CN110839043B - Industrial control network minimization unit isolation control method and system - Google Patents
Industrial control network minimization unit isolation control method and system Download PDFInfo
- Publication number
- CN110839043B CN110839043B CN201911181340.8A CN201911181340A CN110839043B CN 110839043 B CN110839043 B CN 110839043B CN 201911181340 A CN201911181340 A CN 201911181340A CN 110839043 B CN110839043 B CN 110839043B
- Authority
- CN
- China
- Prior art keywords
- network
- ports
- industrial control
- port
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/088—Access security using filters or firewalls
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to an isolation control method and system for a minimization unit of an industrial control network, which comprises the steps of establishing an information transmission model of 'lower connection port for blocking mutual access and upper and lower connection ports for single-line communication' of an industrial control network; an upper connection port is fixed on the node equipment; fixing all other ports as downlink ports; port isolation deployment; establishing a network node broadcast addressing bandwidth demand model; network storm control deployment; and coding the deployment scheme, forming and installing an industrial control network node software patch, and forming the professional industrial control network node equipment. By adopting the method and the system thereof, the local fault on the network can not be spread in the superior port, the peer port and the subordinate port, and the fault is sealed in the minimized isolation unit, so that the accurate transmission of the data of the field device and the control center without delay, loss and change can be ensured, the network throughput capacity is improved by 80 percent, the investment of 'domain' switches, networks and the like is reduced by more than 20 percent, and the mutual interference among the devices in the industrial control network and the network storm are avoided.
Description
Technical Field
The invention belongs to the technical field of digital information transmission, and particularly relates to an isolation control method and system for a minimum unit of an industrial control network.
Background
A network system of a complete oil reservoir development industrial control network (information oil reservoir development management area), as shown in fig. 1, by taking an example of an oil field development management area industrial control network, including 8000 instruments and 400 paths of intelligent videos of 800 oil wells, water injection stations and metering stations scattered in the field, and after being converged to 500 wireless remote ends by 500 switches, the videos are converged to 40 sets of wireless service sectors deployed in a communication tower; in a convergence to 5 (tower) area switches; the data are transmitted to a control center through correlation and are connected with an SCADA (supervisory control and data acquisition) system for acquiring and controlling the operation of field equipment, and communication can be carried out between every two network ports and between equipment; the winning oil field has such 130 multiple management areas and network systems. Industrial control networks in other industries have similar characteristics.
The network of the industrial control system mainly ensures that data and videos collected by various sensors on a production site are uploaded to a control center without delay or packet loss; meanwhile, each production instruction of the control center for controlling, operating and shutting down each field device is guaranteed to accurately reach the specified field device without delay, loss and change, and is executed after being analyzed by the device.
Most of traditional industrial control information transfer is based on information network model, does not control to industrial control network characteristics, between every net gape, can communicate each other between equipment and the equipment, causes a large amount of difficulties and hidden danger for system management:
1. resulting in network storm and low communication efficiency. A large amount of network storms at network ports of the equipment in the field can be caused by aging, dust, weather and the like of the equipment; too many devices are available, some devices are not on-line for a long time, and the like, and IP address conflict occurs occasionally; in average year, more than one accident can be caused by one industrial control network, data acquisition and field control cannot be normally executed, and high-risk areas such as oil gas gathering and transportation, high-pressure water injection and the like are in an out-of-control state.
2. There is a great information security hidden danger. Because the devices are not isolated, communication can be mutually accessed between every two network ports and between the devices, and under the condition that any network cable in the field environment is utilized by people, the whole industrial control system device can be accessed through the port, the operation of the device is controlled, the operation parameters are modified, and the production data is copied, so that 'every network cable is a risk'.
Disclosure of Invention
The invention aims to provide an industrial control network minimization unit isolation control method and system, which are used for solving the problems of network storm, low communication efficiency and information safety hidden danger easily caused by traditional industrial control information transmission and achieving the technical effects of preventing the network storm from generating, improving the network throughput, improving the communication efficiency and ensuring the information safety of the industrial control network.
The technical scheme adopted by the invention is that the isolation control method for the minimization unit of the industrial control network comprises the following steps:
s01: establishing an information transmission model of 'lower connection port partition mutual access and single-line communication' of the upper connection port and the lower connection port of the industrial control network;
s02: fixing at least one uplink port on the node equipment; fixing other ports except the uplink port as downlink ports;
s03: the port isolation deployment is carried out, and an uplink port of the rear node equipment is communicated with all downlink ports; the upper connection ports and the lower connection ports are not communicated with each other;
s04: establishing a network node broadcast addressing bandwidth demand model;
establishing a broadcast addressing bandwidth quantification demand model of each network node device according to the number of uplink and downlink devices of the network node and the addressing demand of the network node device;
s05: network storm control deployment;
in each node, according to a network node equipment broadcast addressing bandwidth quantification demand model, deploying broadcast addressing bandwidth quantification limitation in nodes, and intercepting the upward and downward propagation of a network storm of local area network node equipment;
s06: coding the port isolation deployment and network storm control deployment schemes in the steps S01, S03, S04 and S05 to form an industrial control network node equipment software patch for patch installation;
s07: and pre-customizing the factory equipment to form special equipment with the special function of isolation control and management of the industrial control network minimizing unit.
Further, the network node device addressing requirements of step S04 do not include addressing requirements between upstream ports and downstream ports.
An industrial control network minimization unit isolation management and control system comprises a plurality of node devices, wherein the node devices are fixed with a plurality of upper connection ports, all other ports except the upper connection ports are fixed as lower connection ports, the upper connection ports of a single node device are respectively communicated with all the lower connection ports thereof, and the upper connection ports and the lower connection ports of the single node device are isolated from each other and cannot communicate; the node equipment is provided with a network storm prevention module and is used for filtering and screening broadcast storms occurring in the industrial control network.
Further, the communication between the node devices is single-line communication between an upper connection port of the lower node device and a lower connection port of the upper node device.
Further, there is one uplink port of the node device.
Furthermore, the number of the uplink ports of the node device is two, one is the active uplink port, and the other is the standby uplink port.
Further, the node equipment module comprises a switch, a firewall and a gatekeeper.
The embodiment of the invention has at least the following beneficial effects:
1. the network transmission process adopts the technical scheme that the industrial control network fixes the upper connection port and isolates the lower connection port for mutual access and the upper and lower connection ports are in single-line communication, so that the data and the video collected by various sensors on a production site are uploaded to a control center without delay and packet loss; each production instruction of the control center for controlling, operating and shutting down each field device is guaranteed to accurately reach the specified field device without delay, loss and change, and the production instruction is correctly executed after being analyzed by the device; the long-term effective operation of the industrial control network without interruption and failure is realized; realizing automatic 'closing', 'cutting', 'no propagation', 'no diffusion' of faults; the industrial control switching equipment system of the specialized and isolated control is formed, the network throughput capacity is improved by 80%, the data and flow crosstalk in a large network mode can be avoided, and the investment of 'domain' switches, networks and the like is reduced by more than 20%.
2. By adopting the method and the system, under the condition of dividing the 'domain' or not dividing the 'domain', an independent network pipeline is established among each data acquisition, video, transmission equipment, safety equipment, SCADA and control system through network storm prevention processing, so that single-line communication between field equipment (such as data acquisition equipment such as instruments) and a PLC control system, a remote terminal unit and a data acquisition and monitoring control system is realized, and mutual interference among various equipment in an industrial control network and the network storm are eliminated.
3. The technology and equipment transformation related by the invention can carry out standardized updating and upgrading through a customized equipment updating software package; the new factory equipment can be upgraded by customization, and a specialized product which is specialized and is suitable for industrial control network 'isolating mutual access of the lower connection port and single-line communication of the upper connection port and the lower connection port' is formed.
4. The node equipment covered by the invention comprises wireless communication equipment, a switch, a firewall, a router, a network gate and the like, can be deployed in a fool way or in a plug-in way, is automatically adaptive to a network and has strong universality.
Drawings
FIG. 1 is a schematic diagram of a network system of a conventional reservoir industrial control network;
FIG. 2 is a flow chart of the method of the present invention;
FIG. 3 is a schematic diagram of a physical network;
FIG. 4 is a model diagram of isolation management and control information transmission of the minimization unit of the industrial control network according to the present invention;
fig. 5 is a diagram of a conventional industrial control information transmission model.
Fig. 6 is an application schematic diagram of the isolation management and control system for the minimization unit of the industrial control network according to the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict. The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the invention, its application, or uses. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the invention. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, and it should be understood that when the terms "comprises" and/or "comprising" are used in this specification, they specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof, unless the context clearly indicates otherwise.
The relative arrangement of the components and steps, the numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise. Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description. Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate. Any specific values in all examples shown and discussed herein are to be construed as exemplary only and not as limiting. Thus, other examples of the exemplary embodiments may have different values. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
The invention discloses an isolation control method for a minimization unit of an industrial control network, which comprises the following steps as shown in figure 2:
s01: establishing an information transmission model of an industrial control network, namely, isolating mutual access by a lower connection port and carrying out single-line communication by the upper connection port and the lower connection port;
specifically, in the process of establishing the information transmission model, the model is established according to seven node levels such as 1, a meter, equipment → 2, an RTU, a PLC → 3, a convergence switch → 4, a regional control firewall → 5, a system control switch → 6, a SCADA → 7, a network egress gateway and the like:
1. instrument, equipment layer: the method comprises the following steps of (1) combing requirements of instruments for collecting content, alarming, setting operation parameters and the like; the interlocking relationship between instruments and equipment, and the interlocking relationship between equipment and equipment which is needed and possibly exists, such as the interlocking relationship between a thermometer and an electric pump, and the interlocking relationship between the liquid level and a drainage pump; the requirement of remotely starting and stopping the pump and the position where the function needs to be executed;
2. RTU, PLC layer: the method is characterized in that RTU and PLC software models are built for all functions of instrument data acquisition, alarm calculation, parameter setting, linkage calculation execution and the like, and are processed locally through software (namely 'direct communication between equipment and an area is not achieved', 'linkage is achieved through an upper computer and SCADA direct control of single equipment'), on one hand, linkage functions between the equipment are automatically executed by utilizing efficient, stable and reliable RTU and PLC, meanwhile, control workload of a remote SCADA system is built, and system stability is improved.
Establishing a data dump model for the contents of the upper SCADA needing to be acquired, remotely controlled, remotely regulated and the like, dumping the contents to the upper SCADA through an uplink network port, and storing the storage bits for the SCADA on the upper layer of the system to read, remotely control and remotely regulate;
3. the convergence switch communication layer: establishing an industrial control network minimization unit isolation control model from the time when the RTU and the PLC enter the switch, wherein direct information exchange does not exist between the RTU and the RTU, between the RTU and the PLC and between the PLC and the PLC, so that all switch ports accessed at the level need to be set to be isolated from each other; these ports communicate only with the defined 1-2 upstream ports. Sequentially establishing requirements and function models of a well site, a convergence tower, regional convergence and uplink and downlink ports of a master control switch;
4. and (3) a zone control firewall: according to the minimum passing and demand model, a well site convergence tower and a key station site are subjected to establishment of a minimum code and command firewall demand model according to uplink data acquisition, command level code classification of downlink remote control (remote control and remote regulation), code feature identification, a transmission protocol and the like. Establishing an SCADA remote control and remote regulation server passing control model;
5. the SCADA server: establishing a detailed distribution model of server user permission, a software module, a software function button and a remote control remote regulation function according to a minimum permission principle of software, remote control and remote regulation; and establishing linkage requirements, calculation models, remote control and remote regulation target equipment and target points between the RTU and the RTU, between the RTU and the PLC, and between the PLC and the PLC.
6. Network exit gatekeeper: according to the standard of 'information physical partition and in-out instruction hardware separation', the minimum requirements of data dump and application transfer outside the industrial control network are combed, and a requirement model of 'information physical partition and in-out hardware separation' is established.
S02: the node equipment is fixed with at least one uplink port; fixing other ports except the uplink port as downlink ports;
according to the service requirements of RTU and PLC layers, the functions of interlocking, warning and early warning and initialization of the layer are deployed on the RTU and PLC for automatic processing through programming, and the requirements of partial initialization and threshold setting are all executed on the upper computer of the layer.
And (3) deploying the functions of chain calculation, remote control and remote regulation between RTU and RTU, RTU and PLC and between PLC and PLC at the SCADA server.
And (4) carrying out port regulation on uplink and downlink ports of the well site, the convergence tower, the regional convergence and the main control switch according to the demand model.
Specifically, the node device includes a switch, a firewall, a gatekeeper, and the like.
Specifically, as shown in fig. 4, a port 1 of the switch is fixed as an uplink port in a code or menu manner; fixing all other ports as downlink ports;
s03: and (5) port isolation deployment.
An upper connection port of the rear node equipment is communicated with all lower connection ports; the upper connection ports and the lower connection ports are not communicated with each other;
specifically, as shown in fig. 4, the port No. 1 is communicated with all the downstream ports of the switch; all the downstream ports of the switch are isolated from each other and can not communicate;
specifically, the regional control firewall and the network outlet gateway set and release the protocols, remote control remote regulation instructions and acquisition instructions which need to pass one by one according to a required model in a white list permission release mode, and all the protocols, the instructions and the source end IP which exceed the model range are forbidden to pass.
By setting the step S01-03, the network nodes are divided into uplink and downlink, so that 'the downlink port cuts off mutual access and the uplink and downlink ports perform single-line communication'; on one hand, a large amount of network storms are generated at network ports of the transmission network blocking equipment due to aging, dust, weather and the like, and the problem of large-area network faults of an industrial control system caused by frequent large amount of network storms is solved; meanwhile, each production instruction of the control center for controlling, operating and shutting down each field device can be ensured to accurately reach the specified field device without delay, loss and change.
S04: establishing a network node broadcast addressing bandwidth demand model;
establishing a broadcast addressing bandwidth quantification demand model of each network node device according to the number of uplink and downlink devices of the network node and the addressing demand of the network node device;
specifically, according to the requirements of uplink data and downlink instructions, a passing model, all protocols, instructions and IP, the quantitative modeling is carried out according to the necessary broadcast addressing bandwidth requirements of the devices.
S05: network storm control deployment;
in each node, according to a network node equipment broadcast addressing bandwidth quantification demand model, deploying broadcast addressing bandwidth quantification limitation in nodes, and intercepting the upward and downward propagation of a network storm of local area network node equipment;
due to the design and connection problems of the network topology or other reasons, the broadcast is largely copied in the network segment, and data frames are spread, so that the network performance is reduced, even the network is paralyzed, which is the network storm. Over 90% of the webcast storms are caused by viruses, and may also be caused by certain harsh environments, such as improper temperature, humidity, vibration and electromagnetic interference, especially in environments with severe electromagnetic interference, which may also destabilize the network, cause data transmission errors, and cause webcast storms.
By setting the steps S04 and S05, the path causing network congestion can be cut off, and the traffic congestion in the longitudinal direction and the downlink direction, the network storm and the like can not be diffused; meanwhile, the upper connection ports and the lower connection ports are not communicated with each other, so that the possibility that the network storm is spread to other large ports is prevented, the storm is relieved in a certain area, and the large flow rate of the video, the network storm and the like are controlled in the smallest network entrance range.
By adopting the technical scheme of the invention, under the condition of dividing the 'domain' or not, an independent network pipeline is established among each data acquisition, video, transmission equipment, safety equipment, SCADA and control system, single-line communication between field equipment (such as data acquisition equipment such as instruments) and a PLC control system, a remote terminal unit and a data acquisition and monitoring control system is realized, and mutual interference among various equipment in an industrial control network and network storms are eliminated.
S06: and coding the port isolation deployment and network storm control deployment schemes in the steps S01, S03, S04 and S05 to form an industrial control network node equipment software patch and perform patch installation.
S07: and pre-customizing the factory equipment to form special equipment with the special function of isolation control and management of the industrial control network minimizing unit.
The method is adopted for equipment transformation, and standardized updating and upgrading can be carried out through a customized equipment updating software package; the new factory equipment can be upgraded by customization, and a specialized product which is specialized and is suitable for industrial control network 'isolating mutual access of the lower connection port and single-line communication of the upper connection port and the lower connection port' is formed.
The special products include but are not limited to switches, firewalls, gatekeepers and other information exchange equipment.
An industrial control network minimizing unit isolation management and control system comprises:
the node equipment is fixed with a plurality of upper connection ports, all other ports except the upper connection ports are fixed as lower connection ports, the upper connection ports of single node equipment are respectively communicated with all lower connection ports thereof, and the upper connection ports and the lower connection ports of the single node equipment are isolated from each other and cannot communicate.
The node equipment is provided with a network storm prevention module and is used for filtering and screening broadcast storms occurring in the industrial control network. And in each node, according to a network node equipment broadcast addressing bandwidth quantization demand model, allocating broadcast addressing bandwidth quantization limits in a node division mode, and intercepting the upward and downward propagation of a network storm of local area network node equipment.
The field device can be an instrument, various sensors, numerical control equipment and the like.
The superior equipment can be industrial control equipment with a PLC control system, a remote terminal unit or a data acquisition and monitoring control system.
The upper connection port of the node equipment is connected with the lower connection port of the node equipment of the previous level, or connected with the corresponding port of the node equipment of the previous level;
and the lower connection port of the node equipment is connected with the upper connection port of the node equipment at the next level, or is connected with the corresponding port of the field equipment.
The communication between the node devices in the industrial control network minimization unit isolation control system is single-line communication between an upper connection port of a lower layer node device and a lower connection port of an upper layer node device.
Preferably, the number of the uplink ports of the node equipment is one, and only one port and one channel are needed for communication between the node equipment
Preferably, there may be two uplink ports of the node device, one being the active uplink port and the other being the standby uplink port.
The node equipment module includes but is not limited to information exchange equipment such as a switch, a firewall, a network gate and the like.
The node equipment (such as switch, firewall, route, etc.) applying the method of the present invention can be deployed in a fool way or in a plug-in way, and has the advantages of automatic network adaptation and strong universality.
By adopting the isolation control method for the minimization units of the industrial control network, the independent network pipeline between each IP device and the data acquisition and monitoring control system is established under the condition of dividing the 'domain' or not dividing the 'domain' through the network storm prevention processing, so that the single-line communication between the field devices (such as data acquisition devices such as instruments) and the PLC control system, the remote terminal unit and the data acquisition and monitoring control system is realized, and the mutual interference among various devices in the industrial control network and the network storm are eliminated;
as shown in fig. 1, 3, and 5, most of the existing conventional industrial control information transmission is based on an information network model, and is not controlled by an industrial control network, and each network port can communicate with each other, which easily causes network storm and low communication efficiency.
The industrial control network minimization unit isolation control method and the application of the system thereof fully utilize the characteristics of industrial control network that direct communication is not carried out between equipment and between areas, linkage is carried out by directly controlling single equipment through an upper computer and a data acquisition and monitoring control system, and single-line connection, and utilize the network isolation technology to block mutual access of unneeded parallel ports; the method establishes 'virtual, independent and special channels for acquisition and control' between equipment and a control system (an upper computer and an SCADA), eliminates mutual interference, and ensures that data and videos acquired by various sensors on a production site are uploaded to a control center without delay and packet loss.
The application of the isolation control method for the minimization unit of the industrial control network ensures that each production instruction of the control center for controlling, operating and shutting down each field device can accurately reach the specified field device without delay, loss and change and can be correctly executed after being analyzed by the device; the long-term effective operation of the industrial control network without interruption and failure is realized; on the other hand, the method can also block the spread of a large number of network storms and the like at the network port caused by viruses, equipment aging/dust/weather and the like, control the viruses and the network storms in the minimum network entrance range, and realize automatic 'closing', 'cutting', 'no spread' and 'no spread' of faults; the white listing of the code level of the content exchanged between each device and the upper layer minimizes the control granularity of all devices in the industrial control network to the 'own grid', and ensures the safe and reliable operation of the system from the network link and the instruction level.
By adopting the industrial control network minimization unit isolation control method, a specialized industrial control switching equipment system for isolation control is formed, the network throughput is improved by 80%, data and flow crosstalk in a large network mode can be avoided, and the investment of a 'domain' switch, a network and the like is reduced by more than 20%.
After the method for isolating, managing and controlling the minimization units of the industrial control network is implemented, as shown in fig. 6, information safety realizes single-equipment control, the current situation that each network cable is at risk is thoroughly eliminated, the condition that direct communication between equipment and a subsystem is not needed is ensured, linkage between the equipment and the subsystem is directly controlled through an upper computer and SCADA calculation, the equipment and the SCADA are in single-line contact, communication between the equipment and the equipment, RTU and RTU, PLC and PLC, and a peer network port is simultaneously cut off, only the equipment and the RTU, PLC and SCADA in the system network are in single-line contact, and a channel for controlling the operation, starting and stopping of the equipment, modifying operation parameters, or downloading production data, even modifying a control program by using any port is cut off.
Under the help of white-listing and minimum-requirement firewall control, each port access device, the uplink protocol, the instruction and the instruction feature code realize white-listing control, any external unknown device, protocol and instruction cannot be transmitted upwards, and a channel for transmitting the instruction upwards through any port is controlled from the instruction level. Effectively promotes the industrial control safety control granularity.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (7)
1. An isolation control method for a minimization unit of an industrial control network is characterized by comprising the following steps:
s01: establishing an information transmission model of a lower connection port partition mutual access and an upper connection port single line communication of an industrial control network according to seven node levels of 1 instrument, 2 equipment → RTU, PLC → 3, a convergence switch → 4, a regional control firewall → 5, a system control switch → 6, SCADA → 7 and a network exit gatekeeper;
s02: fixing at least one uplink port on the node equipment; fixing other ports except the uplink port as downlink ports;
s03: the port isolation deployment is carried out, and an uplink port of the rear node equipment is communicated with all downlink ports; the upper connection ports and the lower connection ports are not communicated with each other;
s04: establishing a network node broadcast addressing bandwidth demand model;
establishing a broadcast addressing bandwidth quantification demand model of each network node device according to the number of uplink and downlink devices of the network node and the addressing demand of the network node device;
s05: network storm control deployment;
in each node, according to a network node equipment broadcast addressing bandwidth quantification demand model, deploying broadcast addressing bandwidth quantification limitation in nodes, and intercepting the upward and downward propagation of a network storm of local area network node equipment;
s06: coding the port isolation deployment and network storm control deployment schemes in the steps S01, S03, S04 and S05 to form an industrial control network node equipment software patch for patch installation;
s07: and pre-customizing the factory equipment to form special equipment with the special function of isolation control and management of the industrial control network minimizing unit.
2. The industrial control network minimization unit isolation control method according to claim 1, characterized in that: the network node device addressing requirements of step S04 do not include addressing requirements between upstream ports and downstream ports.
3. The system for the isolation control method of the minimum unit of the industrial control network according to claim 1, comprising a plurality of node devices, wherein the node devices are fixed with a plurality of uplink ports, all the ports except the uplink ports are fixed as downlink ports, the uplink ports of a single node device are respectively communicated with all the downlink ports, and the uplink ports and the downlink ports of the single node device are isolated from each other and cannot communicate with each other; the node equipment is provided with a network storm prevention module and is used for filtering and screening broadcast storms occurring in the industrial control network.
4. The industrial control network minimizing unit isolation management and control system according to claim 3, wherein the communication between the node devices is single-line communication between an uplink port of a lower node device and a downlink port of an upper node device.
5. The industrial control network minimizing unit isolation management and control system according to claim 3 or 4, wherein there is one uplink port of the node device.
6. The industrial control network minimizing unit isolation control system according to claim 3 or 4, wherein there are two uplink ports of the node device, one is an active uplink port and the other is a standby uplink port.
7. The industrial control network minimizing unit isolation management and control system according to claim 3 or 4, wherein the node device module comprises a switch, a firewall and a gatekeeper.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911181340.8A CN110839043B (en) | 2019-11-27 | 2019-11-27 | Industrial control network minimization unit isolation control method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911181340.8A CN110839043B (en) | 2019-11-27 | 2019-11-27 | Industrial control network minimization unit isolation control method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110839043A CN110839043A (en) | 2020-02-25 |
| CN110839043B true CN110839043B (en) | 2020-09-15 |
Family
ID=69577509
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911181340.8A Expired - Fee Related CN110839043B (en) | 2019-11-27 | 2019-11-27 | Industrial control network minimization unit isolation control method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110839043B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112306019A (en) * | 2020-10-28 | 2021-02-02 | 北京珞安科技有限责任公司 | Industrial control safety audit system based on protocol deep analysis and application thereof |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7707309B2 (en) * | 2004-01-29 | 2010-04-27 | Brocade Communication Systems, Inc. | Isolation switch for fibre channel fabrics in storage area networks |
| CN102118427A (en) * | 2010-12-15 | 2011-07-06 | 合肥工业大学 | Mine locomotive monitoring system under multilayer heterogeneous industrial control network convergence technology |
| CN102694815B (en) * | 2012-06-04 | 2016-05-11 | 浙江中控技术股份有限公司 | A kind of safety protecting method, control module and industrial control system |
| CN106483945B (en) * | 2016-12-20 | 2023-12-05 | 中国华电科工集团有限公司 | Compact control informatization system for building distributed energy station |
| US10341134B2 (en) * | 2017-06-21 | 2019-07-02 | Siemens Schweiz Ag | System and method for isolating device communications in a BACnet/IP building automation network |
| CN109818931B (en) * | 2018-12-27 | 2021-12-14 | 山东电力工程咨询院有限公司 | Interface device and multicast Ethernet communication stream cascade method |
| CN110266585B (en) * | 2019-06-14 | 2020-08-11 | 长飞光纤光缆股份有限公司 | All-optical intelligent industrial gateway based on edge calculation |
-
2019
- 2019-11-27 CN CN201911181340.8A patent/CN110839043B/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN110839043A (en) | 2020-02-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105939334B (en) | Anomaly detection in industrial communication networks | |
| US7738612B2 (en) | Systems and methods for implementing advanced power line services | |
| US8553729B2 (en) | Hierarchical wireless access system and access point management unit in the system | |
| US20140371941A1 (en) | Software-defined energy communication networks | |
| JP2018191283A (en) | Intelligent sequencing of multiple wireless nodes for transfer between wireless mesh networks in process control system | |
| Jeon | QoS requirements for the smart grid communications system | |
| US20080219186A1 (en) | Energy switch router | |
| CN106603659A (en) | Intelligent manufacturing special network data acquisition scheduling system | |
| CN107851109A (en) | The configuration of software defined network | |
| CN103944871A (en) | A method and a controller system for controlling a software-defined network | |
| CN102904749A (en) | Network security appliance | |
| WO2018233030A1 (en) | Transmission duration-based internet of things data reporting control method and forwarding node | |
| Kumar et al. | Microgrid communications—Protocols and standards | |
| CN110839043B (en) | Industrial control network minimization unit isolation control method and system | |
| Cepa et al. | Migration of the IT Technologies to the Smart Grids | |
| US20160218912A1 (en) | Quality of experience aware transport self organizing network framework | |
| CN108965013A (en) | IP and the quick open system of optical network service and method | |
| US11005822B2 (en) | Securing substation communications using security groups based on substation configurations | |
| EP3824525B1 (en) | Power distribution virtual networking | |
| Aalamifar et al. | Optimized data acquisition point placement for an advanced metering infrastructure based on power line communication technology | |
| Sayed et al. | Smart Utilities IoT-Based Data Collection Scheduling | |
| CN105959060B (en) | A kind of external image intensifer monitoring system and method based on networking mode | |
| EP3266240A1 (en) | Quality of experience aware transport self organizing network framework | |
| EP3825858A1 (en) | Secure meshnet system for sharing data and respective coupling and interface devices | |
| CN104137478B (en) | For the method and system for the stream for controlling the notice in communication network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200915 Termination date: 20211127 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |