer protocol function, has message synthetic filter function.The two-way communication spacer assembly can receive all-network data from monoblock application network and synergic system application network by the UDP multicast mode, and the two-way communication spacer assembly adopts different multicast address towards monoblock and synergic system.After the two-way communication spacer assembly received data, at first by packet filtering, the message that meets the specific format requirement was resolved, and the message that does not meet call format is simply discarded.
Has perfect packet filtering function in the two-way communication isolation dress, at first spacer assembly monitoring unit unit or synergic system is dealt into LAN interface all-network data, filter out effective message by the packet filtering function, effective message is carried out verification, message checking by after carry out packet parsing, the data message that parses and the configuration information in the spacer assembly compare, and issue monoblock or synergic system after qualified data message re-groups package.In order to guarantee the real-time of exchanges data, the two-way communication spacer assembly has the delta data transmit mechanism, and spacer assembly compares judgement to two frame data of nearest reception, finds to send immediately after the displacement data.The maximum data delay time is 10ms.
Two-way communication isolation harness has based on Java or standard C ++ the patterned management maintenance instrument of exploitation, the user can by the management maintenance instrument carry out communication configuration, the communication point of spacer assembly selection, obtain spacer assembly and receive network message, packet filtering, check the diagnostic message of spacer assembly etc.
In the application's preferred embodiment, the two-way communication spacer assembly is provided with security access mechanism, application network can be concentrated at spacer assembly and realize safe access control, and monoblock and synergic system application network need not just can realize secure access by encrypted ones and identification authentication mode.The two-way communication spacer assembly has based on Java and standard C ++ and the patterned maintenance management instrument of exploitation, can carry out spacer assembly configuration, debugging, system diagnostics and maintenance work by this tool software.
Be illustrated in figure 3 as power plant two-way communication spacer assembly functional flow diagram of the present invention, at first reading face was to the configuration information of monoblock and synergic system application network after power plant two-way communication spacer assembly powered on, and foundation is towards the data link table of monoblock and synergic system.The data message that power plant two-way communication spacer assembly communications reception service routine listening port receives also carries out data and processes.Cross the communication of power plant two-way communication spacer assembly through the data communication device after the processing verification and send monoblock application network or the synergic system application network that service routine is issued correspondence.The communication of power plant two-way communication spacer assembly sends service routine can finish delta data transmission and two kinds of functions of data cycle transmission.The displacement data send service inspection and immediately delta data are sent after the data displacement, guarantee the requirement of real-time of system data transmission.Cycle data sends service the transmission cycle of setting is installed, and the timed sending data are given corresponding application network.
Claims (5)
1. power plant two-way communication spacer assembly, described two-way communication spacer assembly is arranged between the two monoblock application networks, and has interface and be connected to the synergic system network that a plurality of units share, and it is characterized in that:
Described power plant two-way communication spacer assembly comprises fully independently CPU of two physical structures, i.e. a CPU and the 2nd CPU;
Wherein a CPU comprises two independently network interface cards, i.e. the first lan interfaces LAN1 and the second lan interfaces LAN2, wherein, the first lan interfaces LAN1 is connected with 1# monoblock application network, the second lan interfaces LAN2 is connected with the synergic system application network, does not exist between the first lan interfaces LAN1 and the second lan interfaces LAN2 indirectly or the straight-forward network connection;
The 2nd CPU comprises two independently network interface cards, i.e. the 3rd lan interfaces LAN3 and the 4th lan interfaces LAN4, wherein, the 3rd lan interfaces LAN3 is connected with 2# monoblock application network, the 4th lan interfaces LAN4 is connected with the synergic system application network, and the 3rd lan interfaces LAN3 does not exist indirectly with the 4th lan interfaces LAN4 or straight-forward network connects;
Two CPU of described power plant two-way communication spacer assembly structurally are separate physical hardware, in actual applications, the one CPU is responsible for finishing the exchanges data between 1# monoblock and synergic system, the 2nd CPU is responsible for finishing the exchanges data between 2# monoblock and synergic system, synergic system is distinguished the data of different units unit by the virtual address of a CPU and the 2nd CPU, the synergic system network data is then given different monoblock by the second lan interfaces LAN2 among the CPU in each two-way communication spacer assembly of power plant with the 4th lan interfaces LAN4 among the 2nd CPU simultaneously;
Power plant two-way communication spacer assembly based on above-mentioned structure has guaranteed between monoblock it is complete physical isolation, realizes bidirectional data exchange between each monoblock and synergic system simultaneously;
Described power plant two-way communication spacer assembly is forbidden directly or indirectly setting up between monoblock application network and the synergic system application network TCP and is connected, the exchanges data of the safety of physical isolation and non-network mode between the realization application network.
2. two-way communication spacer assembly in power plant according to claim 1 is characterized in that:
Described power plant two-way communication spacer assembly adopts transparent message monitoring mode, supports customized application layer protocol function, has message synthetic filter function.
3. two-way communication spacer assembly in power plant according to claim 2 is characterized in that:
The two-way communication spacer assembly can receive all-network data from monoblock application network and synergic system application network by the UDP multicast mode, and the two-way communication spacer assembly adopts different multicast address towards monoblock and synergic system; After the two-way communication spacer assembly received data, at first by packet filtering, the message that meets the specific format requirement was resolved, and the message that does not meet call format is simply discarded.
4. two-way communication spacer assembly in power plant according to claim 1 and 2 is characterized in that:
Described power plant two-way communication spacer assembly adopts the way to manage of concentrating security control, supports the maintenance management instrument of all-graphic; All data accesses all pass through the two-way communication spacer assembly, and described two-way communication spacer assembly adopts the customized application layer protocol, and the application protocol that only meets feature could be by the two-way communication spacer assembly.
5. it is characterized in that according to claim 1 or 4 described power plant two-way communication spacer assemblys:
The two-way communication spacer assembly is provided with security access mechanism, the monoblock application network can be concentrated at described spacer assembly and realize safe access control, monoblock application network and synergic system network need not just can realize secure access by encrypted ones and identification authentication mode, the two-way communication spacer assembly has based on Java and standard C ++ the patterned maintenance management instrument of exploitation, can be by Java or standard C ++ carry out spacer assembly configuration, debugging, system diagnostics and maintenance work.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210548759.4A CN103078844B (en) | 2012-12-17 | 2012-12-17 | Bidirectional communication isolating device of power plant |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210548759.4A CN103078844B (en) | 2012-12-17 | 2012-12-17 | Bidirectional communication isolating device of power plant |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103078844A true CN103078844A (en) | 2013-05-01 |
| CN103078844B CN103078844B (en) | 2015-07-22 |
Family
ID=48155248
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210548759.4A Active CN103078844B (en) | 2012-12-17 | 2012-12-17 | Bidirectional communication isolating device of power plant |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103078844B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103728936A (en) * | 2013-12-13 | 2014-04-16 | 中国神华能源股份有限公司 | Device, method and control system of power plant electric thermal integration control |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002223183A (en) * | 2001-01-26 | 2002-08-09 | Toyo Commun Equip Co Ltd | Power line bridge |
| JP2008250691A (en) * | 2007-03-30 | 2008-10-16 | Koyo Electronics Ind Co Ltd | Cable wiring-less system with equipment in programmable controller |
| CN201936307U (en) * | 2010-09-16 | 2011-08-17 | 珠海市鸿瑞软件技术有限公司 | Special physical isolation device for electric power system |
-
2012
- 2012-12-17 CN CN201210548759.4A patent/CN103078844B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002223183A (en) * | 2001-01-26 | 2002-08-09 | Toyo Commun Equip Co Ltd | Power line bridge |
| JP2008250691A (en) * | 2007-03-30 | 2008-10-16 | Koyo Electronics Ind Co Ltd | Cable wiring-less system with equipment in programmable controller |
| CN201936307U (en) * | 2010-09-16 | 2011-08-17 | 珠海市鸿瑞软件技术有限公司 | Special physical isolation device for electric power system |
Non-Patent Citations (1)
| Title |
|---|
| 曲立国等: "基于隔离式CAN总线网络的煤矿通信系统设计", 《安徽理工大学学报(自然科学版)》, vol. 32, no. 3, 30 September 2012 (2012-09-30) * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103728936A (en) * | 2013-12-13 | 2014-04-16 | 中国神华能源股份有限公司 | Device, method and control system of power plant electric thermal integration control |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103078844B (en) | 2015-07-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102255903B (en) | Safety isolation method for virtual network and physical network of cloud computing | |
| CN106341397A (en) | Industrial safety isolation GAP | |
| CN106034052B (en) | The system and method that two laminar flow amounts are monitored a kind of between of virtual machine | |
| US20190273700A1 (en) | Adding a Network Port to a Network Interface Card Via NC-SI Embedded CPU | |
| CN108810011A (en) | A kind of universal network secure accessing sound zone system and message processing method suitable for power private network | |
| CN101815017A (en) | Online bidirectional monitoring and analysis method of power system full channel based on promiscuous mode | |
| CN107888613A (en) | A kind of management system framework based on cloud platform | |
| CN103067270A (en) | Virtual machine exchange visit safety control method and device | |
| CN103200067A (en) | Dynamic virtual LANs to segregate data | |
| CN109587230B (en) | Remote control terminal and control method for Internet of things | |
| CN102006684B (en) | Wireless router with guest network function and implementation method thereof | |
| CN110850802A (en) | Safe intelligent programmable logic controller supporting cloud data interconnection | |
| CN106533934A (en) | Border gateway applicable to all interconnected manufacturing networks | |
| CN104539539A (en) | Multi-service-board data forwarding method for AC device | |
| CN104468519A (en) | Embedded electric power safety protection terminal encryption device | |
| CN103078844B (en) | Bidirectional communication isolating device of power plant | |
| CN106850816A (en) | A kind of remote network control system based on VLAN | |
| CN205656443U (en) | Controlling means based on two take advantage of two to get two safe redundant systems | |
| KR20190110705A (en) | Gateway system for heterogeneous fieldbus network | |
| CN103701802A (en) | Telecontrol communication safety instrument | |
| CN208063238U (en) | Data encryption security ViGap | |
| CN107769960A (en) | A kind of BMC management frameworks based on CAN | |
| CN103188264B (en) | Online network security processor and processing method | |
| CN107911288A (en) | Train Communication Adapter and Train Control management system | |
| CN107623587A (en) | A kind of network topology management system and network management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20190322 Address after: 100085 9, four street, Shang Di information industry base, Haidian District, Beijing. Co-patentee after: Beijing Sifang Jibao Engineering Technology Co., Ltd. Patentee after: Beijing Sifang Jibao Automation Co., Ltd. Address before: 100085 9, four street, Shang Di information industry base, Haidian District, Beijing. Patentee before: Beijing Sifang Jibao Automation Co., Ltd. |