CN110426971B - Rail transit control network data acquisition and management method and system - Google Patents
Rail transit control network data acquisition and management method and system Download PDFInfo
- Publication number
- CN110426971B CN110426971B CN201910563163.3A CN201910563163A CN110426971B CN 110426971 B CN110426971 B CN 110426971B CN 201910563163 A CN201910563163 A CN 201910563163A CN 110426971 B CN110426971 B CN 110426971B
- Authority
- CN
- China
- Prior art keywords
- network
- acquisition
- equipment
- data
- switch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/042—Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
- G05B19/0423—Input/output
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/21—Pc I-O input output
- G05B2219/21063—Bus, I-O connected to a bus
Abstract
The invention discloses a method and a system for acquiring and managing rail transit control network data, wherein the method comprises the following steps: the first acquisition equipment and the second acquisition equipment perform bypass acquisition on data through a mirror interface and/or a serial interface of the switch; the first acquisition equipment and the second acquisition equipment further upload the data to the central equipment through a first out-of-band network and a second out-of-band network respectively. The system comprises a first acquisition device, a second acquisition device, a first out-of-band network, a second out-of-band network and a center device. The invention carries out bypass acquisition on the network information through the out-of-band network and uploads the network information to the central equipment, thereby avoiding the influence of the service network fault and realizing zero occupation on the service network bandwidth; the comprehensive service network configuration is collected through the serial interface, and the simulation interaction information is screened and protected against accidents through the monitoring unit in the acquisition equipment, so that the management personnel can master the network structure of the whole network more comprehensively.
Description
Technical Field
The invention belongs to the field of rail transit, and particularly relates to a method and a system for acquiring and managing rail transit control network data.
Background
In a special network of rail transit, the current network in China is designed into a dual-network with physical isolation redundancy, and in order to avoid communication abnormity or communication interruption when the network fails under the condition of a single network, a dual-network structure is adopted to ensure the normal communication of the whole network of rail transit.
The network management system of the prior rail transit private network adopts a method of monitoring in bandwidth, the management network and the service network use the same bandwidth, when the service network has faults, such as network storm, communication failure and the like, the management network can not work normally, so that the prior network management system can not identify certain network faults; some special network failures occurring in the service network can also lead the network management system to be paralyzed, so that the problems of high complexity, high difficulty, large workload and the like occur in the troubleshooting work. Meanwhile, the network management system can only collect the state data and the log of the network equipment through SNMP (simple network management protocol) and syslog (system log or system record), and can not collect the original data, the obtained information is incomplete and incomplete, and the method for monitoring and managing the network state has risks, inaccurate fault location and even impossible location due to lack of the original data.
Disclosure of Invention
Aiming at the problems, the invention provides a method and a system for acquiring and managing rail transit control network data.
A rail transit control network data collection and management method, the method comprising:
the first acquisition equipment and the second acquisition equipment perform bypass acquisition on data through a mirror interface and/or a serial interface of the switch;
the first acquisition equipment and the second acquisition equipment further upload the data to the central equipment through a first out-of-band network and a second out-of-band network respectively.
Further, the data includes one or more of the following information:
network flow information passing through all monitored interfaces in the switch equipment;
configuration information, log information, and device status information for the network device and the security device.
Further, the first acquisition device and the second acquisition device acquire the network traffic information passing through all monitored interfaces in the switch device through the mirror image interface;
and the first acquisition equipment and the second acquisition equipment acquire the configuration information, the log information and the equipment state information of the network equipment and the safety equipment through the serial interfaces.
Further, the data in the first out-of-band network and the second out-of-band network also pass through an isolation device, and the isolation device performs isolation processing on the data in the first out-of-band network and the second out-of-band network.
Further, the first and second capturing devices filter the specific network traffic through one or more of the following filtering rules:
configuring BPF data acquisition filtering rules or configuring filtering rules from an active destination IP, a source destination port and a protocol white list to capture specific network traffic;
configuring filtering rules from an active destination IP, a source destination port and a protocol blacklist, and neglecting to capture specific network traffic.
Further, the first acquisition device and the second acquisition device also monitor the interaction command of the serial interface through a monitoring unit, and the monitoring unit monitors the interaction command of the serial interface and authenticates the interaction command sent by the user by using a secret key.
Further, the central device determines user identity levels, where the user identity levels include low-level users and high-level users, and the central device further determines, by the central device, user identity levels including:
the user can only send an interactive command of inquiring one class to the switch through the serial interface;
by the advanced user authenticated by the secret key, the user can send an interactive command capable of changing the configuration of the switch to the switch through the serial interface, and can also send an interactive command of inquiring the like.
A rail transit control network data acquisition and management system, the system comprising a first acquisition device, a second acquisition device, a first out-of-band network, a second out-of-band network, and a central device, wherein:
the first acquisition equipment and the second acquisition equipment are used for carrying out bypass acquisition on data through a mirror image interface and/or a serial interface of the switch;
the first out-of-band network and the second out-of-band network are used for transmitting the data acquired by the first acquisition equipment and the second acquisition equipment to the central equipment;
the central equipment is used for storing, analyzing and displaying data.
Further, the switch has and only has one of the mirror interfaces and one of the serial interfaces, wherein:
the mirror image interface is used for acquiring network flow information passing through all monitored interfaces in the switch equipment by the first acquisition equipment and the second acquisition equipment;
the serial interface is used for the first acquisition equipment and the second acquisition equipment to acquire configuration information, log information and equipment state information of the network equipment and the safety equipment.
Furthermore, the first acquisition device and the second acquisition device are respectively deployed beside each switch adjacent to the terminal device in each rail transit private network, and the first acquisition device and the second acquisition device can be connected with the switches through newly-added network interfaces of the expansion network card.
Further, both the first out-of-band network and the second out-of-band network are connected to an isolation device, and the isolation device is configured to isolate data transmitted by the first out-of-band network from data transmitted by the second out-of-band network.
Further, the first and second capturing devices each comprise a filtering unit for one or more of:
configuring BPF data acquisition filtering rules or configuring filtering rules from an active destination IP, a source destination port and a protocol white list to capture specific network traffic;
configuring filtering rules from an active destination IP, a source destination port and a protocol blacklist, and neglecting to capture specific network traffic.
Further, the first acquisition device and the second acquisition device both comprise monitoring units, the monitoring units are used for monitoring the interaction commands of the serial interfaces by the first acquisition device and the second acquisition device, and the monitoring of the interaction commands of the serial interfaces by the monitoring units comprises authenticating the interaction commands sent by the users by using secret keys.
Further, the central device is further configured to determine user identity ratings, where the user identity ratings include low-level users and high-level users, where:
the user can only send an interactive command of inquiring one class to the switch through the serial interface;
by the advanced user authenticated by the secret key, the user can send an interactive command capable of changing the configuration of the switch to the switch through the serial interface, and can also send an interactive command of inquiring the like.
The invention carries out bypass acquisition on the network information through the out-of-band network and uploads the network information to the central equipment, thereby avoiding the influence of the fault of the service network, collecting the information of the service network in any state, realizing zero occupation on the bandwidth of the service network and realizing zero influence on the communication of the service network; comprehensive service network configuration is collected through a serial interface, and simultaneously, simulation interaction information is screened and protected against accidents through a monitoring unit in the acquisition equipment, so that management personnel can master the network structure of the whole network more comprehensively; the central equipment manages the acquisition equipment, and the service network configuration can be managed through an out-of-band network, so that the condition that the management network is paralyzed due to certain service network faults caused by the fact that the management network and the service network share the bandwidth in a network management system is avoided.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 illustrates a flow chart of a rail transit control network data collection and management method of the present invention;
FIG. 2 shows an overall schematic of the invention;
fig. 3 shows a block diagram of the rail transit control network data acquisition and management system of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides a rail transit control network data acquisition and management method and system.
Fig. 1 shows a flow chart of a rail transit control network data acquisition and management method of the present invention, which includes: the first acquisition equipment and the second acquisition equipment perform bypass acquisition on data through a mirror interface and/or a serial interface of the switch; specifically, the data includes one or more of the following information:
network flow information passing through all monitored interfaces in the switch equipment;
configuration information, log information, and device status information for the network device and the security device.
The first acquisition equipment and the second acquisition equipment acquire the network traffic information passing through all monitored interfaces in the switch equipment through the mirror image interface; and the first acquisition equipment and the second acquisition equipment acquire the configuration information, the log information and the equipment state information of the network equipment and the safety equipment through the serial interfaces.
The first collecting device and the second collecting device filter specific network traffic through one or more of the following filtering rules:
configuring BPF data acquisition filtering rules or configuring filtering rules from an active destination IP, a source destination port and a protocol white list to capture specific network traffic;
configuring filtering rules from an active destination IP, a source destination port and a protocol blacklist, and neglecting to capture specific network traffic.
The first acquisition equipment and the second acquisition equipment also monitor the interactive commands of the serial interface through a monitoring unit, and the monitoring unit monitors the interactive commands of the serial interface and authenticates the interactive commands sent by a user by using a secret key.
The first acquisition equipment and the second acquisition equipment also upload the data to the central equipment through a first out-of-band network and a second out-of-band network respectively; specifically, the first out-of-band network and the second out-of-band network perform isolation processing on data transmitted by the first out-of-band network and the second out-of-band network through isolation equipment. Wherein, isolation equipment has following function:
physical isolation of network interfaces of all the acquisition equipment can be realized, communication among the acquisition equipment cannot be ensured, data exchange between double networks is avoided, and the safety of the whole network is improved;
through a protocol identification mode, a remote login protocol sent to the central equipment by the acquisition equipment cannot reach the central equipment;
through bandwidth control, the central equipment cannot send large-flow data to the acquisition equipment, so that network congestion is avoided;
through the quintuple (namely, the source IP address, the source port, the destination IP address, the destination port and the transport layer protocol), the data packet sent out from the acquisition equipment cannot be transmitted to other acquisition equipment and only can be sent to the central equipment.
The central equipment stores, analyzes and displays the data, and judges user identity grades through the central equipment, wherein the user identity grades comprise low-level users and high-level users, and the central equipment comprises the following steps:
the user can only send an interactive command of inquiring one class to the switch through the serial interface;
by the advanced user authenticated by the secret key, the user can send an interactive command capable of changing the configuration of the switch to the switch through the serial interface, and can also send an interactive command of inquiring the like.
The central equipment configures the strategy of the switch by controlling the acquisition equipment, so that the network topology is changed to a certain extent. Furthermore, the central device is a B/S architecture, and the network devices such as the switch and the like can be managed through the acquisition device through the page, for example, asset management is performed through the SNMP protocol, and the configuration file is issued to the switch to change the configuration of the switch.
For example, as fig. 2 shows an overall schematic diagram of the present invention, in this embodiment, two stations are taken as an example for explanation, but not limited to two stations, and a network connected to an upper side of a terminal device in the center of fig. 2 is taken as a left network ring network, and a network connected to a lower side thereof is taken as a right network ring network. Two stations in this embodiment are respectively set as station one and station two, and terminal equipment has all been placed in station one and station two, and two terminal equipment are placed to every station in this embodiment as an example, but not limited to two. Two terminal devices are connected to the same one or more switches, and in this embodiment, two industrial switches connected to the same are taken as an example, but not limited thereto, where the industrial switches have one and only one reserved mirror interface and one serial interface.
Station one constitutes redundant double ring net with the industrial switch in station two, and net about the physical isolation forms between the double ring net, and wherein adopt two different physical path to connect between the industrial switch in station one and the industrial switch in station two in the same looped netowrk, specifically as follows:
the industrial switch of the station I and the industrial switch of the station II in the same ring network are directly interconnected by adopting optical fibers to form a service network;
and secondly, newly adding an industrial switch between the industrial switch of the first station and the industrial switch of the second station in the same ring network, wherein the industrial switch of the first station is connected with the newly added industrial switch through optical fibers, and the newly added industrial switch is connected with the industrial switch of the second station through the optical fibers.
At least two acquisition devices are arranged in each station, and in this embodiment, the description is given by taking two acquisition devices as an example, but not limited to two. The acquisition equipment is arranged beside each industrial switch adjacent to the service terminal equipment in each rail transit private network, namely two acquisition equipment in the same station are respectively arranged in the left and right networks of the double-loop network, and the industrial switches in the left and right networks are connected with the acquisition equipment through serial interfaces and mirror image interfaces and used for data acquisition and network management agents (the function of network management agents).
Specifically, the acquisition device performs bypass acquisition on network flow information passing through all monitored interfaces in the switch device through a mirror image interface of the industrial switch, and then uploads the data to the central device through an out-of-band network which is physically isolated relative to the service network, so that interaction and interaction with the service network are avoided, the closure of the service network is completely maintained, information of the service network in any state can be collected, physical isolation between the service networks is not realized, zero occupation is realized on the bandwidth of the service network, and zero influence is realized on the communication of the service network. The system comprises a plurality of industrial switches, a plurality of acquisition devices, a network interface, an expansion network card, a network interface controller and a network interface controller.
The acquisition equipment acquires network configuration information, log information and equipment state information in a simulation interaction mode by using a serial interface of the industrial switch.
Each acquisition device is responsible for analyzing the flow information and the network configuration information, and uploading the result data to the central device through an out-of-band network, and the central device is responsible for storing the data, analyzing the result and displaying, and finally summarizing the result to the central system. The network isolation device is arranged between the acquisition device and the central device, and is used for ensuring the independence of the dual-network redundant and same service network data, wherein the dual-network data isolation function generated by the network isolation device can be replaced by other modes, such as physical isolation that a multi-network card interface of the central device receives data or isolation software of the central device, but not limited thereto.
The central device manages function configuration of each acquisition device in the station I and the station II through an out-of-band network, and simultaneously realizes a network management function on the whole service network through the acquisition devices in a mode of issuing configuration and centralized management, specifically, each acquisition device is only responsible for managing an industrial switch directly connected with the acquisition device, wherein the acquisition device supports configuration of a BPF (Berkeley packet filter) data acquisition filtering rule to capture specific network flow; supporting the configuration of a self-source destination IP, a source destination port and a protocol white list filtering rule to capture specific network traffic; and the configuration of the source and destination IP, the source and destination port and the protocol blacklist filtering rule is supported, and the capture of specific network traffic is omitted.
The acquisition device performs configuration management on the industrial switch through the serial interface of the industrial switch, and the configuration management mode is determined by the configuration issued by the central device, wherein the configuration management mode on the industrial switch through the serial interface of the industrial switch can be replaced by other modes, such as using an RJ45 network interface with a relatively low safety factor on the industrial switch to perform configuration management on the industrial switch, but not limited thereto. The monitoring unit is arranged in the acquisition equipment, the communication of the serial interface is safely protected, a command line white list is set for interactive contents, the network security is guaranteed, only a specific user can use the serial interface to interact with the industrial switch, and the network configuration is prevented from being intentionally or unintentionally modified by other users. Specifically, the specific users include a high-level user and a low-level user. Further, the user can only send interactive commands of inquiry type to the switch through the serial interface; by the advanced user authenticated by the secret key, the user can send an interactive command capable of changing the configuration of the switch to the switch through the serial interface, and can also send an interactive command of inquiring the like.
Illustratively, a user sends a request command to the industrial switch from the central device, where the request command may be an IP address or a password string, and the request command needs to pass through the collecting device to reach the industrial switch, and when the request command passes through the collecting device, the monitoring unit in the collecting device identifies the request command:
when the request command is matched with an operator command in the command library, allowing the user to access the industrial switch, but the user can only browse the related information and cannot modify the configuration of the industrial switch;
when the request command is matched with the administrator command in the command library, the user is allowed to access the industrial switch, and the user can browse the related information and modify the configuration of the related information;
when a command matching the request command cannot be found in the command library, the acquisition device will deny the user access to the industrial switch.
In order to implement the method for acquiring and managing the data of the track traffic control network of the present embodiment, a system for acquiring and managing the data of the track traffic control network is provided, as shown in fig. 3, which is a structural diagram of the system for acquiring and managing the data of the track traffic control network of the present invention, and the system includes a first acquisition device, a second acquisition device, a first out-of-band network, a second out-of-band network, and a central device, wherein:
the first acquisition equipment and the second acquisition equipment are used for carrying out bypass acquisition on data through a mirror image interface and/or a serial interface of the switch; specifically, the switch has and only has one of the mirror interface and one of the serial interface, wherein:
the mirror image interface is used for acquiring network flow information passing through all monitored interfaces in the switch equipment by the first acquisition equipment and the second acquisition equipment;
the serial interface is used for the first acquisition equipment and the second acquisition equipment to acquire configuration information, log information and equipment state information of the network equipment and the safety equipment.
The first acquisition equipment and the second acquisition equipment are respectively arranged beside each switch adjacent to the terminal equipment in each rail transit private network, and the first acquisition equipment and the second acquisition equipment can be connected with the switches through newly-added network interfaces of the expansion network card.
The first and second acquisition devices each comprise a filter unit for one or more of:
configuring BPF data acquisition filtering rules or configuring filtering rules from an active destination IP, a source destination port and a protocol white list to capture specific network traffic;
configuring filtering rules from an active destination IP, a source destination port and a protocol blacklist, and neglecting to capture specific network traffic.
The first acquisition equipment and the second acquisition equipment further comprise monitoring units, the monitoring units are used for monitoring the interaction commands of the serial interfaces by the first acquisition equipment and the second acquisition equipment, and the monitoring of the interaction commands of the serial interfaces by the monitoring units comprises the step of authenticating the interaction commands sent by users by using secret keys.
The first out-of-band network and the second out-of-band network are used for transmitting the data acquired by the first acquisition equipment and the second acquisition equipment to the central equipment; specifically, the first out-of-band network and the second out-of-band network are both connected to an isolation device, and the isolation device is configured to isolate data transmitted by the first out-of-band network from data transmitted by the second out-of-band network.
The central device is used for storing, analyzing and displaying data, and is also used for judging user identity grades, wherein the user identity grades comprise low-level users and high-level users, and the central device comprises:
the user can only send an interactive command of inquiring one class to the switch through the serial interface;
by the advanced user authenticated by the secret key, the user can send an interactive command capable of changing the configuration of the switch to the switch through the serial interface, and can also send an interactive command of inquiring the like.
The invention can collect the information of the service network in any state by bypassing the network information through the out-of-band network and upload the information to the central equipment, realizes zero occupation on the bandwidth of the service network and zero influence on the communication of the service network, and simultaneously, the central equipment manages the configuration of the service network through the out-of-band network, thereby avoiding the condition that the management network is paralyzed due to the fault of some service networks because the management network shares the bandwidth with the service network in the network management system.
Although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (14)
1. A rail transit control network data acquisition and management method is characterized by comprising the following steps:
the first acquisition equipment and the second acquisition equipment perform bypass acquisition on data through a mirror interface and/or a serial interface of the switch;
the first acquisition equipment and the second acquisition equipment also upload the data to the central equipment through a first out-of-band network and a second out-of-band network respectively;
the central equipment configures the strategy of the switch by controlling acquisition equipment;
the acquisition equipment carries out configuration management on the industrial switch through a serial interface of the industrial switch, and the configuration management mode is determined by the configuration issued by the central equipment.
2. A data acquisition and management method according to claim 1, characterized in that said data comprises one or more of the following information:
network flow information passing through all monitored interfaces in the switch equipment;
configuration information, log information, and device status information for the network device and the security device.
3. The data acquisition and management method according to claim 2, wherein the first acquisition device and the second acquisition device acquire the network traffic information passing through all the monitored interfaces in the switch device through the mirror interfaces;
and the first acquisition equipment and the second acquisition equipment acquire the configuration information, the log information and the equipment state information of the network equipment and the safety equipment through the serial interfaces.
4. A data collection and management method according to any of claims 1 to 3, wherein the data in the first out-of-band network and the second out-of-band network further passes through an isolation device, and the isolation device isolates the data in the first out-of-band network and the second out-of-band network.
5. A data collection and management method according to any of claims 1-3, wherein the first collection device and the second collection device filter specific network traffic through one or more of the following filtering rules:
configuring BPF data acquisition filtering rules or configuring filtering rules from an active destination IP, a source destination port and a protocol white list to capture specific network traffic;
configuring filtering rules from an active destination IP, a source destination port and a protocol blacklist, and neglecting to capture specific network traffic.
6. The data collection and management method according to any one of claims 1 to 3, wherein the first collection device and the second collection device further monitor the interactive command of the serial interface through a monitoring unit, and the monitoring unit monitors the interactive command of the serial interface including authenticating the interactive command sent by the user using a secret key.
7. The data collection and management method of claim 6, wherein a user identity level is determined by the central device, the user identity level comprises a low-level user and a high-level user, wherein:
the user can only send an interactive command of inquiring one class to the switch through the serial interface;
by the advanced user authenticated by the secret key, the user can send an interactive command capable of changing the configuration of the switch to the switch through the serial interface, and can also send an interactive command of inquiring the like.
8. A rail transit control network data acquisition and management system, characterized in that, the system includes first acquisition equipment, second acquisition equipment, first out-of-band network, second out-of-band network and central equipment, wherein:
the first acquisition equipment and the second acquisition equipment are used for carrying out bypass acquisition on data through a mirror image interface and/or a serial interface of the switch;
the first out-of-band network and the second out-of-band network are used for transmitting the data acquired by the first acquisition equipment and the second acquisition equipment to the central equipment;
the central equipment is used for storing, analyzing and displaying data;
the central equipment configures the strategy of the switch by controlling acquisition equipment;
the acquisition equipment carries out configuration management on the industrial switch through a serial interface of the industrial switch, and the configuration management mode is determined by the configuration issued by the central equipment.
9. A data acquisition and management system according to claim 8, wherein said switch has and only has one said mirror interface and one said serial interface, and wherein:
the mirror image interface is used for acquiring network flow information passing through all monitored interfaces in the switch equipment by the first acquisition equipment and the second acquisition equipment;
the serial interface is used for the first acquisition equipment and the second acquisition equipment to acquire configuration information, log information and equipment state information of the network equipment and the safety equipment.
10. The data acquisition and management system according to claim 9, wherein the first acquisition device and the second acquisition device are respectively deployed beside each switch adjacent to the terminal device in each rail transit private network, and the first acquisition device and the second acquisition device can be connected to the plurality of switches through a newly added network interface of the expansion network card.
11. The data acquisition and management system according to claim 10, wherein the first out-of-band network and the second out-of-band network are each connected to an isolation device, the isolation device being configured to isolate data transmitted by the first out-of-band network from data transmitted by the second out-of-band network.
12. A data acquisition and management system according to claim 11, wherein the first and second acquisition devices each comprise a filtering unit for one or more of:
configuring BPF data acquisition filtering rules or configuring filtering rules from an active destination IP, a source destination port and a protocol white list to capture specific network traffic;
configuring filtering rules from an active destination IP, a source destination port and a protocol blacklist, and neglecting to capture specific network traffic.
13. The data collection and management system according to any one of claims 8 to 12, wherein the first collection device and the second collection device each further comprise a monitoring unit, the monitoring unit is configured to monitor the interaction command of the serial interface by the first collection device and the second collection device, and the monitoring unit monitors the interaction command of the serial interface by using a key to authenticate the interaction command sent by the user.
14. The data collection and management system of claim 13, wherein the central device is further configured to determine a user identity rating, the user identity rating comprising a low-level user and a high-level user, wherein:
the user can only send an interactive command of inquiring one class to the switch through the serial interface;
by the advanced user authenticated by the secret key, the user can send an interactive command capable of changing the configuration of the switch to the switch through the serial interface, and can also send an interactive command of inquiring the like.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910563163.3A CN110426971B (en) | 2019-06-26 | 2019-06-26 | Rail transit control network data acquisition and management method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910563163.3A CN110426971B (en) | 2019-06-26 | 2019-06-26 | Rail transit control network data acquisition and management method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110426971A CN110426971A (en) | 2019-11-08 |
| CN110426971B true CN110426971B (en) | 2021-07-20 |
Family
ID=68409640
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910563163.3A Active CN110426971B (en) | 2019-06-26 | 2019-06-26 | Rail transit control network data acquisition and management method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110426971B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113362207A (en) * | 2020-03-06 | 2021-09-07 | 北京交大思源信息技术有限公司 | Data processing method and device for bypass type urban rail transit system |
| CN111884881B (en) * | 2020-07-28 | 2022-02-18 | 苏州浪潮智能科技有限公司 | Monitoring method, device and system for Ethernet switching network and switch |
| CN112132687B (en) * | 2020-11-24 | 2021-08-06 | 深圳华锐金融技术股份有限公司 | Resource exchange wind control method and device, computer equipment and storage medium |
| CN112737859B (en) * | 2021-01-04 | 2023-05-05 | 中车青岛四方车辆研究所有限公司 | Vehicle-mounted flow audit and alarm linkage system and flow abnormality judgment method |
| CN113259349A (en) * | 2021-05-12 | 2021-08-13 | 国家计算机网络与信息安全管理中心 | Monitoring method and device for rail transit control network |
| CN113110268A (en) * | 2021-05-28 | 2021-07-13 | 国家计算机网络与信息安全管理中心 | Monitoring system, data acquisition equipment and method for rail transit control network |
| CN114039875B (en) * | 2021-10-30 | 2023-09-01 | 北京网聚云联科技有限公司 | Data acquisition method, device and system based on eBPF technology |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101621430A (en) * | 2009-07-31 | 2010-01-06 | 南京拓为电力科技发展有限公司 | Portable electric power communication protocol detector and detection method thereof |
| CN102317876A (en) * | 2008-12-31 | 2012-01-11 | 施耐德电气美国股份有限公司 | Communication Module with Network Isolation and Communication Filter |
| CN104378228A (en) * | 2014-09-30 | 2015-02-25 | 上海宾捷信息科技有限公司 | Network data security management system and method |
| US9413785B2 (en) * | 2012-04-02 | 2016-08-09 | Mcafee, Inc. | System and method for interlocking a host and a gateway |
| CN105960777A (en) * | 2013-10-21 | 2016-09-21 | 尼妍萨有限公司 | System and method for observing and controlling programmable network using remote network manager |
| CN107070726A (en) * | 2017-05-22 | 2017-08-18 | 郑州云海信息技术有限公司 | A kind of integrated management approach based on MDC |
| CN107294875A (en) * | 2016-03-31 | 2017-10-24 | 中卫大河云联网络技术有限公司 | Band outer control system and chain of command communication means for SDN |
| CN107579895A (en) * | 2017-09-07 | 2018-01-12 | 张家口安智科为新能源有限公司 | Realize that case becomes the method for measure and control device ethernet ring network communication in a kind of new energy power station |
| CN108733614A (en) * | 2017-04-13 | 2018-11-02 | 北京京东尚科信息技术有限公司 | Data transmission system, method and apparatus |
| CN109672550A (en) * | 2017-10-17 | 2019-04-23 | 丛林网络公司 | Simplify configuration for multistage network structure |
Family Cites Families (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060282886A1 (en) * | 2005-06-09 | 2006-12-14 | Lockheed Martin Corporation | Service oriented security device management network |
| CN100464523C (en) * | 2005-09-22 | 2009-02-25 | 广东省电信有限公司研究院 | Monitor system and its monitor method for internet network telephone |
| AU2008200306B2 (en) * | 2008-01-22 | 2013-12-19 | Tii Network Technologies, Inc. | A combination primary protector, DSL splitter, demarcation point and customer wiring connections |
| US20100299430A1 (en) * | 2009-05-22 | 2010-11-25 | Architecture Technology Corporation | Automated acquisition of volatile forensic evidence from network devices |
| US8380828B1 (en) * | 2010-01-21 | 2013-02-19 | Adtran, Inc. | System and method for locating offending network device and maintaining network integrity |
| CA2803413A1 (en) * | 2010-06-22 | 2011-12-29 | Siemens Aktiengesellschaft | Wind park network system |
| US9178791B2 (en) * | 2011-08-29 | 2015-11-03 | Itxc Ip Holdings S.A.R.L. | System and method for data acquisition in an internet protocol network |
| US20140075505A1 (en) * | 2012-09-11 | 2014-03-13 | Mcafee, Inc. | System and method for routing selected network traffic to a remote network security device in a network environment |
| US9032504B2 (en) * | 2012-12-10 | 2015-05-12 | Dell Products L.P. | System and methods for an alternative to network controller sideband interface (NC-SI) used in out of band management |
| CN103607299A (en) * | 2013-11-08 | 2014-02-26 | 安徽康海时代科技有限公司 | Network management system |
| US9531669B2 (en) * | 2014-01-30 | 2016-12-27 | Sierra Nevada Corporation | Bi-directional data security for supervisor control and data acquisition networks |
| CN104954281B (en) * | 2014-03-31 | 2018-08-03 | 中国移动通信集团公司 | Communication means, system, resource pool management system, interchanger and control device |
-
2019
- 2019-06-26 CN CN201910563163.3A patent/CN110426971B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102317876A (en) * | 2008-12-31 | 2012-01-11 | 施耐德电气美国股份有限公司 | Communication Module with Network Isolation and Communication Filter |
| CN101621430A (en) * | 2009-07-31 | 2010-01-06 | 南京拓为电力科技发展有限公司 | Portable electric power communication protocol detector and detection method thereof |
| US9413785B2 (en) * | 2012-04-02 | 2016-08-09 | Mcafee, Inc. | System and method for interlocking a host and a gateway |
| CN105960777A (en) * | 2013-10-21 | 2016-09-21 | 尼妍萨有限公司 | System and method for observing and controlling programmable network using remote network manager |
| CN104378228A (en) * | 2014-09-30 | 2015-02-25 | 上海宾捷信息科技有限公司 | Network data security management system and method |
| CN107294875A (en) * | 2016-03-31 | 2017-10-24 | 中卫大河云联网络技术有限公司 | Band outer control system and chain of command communication means for SDN |
| CN108733614A (en) * | 2017-04-13 | 2018-11-02 | 北京京东尚科信息技术有限公司 | Data transmission system, method and apparatus |
| CN107070726A (en) * | 2017-05-22 | 2017-08-18 | 郑州云海信息技术有限公司 | A kind of integrated management approach based on MDC |
| CN107579895A (en) * | 2017-09-07 | 2018-01-12 | 张家口安智科为新能源有限公司 | Realize that case becomes the method for measure and control device ethernet ring network communication in a kind of new energy power station |
| CN109672550A (en) * | 2017-10-17 | 2019-04-23 | 丛林网络公司 | Simplify configuration for multistage network structure |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110426971A (en) | 2019-11-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110426971B (en) | Rail transit control network data acquisition and management method and system | |
| US8903964B2 (en) | Auto-configuration of network captured traffic device | |
| EP1952259B1 (en) | Non-centralized network device management using console communications system and method | |
| CN103036733B (en) | Unconventional network accesses monitoring system and the monitoring method of behavior | |
| CN101778264B (en) | Video monitoring method and video monitoring system | |
| CN107819633B (en) | Method for rapidly discovering and processing network fault | |
| CN102404254A (en) | Multi-network integrated intelligent home gateway device and system | |
| CN101822070A (en) | Communications network | |
| CN102597986A (en) | Serial port forwarding over secure shell for secure remote management of networked devices | |
| JP5603526B2 (en) | Method for improving high availability in a secure telecommunication network and telecommunication network comprising a plurality of remote nodes | |
| CN108833172A (en) | A kind of processing method, device and the network system of network failure alarm | |
| CN103957138B (en) | A kind of method for monitoring network, device and its system | |
| CN106792684A (en) | The wireless network secure guard system and means of defence of a kind of multiple-protection | |
| US20130138793A1 (en) | Network information processing system, a network information processing apparatus and a data processing method | |
| CN105959060A (en) | External optical amplifier monitoring system and external optical amplifier monitoring method based on networking way | |
| CN1996880A (en) | Method and network device of the self-adapted management network device | |
| KR100964392B1 (en) | System and method for managing network failure | |
| CN115883216A (en) | Communication system safety protection method and device and electronic equipment | |
| CN110971467A (en) | Network centralized management system | |
| CN108366368A (en) | A kind of electric power cloud platform system and its radio switch-in method based on Wi-Fi | |
| CN208675257U (en) | A kind of remote entry system based on communication network management equipment | |
| KR100541742B1 (en) | A system for controlling communication and a method thereof | |
| CN107426009B (en) | Subway communication network management system | |
| CN220693169U (en) | Core network architecture | |
| TWI836734B (en) | Software-defined network controller-based automatic management system, method, and computer-readable medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |