CN109587171A - It is a kind of based on double actual time safety network systems for holding up forwarding - Google Patents

It is a kind of based on double actual time safety network systems for holding up forwarding Download PDF

Info

Publication number
CN109587171A
CN109587171A CN201811646302.0A CN201811646302A CN109587171A CN 109587171 A CN109587171 A CN 109587171A CN 201811646302 A CN201811646302 A CN 201811646302A CN 109587171 A CN109587171 A CN 109587171A
Authority
CN
China
Prior art keywords
double
cell
chip
holding
backhaul interfaces
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811646302.0A
Other languages
Chinese (zh)
Other versions
CN109587171B (en
Inventor
谢海春
杨梁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Core Microelectronics Co Ltd
Original Assignee
Suzhou Core Microelectronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Core Microelectronics Co Ltd filed Critical Suzhou Core Microelectronics Co Ltd
Priority to CN201811646302.0A priority Critical patent/CN109587171B/en
Publication of CN109587171A publication Critical patent/CN109587171A/en
Application granted granted Critical
Publication of CN109587171B publication Critical patent/CN109587171B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to technical field of network security, and in particular to a kind of based on double actual time safety network systems for holding up forwarding.Security switch is held up including double, double security switch of holding up are respectively connected with real time node and back end, and double security switch of holding up include PHY chip, and PHY chip is connected separately with leaf interface, double holds up chip and backhaul interfaces.One physical network is isolated into two absolutely not interactive non-interference networks by the present invention, one network is treated as into common network, compatible existing general network, and another network is then the real-time network that OT is used, using the safety of superelevation and the Real-time Design of superelevation, superior performance.

Description

It is a kind of based on double actual time safety network systems for holding up forwarding
Technical field
The present invention relates to technical field of network security, and in particular to a kind of based on double actual time safety network systems for holding up forwarding System.
Background technique
Now in the case of the flourishing hair of 4.0 intelligence manufactures of industry, IT information technology, OT operating technology and CT mechanics of communication are needed It to merge greatly, these networks, which need to be integrated into, throws the net, while OT very high to real-time and security requirement, because of real-time Bring is production efficiency, and safety bring is production safety, including life and property safety, and IT has outside access net These are combined together the super real-time super safe network of needs with network, and the cost for devoting network security is also high.
Important functional department, country is generally all divided into Intranet and outer net such as power grid, traffic, government, army, the net emphasized Network is perfectly safe and is isolated, authentication etc., and needs two sets of networks in this way, steeply rises in network bandwidth, functional characteristic In the case where, the cost of dedicated network is odd high incomparable, hinders the large scale deployment of secure network.
The high-speed motions such as automobile, train, aerospace flight vehicle, robot and a large amount of ECU of needs have phase between each other When high interoperability, while to support to entertain external Internet, IOT, which accesses, obtains information, it is also desirable to mutually The two of isolation throw the net unification.Isolation has to accomplish to completely cut off completely, and data absolutely not intercommunity, one, which throws the net, is externally exposed network, It is subjected to virus with attack can absolutely not pass to it is another throw the net, will completely cut off from physical logic, including one throw the net on Interchanger configuration error, crash be unable to influence another throw the net.
Summary of the invention
Mesh of the present invention provides a kind of based on double actual time safety network systems for holding up forwarding, in the prior art cannot solve The problem of network that one physical network is interfered by technology insulation at the complementation of two absolutely not interactions.
The technical scheme adopted by the invention is as follows:
It is a kind of based on double actual time safety network systems for holding up forwarding, including it is double hold up security switch, it is double to hold up security switch It is respectively connected with real time node and back end, it includes PHY chip that described pair, which is held up security switch, and PHY chip is connected separately with Leaf interface double holds up chip and backhaul interfaces;Double chip of holding up includes information source engine and conventional engine, in the real time node It is provided with real time node control chip, with double security switch of holding up using cell transmission mode, and real time node is embedded in operation It is connected in machine or directly with machine, in order to reach higher real-time;The back end is a kind of data communications equipment Or device, general data network and IT network are accessed, and ordinary node chip is provided in back end;The leaf interface point It is not connected with real time node and back end;Backhaul interfaces are used to be connected with another double management interface for holding up security switch. The PHY chip is to support preamble chip.
As a preferred embodiment of the above technical solution, it further includes management interface that described pair, which is held up security switch, and management interface is used for It is connected with domain controller, the domain controller holds up security switch with multiple pairs and is connected, and each pair for being responsible for be connected holds up peace The delay meter of backhaul interfaces and backhaul interfaces, leaf interface to backhaul interfaces and leaf interface and leaf interface in total exchange machine Calculate, manage and dispatch calculating and protocol configuration management and protocol conversion configuration.The management interface uses cell transmission side Formula.
As a preferred embodiment of the above technical solution, the domain controller is also connected with master controller, a master controller connection There are multiple domain controllers, is responsible for all double certifications for holding up the real time node connect on security switch internal lobe sub-interface, in real time sections The dynamic of point and leaf interface calculates the delay management and scheduling of code key, backhaul interfaces and backhaul interfaces.
As a preferred embodiment of the above technical solution, the leaf interface determines to connect according to the preamble in PHY chip The classification for entering data then uses cell transmission mode when being configured to the preamble of real time node, before being configured to commonly When synchronization signal, then normal packet transmission mode is used.
As a preferred embodiment of the above technical solution, the data classification in the backhaul interfaces is determined by preamble, The port of backhaul interfaces is configured to using cell transmission mode;When using common preamble, and use cell transmission Mode, and the encapsulating of fragment is attached among cell, only cell format is different, but in the case of two kinds, cell length is consistent.
As a preferred embodiment of the above technical solution, real time node control chip is when sending cell and arriving PHY chip, use Be with the different preamble of ordinary node, PHY chip will be informed by out of band data it is double hold up chip, which is Cell from real time node and leaf interface, it is double hold up chip this cell be sent to cell engine processing.
As a preferred embodiment of the above technical solution, the ordinary node chip is used when sending cell to PHY chip Preamble as general network, PHY chip can hold up chip by the way that out of band data informing is double, which is from data This cell is directly sent to conventional engine processing by the packet of node and leaf interface, double chips of holding up.
As a preferred embodiment of the above technical solution, double chip of holding up further includes fractionation and recombination module, and backhaul interfaces are to bone When stem grafting mouth sends the cell of encapsulation general data, the same preamble of general network will use, PHY chip will pass through Out of band data informing is double to hold up chip, which is the cell for encapsulating general data from back end and backhaul interfaces, double Hold up chip can send this cell to cell split and recombination module be sent to and commonly draw after being reassembled into a data packet Hold up processing;When the backhaul interfaces send the cell of encapsulation real time data to backhaul interfaces, it is different to will use general network Preamble, PHY chip will hold up chip by the way that out of band data informing is double, which is from back end and backhaul interfaces Encapsulate real-time cell, double chips of holding up can send this cell to cell engine processing.
As a preferred embodiment of the above technical solution, double cells for holding up cell engine processing completion in chip, are directly informed PHY chip is directly sent to backhaul interfaces or leaf interface so that the different preamble of general data is clog-free.
As a preferred embodiment of the above technical solution, it further includes time slot module that described pair, which is held up chip, double to hold up conventional engine in chip The packet handled, if to be sent to backhaul interfaces, it is necessary to be sent to fractionation and recombination module is split into multiple cells, and pass through The time slot dispatched in time slot module is successively sent out from PHY chip with the same preamble of general data by configuration time slot It goes, if to arrive leaf interface, just directly from PHY chip with the direct normal dispatch mechanism of the same preamble of general data It is sent to backhaul interfaces or leaf interface.
The invention has the benefit that
One physical network is isolated into two absolutely not interactive non-interference networks by the present invention, by a network As common network, compatible existing general network, and another network is then the real-time network that OT is used, using superelevation The Real-time Design of safety and superelevation, superior performance.
It is real by processing of the PHY chip to preamble although data network and real-time network share physical link Now absolutely isolation.Data network is commonly exposed to the public, will receive attack and ddos attack of virus and wooden horse etc., also to solve Unavailability caused by certainly configuration error etc. is artificial.It is authenticated by initial encryption to master controller, and irregularly replaces key Mode enhances safety.The dynamic key mechanism of minislot parameter is added during encrypting and decrypting, allows attacker and illegal invasion Person does not cross encryption and decryption.History is added in encryption and decryption seed and accumulates the dynamic key mechanism of information, allows attacker and illegally enter The person of invading does not cross encryption and decryption.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is structure of the invention topological diagram;
Fig. 2 is the clog-free transmission schematic diagram in the embodiment of the present invention 2 based on railway timetable;
Fig. 3 is super real-time cell engine ultralow time delay forwarding design diagram in the embodiment of the present invention 4;
Fig. 4 is real time node chip module schematic diagram of the present invention;
Fig. 5 is of the invention pair and holds up chip module schematic diagram.
Specific embodiment
With reference to the accompanying drawing and specific embodiment the present invention is further elaborated.It should be noted that for this The explanation of a little way of example is used to help understand the present invention, but and does not constitute a limitation of the invention.It is disclosed herein specific Structure and function details is only used for description example embodiments of the present invention.However, this hair can be embodied with many alternative forms It is bright, and be not construed as limiting the invention in embodiment set forth herein.
It should be appreciated that term first, second etc. is only used for distinguishing description, it is not understood to indicate or imply relatively important Property.Although term first, second etc. can be used herein to describe various units, these units should not be by these terms Limitation.These terms are only used to distinguish a unit and another unit.Such as first unit can be referred to as second unit, And similarly second unit can be referred to as first unit, without departing from the range of example embodiments of the present invention.
It should be appreciated that the terms "and/or", only a kind of incidence relation for describing affiliated partner, expression can be with There are three kinds of relationships, for example, A and/or B, can indicate: individualism A, individualism B exist simultaneously tri- kinds of situations of A and B, The terms "/and " are to describe another affiliated partner relationship, indicate may exist two kinds of relationships, can be with for example, A/ and B Indicate: two kinds of situations of individualism A, individualism A and B, in addition, character "/" herein, typicallying represent forward-backward correlation object is A kind of "or" relationship.
It should be appreciated that in the description of the present invention, the orientation or position of the instructions such as term " on ", "vertical", "inner", "outside" Relationship is the invention product using when the orientation or positional relationship usually put or those skilled in the art usually understand Orientation or positional relationship, be merely for convenience of description of the present invention and simplification of the description, rather than the device of indication or suggestion meaning Or element must have a particular orientation, be constructed and operated in a specific orientation, therefore be not considered as limiting the invention.
It should be appreciated that when by unit referred to as with another unit " connection ", " connected " or " coupling " when, it can with it is another A unit is directly connected or couples or temporary location may exist.Relatively, it is referred to as with another unit " directly when by unit It is connected " or when " direct-coupling ", temporary location is not present.It should explain in a similar manner for describing the relationship between unit Other words (for example, " ... between " to " between directly existing ... ", " adjacent " is to " direct neighbor " etc.).
In the description of the present invention, it is also necessary to which explanation is unless specifically defined or limited otherwise, term " setting ", " installation ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or integrally connect It connects;It can be mechanical connection, be also possible to be electrically connected;It can be directly connected, can also indirectly connected through an intermediary, it can To be the connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood with concrete condition Concrete meaning in the present invention.
Terms used herein are only used for description specific embodiment, and are not intended to limitation example embodiments of the present invention. As it is used herein, singular "a", "an" and "the" is intended to include plural form, unless context is explicitly indicated Contrary.It should also be understood that term " includes ", " including ", "comprising", and/or " containing " are as used herein, Specified stated feature, integer, step, operation, unit and/or component existence, and be not excluded for it is one or more its His feature, quantity, step, operation, unit, component and/or their combination existence or increase.
It will be further noted that the function action occurred may be with the sequence of attached drawing appearance in some alternative embodiments It is different.Such as it depends on substantially being executed concurrently in related function action, or sometimes can be with Opposite sequence executes continuously show two figures.
Specific details is provided, in the following description in order to which example embodiment is understood completely.However ability Domain those of ordinary skill is it is to be understood that implementation example embodiment without these specific details.Such as it can be System is shown in block diagram, to avoid with unnecessary details come so that example is unclear.It in other embodiments, can not be with non- Necessary details shows well-known process, structure and technology, to avoid making example embodiment unclear.
Embodiment 1:
Present embodiments provide it is a kind of based on double actual time safety network systems for holding up forwarding, as shown in Figure 1.
It is a kind of based on double actual time safety network systems for holding up forwarding, including it is double hold up security switch, it is double to hold up security switch It is respectively connected with real time node and back end, it includes PHY chip that described pair, which is held up security switch, and PHY chip is connected separately with Leaf interface double holds up chip and backhaul interfaces;Double chip of holding up includes information source engine and conventional engine, in the real time node It is provided with real time node control chip, with double security switch of holding up using cell transmission mode, and real time node is embedded in operation It is connected in machine or directly with machine, in order to reach higher real-time;The back end is a kind of data communications equipment Or device, general data network and IT network are accessed, and ordinary node chip is provided in back end;The leaf interface point It is not connected with real time node and back end;Backhaul interfaces are used to be connected with another double management interface for holding up security switch. The PHY chip is to support preamble chip.
Double security switch of holding up further include management interface, and management interface with domain controller for being connected, the domain control Device processed holds up security switch with multiple pairs and is connected, and each pair for being responsible for be connected holds up backhaul interfaces and backbone in security switch The delay of interface, leaf interface to backhaul interfaces and leaf interface and leaf interface calculates, manages and dispatches calculating and agreement Configuration management and protocol conversion configuration.The management interface uses cell transmission mode.
The domain controller is also connected with master controller, and a master controller is connected with multiple domain controllers, is responsible for all The dynamic of double certifications for holding up the real time node connect on security switch internal lobe sub-interface, real time node and leaf interface is close to code The delay management and scheduling of key, backhaul interfaces and backhaul interfaces calculate.
The leaf interface determines the classification of access data according to the preamble in PHY chip, when being configured to reality When the preamble of Shi Jiedian, then cell transmission mode is used, when being configured to common preamble, then uses normal packet Transmission mode.
Data classification in the backhaul interfaces is determined by preamble, and the port for being configured to backhaul interfaces uses Cell transmission mode;When using common preamble, and cell transmission mode is used, and the encapsulating of fragment is attached to Among cell, only cell format is different, but in the case of two kinds, cell length is consistent.
Real time node control chip uses different with ordinary node when sending cell to PHY chip Preamble, PHY chip will hold up chip by the way that out of band data informing is double, which is from real time node and leaf interface Cell, it is double hold up chip this cell be sent to cell engine processing.
The ordinary node chip uses the preamble as general network when sending cell to PHY chip Signal, PHY chip can hold up chip by the way that out of band data informing is double, which is the packet from back end and leaf interface, double It holds up chip and this cell is directly sent to conventional engine processing.
Double chips of holding up further include fractionation and recombination module, and backhaul interfaces send encapsulation general data to backhaul interfaces When cell, the same preamble of general network will use, PHY chip will hold up chip by the way that out of band data informing is double, should Cell is the cell for encapsulating general data from back end and backhaul interfaces, this cell can be sent to letter by double chips of holding up Member is split and recombination module, after being reassembled into a data packet, is sent to conventional engine processing;The backhaul interfaces are to backbone When interface sends the cell of encapsulation real time data, the different preamble of general network will use, PHY chip will pass through Out of band data inform it is double holds up chip, which is the real-time cell that encapsulates from back end and backhaul interfaces, double to hold up core This cell is sent to cell engine processing by sector-meeting.
Double cells for holding up cell engine processing completion in chip, directly informing PHY chip are different with general data Preamble clog-free be directly sent to backhaul interfaces or leaf interface.
It further includes time slot module that described pair, which is held up chip, double packets holding up conventional engine in chip and having handled, if to be sent to bone Stem grafting mouth, it is necessary to it is sent to fractionation and recombination module is split into multiple cells, and the time slot by dispatching in time slot module, according to It is secondary to be sent from PHY chip with the same preamble of general data by configuration time slot, it is just straight if to arrive leaf interface It connects and backhaul interfaces is sent to the direct normal dispatch mechanism of the same preamble of general data from PHY chip or leaf connects Mouthful.
If attacking real-time network, it is necessary to obtain and support the ethernet PHY chip of double preambles, obtain pseudorandom device hair The raw algorithm of device, the kind sub-rule of real time node, the time slot that the timing node of the whole network is initiated with data theoretically absolutely not may be used Can, because the ethernet PHY chip for supporting double preambles is to be managed, research and development need several ten million data and algorithm Rule is divulged a secret, and possibility is very small, because being determined completely by user, and the acquisition of time slot node is just more impossible, because greatly Multinode is software processing, and data are from real realization time of the node to leaf interface and the time to master controller " pseudo- real time node " can not capture, and these factors are involved in encryption.
Each real time node has a node seed, and node seed includes node identities signal and human configuration Parameter etc..Seed has a parameters such as additional information of record communication history on section, and initial seed these information are to reset , real time node use for the first time will be by major control data typing, and node typing not can not be used in a network.
When real time node initializes, to start with connected node by sending protocol massages, measure time delay, all bones Stem grafting mouth is to backhaul interfaces, leaf interface to real time node, and management interface to management interface will measure time delay, this time delay is wanted The input of timestamp inputs when accounting for encryption and decryption for saving check and correction and domain controller timeslot scheduling, so this side of real-time network, It is necessary for measuring time delay.If network itself and the last no any variation of starting, domain controller must save time delay number According to for dispatching and interface will save oneself delay data for decrypting.
Entry stage, all nodes can by seed information in a manner of asymmetric encryption and link other side seed information it is same Sample is sent to master controller with asymmetric encryption mode, and master controller compares the seed information of the node of oneself preservation, believes seed Breath carries out audit certification, and as the identity information, configuration information and history of seed information accumulate, information is completely the same, then certification is logical It crosses, allows to communicate.Change as discovery is connected with relationship, then reports the certification of higher level, it is true in a manner of IT or manual examination and verification Recognize.Guarantee that any pair of connection all must be excessively primary by IT and manual examination and verification, and on master controller and a pair of of node of communication Carry out heavy set.Such a illegal contact is not allow to communicate.
When transmitting terminal sends message, first pseudo random number timestamp is added to be mixed into pseudo random number with node seed Then device combines selection Encryption Algorithm and key generation secrets from encryption pond concurrent with pseudo random number plus the timestamp of encryption It send.
When receiving end receives a message, the difference of pseudo random number timestamp and the time difference is first added with node seed, It is mixed into pseudorandom number generator, then with pseudo random number plus the timestamp and the difference of the time difference of encryption, in conjunction with from decryption Decipherment algorithm is chosen in pond and key generation is in plain text and to be processed.
In order to make communication safer, interface both ends all must start up the sniffer of same parameters setting to packet sampling, And the history that sampling information incorporates seed is accumulated into information, in this way, attack is all exactly to steal whole data, it can not also obtain kind History in son accumulates information, can not crack.In order to facilitate the session of next time, both sides will start a timer, seed is believed It ceases in a manner of asymmetric encryption and the seed information of link other side is equally sent to master controller record with asymmetric encryption mode, And locally recording, it prevents in the case where unexpected power-off, next login failure, evades unnecessary repetition certification audit.
This side of general data network can also use same dynamic key mechanism, in the Ethernet for supporting double preambles PHY chip is that engine transmitted data to according to preamble preamble decision, so real time node chip is configured common Preamble, so that it may have a very high safety in general network, but double hold up the super real-time core of super safety because using The conventional engine of piece, therefore, real-time are unable to get guarantee.
The method for increasing communication security using dynamic key is the prior art, and repeats no more herein, reference can be made to bulletin Number be CN102223309B, the day for announcing be 20140702 Chinese invention patent, denomination of invention are as follows: based on message load fragment, The safety communication system and its safe communication method encrypt, to reorder.
The ordinary node chip be the MCU chip with Ethernet interface, including DXP, Freescale, TI, ST and The S3C2412 etc. of Samsung.
As shown in figure 4, the real time node chip is in NXP, Freescale, TI, ST and this kind of band Ethernet of Samsung It on the basis of interface, joined, encryption and decryption, timely trigger of accurate time synchronization protocol etc..
Micro-controller subsystem function can do ultralow time delay on the basis of it and set with reference to the MSP430 series of TI Meter.Embedded PHY function can refer to Marvell 88E1514PHY, similar to Marvell88E1514PHY chip Broadcom54215E, ICPlus IP001 etc. increase ultralow delay design on this basis, and support double preamble letters Number.
The PHY chip function can refer to Marvell 88E1680M, Marvell88E1680, Broadcom54280, Realtek8218B etc. increases ultralow time delay design on this basis, double preambles are supported and there are also encryption/decryption modules.
As shown in figure 5, double chips of holding up include conventional engine, cell engine, fractionation and recombination module and time slot module.It is described Conventional engine can will remove MAC and SERDES IO, because holding up this in chip two double with reference to Broadcom 5615x series It is a be it is double hold up it is shared.
Embodiment 2:
Present embodiment discloses a kind of clog-free transmission using of the invention based on railway timetable, as shown in Figure 2.
Fig. 2 is the clog-free transmission schematic diagram based on railway timetable, and the present invention is in real time node having time trigger, class Than in train departures board.Domain controller passes through backhaul interfaces to backhaul interfaces;When real time node is surveyed to leaf interface, The time delay of forwarding is fixed, therefore domain controller is forwarded path disengaging hair time slot into based on SDX to all real-time streams The cloud computing of thought, each interface and real time node then issued by domain controller.Cloud computing based on SDX thought can be The export direction of each node realizes the clog-free forwarding of 0 delay, is very similar to that rows of bullet trains are clog-free to be passed through The case where one website.
Embodiment 3:
Present embodiment discloses a kind of using of the invention based on the low time delay being shot through design PHY design.Using core Based on the low time delay design PHY design being shot through, directly by playing FIFO memory after encryption and decryption after the data that PHY is received Deserializer is directly arrived, so that delay is can achieve < 50ns by the circuit design of ultralow time delay, and deserializer also uses Ultralow delay circuit design, makes the same < 50ns that is delayed
Embodiment 4:
Present embodiment discloses a kind of using of the invention based on cell forwarding ultralow time delay design, as shown in Figure 3.
As shown in figure 3, forwarding head is placed on the head of cell, and head is forwarded directly to point out forwarding outlet, supported The ethernet PHY chip of double preambles and double super real-time cell engines for holding up the super real-time chip of super safety are all to penetrate design, are not had Have using store-and-forward mechanism.
Support the ethernet PHY chip of double preambles that the data received are directly sent to double cells for holding up chip at the first time Engine, and double cell engines for holding up chip are receiving complete forwarding head, notify channel occupancy to time slot module at once, this is A kind of redundancy scheme does not have conflict, is only to provide error correcting capability because domain controller has calculated.Down hop simultaneously Forwarding head RAM forwards head currently to forward head to read next-hop for index, and next-hop forwarding head is synchronized and is sent to hair CRC computing module is sent, and current forwarding head is sent to and receives CRC computing module.
Data are also that zero propagation is sent to the cell engine for holding up chip from the ethernet PHY chip for holding double preambles, are similarly existed It synchronizes to be sent at the first time and sends CRC computing module, receive CRC computing module and transmission interface.
After receiving end crc check qualification, the CRC that transmitting terminal calculates can be also repeated, and otherwise can also send one Bad CRC.Rascal can be sent to received real time node according to original stream configuration, be dropped, understand waste bandwidth in this way, because adopting With the thought of SDX, in addition it is based on periodically configuring that the characteristic of real-time network, which is stream, therefore this waste is rationally and can be with Receive.When the present invention guarantees that such case occurs by other mechanism, the reliability of network is still maintained.
The CRC is cyclic redundancy check, is a kind of brief solid according to the generation of the data such as network packet or computer document A kind of hash function for positioning number check code is mainly used to the mistake for detecting or verifying data transmission or be likely to occur after saving Accidentally.It is to make error detection using the principle of division and remainder.
Embodiment 5:
Present embodiment discloses a kind of using the timeslot scheduling of the invention configured using controller.
The calculating of the timeslot scheduling of domain controller of the invention is to realize that it needs to guarantee by the cloud computing of SDX thought Each real-time streams is transmitted with clog-free in each interface in network, while also to guarantee the non real-time time slot quilt on each interface General data makes full use of.
The present invention is not limited to above-mentioned optional embodiment, anyone can show that other are each under the inspiration of the present invention The product of kind form.Above-mentioned specific embodiment should not be understood the limitation of pairs of protection scope of the present invention, protection of the invention Range should be subject to be defined in claims, and specification can be used for interpreting the claims.

Claims (10)

1. a kind of based on double actual time safety network systems for holding up forwarding, it is characterised in that: security switch is held up including double, it is double to hold up peace Total exchange machine is respectively connected with real time node and back end, and double security switch of holding up include PHY chip, PHY chip point It is not connected with leaf interface, double holds up chip and backhaul interfaces;It includes information source engine and conventional engine, the reality that described pair, which is held up chip, Real time node control chip is provided in Shi Jiedian, and real time node is embedded in operation machine or is directly connected with machine; The back end access general data network and IT network, and ordinary node chip is provided in back end;The leaf Interface is connected with real time node and back end respectively;Backhaul interfaces are used for and another double management interface for holding up security switch It is connected.
2. according to claim 1 based on double actual time safety network systems for holding up forwarding, it is characterised in that: described pair is held up peace Total exchange machine further includes management interface, and for management interface for being connected with domain controller, the domain controller holds up safety with multiple pairs Interchanger is connected, and each pair for being responsible for be connected holds up backhaul interfaces and backhaul interfaces, leaf interface to bone in security switch The delay of stem grafting mouth and leaf interface and leaf interface calculates, manages and dispatches calculating and protocol configuration management and agreement turns It changes and sets.
3. according to claim 2 based on double actual time safety network systems for holding up forwarding, it is characterised in that: the domain control Device is also connected with master controller, and a master controller is connected with multiple domain controllers, is responsible for all pairs and holds up security switch internal lobe The dynamic of the certification of the real time node connect on sub-interface, real time node and leaf interface is to code key, backhaul interfaces and backbone The delay management and scheduling of interface calculate.
4. according to claim 1 based on double actual time safety network systems for holding up forwarding, it is characterised in that: the leaf connects Mouth determines the classification of access data according to the preamble in PHY chip, when the preamble for being configured to real time node When, then cell transmission mode is used, when being configured to common preamble, then uses normal packet transmission mode.
5. according to claim 1 based on double actual time safety network systems for holding up forwarding, it is characterised in that: the backbone connects Data classification on mouth is determined by preamble, is configured to the port of backhaul interfaces using cell transmission mode;When making When with common preamble, and cell transmission mode is used, and the encapsulating of fragment is attached among cell, only cell Format is different, but in the case of two kinds, cell length is consistent.
6. according to claim 1 based on double actual time safety network systems for holding up forwarding, it is characterised in that: the real-time section Point control chip uses and the different preamble of ordinary node, PHY chip when sending cell to PHY chip Chip will be held up by the way that out of band data informing is double, which is the cell from real time node and leaf interface, double to hold up chip handle This cell is sent to cell engine processing.
7. according to claim 6 based on double actual time safety network systems for holding up forwarding, it is characterised in that: the common section Point chip uses the preamble as general network, PHY chip can pass through when sending cell to PHY chip Out of band data informing is double to hold up chip, which is the packet from back end and leaf interface, double to hold up chip directly this cell It is sent to conventional engine processing.
8. according to claim 7 based on double actual time safety network systems for holding up forwarding, it is characterised in that: described pair is held up core Piece further includes fractionation and recombination module, when backhaul interfaces send the cell of encapsulation general data to backhaul interfaces, be will use common The same preamble of network, PHY chip will hold up chip by the way that out of band data informing is double, which is from back end With the cell for encapsulating general data of backhaul interfaces, double chips of holding up can send this cell to cell fractionation and recombination module, After being reassembled into a data packet, it is sent to conventional engine processing;The backhaul interfaces send encapsulation in real time to backhaul interfaces When the cell of data, the different preamble of general network will use, PHY chip will inform double hold up by out of band data Chip, the cell are to encapsulate real-time cell from back end and backhaul interfaces, and double chips of holding up can give this cell To cell engine processing.
9. according to claim 8 based on double actual time safety network systems for holding up forwarding, it is characterised in that: described pair is held up core The cell that cell engine processing is completed in piece, directly informing PHY chip are clog-free with the different preamble of general data Directly it is sent to backhaul interfaces or leaf interface.
10. according to claim 8 based on double actual time safety network systems for holding up forwarding, it is characterised in that: described pair is held up Chip further includes time slot module, double packets holding up conventional engine in chip and having handled, if to be sent to backhaul interfaces, it is necessary to be sent to and tear open Divide and recombination module is split into multiple cells, and the time slot by dispatching in time slot module, successively from PHY chip with common The same preamble of data is sent by configuration time slot, if to arrive leaf interface, just directly from PHY chip with common The direct normal dispatch mechanism of the same preamble of data is sent to backhaul interfaces or leaf interface.
CN201811646302.0A 2018-12-29 2018-12-29 Real-time safety network system based on double-engine forwarding Active CN109587171B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811646302.0A CN109587171B (en) 2018-12-29 2018-12-29 Real-time safety network system based on double-engine forwarding

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811646302.0A CN109587171B (en) 2018-12-29 2018-12-29 Real-time safety network system based on double-engine forwarding

Publications (2)

Publication Number Publication Date
CN109587171A true CN109587171A (en) 2019-04-05
CN109587171B CN109587171B (en) 2021-05-11

Family

ID=65914814

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811646302.0A Active CN109587171B (en) 2018-12-29 2018-12-29 Real-time safety network system based on double-engine forwarding

Country Status (1)

Country Link
CN (1) CN109587171B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110620792A (en) * 2019-10-24 2019-12-27 福建星网视易信息系统有限公司 Communication encryption method, communication device, system, and computer-readable storage medium
WO2022041158A1 (en) * 2020-08-28 2022-03-03 华为技术有限公司 Multi-chip packaging structure and switch

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101179376A (en) * 2007-12-05 2008-05-14 龙刚 Method of implementing LAN information safety and method based safe network card and network
US20100005216A1 (en) * 2008-07-02 2010-01-07 Hong Fu Jin Precision Industry (Shenzhen) Co., Ltd Double network physical isolation circuit
CN103532978A (en) * 2013-10-30 2014-01-22 北京艾斯蒙科技有限公司 Secure access mode for intranet and extranet
CN105721476A (en) * 2016-02-25 2016-06-29 深圳市亿威尔信息技术股份有限公司 Network security management system and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101179376A (en) * 2007-12-05 2008-05-14 龙刚 Method of implementing LAN information safety and method based safe network card and network
US20100005216A1 (en) * 2008-07-02 2010-01-07 Hong Fu Jin Precision Industry (Shenzhen) Co., Ltd Double network physical isolation circuit
CN103532978A (en) * 2013-10-30 2014-01-22 北京艾斯蒙科技有限公司 Secure access mode for intranet and extranet
CN105721476A (en) * 2016-02-25 2016-06-29 深圳市亿威尔信息技术股份有限公司 Network security management system and method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110620792A (en) * 2019-10-24 2019-12-27 福建星网视易信息系统有限公司 Communication encryption method, communication device, system, and computer-readable storage medium
WO2022041158A1 (en) * 2020-08-28 2022-03-03 华为技术有限公司 Multi-chip packaging structure and switch

Also Published As

Publication number Publication date
CN109587171B (en) 2021-05-11

Similar Documents

Publication Publication Date Title
Cao et al. Ghost-in-zigbee: Energy depletion attack on zigbee-based wireless networks
CN100471141C (en) Mixed intrusion detection method of wireless sensor network
CN101631080B (en) Industrial Ethernet switch based on EPA protocol and message forwarding method
CN102291291B (en) For the method that would know that the built-in Remote Switched Port Analyzer of time
CN106454815B (en) A kind of wireless sensor network routing method based on LEACH agreement
CN107734502A (en) Micro-base station communication management method, system and equipment based on block chain
Coppolino et al. An intrusion detection system for critical information infrastructures using wireless sensor network technologies
Sultana et al. A lightweight secure provenance scheme for wireless sensor networks
CN103746962B (en) GOOSE electric real-time message encryption and decryption method
CN105357137B (en) Message filtering method and the FPGA being applicable in, intelligent substation
CN102244593A (en) Network communication at unaddressed network devices
CN108810023A (en) Safe encryption method, key sharing method and safety encryption isolation gateway
CN109587171A (en) It is a kind of based on double actual time safety network systems for holding up forwarding
Jahanian et al. Analysis of TESLA protocol in vehicular ad hoc networks using timed colored Petri nets
EP4270867A1 (en) Secure communication method, apparatus, and system for dc interconnection
CN101594271A (en) Wireless self-organization network establishment and method of work and network of relation and equipment
Dhunna et al. A low power cybersecurity mechanism for WSNs in a smart grid environment
Ma et al. Competition: Using Enhanced OFPCOIN to Monitor Multiple Concurrent Events under Adverse Conditions
CN106686654A (en) Low-speed wireless network multi-gateways message duplication elimination method and device
CN101394275B (en) Method, system and device implementing routing safety
CN110366170A (en) A kind of wireless network secure defence method based on software definition safety
Yang et al. Dual trust secure protocol for cluster-based wireless sensor networks
CN207869118U (en) Data transmission system based on quantum cryptography exchange apparatus
Volgyesi et al. Reliable multihop bulk transfer service for wireless sensor networks
Tong et al. A Protection Method Based on Message Identification and Flow Monitoring for Managing the Congestion Arising From Network Attacks on Smart Substation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant