CN111786873A - Remote control method, system and gateway supporting PLC redundancy - Google Patents

Remote control method, system and gateway supporting PLC redundancy Download PDF

Info

Publication number
CN111786873A
CN111786873A CN202010668618.0A CN202010668618A CN111786873A CN 111786873 A CN111786873 A CN 111786873A CN 202010668618 A CN202010668618 A CN 202010668618A CN 111786873 A CN111786873 A CN 111786873A
Authority
CN
China
Prior art keywords
gateway
address
message
virtual
vpn
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010668618.0A
Other languages
Chinese (zh)
Other versions
CN111786873B (en
Inventor
李娟�
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Jiechuang Ark Digital Technology Co ltd
Original Assignee
Zhejiang Jiechuang Ark Digital Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Jiechuang Ark Digital Technology Co ltd filed Critical Zhejiang Jiechuang Ark Digital Technology Co ltd
Priority to CN202010668618.0A priority Critical patent/CN111786873B/en
Publication of CN111786873A publication Critical patent/CN111786873A/en
Application granted granted Critical
Publication of CN111786873B publication Critical patent/CN111786873B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/05Programmable logic controllers, e.g. simulating logic interconnections of signals according to ladder diagrams or function charts
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5069Address allocation for group communication, multicast communication or broadcast communication

Abstract

Embodiments of the present invention provide a remote control system, method and gateway supporting PLC redundancy, in which a PLC controller communicates with a terminal device associated to a second gateway via a first tunnel between its associated first gateway and a VPN server running on an intermediary device and a second VPN tunnel between the VPN server and the second gateway, a request message from the PLC controller and a reply message from the terminal device are transmitted encapsulated in a message having a virtual IP address of the first gateway or a virtual IP address of the second gateway as a destination address, wherein the virtual IP address is assigned by the VPN server. Embodiments of the present invention provide existing industrial control networks with a remote control solution that can support PLC redundancy across wide area networks without requiring multicast configuration of all wide area network routing or switching devices.

Description

Remote control method, system and gateway supporting PLC redundancy
Technical Field
The invention relates to industrial automation and industrial control networks, in particular to a remote control method, a remote control system and a remote control gateway which support PLC redundancy and cross wide area networks.
Background
The statements in this section merely provide background information related to the present disclosure and may not constitute prior art for the purposes of describing the present disclosure.
Currently, industrial control networks mainly use Programmable Logic Controllers (PLC) to control and manage industrial terminal devices (hereinafter, referred to as terminal devices) such as intelligent instruments, meters, actuators, and the like in an industrial field. Since the industrial environment generally requires to support stable, reliable and low-delay real-time communication, there is a limit to the communication distance, most of the current industrial control networks are local area networks, and data communication between nodes in the industrial network is realized based on an industrial Ethernet technology such as Ethernet/IP. With the rapid development of the 5G technology, the high transmission and low time delay of the 5G network enable the possibility of remotely controlling industrial manufacturing equipment through a PLC, the influence of severe environment of an industrial field can be avoided through a remote control mode, the safety of related workers is ensured, the industrial field networks distributed in different areas can be flexibly and conveniently managed and maintained in a unified mode, and therefore the management cost is greatly saved. However, as industrial networks expand from local area networks to wide area networks, many challenges are presented at the technical level.
Taking PLC redundancy as an example, to ensure the stability of an industrial control system, a plurality of PLCs are usually used for redundancy backup, where one PLC is configured as a master device and the other PLCs are configured as slave devices (also referred to as backup PLCs), and usually only the master device sends a request data packet to a terminal device, and the terminal device replies a multicast data packet in order to enable data replied by the terminal device to reach all PLC devices performing redundancy backup, where the multicast data packet can be normally transmitted in a local area network, but is difficult to reach a plurality of remote PLCs across a wide area network, and thus, a corresponding PLC control flow cannot normally operate. Although the above communication can be guaranteed to be normal by configuring all devices of the core network to support multicast forwarding, the configuration workload is enormous. In fact, it is almost impossible to require that all core network devices in a 5G network be configured to support multicast forwarding. Therefore, there is a need for a remote control solution that supports PLC redundancy across a wide area network.
Disclosure of Invention
Therefore, an object of the embodiments of the present invention is to provide a remote control method, system and gateway supporting PLC redundancy across a wide area network.
The above purpose is realized by the following technical scheme:
according to a first aspect of the embodiments of the present invention, there is provided a remote control method supporting PLC redundancy, including: encapsulating, by a first gateway associated with a PLC controller, a request message transmitted from the PLC controller to a terminal device, and transmitting the encapsulated message to a second gateway via a first VPN tunnel between the first gateway and a virtual private network VPN server running on an intermediary device and a second VPN tunnel between the VPN server and a second gateway associated with the terminal device; the second gateway decapsulates the received encapsulated message to obtain the request message and forwards the request message to corresponding terminal equipment; packaging the received reply message from the terminal equipment to the request message through the second gateway, and returning the packaged message to the first gateway through the first VPN tunnel and the second VPN tunnel; the first gateway unpacks the received packaged message to obtain the reply message, and multicasts the reply message to a redundancy group where the PLC controller is located; wherein the source and destination addresses of the encapsulated message are determined based on the virtual IP addresses assigned by the VPN server to the first gateway and the second gateway.
In some embodiments of the present invention, the method may further include recording, by the second gateway, a mapping relationship between the address of the PLC controller and the address of the terminal device based on a destination address and a source address in the request message.
In some embodiments of the present invention, the method may further include, in response to receiving a reply message from the terminal device, determining, by the second gateway, an address of the PLC controller to which the reply message is directed based on a mapping relationship between the address of the terminal device and the address of the PLC controller; and determining the virtual IP address of the first gateway associated with the PLC according to the preset routing information for subsequent encapsulation.
In some embodiments of the present invention, the method may further include selecting, by the second gateway according to preset routing information, a virtual IP address of the first gateway associated with a destination address of the multicast packet for use in subsequent encapsulation, in response to determining that the received reply packet from the terminal device is a multicast packet.
In some embodiments of the invention, the method may further comprise establishing, via the first gateway, a first tunnel between the first gateway and a virtual private network, VPN, server running on the intermediary device; responding to the establishment of a first tunnel, allocating a virtual address and/or a virtual network segment for the first gateway by the VPN server; establishing a second tunnel between the second gateway and a Virtual Private Network (VPN) server running on the intermediate device; and responding to the establishment of a second tunnel, and allocating a virtual address and/or a virtual network segment for the second gateway by the VPN server.
In some embodiments of the present invention, the virtual addresses allocated by the VPN server to the first gateway and the second gateway are private IP addresses. In some embodiments, the VPN server allocates virtual addresses belonging to the same network segment for the first gateway and the second gateway.
According to a second aspect of embodiments of the present invention, there is provided a remote control system supporting PLC redundancy, comprising a first gateway associated with a PLC controller, a second gateway associated with a terminal device, a virtual private network, VPN, server running on an intermediary device, the PLC controller communicating with the terminal device via a first VPN tunnel between the first gateway and the VPN server and a second VPN tunnel between the VPN server and the second gateway. Wherein the first gateway is configured to: and encapsulating the request message sent from the PLC to the terminal equipment, decapsulating the reply message of the terminal equipment received from the second gateway through the first VPN tunnel and the second VPN tunnel, and multicasting the reply message to the redundancy group where the PLC is located. The second gateway is configured to: decapsulating the encapsulated packet received from the first gateway to obtain the request packet, and forwarding the request packet to the corresponding terminal device; and packaging the received reply message of the request message from the terminal equipment, and returning the reply message to the first gateway through the first VPN tunnel and the second VPN tunnel. Wherein the source and destination addresses of the encapsulated message are determined based on the virtual IP addresses assigned by the VPN server to the first gateway and the second gateway.
In some embodiments of the invention, the second gateway may be further configured to: recording the mapping relation between the address of the PLC controller and the address of the terminal equipment through a second gateway based on the destination address and the source address in the request message; in response to receiving a reply message from the terminal device, the second gateway determines the address of the PLC controller to which the reply message is directed based on the mapping relationship between the address of the terminal device and the address of the PLC controller; and determining the virtual IP address of the first gateway associated with the PLC according to the preset routing information for subsequent encapsulation.
According to a third aspect of embodiments of the present invention, there is provided a gateway for accessing a 5G network, comprising a local area network interface, a 5G network interface, a processor, and a memory, the memory having stored thereon computer instructions that, when executed by the processor, may perform the following operations: establishing a VPN tunnel between the gateway and a Virtual Private Network (VPN) server running on the intermediary device via a 5G network interface; determining a virtual IP address of another gateway associated with a destination address of a message received from a local area network interface, and encapsulating the message; wherein, the source address and the destination address of the encapsulated message are respectively the virtual IP address of the gateway and the virtual IP address of the other gateway, and the virtual IP addresses are distributed by the VPN server; sending the encapsulated message to the VPN server through the VPN tunnel; and decapsulating the message received from the 5G network interface, and forwarding the message according to the destination address of the decapsulated message.
The technical scheme provided by the embodiment of the invention can have the following beneficial effects:
existing industrial control networks are provided with remote control solutions that support PLC redundancy across wide area networks without requiring multicast configuration of all wide area network routing or switching devices. The PLC equipment and the remote terminal equipment controlled by the PLC equipment can communicate as if the PLC equipment and the remote terminal equipment are in the same local area network, and the multicast data replied by the terminal equipment can reach all the PLC equipment for redundancy backup.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention. It is obvious that the drawings in the following description are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort. In the drawings:
fig. 1 shows an architectural diagram of a remote control system supporting PLC redundancy according to one embodiment of the present invention.
Fig. 2 is a schematic diagram illustrating an inter-device communication architecture in a remote control system supporting PLC redundancy according to another embodiment of the present invention.
Fig. 3 shows a flowchart of a remote control method supporting PLC redundancy according to an embodiment of the present invention.
Fig. 4 shows a functional block diagram of a gateway for accessing a 5G network according to one embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail by embodiments with reference to the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to provide a thorough understanding of embodiments of the invention. One skilled in the relevant art will recognize, however, that the invention may be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations or operations have not been shown or described in detail to avoid obscuring aspects of the invention.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
Fig. 1 is a schematic diagram of an architecture of a remote control system supporting PLC redundancy according to an embodiment of the present invention. Included in intranet 110 are a plurality of PLC controllers supporting redundancy, with one PLC controller configured as a master PLC and the remaining PLCs configured as slave PLCs, such as the slave PLCa, …, slave PLCn shown in fig. 1. Included in the intranet 120 are a plurality of end devices a-n, such as frequency converters, RS485 meters, and the like, located in an industrial field environment. In the intranet 110, only the master PLC may send a request message to the terminal device to acquire various data related to the terminal device, and the master PLC and all the slave PLCs join the same multicast group to receive a message fed back from the terminal device. Intranet 110 accesses the wide area network through gateway 101 and intranet 120 accesses the wide area network through gateway 102. To enable communication between devices in intranet 110 and devices in intranet 120, an enterprise virtual private network that spans a wide area network for the enterprise architecture is implemented in embodiments of the present invention via a Virtual Private Network (VPN) server running on intermediary device 103. This eliminates the need to provide each access gateway located in a different regional intranet with a dedicated extranet IP address, but rather enables communication between the various intranets in the different regions through a VPN server running on the intermediary device. The intermediary device may be any computing device or cluster accessible over a wide area network, may be located in an intranet, deployed in the cloud, located in a hosting center or room of a third party, or any place that allows access to the intermediary device over a wide area network.
More specifically, a VPN tunnel 1, for example, an SSL VPN tunnel, is first established with a VPN server running on the intermediary device 103 through the gateway 101 connected to the PLC controller. In response to the establishment of the VPN tunnel 1, the VPN server will assign a virtual IP address and/or a virtual address network segment to the gateway 101. Gateway 101 may use the virtual address network segment to assign virtual IP addresses to various devices in intranet 110. Gateway 101 uses the virtual IP address assigned to it by the VPN server to keep a heartbeat with the VPN server. At the same time, the VPN tunnel 2 with the VPN server is established through the gateway 102 connected to the terminal device, and similarly, the gateway 102 also obtains the virtual address and/or the virtual address network segment assigned to it by the VPN server. Gateway 102 may use the virtual address network segment to assign virtual IP addresses to various devices in intranet 120. Gateway 102 uses the virtual IP address assigned to it by the VPN server to keep a heartbeat with the VPN server. Both the virtual IP address and the virtual address field described above belong to private IP addresses. Each of the gateways 101 and 102 will also receive relevant routing configuration information after establishing a corresponding VPN tunnel with the VPN server 103, such as virtual addresses, virtual address network segments, internal network segments, etc. corresponding to other gateways that established a VPN tunnel with the VPN server.
When the gateway 101 receives a request message sent by the PLC controller to the terminal device a in the network 120, the request message is encapsulated, and the whole is encapsulated as a payload in a new message. For example, it may be encapsulated in a new message with the virtual IP address of gateway 102 as the destination address and the virtual IP address of gateway 101 as the source address. As another example, the destination address of the encapsulated message may be one of the virtual address segments of gateway 102, while the source address is one of the virtual address segments of network 101. As long as the corresponding mapping relationship or association relationship is reserved in the routing configuration of the gateway 101. The encapsulated message reaches the VPN server via the VPN tunnel 1 that has been established between the gateway 101 and the VPN server, which, according to the destination address in the received message, is sent to the gateway 102 via the VPN tunnel 2 that has been established between the VPN server and the gateway 102. The gateway 102 decapsulates the received packet to obtain an original request packet sent to the terminal device a by the PLC controller, and forwards the original request packet to the corresponding terminal device a. Those skilled in the art should understand that when data is sent through the VPN tunnel, VPN encapsulation needs to be performed on the data to be sent according to the VPN tunnel configuration information, and when data is received through the VPN tunnel, corresponding VPN decapsulation needs to be performed, which is not described herein again.
As mentioned above, when the end device a in the network 120 responds to the request message from the PLC, it sends out a response message which is not an IP unicast message but a multicast message, and its destination address is a multicast address, not the IP address of a specific PLC controller, so that it can only transmit in the local intranet. In this embodiment, when the gateway 102 receives such a response message from the terminal device a, it encapsulates it, and encapsulates it as a whole as a payload in a new IP unicast message. In one example, the gateway 102 may recognize that the multicast packet originating from the end device a should be sent to the gateway 101 according to a pre-configured multicast forwarding option, and thus encapsulate the multicast packet as a whole as a payload in a packet with the virtual IP address of the gateway 101 as a destination address and the virtual IP address of the gateway 102 as a source address according to a relevant routing option. In yet another example, in an industrial control network, only a master PLC may request data from end devices, and each end device also has only one associated PLC controller, so after receiving a multicast message from an end device, the gateway 102 may identify the address of the PLC controller associated therewith according to the source address of the multicast message (i.e., the IP address of the end device), and further determine that the PLC controller belongs to the network segment managed by the gateway 101. Thus, it can be determined that the multicast packet of the terminal device is encapsulated in a packet having the virtual IP address of the gateway 101 as the destination address and the virtual IP address of the gateway 102 as the source address. In another example, the gateway 102 may record a mapping relationship between a source address of a message and an address of a terminal device when receiving the message whose destination address is the terminal device, so that when receiving a multicast message of the terminal device, the gateway may find an address of a specific PLC to which the terminal device replies according to the address of the terminal device, and determine corresponding routing information according to the address, so as to perform encapsulation.
The gateway 102 sends the encapsulated message to the VPN server via the VPN tunnel 2 between the gateway 102 and the VPN server, which sends the message to the gateway 101 via the VPN tunnel 1 according to the destination address in the received message. The gateway 101 decapsulates the received message to obtain a response message replied by the terminal device a to the PLC controller, and forwards the message to the redundancy group where the PLC controller is located according to the multicast address, so that all the PLC controllers in the same multicast group can receive the message replied by the terminal device. Thus, the remote control process supporting PLC redundancy is completed without requiring multicast configuration of core network routing or interaction devices.
In the remote control system according to the embodiment of the invention, factory networks in different areas of the same enterprise can use the same address plan, namely, the same private address is used, the wide area network is accessed through the gateway, and the network interconnection in different areas can be realized without setting a fixed public network address for each gateway. The PLC equipment and the remote terminal equipment controlled by the PLC equipment can communicate as if the PLC equipment and the remote terminal equipment are in the same local area network, and the multicast data replied by the terminal equipment can reach all the PLC equipment for redundancy backup.
Although the master PLC and the plurality of slave PLCs are shown in fig. 1 as being located in the same intranet, this is merely for illustration and not for limitation, and the remote control system of the present invention can flexibly and conveniently perform the above-described remote control process supporting PLC redundancy even if the master PLC and the slave PLCs are located in intranets in different regions, so that multicast data returned by the terminal device can reach a plurality of PLCs for supporting redundancy, which are located in different networks in different regions but belong to the same multicast group. More specifically, each PLC accesses a wide area network through a gateway associated with the PLC, each gateway establishes a corresponding VPN tunnel with the same VPN server for communication, the VPN server allocates a virtual IP address to each gateway, and the gateways can realize mutual communication based on the corresponding virtual IP addresses. For example, a standby PLC may maintain a heartbeat connection with a master PLC located in another network through a gateway associated therewith. There may thus be routing information for other PLCs in the current system that are used for redundant backup at the gateway associated with the primary PLC. When the gateway determines that the received multicast message is the multicast message replied by the terminal device, the gateway can perform multicast in the local network, and can also forward the multicast message to the corresponding standby PLC through the VPN tunnel after performing the above encapsulation according to the routing information of the standby PLC in other networks, which is pre-stored in the gateway. It can be seen that the remote control system of the present invention also realizes the mutual communication between devices in different industrial networks in different regions in a true sense, and is not restricted by specific protocol types (for example, unicast, multicast, etc.).
Fig. 2 illustrates an example of a communication architecture between various devices in a remote control system supporting PLC redundancy, where the wide area network is a 5G network, according to one embodiment of the present invention. As shown in fig. 2, the master and standby PLCs are connected by a switch in an intranet and are connected to a 5G network via a 5G gateway 1; the 5G gateway 1 establishes a VPN tunnel with a cloud VPN server that is reachable or accessible through a 5G network for communication. And the standby PLC responsible for redundancy backup is connected with the main PLC through a heartbeat line, and the main PLC remotely controls terminal equipment such as downlink IO equipment, a frequency converter or an RS485 instrument and the like on an industrial field. These terminal devices access the 5G network via the associated 5G gateway. One 5G gateway can be connected with one or more terminal devices, and the terminal devices distributed in different regions or different internal networks are accessed into the 5G network through the corresponding 5G gateways. And the 5G gateways are communicated with each other through VPN tunnels established between the 5G gateways and the cloud VPN server. These VPN tunnels may be established using, for example, OpenVPN technology. The VPN server allocates virtual IP addresses and/or virtual address network segments to each 5G gateway. Both these virtual IP addresses and virtual address network segments belong to private IP addresses. In the embodiment where the VPN server allocates a virtual IP address and a virtual network segment to each gateway, the 5G gateway may keep heartbeat with its virtual IP address and VPN server, and may also allocate a virtual IP address to a node or device connected to it using its associated virtual address network segment. Thus, in the system, each node or device may communicate with other nodes or devices in the system based on its virtual IP address. For example, a message sent by a PLC controller to a terminal device takes the virtual IP addresses of the terminal device and the PLC controller as a destination address and a source address, and the message is forwarded to a VPN server through a gateway connected with the PLC controller; the VPN server stores the corresponding relation between the virtual address network and each gateway, and sends the received message to the gateway associated with the terminal equipment based on the destination address information of the message and sends the message to the corresponding terminal equipment via the gateway.
In embodiments where the VPN server assigns a virtual IP address to each gateway, the PLC controller may also access remotely located terminal devices as if it were in the same local area network as the terminal device. The request message sent to the terminal equipment by the master PLC is an IP unicast message which takes the intranet IP address of the terminal equipment as a destination address and the intranet IP address of the master PLC as a source address, and routing information for the remote terminal equipment is arranged on a 5G gateway connected with the PLC, so that the corresponding gateway related to the remote terminal equipment can be identified. And the gateway related to the terminal equipment forwards the received request message to the destination terminal equipment, the terminal equipment responds or replies a multicast message to the received message from the main PLC, and the destination of the multicast message is a multicast address. And the main PLC and all the standby PLCs are added into the multicast group corresponding to the multicast address.
The PLC request message processing flow is as follows:
1) the method comprises the steps that a main PLC sends an IP unicast message to request to control downlink terminal equipment, such as I/O equipment, the request message reaches a 5G gateway 1, the 5G gateway 1 can determine that the message can be sent to the terminal equipment through a 5G gateway 2 according to routing configuration, the request message is packaged, the whole request message is packaged in a new message as a payload, and the source address and the destination address of the packaged message are set as the virtual IP address of the 5G gateway 1 and the virtual IP address of the 5G gateway 2 respectively. In one example, generic routing encapsulation protocol GRE may be employed to encapsulate the request message. The virtual IP addresses of the 5G gateway 1 and the 5G gateway 2 are distributed for the corresponding gateways by the cloud VPN server after the corresponding VPN tunnels are established.
2) The 5G gateway 1 forwards the encapsulated message to an interface of a VPN tunnel pre-established between the gateway and a cloud VPN server, and after VPN encapsulation is carried out on the encapsulated message, the encapsulated message is sent out from a network card of the 5G gateway 1 and sent to the cloud VPN server through the VPN tunnel;
3) the cloud VPN server performs corresponding VPN decapsulation on the message received from the VPN tunnel to obtain a message with a destination address being a virtual IP address of the 5G gateway 2, forwards the message to a corresponding VPN tunnel port according to the destination address, and transmits the message to the 5G gateway 2 through a VPN tunnel pre-established between the cloud VPN server and the 5G gateway 2 after VPN encapsulation;
4) and the 5G gateway 2 receives the message from the VPN tunnel port, then carries out VPN decapsulation, and if the received message is the message of which the destination address is the virtual IP address managed by the gateway itself or the virtual IP address managed by the gateway itself, continues decapsulating the message to obtain the request message sent to the terminal equipment by the original PLC controller, and forwards the request message to the corresponding terminal equipment. In yet another example, the 5G gateway 2 may also record or store a mapping or association between the source address (the address of the PLC controller) and the destination address (the address of the terminal device) of the message.
The processing flow of the reply or response message of the terminal equipment is as follows:
1) a terminal device, for example, a downlink IO device, receives a request message from a PLC, generates and transmits a multicast message, where a destination address of the multicast message is not a website of a certain PLC controller thereof, but is a preset multicast address, and the multicast address is an address of a multicast group including a main PLC and a standby PLC;
2) the multicast message reaches the 5G gateway 2, and the 5G gateway 2 can determine that the multicast message can be sent to the corresponding PLC redundant multicast group via the 5G gateway 1 according to the predetermined routing configuration, so as to encapsulate the request message, encapsulate the entire request message as a payload in a new message, and set the source address and the destination address of the encapsulated message as the virtual IP address of the 5G gateway 2 and the virtual IP address of the 5G gateway 1, respectively. In another example, the 5G gateway 2 may search, according to the source address of the multicast packet (i.e. the address of the terminal device), the address of the PLC corresponding to the address of the terminal device from the address association or mapping relationship stored therein, and further determine that the PLC needs to pass through the 5G gateway 1 to be reached, so as to encapsulate the PLC into a packet whose source address and destination address are the virtual IP address of the 5G gateway 2 and the virtual IP address of the 5G gateway 1, respectively.
3) The 5G gateway 2 forwards the encapsulated message to an interface of a VPN tunnel pre-established between the gateway and a cloud VPN server, and after VPN encapsulation is carried out on the encapsulated message, the encapsulated message is sent out from a network card of the 5G network 2 and sent to the cloud VPN server through the VPN tunnel;
4) the cloud VPN server carries out corresponding VPN decapsulation on the message received from the VPN tunnel to obtain a message with a destination address being a virtual IP address of the 5G gateway 1, the message is forwarded to a corresponding VPN tunnel port according to the destination address, and after VPN encapsulation is carried out, the message is sent to the 5G gateway 1 through a VPN tunnel which is pre-established between the cloud VPN server and the 5G gateway 1;
5) and after receiving the message from the VPN tunnel port, the 5G gateway 1 carries out VPN decapsulation, and when finding that the received message is the message of which the destination address is the virtual IP address managed by the gateway itself or the virtual IP address managed by the gateway itself, the gateway continues decapsulating the message to obtain the initial multicast message of the terminal equipment, and multicasts the multicast message to be forwarded to the main PLC and the standby PLC. Thereby, the remote control supporting PLC redundancy of the terminal equipment positioned at the remote industrial field is completed.
Fig. 3 shows a flowchart of a remote control method supporting PLC redundancy according to an embodiment of the present invention. The method comprises the following steps: in step S301, a request message sent from the PLC controller to the terminal device is encapsulated by a first gateway associated with the PLC controller. The first gateway may determine, based on preset routing configuration information, a second gateway associated with the destination address of the request packet, that is, to which gateway the packet needs to be forwarded to reach the corresponding terminal device. Then, the first gateway may encapsulate the entire request message as a payload in a new message, where a destination address of the encapsulated message is a virtual IP address of the second gateway, and a source address of the encapsulated message is a virtual IP address of the first gateway. Wherein the virtual IP addresses of the first gateway and the second gateway are private IP addresses assigned by the same VPN virtual server. The first gateway communicates with the VPN server via a first VPN tunnel and the second gateway communicates with the VPN server via a second VPN tunnel. In some embodiments, the VPN server allocates virtual addresses belonging to the same network segment for the first gateway and the second gateway. In some embodiments, the method further comprises steps related to establishing a VPN tunnel between the gateway and the VPN server, including: establishing a first tunnel between the first gateway and a Virtual Private Network (VPN) server running on an intermediate device through the first gateway; responding to the establishment of the first tunnel, and allocating a virtual address and/or a virtual network segment for the first gateway by the VPN server; establishing a second tunnel between the second gateway and a Virtual Private Network (VPN) server running on the intermediate device; and responding to the establishment of the second tunnel, and allocating a virtual address and/or a virtual network segment for the second gateway by the VPN server. In some embodiments, the destination address and the source address of the encapsulated message may be determined based on the virtual IP address of the first gateway and the virtual IP address of the second gateway. In some embodiments, the destination address and the source address of the encapsulated message may be addresses selected from virtual address network segments of the first gateway and the second gateway, respectively.
In step S302, the encapsulated packet is sent to a second gateway associated with the terminal device via a first VPN tunnel between the first gateway and the VPN server and a second VPN tunnel between the VPN server and the second gateway.
In step S303, the second gateway decapsulates the received encapsulated packet to obtain a request packet sent by the initial PLC controller to the terminal, and forwards the request packet to the corresponding terminal device according to the destination address of the request packet. In some embodiments, the method may further include recording, by the second gateway, a mapping relationship between the address of the PLC controller and the address of the terminal device based on the destination address and the source address in the request message.
In step S304, the terminal device generates a response message or a reply message after receiving the request message from the PLC controller. The destination address of the message is a pre-configured multicast address, which indicates the multicast group where the master PLC and the standby PLC are located. In some embodiments, the second gateway may determine the virtual IP address of the first gateway associated with the destination address of the reply packet based on preset routing configuration information. In another embodiment, the second gateway may extract the source address (i.e. the address of the terminal device) in the reply message, and determine the address of the PLC controller to which the reply message is directed according to the mapping relationship between the previously recorded address of the terminal device and the address of the PLC controller; and then determining the virtual IP address of the first gateway associated with the PLC according to the preset routing information for subsequent encapsulation. Then, the second gateway may encapsulate the entire reply packet as a payload in a new packet, where a destination address of the encapsulated packet is a virtual IP address of the first gateway, and a source address of the encapsulated packet is a virtual IP address of the second gateway. The encapsulated message is sent to the first gateway through a second VPN tunnel between the second gateway and the VPN server and a first VPN tunnel between the VPN server and the first gateway.
Next, in step S305, the first gateway decapsulates the received encapsulated packet to obtain an original reply packet, and multicasts the original reply packet to the redundancy group where the PLC controller is located according to the multicast address in the reply packet, so that both the master PLC and the standby PLC can receive the reply packet from the terminal device.
Fig. 4 is a functional block diagram of a gateway 400 for accessing a 5G network according to one embodiment of the present invention. The gateway 400 includes a local area network interface for accessing a local area network, a 5G network interface for accessing a 5G network, a processor, and a memory. Stored on the memory are computer instructions that, when executed by the processor, perform the steps and operations associated with the gateway described above. For example, computer instructions may be stored on the storage that perform the following operations: establishing a VPN tunnel between the gateway and a Virtual Private Network (VPN) server running on the intermediary device via a 5G network interface; determining a virtual IP address of another gateway related to a destination address of a message for the message received from the local area network interface, encapsulating the message, and sending the encapsulated message to a VPN server through a VPN tunnel; wherein, the source address and the destination address of the encapsulated message are respectively the virtual IP address of the gateway and the virtual IP address of the other gateway, and the virtual IP addresses are distributed by the VPN server; and decapsulating the message received from the 5G network interface, and forwarding the message according to the destination address of the decapsulated message. The related implementation principle is similar to the above, and is not described in detail here.
In some embodiments, the gateway memory may further include computer instructions thereon for: recording the mapping relation between the address of the PLC controller and the address of the terminal equipment according to the destination address and the source address in the request message received from the 5G network interface; for a reply message received from a terminal device from a local area network interface, determining the address of a PLC (programmable logic controller) to which the reply message is directed based on the mapping relation between the address of the terminal device and the address of the PLC; and determining the virtual IP address of the first gateway associated with the PLC according to the preset routing information for subsequent encapsulation.
Reference in the specification to "various embodiments," "some embodiments," "one embodiment," or "an embodiment," etc., means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment. Thus, appearances of the phrases "in various embodiments," "in some embodiments," "in one embodiment," or "in an embodiment," or the like, in various places throughout this specification are not necessarily referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. Thus, a particular feature, structure, or characteristic illustrated or described in connection with one embodiment may be combined, in whole or in part, with a feature, structure, or characteristic of one or more other embodiments without limitation, as long as the combination is not logical or operational.
The terms "comprises," "comprising," and "having," and similar referents in this specification, are intended to cover non-exclusive inclusions, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements but may alternatively include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. The word "a" or "an" does not exclude a plurality. Additionally, the various elements of the drawings of the present application are merely schematic illustrations and are not drawn to scale.
Although the present invention has been described by the above embodiments, the present invention is not limited to the embodiments described herein, and various changes and modifications may be made without departing from the scope of the present invention.

Claims (10)

1. A remote control method supporting PLC redundancy, comprising: encapsulating, by a first gateway associated with a PLC controller, a request message transmitted from the PLC controller to a terminal device, and transmitting the encapsulated message to a second gateway via a first VPN tunnel between the first gateway and a virtual private network VPN server running on an intermediary device and a second VPN tunnel between the VPN server and a second gateway associated with the terminal device; decapsulating the received encapsulated packet through a second gateway, and forwarding the request packet to a corresponding terminal device; packaging the received reply message from the terminal equipment to the request message through the second gateway, and returning the packaged message to the first gateway through the first VPN tunnel and the second VPN tunnel; decapsulating the received encapsulated message through a first gateway and multicasting the reply message to a redundancy group in which the PLC controller is located; wherein the source and destination addresses of the encapsulated message are determined based on the virtual IP addresses assigned by the VPN server to the first gateway and the second gateway.
2. The method of claim 1, further comprising: and recording the mapping relation between the address of the PLC controller and the address of the terminal equipment through a second gateway based on the destination address and the source address in the request message.
3. The method of claim 1, further comprising: in response to receiving a reply message from the terminal device, the second gateway determines the address of the PLC controller to which the reply message is directed based on the mapping relationship between the address of the terminal device and the address of the PLC controller; and determining the virtual IP address of the first gateway associated with the address of the PLC according to the preset routing information for subsequent encapsulation.
4. The method of claim 1, further comprising: and in response to determining that the received reply message from the terminal equipment is a multicast message, the second gateway selects the virtual IP address of the first gateway associated with the destination address of the multicast message according to preset routing information, so as to be used for subsequent encapsulation.
5. The method of any of claims 1-4, further comprising: establishing a first tunnel between the first gateway and a Virtual Private Network (VPN) server running on an intermediate device through the first gateway; responding to the establishment of a first tunnel, allocating a virtual IP address and/or a virtual network segment for the first gateway by the VPN server; establishing a second tunnel between the VPN server and the second gateway via the second gateway; and responding to the establishment of the second tunnel, and allocating a virtual IP address and/or a virtual network segment for the second gateway by the VPN server.
6. The method of claim 5, wherein the virtual IP addresses assigned by the VPN server to the first and second gateways are private IP addresses.
7. The method of claim 6, wherein said VPN server assigns said first and second gateways virtual IP addresses belonging to the same network segment.
8. A remote control system supporting PLC redundancy, comprising a first gateway associated with a PLC controller, a second gateway associated with a terminal device, a virtual private network, VPN, server running on an intermediary device, the PLC controller communicating with the terminal device via a first VPN tunnel between the first gateway and the VPN server and a second VPN tunnel between the VPN server and the second gateway, wherein: the first gateway is configured to: encapsulating a request message sent from the PLC to the terminal equipment, sending the request message to a second gateway through a first VPN tunnel and a second VPN tunnel, decapsulating a reply message of the terminal equipment received from the second gateway, and multicasting the reply message to a redundancy group where the PLC is located; the second gateway is configured to: decapsulating the encapsulated packet received from the first gateway to obtain the request packet, and forwarding the request packet to the corresponding terminal device; packaging the received reply message of the request message from the terminal equipment, and returning the reply message to the first gateway through the first VPN tunnel and the second VPN tunnel; wherein the source and destination addresses of the encapsulated message are determined based on the virtual IP addresses assigned by the VPN server to the first gateway and the second gateway.
9. The system of claim 8, wherein the second gateway is further configured to: recording the mapping relation between the address of the PLC controller and the address of the terminal equipment through a second gateway based on the destination address and the source address in the request message; in response to receiving a reply message from the terminal device, the second gateway determines the address of the PLC controller to which the reply message is directed based on the mapping relationship between the address of the terminal device and the address of the PLC controller; and determining the virtual IP address of the first gateway associated with the PLC according to the preset routing information for subsequent encapsulation.
10. A gateway for accessing a 5G network, comprising a local area network interface, a 5G network interface, a processor, and a memory having stored thereon computer instructions that, when executed by the processor, perform the following: establishing a VPN tunnel between the gateway and a Virtual Private Network (VPN) server running on the intermediary device via a 5G network interface;
determining a virtual IP address of another gateway associated with a destination address of a message received from a local area network interface, and encapsulating the message; wherein, the source address and the destination address of the encapsulated message are respectively the virtual IP address of the gateway and the virtual IP address of the other gateway, and the virtual IP addresses are distributed by the VPN server; sending the encapsulated message to the VPN server through the VPN tunnel; and decapsulating the message received from the 5G network interface, and forwarding the message according to the destination address of the decapsulated message.
CN202010668618.0A 2020-07-13 2020-07-13 Remote control method, system and gateway supporting PLC redundancy Active CN111786873B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010668618.0A CN111786873B (en) 2020-07-13 2020-07-13 Remote control method, system and gateway supporting PLC redundancy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010668618.0A CN111786873B (en) 2020-07-13 2020-07-13 Remote control method, system and gateway supporting PLC redundancy

Publications (2)

Publication Number Publication Date
CN111786873A true CN111786873A (en) 2020-10-16
CN111786873B CN111786873B (en) 2021-11-26

Family

ID=72767456

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010668618.0A Active CN111786873B (en) 2020-07-13 2020-07-13 Remote control method, system and gateway supporting PLC redundancy

Country Status (1)

Country Link
CN (1) CN111786873B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112543232A (en) * 2020-12-03 2021-03-23 卡乐电子(苏州)有限责任公司 Remote control method and system for industrial equipment
CN112702391A (en) * 2020-12-09 2021-04-23 湖南新九方科技有限公司 Remote networking method and networking system for industrial control equipment
CN113286010A (en) * 2021-03-29 2021-08-20 深圳艾灵网络有限公司 PLC communication method, device and storage medium based on local area network
CN113452595A (en) * 2021-09-01 2021-09-28 深圳艾灵网络有限公司 Network communication method, device, equipment and storage medium
CN114157532A (en) * 2021-11-24 2022-03-08 浙江中控技术股份有限公司 Remote control method, system, electronic device and storage medium
CN114545860A (en) * 2022-03-07 2022-05-27 河钢数字技术股份有限公司 Remote PLC maintenance method based on gateway of Internet of things
CN115118550A (en) * 2022-08-31 2022-09-27 山东百智远帆网络工程有限公司 Method for encrypting and transparently transmitting data through 5G special network for oilfield industrial control
CN115567211A (en) * 2022-10-10 2023-01-03 广州大学 Encryption communication method for multi-robot PLC control system

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101567831A (en) * 2008-04-21 2009-10-28 成都市华为赛门铁克科技有限公司 Method and device for transmitting and receiving messages among local area networks and communication system
CN101626338A (en) * 2009-08-03 2010-01-13 杭州华三通信技术有限公司 Method and device for realizing multiple virtual private network (VPN) examples
CN102035729A (en) * 2010-11-22 2011-04-27 杭州华三通信技术有限公司 Multicast data forwarding method and device thereof
CN102215172A (en) * 2011-06-21 2011-10-12 中兴通讯股份有限公司 Method and system for realizing across virtual private local area network multicast
US20120170578A1 (en) * 2010-12-29 2012-07-05 Avaya Inc. Multicast vpn support for ip-vpn lite
CN104579895A (en) * 2013-10-09 2015-04-29 华为技术有限公司 Method and apparatus for delivering multicast messages via virtual private network
CN107026784A (en) * 2017-06-13 2017-08-08 电子科技大学 A kind of remote dummy private network gateway apparatus and implementation method
CN108769292A (en) * 2018-06-29 2018-11-06 北京百悟科技有限公司 Message data processing method and processing device
CN109218159A (en) * 2017-07-07 2019-01-15 瞻博网络公司 Multicast information is signaled to the more host's routers of redundancy for 2 Virtual Private Network of layer

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101567831A (en) * 2008-04-21 2009-10-28 成都市华为赛门铁克科技有限公司 Method and device for transmitting and receiving messages among local area networks and communication system
CN101626338A (en) * 2009-08-03 2010-01-13 杭州华三通信技术有限公司 Method and device for realizing multiple virtual private network (VPN) examples
CN102035729A (en) * 2010-11-22 2011-04-27 杭州华三通信技术有限公司 Multicast data forwarding method and device thereof
US20120170578A1 (en) * 2010-12-29 2012-07-05 Avaya Inc. Multicast vpn support for ip-vpn lite
CN102215172A (en) * 2011-06-21 2011-10-12 中兴通讯股份有限公司 Method and system for realizing across virtual private local area network multicast
CN104579895A (en) * 2013-10-09 2015-04-29 华为技术有限公司 Method and apparatus for delivering multicast messages via virtual private network
CN107026784A (en) * 2017-06-13 2017-08-08 电子科技大学 A kind of remote dummy private network gateway apparatus and implementation method
CN109218159A (en) * 2017-07-07 2019-01-15 瞻博网络公司 Multicast information is signaled to the more host's routers of redundancy for 2 Virtual Private Network of layer
CN108769292A (en) * 2018-06-29 2018-11-06 北京百悟科技有限公司 Message data processing method and processing device

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
CISCO: ""MPLS VPN over mGRE"", 《URL:HTTPS://WWW.CISCO.COM/C/EN/US/TD/DOCS/IOS-XML/IOS/INTERFACE/CONFIGURATION/15-SY/IR-15-SY-BOOK/IR-MPLSVPNOMGRE.PDF》 *
PAIDANG: ""配置GRE封装IPSec传输VPN组播"", 《华为企业互动社区,URL:HTTPS://FORUM.HUAWEI.COM/ENTERPRISE/ZH/THREAD-480909.HTML》 *
徐跃福,秦浩,张冰.: ""基于Agent实现组播在广域网中的传输"", 《现代电子技术》 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112543232A (en) * 2020-12-03 2021-03-23 卡乐电子(苏州)有限责任公司 Remote control method and system for industrial equipment
CN112543232B (en) * 2020-12-03 2021-09-17 卡乐电子(苏州)有限责任公司 Remote control method and system for industrial equipment
CN112702391A (en) * 2020-12-09 2021-04-23 湖南新九方科技有限公司 Remote networking method and networking system for industrial control equipment
CN112702391B (en) * 2020-12-09 2022-12-30 湖南新九方科技有限公司 Remote networking method and networking system for industrial control equipment
CN113286010A (en) * 2021-03-29 2021-08-20 深圳艾灵网络有限公司 PLC communication method, device and storage medium based on local area network
CN113452595A (en) * 2021-09-01 2021-09-28 深圳艾灵网络有限公司 Network communication method, device, equipment and storage medium
CN114157532A (en) * 2021-11-24 2022-03-08 浙江中控技术股份有限公司 Remote control method, system, electronic device and storage medium
CN114545860A (en) * 2022-03-07 2022-05-27 河钢数字技术股份有限公司 Remote PLC maintenance method based on gateway of Internet of things
CN115118550A (en) * 2022-08-31 2022-09-27 山东百智远帆网络工程有限公司 Method for encrypting and transparently transmitting data through 5G special network for oilfield industrial control
CN115118550B (en) * 2022-08-31 2022-11-25 山东百智远帆网络工程有限公司 Method for encrypting and transparently transmitting data through 5G special network for oilfield industrial control
CN115567211A (en) * 2022-10-10 2023-01-03 广州大学 Encryption communication method for multi-robot PLC control system

Also Published As

Publication number Publication date
CN111786873B (en) 2021-11-26

Similar Documents

Publication Publication Date Title
CN111786873B (en) Remote control method, system and gateway supporting PLC redundancy
CN104202266B (en) A kind of communication means, interchanger, controller and communication system
CN104272668B (en) Layer 3 covers gateway
CN102263704B (en) Topology construction method and device supporting layer 2 interconnection of data centers
CN103166858B (en) A kind of message transmitting method and equipment
US9350651B2 (en) Packet forwarding device and wireless communication system
CN107948041B (en) Method and equipment for constructing VXLAN centralized multi-active gateway
CN104243265A (en) Gateway control method, device and system based on virtual machine migration
CN103814554A (en) Communication method, device and system of virtual extensible local area network
CN110213148B (en) Data transmission method, system and device
CN107147580B (en) Tunnel establishment method and communication system
EP3069471B1 (en) Optimized multicast routing in a clos-like network
CN102546657B (en) Methods for passing through and assisting in passing through network isolation equipment in Internet protocol (IP) monitoring system, and node
CN103139075B (en) A kind of message transmitting method and equipment
CN107659484B (en) Method, device and system for accessing VXLAN network from VLAN network
CN111556110B (en) Automatic adaptation method for different physical service networks of private cloud system
CN102571524B (en) Method for traversing and assisting to transverse network isolation equipment in IP (Internet Protocol) monitoring system and node
WO2020220459A1 (en) Vxlan and openflow-based method and system for sharing virtual home network
CN107332772B (en) Forwarding table item establishing method and device
CN111526223A (en) Management method of edge service server, service data processing method and device
CN111294268B (en) Method and device for avoiding IP address conflict
CN113364660A (en) Data packet processing method and device in LVS load balancing
US20200252322A1 (en) Device And Method For Managing Inter-Domain Communications Of A Network Node Assigned To The Device Within A Software-Defined Production Network System
CN103152728A (en) Establishment method and device for remote connection
CN113794615B (en) Message forwarding method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant