CN110401558B - Security level multi-point communication network equipment, system and security level network communication method - Google Patents
Security level multi-point communication network equipment, system and security level network communication method Download PDFInfo
- Publication number
- CN110401558B CN110401558B CN201910347951.9A CN201910347951A CN110401558B CN 110401558 B CN110401558 B CN 110401558B CN 201910347951 A CN201910347951 A CN 201910347951A CN 110401558 B CN110401558 B CN 110401558B
- Authority
- CN
- China
- Prior art keywords
- data frame
- communication
- port
- security level
- forwarding
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/10—Packet switching elements characterised by the switching fabric construction
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/25—Routing or path finding in a switch fabric
- H04L49/253—Routing or path finding in a switch fabric using establishment or release of connections between ports
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/30—Peripheral units, e.g. input or output ports
Abstract
The invention belongs to the technical field of network communication, and provides a security level multipoint communication network device, a system and a security level network communication method in order to solve the problem that a multipoint communication network solution for satisfying the security level device communication is lacking in the prior art; the apparatus comprises: the communication ports are respectively configured with an attribute parameter mapping table storage unit; when any one of the plurality of communication ports receives the data frame, the controller is configured to store the data frame in the data frame storage unit, and then forward the data frame in the data frame storage unit to the target communication port through the path information meeting the security level requirement in the attribute parameter mapping table storage unit. Therefore, the requirements of certainty, reliability, high performance and the like in the security level system requirements are met by adopting a simple data exchange mechanism instead of a complex token mechanism.
Description
Technical Field
The present invention relates to the field of network communications, and in particular, to the field of communications networks for security level devices, and more particularly, to a security level multicast network device, a system, and a security level network communication method.
Background
In the technical field of communication networks for safety level equipment, such as a nuclear safety level DCS system, the nuclear safety level network needs to meet the data communication requirement of a nuclear power plant instrument control system, so that data, instructions, state information and the like can be transmitted to a designated receiver in real time, in a determined and reliable manner under the specified environmental requirement; therefore, the communication network is required to have security characteristics such as real-time performance, certainty (state-based communication), reliability, and the like.
Because in the current nuclear security level multipoint communication network, a single product can only support one topological structure, and the ring topology is most, the application is not flexible enough, the expansibility is poor, and different topological structures cannot be changed according to different application requirements. However, if the exchange type ethernet of the mutual communication among the multiple points on the network is directly realized by means of the commercial switch, although the realization is a high-speed and high-efficiency multi-point communication network technology, the multi-point communication network cannot be directly applied to the nuclear security level DCS multi-point communication network because certainty, security and the like do not meet the requirements of relevant standards such as IEC61500, EJ/T1223 and the like; the specific reasons are as follows:
a. the certainty is not satisfied: the problem of uncertainty in the data forwarding delay for each port, especially when multi-port data is forwarded to the same port, can cause congestion.
B. Insufficient data buffering capacity results in packet loss: the two-layer switch can perform data transmission among a plurality of port pairs at the same time, forward information for each port in parallel, the forwarding speed is high, even the line speed switching can be realized, and excellent performance is provided for each port; however, when data received by multiple ports at the same time needs to be sent out from the same port, the switch may lose packets due to insufficient buffering capacity of the data sharing memory, and cannot effectively forward the packets.
c. The security does not satisfy: the ARP mapping table of the commercial switch is dynamically generated, and when ARP attack is carried out, the mapping table is unstable, and the forwarding performance of the mapping table can be greatly reduced; in addition, the system is also easy to be subjected to broadcast storm attacks, MAC address flooding attacks, DHCP attacks, VLAN crossing attacks and the like.
Accordingly, it is highly desirable for those skilled in the art to develop a solution for a multipoint communication network that satisfies the communication requirements of security level devices.
Disclosure of Invention
In order to solve the problem that the prior art lacks a multi-point communication network solution for meeting the requirements of security level equipment communication, the invention provides security level multi-point communication network equipment, a system and a security level network communication method, which do not need a complex token mechanism, but adopt a simple data exchange mechanism to meet the requirements of certainty, reliability, high performance and the like in the requirements of a security level system; and can be suitable for different topological structures such as ring, star, mixed shape, etc., and meet different application requirements.
In order to achieve the above object, the present invention provides a solution comprising:
an aspect of the present invention provides a security-level multicast network device, comprising:
the communication ports are respectively provided with attribute parameters for representing the corresponding numbers of the current communication ports;
each communication port is respectively configured with an attribute parameter mapping table storage unit, wherein the attribute parameter mapping table stored in the attribute parameter mapping table storage unit is used for determining path information for forwarding the received data frame to the target communication port;
the data frame storage unit is used for storing data frames received by the plurality of communication ports, wherein the data frames comprise attribute parameters corresponding to the target communication ports;
and the controller is used for firstly storing the data frame into the data frame storage unit after any one of the communication ports receives the data frame, and then forwarding the data frame in the data frame storage unit to the target communication port through the path information meeting the security level requirement in the attribute parameter mapping table storage unit.
In the embodiment of the present invention, preferably, when the security level multicast network device is used in a star or hybrid network topology, the number of the plurality of communication ports is greater than or equal to 4; when the security level multicast network device is for a ring network topology, the number of the plurality of communication ports is greater than or equal to 3; one of the plurality of communication ports is used for being connected with a control station, and the control station uses the attribute parameters of the communication port connected with the control station as the attribute information of the control station in network communication to communicate with other control stations.
In the embodiment of the invention, the attribute parameter is preferably information for representing the MAC address; and the security level multicast network device is also configured with an ID number characterizing its own information.
The embodiment of the invention preferably further comprises: and the fault output port is used for outputting a fault signal when the security level multipoint communication network equipment has a power supply or internal processing error.
In the embodiment of the invention, the controller is preferably of an FPGA type, and can realize parallel control of the plurality of communication ports, thereby realizing data receiving, storing and forwarding and line speed forwarding.
The second aspect of the present invention also provides a security-level multicast network system, comprising:
a plurality of the security-level multicast network devices as set forth in any one of the first aspects, the plurality of security-level multicast network devices being connected to other devices through communication ports therein, respectively, thereby constructing a network topology;
and the control stations are respectively connected to the safety-level multi-point communication network equipment and are used for receiving, sending or forwarding the data frames to be transmitted through the safety-level multi-point communication network equipment.
The third aspect of the present invention also provides a security level network communication method, which is characterized by comprising:
receiving a data frame to be transmitted through a communication port of a security level multipoint communication network device, wherein the data frame comprises attribute parameters corresponding to a target communication port; wherein each communication port of the security level multicast network device is provided with an attribute parameter mapping table, and the attribute parameter mapping table is used for determining path information for forwarding a received data frame to a target communication port;
after any communication port in the security level multipoint communication network device receives the data frame, the data frame is stored in the data frame storage unit, and then the data frame in the data frame storage unit to be transmitted is forwarded to the target communication port through the path information meeting the security level requirement in the attribute parameter mapping table.
Preferably, the method of the embodiment of the present invention further includes: the security level multipoint communication network device has a communication port for connecting with a control station, and the control station uses the attribute parameter of the communication port connected with the control station as the attribute information of itself in network communication to communicate with other control stations.
In the embodiment of the invention, the attribute parameter is preferably information for representing the MAC address; and the security level multicast network device is also configured with an ID number characterizing its own information.
Preferably, the method of the embodiment of the present invention further includes: and the parallel control of a plurality of communication ports in the security level multipoint communication network equipment is realized through an FPGA type controller, so that the receiving, the storage and the forwarding of data can be realized, and the line speed forwarding can be realized.
By adopting the technical scheme provided by the invention, at least one of the following beneficial effects can be obtained:
1. setting a plurality of ports in the security level multipoint communication network device, wherein each port is respectively configured with attribute information which can be identified by other devices and path information which needs to forward a data frame to a target communication port, and the received data frame comprises attribute parameters corresponding to the target communication port; thus, the data frames conforming to the security level standard (for example, IEEE802.3 protocol) can be identified and forwarded by forwarding the data frames to the target communication port quickly and accurately through the path information and only by forwarding according to the attribute information mapping table.
2. The security level multipoint communication network equipment adopts the same working mechanism, does not change according to the change of the topology, and can realize the data interaction of each node under different network topologies.
3. And a series of functions such as data interface, buffering, forwarding, configuration and the like are realized by adopting the FPGA, and low forwarding delay of 2 microseconds is realized. Each port is configured with an independent buffer memory, has larger buffer memory capacity compared with a shared buffer memory, and has the characteristics of high throughput rate, difficult packet loss and the like.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention may be realized and attained by the structure and/or process particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
Fig. 1 is a schematic structural diagram of a security level multicast network device according to an embodiment of the present invention.
Fig. 2 is a schematic structural diagram of a security level multicast network system according to an embodiment of the present invention.
Fig. 3 is a schematic structural diagram of a security level multicast network device based on FPGA architecture according to an embodiment of the present invention.
Fig. 4 is a logic block diagram of an FPGA corresponding to the security level multicast network device provided in fig. 3.
Fig. 5 is a schematic structural diagram of another security level multicast network system according to an embodiment of the present invention.
Fig. 6 is a flowchart of a security level network communication method according to an embodiment of the present invention.
Detailed Description
The following will describe embodiments of the present invention in detail with reference to the drawings and examples, thereby solving the technical problems by applying technical means to the present invention, and realizing the technical effects can be fully understood and implemented accordingly. It should be noted that these specific descriptions are only for easy and clear understanding of the present invention by those skilled in the art, and are not meant to be limiting; and as long as no conflict is formed, each embodiment of the present invention and each feature of each embodiment may be combined with each other, and the formed technical solutions are all within the protection scope of the present invention.
Additionally, the steps illustrated in the flowcharts of the figures may be performed in a control system such as a set of controller-executable instructions, and although a logical order is illustrated in the flowcharts, in some cases the steps illustrated or described may be performed in an order other than that herein.
The following describes the technical scheme of the invention in detail through the attached drawings and specific embodiments:
example 1
As shown in fig. 1, the present embodiment provides a security-level multicast network device (hereinafter also referred to as "network switching device", or simply "device") including:
a plurality of communication ports 102, 104, 106, and each communication port is respectively provided with an attribute parameter for representing a corresponding number of the current communication port; that is, each communication port is configured with a number for identification by other devices or ports, the number corresponding to the attribute parameter of the communication port;
each communication port 102, 104, 106 is configured with an attribute parameter map storage unit 112, 114, 116, respectively, wherein the attribute parameter map stored in each attribute parameter map storage unit 112, 114, 116 is used for determining path information for forwarding the received data frame to the target communication port; that is, each storage table is respectively configured with a path for transmission between the current communication port and other ports, for example, whether the current communication port can directly forward to the target communication port or which other ports can be passed through to forward to the target communication port;
the data frame storage unit is used for storing data frames received by the plurality of communication ports, wherein the data frames comprise attribute parameters corresponding to the target communication ports;
and the controller is arranged to store the data frame into the data frame storage unit after any one of the communication ports receives the data frame, and then forward the data frame in the data frame storage unit to the target communication port through the path information meeting the security level requirement in the attribute parameter mapping table storage unit.
The present embodiment preferably, when the security level multicast network device is used in a star network topology (e.g., a network topology corresponding to fig. 2 below) or a hybrid network topology (e.g., a combination of a star network topology and a ring network topology), the number of the plurality of communication ports is greater than or equal to 4; when the security level multipoint communication network device is used for a ring network topology, the number of the plurality of communication ports is greater than or equal to 3; one of the plurality of communication ports is used for being connected with a control station, and the control station uses the attribute parameters of the communication port connected with the control station as the attribute information of the control station in network communication to communicate with other control stations.
The present embodiment may also be configured such that a security level multicast network device is connected to a plurality of control stations, and the attribute parameters of at least two communication ports can be used to characterize the destination addresses of the control stations connected thereto in the entire communication network, respectively.
Example two
In this embodiment, preferably, the attribute parameter is information characterizing a MAC address; and the security level multicast network device is also configured with an ID number characterizing its own information.
In addition, each port of each switching device is configured with an independent MAC address mapping table for determining how the received data frame is forwarded; the MAC address mapping table of each port is required to be generated according to a configuration tool, and the configuration tool generates the MAC address mapping table of each device according to the topological structure and the data interaction information of each node; after the switching equipment is configured successfully, each port receives the data frame and then executes the data storing and forwarding operation according to the address mapping table.
In this embodiment, preferably, the apparatus further includes: and the fault output port is used for outputting a fault signal when the safety level multipoint communication network equipment has a power supply or internal processing error.
In this embodiment, the controller is preferably of FPGA type, and is capable of implementing parallel control over multiple communication ports, so as to implement receiving, storing and forwarding of data, and line speed forwarding.
The following describes the implementation of configuring the MAC address independently for each port with a star network topology, FPGA type master:
as shown in fig. 2, a total of 3 switching devices, each having 4 communication ports, are used as an example to describe the working principle of implementing multicast by networking. The 3 port of the first switching device is connected with an A node (also called a control station), the second switching device is connected with a B, C node, and the third switching device is connected with a D node. Taking the example that the node a sends data to the node B, C, D and the data of the node A, B, C is sent to the node D, the following description will be given: in the figure, the broken line is a data flow diagram, the 3 port of the first switching device receives the data of A, the data is sent out through the 1 port, the 2 port of the second switching device receives the data of A node, the data is sent out through the 1 port, the 2 port of the third switching device receives the data of A node, and the data is sent out through the 3 port (L1). Similarly, the 4 port of the second switching device receives the data of the node B, and sends the data through the 1 port, the 2 port of the third switching device receives the data of the node B, and sends the data through the 3 port (L3). Node C sends data to node D via transmission path L2; data is transmitted between node B and node C via path L4.
The following describes a hardware principle design of a data switching device with reference to fig. 3 by taking a 4-port switching device as an example, and as shown in fig. 3, a security level multicast network device based on an FPGA architecture according to an embodiment of the present invention includes: the device comprises an FPGA, an optical module, a power module, a protection circuit, a storage unit and the like; specifically provided is:
(1) The common 24V redundant power supply design is adopted, and EMC protection circuits are added.
(2) The main processing chip adopts the FPGA, and can realize the functions of receiving, storing and forwarding data by utilizing the advantages of high-speed and parallel execution of the FPGA, and can realize the line speed forwarding.
(3) The switching equipment is configured with a gigabit PHY, can adapt to 10M/100M/1000M speed, can meet most industrial applications, and can be designed into an electric port or an optical port according to requirements.
(4) And configuring a special fault output port, and outputting a fault signal when serious faults such as power supply, internal processing errors and the like occur in the switching equipment.
(5) And a nonvolatile memory unit such as EEPROM is provided for storing configuration information. After the switching equipment is powered on, the configuration information in the memory is read, and the switching equipment can work normally after the configuration is successful. The configuration information can be updated in the working process, and the configuration is updated to the EEPROM.
(6) Each device has its own ID number.
The function of the switching equipment is to realize two-layer data exchange, each port stores the data frames after receiving the data frames, and the data frames are sent out from the corresponding ports according to the MAC address table of each port. The FPGA is the core of the whole device design, and its logical functional block diagram is shown in fig. 4:
the logic architecture comprises an interface module, a receiving management module, a cache processing module, a forwarding management module, a configuration management module, a state control module, a self-diagnosis module and the like.
And the interface module is used for completing the configuration and data transceiving of the gigabit PHY chip. And finishing the receiving and checking functions of one frame of data.
And the receiving management module is used for completing the receiving of the MAC layer data frames of all ports. The received frames are firstly stored in the ping-pong RAM, so that continuous received data is ensured not to be lost.
The buffer processing module is used for buffering the received data into the receiving buffer RAM of each port, and an independent receiving buffer RAM space is opened up for each port in the FPGA in order to ensure the forwarding performance. The module simultaneously completes the address management of the internal receiving cache RAM of the FPGA and is used for recycling the storage space. After each port receives the correct data frame and writes the correct data frame into the receiving buffer, the data frame which is not forwarded is read out from the receiving buffer RAM and written into the forwarding buffer. The module sends out a forwarding request after preparing a frame of data to be forwarded.
And the forwarding management module receives the forwarding request of each port, completes the arbitration process according to the priority, and reads the data frame needing to be forwarded from the forwarding caches of the ports according to the arbitration result.
And the configuration management module is used for completing the selection, the receiving and the writing of configuration data from each port into the EEPROM, and the module is used for completing the reading of the configuration data after the power-on or dynamic updating configuration is completed. The device is designed such that each port can receive configuration data, i.e. a user can configure the switching device through any port.
And the state control module is used for completing the integral state indication function of the switching equipment.
And the self-diagnosis module is used for completing the self-diagnosis function of internal data exchange and sending out fault signals if clock faults, data storms and internal data processing faults occur.
Therefore, in order to meet the requirement of safety communication and meet the certainty requirement of communication routing, the configuration tool of the switching equipment generates the MAC address mapping table of each port of each data switching equipment according to the application networking topological structure and the data interaction relation between each node. The MAC address mapping table mainly includes mapping relationships between data of a source MAC address and other ports. And the equipment only carries out forwarding operation according to the MAC address mapping table in normal operation, and the data frames conforming to the IEEE802.3 protocol can be identified and forwarded.
It should be noted that, the controller based on FPGA may be implemented by using ASIC or other technologies as well; the rate of the communication interface may vary depending on ease of use and may be a hundred mega PHY, a gigamega PHY, a tera PHY, etc. These various embodiments are all within the scope of the present invention.
Example III
In this embodiment, the security level multicast network device mentioned in the first embodiment is applied to a ring network topology (i.e. ring topology) for specific explanation, as shown in fig. 5, this embodiment provides a system for implementing a multi-node communication network architecture by using the security level multicast network device in a FitRel platform of a DCS instrument control system.
In fig. 5, FCU is a network communication board card of a control station, and each control station is 1 node; the data exchange device designs 4 ports (alternatively, 3 ports can be adopted) to realize the data exchange function and complete the mutual communication before each control station node. Each port is gigabit optical fiber communication, and the module is configured with EEPROM for storing configuration information; the ring topology can be designed to be one-way ring communication or two-way ring communication, so that redundancy is realized.
The FCU is connected with the data exchange equipment in a point-to-point mode, network data of the control station are sent to the data exchange equipment, the data exchange equipment determines whether each port forwards the data according to configuration, and the port needing to forward the data sends the data to the next data exchange equipment or other control stations connected with the data exchange equipment. Such that the data of the station is forwarded via one or more data switching devices to all stations requiring the data; meanwhile, the FCU obtains all data needed by the station from the port of the data exchange equipment, and data interaction among different stations is realized.
Example IV
The present embodiment provides a security level multicast network system, which includes:
a plurality of security-level multicast network devices as provided in any one of the first to third embodiments, and the plurality of security-level multicast network devices are connected with other devices through communication ports therein, respectively, thereby constructing a network topology;
and the control stations are respectively connected to the safety-level multi-point communication network equipment and are used for receiving, sending or forwarding the data frames to be transmitted through the safety-level multi-point communication network equipment.
Example five
As shown in fig. 6, the present embodiment provides a security level network communication method, which includes:
s110, receiving a data frame to be transmitted through a communication port of a security level multipoint communication network device, wherein the data frame comprises attribute parameters corresponding to a target communication port; wherein each communication port of the security level multicast network device is provided with an attribute parameter mapping table, and the attribute parameter mapping table is used for determining path information for forwarding the received data frame to the target communication port;
and S120, after any communication port in the security level multipoint communication network equipment receives the data frame, the data frame is stored in a data frame storage unit, and then the data frame in the data frame storage unit to be transmitted is forwarded to the target communication port through the path information meeting the security level requirement in the attribute parameter mapping table.
In this embodiment, preferably, the method further includes: the security level multipoint communication network device has a communication port for connection with a control station, and the control station communicates with other control stations by using attribute parameters of the communication port connected with the control station as attribute information of itself in network communication.
In this embodiment, preferably, the attribute parameter is information characterizing the MAC address; and the security level multicast network device is also configured with an ID number characterizing its own information.
In this embodiment, preferably, the method further includes: the parallel control of a plurality of communication ports in the security level multipoint communication network equipment is realized through the FPGA type controller, so that the receiving, the storage and the forwarding of data can be realized, and the line speed forwarding can be realized.
The corresponding security level multicast network device in the security level network communication method provided in this embodiment is any one of the first to third embodiments, and the internal structural features of the device are correspondingly the same as those of the foregoing embodiments, and are not repeated.
By adopting the technical scheme provided by the embodiment of the invention, at least one of the following beneficial effects can be obtained:
1. setting a plurality of ports in the security level multipoint communication network device, wherein each port is respectively configured with attribute information which can be identified by other devices and path information which needs to forward a data frame to a target communication port, and the received data frame comprises attribute parameters corresponding to the target communication port; thus, the data frames conforming to the security level standard (for example, IEEE802.3 protocol) can be identified and forwarded by forwarding the data frames to the target communication port quickly and accurately through the path information and only by forwarding according to the attribute information mapping table.
2. The security level multipoint communication network equipment adopts the same working mechanism, does not change according to the change of the topology, and can realize the data interaction of each node under different network topologies.
3. And a series of functions such as data interface, buffering, forwarding, configuration and the like are realized by adopting the FPGA, and low forwarding delay of 2 microseconds is realized. Each port is configured with an independent buffer memory, has larger buffer memory capacity compared with a shared buffer memory, and has the characteristics of high throughput rate, difficult packet loss and the like.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the method embodiments described above may be performed by hardware associated with program instructions. The foregoing program may be stored in a computer readable storage medium. The program, when executed, performs steps including the method embodiments described above; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that the above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention in any way. Any person skilled in the art can make many possible variations and simple substitutions to the technical solution of the present invention by using the methods and technical matters disclosed above without departing from the scope of the technical solution of the present invention, and these all fall into the scope of protection of the technical solution of the present invention.
Claims (8)
1. A security level multicast network device, comprising:
the communication ports are respectively provided with attribute parameters for representing the corresponding numbers of the current communication ports;
each communication port is respectively configured with an attribute parameter mapping table storage unit, wherein the attribute parameter mapping table stored in the attribute parameter mapping table storage unit is used for determining path information for forwarding the received data frame to the target communication port;
the data frame storage unit is used for storing data frames received by the plurality of communication ports, wherein the data frames comprise attribute parameters corresponding to the target communication ports; each port is configured with an independent MAC address mapping table for determining how a received data frame is forwarded; the MAC address mapping table of each port is required to be generated according to a configuration tool, and the configuration tool generates the MAC address mapping table of each device according to the topological structure and the data interaction information of each node; after the switching equipment is configured successfully, each port receives a data frame and then executes data storage forwarding operation according to the address mapping table;
the controller is arranged to store the data frame into the data frame storage unit after any one of the communication ports receives the data frame, and then forward the data frame in the data frame storage unit to the target communication port through the path information meeting the security level requirement in the attribute parameter mapping table storage unit; the controller is an FPGA type controller, a plurality of interface modules used for communication, a receiving management module, a forwarding management module and a buffer processing module, wherein the receiving management module and the forwarding management module are respectively connected with the interface modules in parallel, the buffer processing module is respectively connected with the receiving management module and the forwarding management module in parallel, the receiving management module is used for receiving MAC layer data frames of all ports, the forwarding management module is used for receiving forwarding requests of all ports, an arbitration process is completed according to preset priorities, and data frames needing to be forwarded are read from forwarding buffers of all ports according to arbitration results; the buffer processing module is used for buffering received data into a receiving buffer RAM of each port, opening up an independent receiving buffer RAM space for each port in the FPGA, managing the address of the receiving buffer RAM in the FPGA, recycling the storage space, reading out the data frame which is not forwarded from the receiving buffer RAM after each port receives the correct data frame and writes the data frame into the receiving buffer RAM, and writing the data frame into the forwarding buffer.
2. The device of claim 1, wherein the number of the plurality of communication ports is greater than or equal to 4 when the security level multicast network device is used in a star or hybrid network topology; when the security level multicast network device is for a ring network topology, the number of the plurality of communication ports is greater than or equal to 3; one of the plurality of communication ports is used for being connected with a control station, and the control station uses the attribute parameters of the communication port connected with the control station as the attribute information of the control station in network communication to communicate with other control stations.
3. The apparatus of claim 1, wherein the attribute parameter is information characterizing a MAC address; and the security level multicast network device is also configured with an ID number characterizing its own information.
4. The apparatus as recited in claim 1, further comprising: and the fault output port is used for outputting a fault signal when the security level multipoint communication network equipment has a power supply or internal processing error.
5. A security level multicast network system, comprising:
a plurality of security-level multicast network devices as claimed in any one of claims 1 to 4, each of the plurality of security-level multicast network devices being connected to other devices through communication ports therein, thereby constructing a network topology;
and the control stations are respectively connected to the safety-level multi-point communication network equipment and are used for receiving, sending or forwarding the data frames to be transmitted through the safety-level multi-point communication network equipment.
6. A method of security level network communication, comprising:
receiving a data frame to be transmitted through a communication port of a security level multipoint communication network device, wherein the data frame comprises attribute parameters corresponding to a target communication port; wherein each communication port of the security level multicast network device is provided with an attribute parameter mapping table, and the attribute parameter mapping table is used for determining path information for forwarding a received data frame to a target communication port; each port is configured with an independent MAC address mapping table for determining how a received data frame is forwarded; the MAC address mapping table of each port is required to be generated according to a configuration tool, and the configuration tool generates the MAC address mapping table of each device according to the topological structure and the data interaction information of each node; after the switching equipment is configured successfully, each port receives a data frame and then executes data storage forwarding operation according to the address mapping table;
after any communication port in the security level multipoint communication network device receives a data frame, firstly storing the data frame into the data frame storage unit, and then forwarding the data frame in the data frame storage unit to be transmitted to the target communication port through path information meeting security level requirements in the attribute parameter mapping table;
the system comprises an FPGA type controller, a plurality of interface modules for communication, a receiving management module, a forwarding management module and a buffer processing module, wherein the receiving management module and the forwarding management module are respectively connected with the interface modules in parallel; the buffer processing module is used for buffering received data into a receiving buffer RAM of each port, opening up an independent receiving buffer RAM space for each port in the FPGA, managing the address of the receiving buffer RAM in the FPGA, recycling the storage space, reading out the data frame which is not forwarded from the receiving buffer RAM after each port receives the correct data frame and writes the data frame into the receiving buffer RAM, and writing the data frame into the forwarding buffer.
7. The method as recited in claim 6, further comprising: the security level multipoint communication network device has a communication port for connecting with a control station, and the control station uses the attribute parameter of the communication port connected with the control station as the attribute information of itself in network communication to communicate with other control stations.
8. The method of claim 6, wherein the attribute parameter is information characterizing a MAC address; and the security level multicast network device is also configured with an ID number characterizing its own information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910347951.9A CN110401558B (en) | 2019-04-28 | 2019-04-28 | Security level multi-point communication network equipment, system and security level network communication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910347951.9A CN110401558B (en) | 2019-04-28 | 2019-04-28 | Security level multi-point communication network equipment, system and security level network communication method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110401558A CN110401558A (en) | 2019-11-01 |
| CN110401558B true CN110401558B (en) | 2023-07-25 |
Family
ID=68322889
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910347951.9A Active CN110401558B (en) | 2019-04-28 | 2019-04-28 | Security level multi-point communication network equipment, system and security level network communication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110401558B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110798480B (en) * | 2019-11-07 | 2022-02-01 | 杭州和利时自动化有限公司 | Data communication method and system between safety instrument systems |
| CN111049571B (en) * | 2019-12-29 | 2021-06-29 | 苏州浪潮智能科技有限公司 | Optical module fault prediction method and device and computer readable storage medium |
| CN111614793B (en) * | 2020-04-22 | 2022-03-04 | 上海御渡半导体科技有限公司 | FPGA-based Ethernet switch MAC address management device and method |
| CN114124858B (en) * | 2022-01-29 | 2022-05-17 | 飞腾信息技术有限公司 | Control method and control device |
| CN117452873B (en) * | 2023-12-26 | 2024-03-15 | 宁波和利时信息安全研究院有限公司 | Communication method, device, equipment and storage medium |
| CN117614915B (en) * | 2024-01-24 | 2024-04-05 | 上海合见工业软件集团有限公司 | On-chip interface data exchange routing system of FPGA |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5740175A (en) * | 1995-10-03 | 1998-04-14 | National Semiconductor Corporation | Forwarding database cache for integrated switch controller |
| US7120834B1 (en) * | 2002-03-29 | 2006-10-10 | Marvell International Ltd. | Fast port failover in a network switch |
| CN102082773A (en) * | 2009-11-30 | 2011-06-01 | 北京广利核系统工程有限公司 | Communication method based on inter-column security communication network protocol of reactor protection system |
| CN103117933A (en) * | 2013-03-04 | 2013-05-22 | 中国科学院高能物理研究所 | Method and system for transmitting data in multipoint communication network |
| CN105933162A (en) * | 2016-06-24 | 2016-09-07 | 西安电子科技大学 | Low latency Ethernet repeater and low latency Ethernet forwarding method based on T structure |
| CN109039738A (en) * | 2018-08-01 | 2018-12-18 | 北京广利核系统工程有限公司 | The configuration of the DCS network equipment and monitoring method, device, maintenance node and terminal |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2004289744A (en) * | 2003-03-25 | 2004-10-14 | Fujitsu Access Ltd | Multiport switch |
| US8498297B2 (en) * | 2005-08-26 | 2013-07-30 | Rockstar Consortium Us Lp | Forwarding table minimisation in ethernet switches |
| GB2461955A (en) * | 2008-07-25 | 2010-01-27 | Gnodal Ltd | Ethernet bridge or router employing a distributed MAC address table |
| GB2462492B (en) * | 2008-08-14 | 2012-08-15 | Gnodal Ltd | A multi-path network |
| TWI427972B (en) * | 2010-10-26 | 2014-02-21 | Accton Technology Corp | Network device with creating path data and method thereof |
| WO2012123953A1 (en) * | 2011-03-11 | 2012-09-20 | Tejas Networks Limited | A method and system for managing a communication network |
| US9042402B1 (en) * | 2011-05-10 | 2015-05-26 | Juniper Networks, Inc. | Methods and apparatus for control protocol validation of a switch fabric system |
| US20160154756A1 (en) * | 2014-03-31 | 2016-06-02 | Avago Technologies General Ip (Singapore) Pte. Ltd | Unordered multi-path routing in a pcie express fabric environment |
| WO2018001113A1 (en) * | 2016-06-29 | 2018-01-04 | 华为技术有限公司 | Communication method, apparatus and system |
| CN108600097B (en) * | 2018-04-20 | 2020-09-22 | 闫晓峰 | Communication equipment capable of transmitting data in multiple paths, data communication network system and data communication method |
-
2019
- 2019-04-28 CN CN201910347951.9A patent/CN110401558B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5740175A (en) * | 1995-10-03 | 1998-04-14 | National Semiconductor Corporation | Forwarding database cache for integrated switch controller |
| US7120834B1 (en) * | 2002-03-29 | 2006-10-10 | Marvell International Ltd. | Fast port failover in a network switch |
| CN102082773A (en) * | 2009-11-30 | 2011-06-01 | 北京广利核系统工程有限公司 | Communication method based on inter-column security communication network protocol of reactor protection system |
| CN103117933A (en) * | 2013-03-04 | 2013-05-22 | 中国科学院高能物理研究所 | Method and system for transmitting data in multipoint communication network |
| CN105933162A (en) * | 2016-06-24 | 2016-09-07 | 西安电子科技大学 | Low latency Ethernet repeater and low latency Ethernet forwarding method based on T structure |
| CN109039738A (en) * | 2018-08-01 | 2018-12-18 | 北京广利核系统工程有限公司 | The configuration of the DCS network equipment and monitoring method, device, maintenance node and terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110401558A (en) | 2019-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110401558B (en) | Security level multi-point communication network equipment, system and security level network communication method | |
| CN106790104B (en) | IP communication and FC-AE-1553 communication means between multi-protocols emerging system, node | |
| JP3662378B2 (en) | Network repeater | |
| US9058433B2 (en) | Advanced extensible interface bus and corresponding data transmission method | |
| US9485198B1 (en) | Methods and apparatus for multicast traffic failover in a network | |
| CN106603420B (en) | It is a kind of in real time and failure tolerance network-on-chip router | |
| CN103428060A (en) | Seamless redundancy realization method of loop network | |
| CN107113198A (en) | Ethernet interface module | |
| CN102035688A (en) | Design method for rapidly controlling network link access | |
| CN103220215A (en) | Fiber channel over Ethernet (FCoE) message forwarding method and device in TRILL network | |
| CN203883860U (en) | Network communication architecture of campus network | |
| CN110830394B (en) | Method for generating routing table based on RapidIO network | |
| CN108471390A (en) | The reorientation method of service message straddle processing system and service message | |
| CN100421423C (en) | Central router based on serial Rapid 10 bus | |
| US10848419B2 (en) | Data transmission method, communication network and master participant | |
| CN101106504A (en) | Distributed communication system for intelligent independent robot based on CAN bus | |
| US7733857B2 (en) | Apparatus and method for sharing variables and resources in a multiprocessor routing node | |
| CN108282462A (en) | A kind of device of isolation service network and management net | |
| CN202679422U (en) | Cloud computing network architecture | |
| CN111756659A (en) | Multi-master station EtherCAT network implementation method and network system adopting same | |
| Singh et al. | Comparative analysis of packet loss in extended wired LAN environment | |
| US7254139B2 (en) | Data transmission system with multi-memory packet switch | |
| CN113824633B (en) | Method for releasing route in campus network and network equipment | |
| CN101534214B (en) | Fault treatment method and device | |
| WO2016177229A1 (en) | Method and apparatus for processing operation, administration and maintenance oam messages |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |