CN112492046A - Train distributed TCMS (train communication control system) master-slave redundancy management method and system - Google Patents

Train distributed TCMS (train communication control system) master-slave redundancy management method and system Download PDF

Info

Publication number
CN112492046A
CN112492046A CN202011459035.3A CN202011459035A CN112492046A CN 112492046 A CN112492046 A CN 112492046A CN 202011459035 A CN202011459035 A CN 202011459035A CN 112492046 A CN112492046 A CN 112492046A
Authority
CN
China
Prior art keywords
train
control unit
communication
public key
distributed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011459035.3A
Other languages
Chinese (zh)
Other versions
CN112492046B (en
Inventor
侯国建
张春雨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Traffic Control Technology TCT Co Ltd
Original Assignee
Traffic Control Technology TCT Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Traffic Control Technology TCT Co Ltd filed Critical Traffic Control Technology TCT Co Ltd
Priority to CN202011459035.3A priority Critical patent/CN112492046B/en
Priority claimed from CN202011459035.3A external-priority patent/CN112492046B/en
Publication of CN112492046A publication Critical patent/CN112492046A/en
Application granted granted Critical
Publication of CN112492046B publication Critical patent/CN112492046B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J3/00Time-division multiplex systems
    • H04J3/02Details
    • H04J3/06Synchronising arrangements
    • H04J3/0635Clock or time synchronisation in a network
    • H04J3/0638Clock or time synchronisation among nodes; Internode synchronisation
    • H04J3/0658Clock or time synchronisation among packet nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0654Management of faults, events, alarms or notifications using network fault recovery
    • H04L41/0668Management of faults, events, alarms or notifications using network fault recovery by dynamic selection of recovery network elements, e.g. replacement by the most appropriate element after failure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Small-Scale Networks (AREA)
  • Electric Propulsion And Braking For Vehicles (AREA)
  • Train Traffic Observation, Control, And Security (AREA)

Abstract

The invention provides a train distributed TCMS (train communication control system) master-slave redundancy management method and a system, which comprise the following steps: determining the minimum communication period between two vehicle control units distributed at the head and the tail of a train and each train subsystem according to a reference network clock of a train ring network; determining a communication period between the two vehicle control units based on the minimum communication period; the train ring network is constructed by switches arranged in each carriage based on Ethernet; and each switch is used for controlling the data interaction between each train subsystem related to the carriage where the switch is located and the train ring network. The management method provided by the invention utilizes the time synchronization protocol of the train switch to carry out clock cycle correction on the VCUs at two ends through the reference network clock of the train ring network, can effectively overcome the problem of synchronous deviation of operation between the VCUs, and provides a data basis and a network basis for ensuring the normal development of main and standby redundancy management.

Description

Train distributed TCMS (train communication control system) master-slave redundancy management method and system
Technical Field
The invention relates to the technical field of rail transit, in particular to a train distributed TCMS (train communication control system) master-slave redundancy management method and system.
Background
A train control and monitoring system generally includes two Vehicle Control Units (VCUs), a plurality of Remote Input/Output modules (RIOMs), and a control network of a Vehicle. The VCUs are generally distributed at two vehicle heads (i.e., vehicle head and vehicle tail), and the two VCUs form a primary and backup redundancy relationship. In the conventional main-standby redundancy between two VCUs, a periodic communication frame is generally sent between the VCUs to perform period number comparison, and the standby VCU adopts data synchronized by the main control VCU and periodic synchronization update data. The main-standby redundancy is also adopted by controlling heartbeat communication between two VCUs, if the local end cannot receive the opposite-direction heartbeat frame, the local end is upgraded to a main control VCU, and strategies of mainly using a low address value and the like are adopted during power-on.
Because a Train Control and Monitoring System (TCMS) is evolved from a Train Integrated Management System (Train Integrated Management architecture), early trains only have Monitoring and no Control function, and when a VCU in a conventional TCMS System operates as a master and a slave, a dual-master problem may occur, but because the trains are mainly hard lines at early stages, even if the dual-master problem occurs, no serious result is brought, so that problems in aspects of redundant design in VCU Control and the like are not fully considered.
In addition, the main and standby redundancy of the two conventional VCUs has a serious data synchronization difference problem, that is, when the main control VCU goes down, the standby VCU needs a plurality of communication cycles before the main control VCU goes down. Although the main VCUs and the standby VCUs operate synchronously with each other in a cycle number manner, for a high-speed short-cycle platform (for example, a high-speed processing platform of 20 MS), the cycle deviation between the main VCUs and the standby VCUs is large, and the cycle deviation gradually increases as the power-on time is prolonged, and is difficult to approach.
Disclosure of Invention
Aiming at the problems in the prior art, the embodiment of the invention provides a train distributed TCMS (train communication control system) main-standby redundancy management method and system.
The invention provides a train distributed TCMS (train communication control system) master-slave redundancy management method, which comprises the following steps: determining the minimum communication period between two vehicle control units distributed at the head and the tail of a train and each train subsystem according to a reference network clock of a train ring network; determining a communication period between the two vehicle control units based on the minimum communication period; the train ring network is constructed by switches arranged in each carriage based on Ethernet; and each switch is used for controlling the data interaction between each train subsystem related to the carriage where the switch is located and the train ring network.
According to the train distributed TCMS master-slave redundancy management method provided by the invention, under the condition of successful initial power-on or completion of master-slave conversion, a master control unit and a slave control unit in the two vehicle control units are determined; the master control unit broadcasts an updated private key notification to all the input and output units; the input and output unit responds to the private key updating notification, acquires the private key of the main control unit, generates a first public key communication code according to the private key of the main control unit, and feeds the first public key communication code back to the main control unit; and the main control unit determines the communication state between the main control unit and all the input and output units according to the received first public key communication code.
According to the method for managing the main and standby redundancy of the distributed TCMS of the train, provided by the invention, the main control unit determines the communication state between the main control unit and all the input and output units according to the received first public key communication code, and the method comprises the following steps: determining that the communication state between the master control unit and all the input/output units is normal when the master control unit receives the first public key communication codes sent by all the input/output units; and determining that the communication between the main control unit and any input/output unit is interrupted when the main control unit does not receive any first public key communication code sent by all the input/output units.
According to the train distributed TCMS master-slave redundancy management method provided by the invention, the first public key communication code is generated together according to the private key of the master control unit and the private key of the input/output unit.
According to the method for managing the main and standby redundancy of the distributed TCMS of the train, provided by the invention, after the main control unit broadcasts the notification of the updated private key to all the input and output units, the method further comprises the following steps: the backup control unit updates a private key of the backup control unit based on the sequence of backup private keys in response to the update private key notification.
According to the method for managing the main and standby redundancy of the distributed TCMS of the train provided by the invention, under the condition that the communication state between the main control unit and all the input and output units is determined to be normal, the method further comprises the following steps:
in any communication period of data communication between the main control unit and the target input and output unit, a second public key communication code is carried in a driving data frame sent by the main control unit; the target input and output unit decrypts the communication code of the second public key by using a private key of the target input and output unit; under the condition that the decryption is normal, continuing to maintain the communication between the main control unit and the target input and output unit; in the event that the decryption is not normal, a dual primary protection mode is triggered to re-determine the primary and backup control units of the two vehicle control units.
According to the method for managing the main and standby redundancy of the distributed TCMS of the train, after the communication between the main control unit and the target input and output unit is continuously maintained, the method further comprises the following steps:
the target input and output unit sends a collected data frame to the main control unit, wherein the collected data frame comprises a third public key communication code, and the third public key communication code is generated by the target input and output unit according to a private key of the target input and output unit and a newly received private key of the vehicle controller; the master control unit verifies the third public key communication code; if the third public key communication code is the same as the second public key communication code, continuing to maintain the communication between the main control unit and the target input and output unit; and if the third public key communication code is different from the second public key communication code, triggering a double-main protection mode to re-determine a main control unit and a standby control unit in the two vehicle control units.
The invention also provides a train distributed TCMS master-slave redundancy management system, which comprises: the clock reference unit is used for determining the minimum communication period between the two vehicle control units distributed at the head and the tail of the train and each train subsystem according to a reference network clock of the train ring network; a communication cycle determination unit that determines a communication cycle between the two vehicle control units based on the minimum communication cycle; the train ring network is constructed by switches arranged in each carriage based on Ethernet; and each switch is used for controlling the data interaction between each train subsystem related to the carriage where the switch is located and the train ring network.
The invention also provides an electronic device, which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor executes the program to realize the steps of any one of the above-mentioned train distributed TCMS main and standby redundancy management methods.
The present invention also provides a non-transitory computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps of the train distributed TCMS active/standby redundancy management method according to any one of the above.
The train distributed TCMS main and standby redundancy management method and system provided by the invention utilize the time synchronization protocol of the train switch to carry out clock cycle correction on VCUs at two ends through the reference network clock of the train ring network, can effectively overcome the problem of synchronous deviation of operation between the VCUs, and provide a data basis and a network basis for ensuring the normal development of main and standby redundancy management.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a schematic flow chart of a train distributed TCMS master-slave redundancy management method provided by the present invention;
FIG. 2 is a network device topology diagram of train distributed TCMS master-slave redundancy management provided by the present invention;
FIG. 3 is a schematic diagram of platform synchronization frame values between vehicle control units provided by the present invention;
FIG. 4 is a signaling interaction diagram of the train distributed TCMS master-slave redundancy management provided by the present invention;
FIG. 5 is a schematic structural diagram of a distributed TCMS master-slave redundancy management system of a train according to the present invention;
fig. 6 is a schematic structural diagram of an electronic device provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The following describes a method and a system for train distributed TCMS active/standby redundancy management according to an embodiment of the present invention with reference to fig. 1 to 6.
Fig. 1 is a schematic flow chart of a distributed TCMS active-standby redundancy management method for a train according to the present invention, as shown in fig. 1, including but not limited to the following steps:
step S1: determining the minimum communication period between two vehicle control units distributed at the head and the tail of a train and each train subsystem according to a reference network clock of a train ring network;
step S2: determining a communication period between the two vehicle control units based on the minimum communication period.
The train ring network is constructed by switches arranged in each carriage based on Ethernet; and each switch is used for controlling the data interaction between each train subsystem related to the carriage where the switch is located and the train ring network.
Fig. 2 is a network device topology diagram for train distributed TCMS active/standby redundancy management provided by the present invention, and as shown in fig. 2, the present invention takes train 8 grouping network device topology as an example for explanation.
The invention provides a train distributed TCMS (train communication control system) main and standby redundancy management method. The whole Train network comprises a Train ring network of switches penetrating all carriages of a Train, and the switch of each Train carriage respectively controls a Brake subsystem Brake Control Unit (BCU) of the carriage, a Traction subsystem Train Traction converter Control system (TCU), a Door subsystem (EDCU), an Air Conditioning subsystem (HVAC), RIOM and the like.
Fig. 3 is a schematic diagram of a platform synchronization frame value between vehicle control units provided by the present invention, and as shown in fig. 3, in the train distributed TCMS active/standby redundancy management method provided by the present invention, a VCU platform of a train performs periodic timing, and a clock of a train ring network is used as a timing reference of the platform. The period of the platform synchronization frame value distributed between the two VCUs at the head and the tail of the vehicle can be the shortest time of the communication task, even a value which is one N times the shortest time (wherein N is more than or equal to 2). Therefore, when the platform is switched between the main system and the standby system, the switching cycle time is shorter than the communication cycle of receiving services of each subsystem of the train, so that the problem of data synchronization deviation is avoided when the platform is subjected to main-standby reverse system processing.
Specifically, two VCUs are generally configured on the train, and a communication period (i.e., a data transmission period) between the VCUs is smaller than a communication period between the VCU and all subsystems on the train. Under the condition that the train head VCU and the train tail VCU adopt the same clock source, under the condition that the communication state of the train ring network is good and the communication period between the VCUs is set to be small enough, the value of the platform synchronization frame can achieve high synchronization.
The train distributed TCMS main and standby redundancy management method provided by the invention utilizes the time synchronization protocol of the train switch to carry out clock cycle correction on VCUs at two ends through the reference network clock of the train ring network, can effectively overcome the problem of synchronous deviation of operation between the VCUs, and provides a data basis and a network basis for ensuring the normal development of main and standby redundancy management.
Based on the content of the foregoing embodiment, as an optional embodiment, the method for managing primary and standby redundancy of a distributed TCMS of a train according to the present invention further includes:
under the condition that initial power-on is successful or main-standby conversion is completed, determining a main control unit and a standby control unit in the two vehicle control units;
the master control unit broadcasts an updated private key notification to all the input and output units;
the input and output unit responds to the private key updating notification, acquires the private key of the main control unit, generates a first public key communication code according to the private key of the main control unit, and feeds the first public key communication code back to the main control unit;
and the main control unit determines the communication state between the main control unit and all the input and output units according to the received first public key communication code.
When the system is initially powered on, the main and standby states can be dynamically switched according to the hardware running states and function outputs of the two VCUs; the main-standby relationship can also be determined according to the negotiation between the two VCUs; or, in the operation process, if the output error occurs in the main control VCU, the system immediately cuts off the output of the main control VCU, upgrades the standby VCU to a new main control VCU, and the new main control VCU takes over the work. The invention does not specifically limit how the main-standby conversion is realized.
In the train distributed TCMS active/standby redundancy management method provided by the present invention, different private key sequences are stored in the VCU1 and the VCU2, respectively, and only a unique private key is stored in the remaining RIOMs except the RIOMs corresponding to the VCU1 and the VCU 2.
For example: the private key sequence stored in VCU1 may be a private key sequence (hereinafter referred to as private key sequence 1) consisting of the following 16 private keys arranged in sequence:
307,311,313,317,331,337,347,349,353,359,367,373,379,383,389;
the private key sequence stored in VCU1 may be a private key sequence (hereinafter referred to as private key sequence 2) composed of the following 16 private keys arranged in sequence:
211,223,227,229,233,239,241,251,263,269,271,277,281,283,293;
and only one private key is selected from the rest of RIOMs except the RIOM corresponding to the VCU1 and VCU2, and the selected private key can be any one of the following private keys:
101,103,107,109,113,127,131,137,139,149,151,157,163,163,167,173,179,181,191,193,197,199。
fig. 4 is a signaling interaction diagram of the distributed TCMS master-slave redundancy management of the train provided by the present invention, as shown in fig. 4, in the distributed TCMS master-slave redundancy management method of the train provided by the present invention, after determining the main control unit (denoted as VCU1) and the slave control unit (denoted as VCU2) in the two vehicle control units, the VCU1 broadcasts an update private key notification to all RIOMs (including the RIOM in VCU2), where the update private key notification carries the private key corresponding to the VCU1 (that is, the VCU1 broadcasts its private key to all RIOMs). No changes are made since only the unique private key is stored in the RIOMs other than the RIOM in the VCU 2.
After receiving the updated private key notification, the RIOM (including the RIOM corresponding to the VCU2) generates a first public key communication code according to the private key of the VCU1 carried in the updated private key notification and in combination with the private key of the RIOM.
Further, the determining, by the master control unit, the communication states with all the input/output units according to the received first public key communication code includes:
determining that the communication state between the master control unit and all the input/output units is normal when the master control unit receives the first public key communication codes sent by all the input/output units;
and determining that the communication between the main control unit and any input/output unit is interrupted when the main control unit does not receive any first public key communication code sent by all the input/output units.
Specifically, each RIOM sends the generated first public key communication code to the VCU1, and the VCU1 may determine, within a specified time period, according to each received first public key communication code, whether to normally communicate with the sender of the first public key communication code.
The VCU1 confirms the RIOM fault if the first public key communication code returned by a certain RIOM is not received within a specified time; if the VCU1 receives the feedback information of all RIOMs (including the RIOM corresponding to the VCU2), it is determined that the communication between the VCU1 and all the RIOMs is normal, and it can be further determined that the active-standby switching is normal, and this shifts to a working state to perform normal data transceiving processing.
The invention provides a train distributed TCMS (train communication control system) main-standby redundancy management method, which is characterized in that a private key is sent to an RIOM (public key communication code) of each carriage by a main control VCU (virtual memory unit), whether normal communication is ensured with all carriages is judged by judging whether a public key communication code fed back by the RIOM of each carriage is received, whether the main-standby switching is normal or not is further circled, and the driving safety after the main-standby switching is fully ensured.
Further, the first public key communication code is generated according to a private key of the main control unit and a private key of the input and output unit.
Optionally, the first public key communication code is the VCU private key × RIOM own private key.
The train distributed TCMS master and standby redundancy management method provided by the invention realizes the detection of the communication state in a public and private key encryption mode, effectively ensures the credibility, safety and accuracy of the detection and prevents the influence of interference signals on the detection result.
Based on the content of the foregoing embodiment, as an optional embodiment, after the main control unit broadcasts the update private key notification to all the input and output units, the method further includes:
the backup control unit updates a private key of the backup control unit based on the sequence of backup private keys in response to the update private key notification.
According to the distributed TCMS master-slave redundancy management method for the train, when the train is electrified successfully to generate a master control VCU or after the master-slave switching is successful each time, and the VCU2 operates normally, the VCU1 sends a private key updating notification to all RIOMs through a broadcasting mechanism. By adopting the mode, the purpose that after the main/standby switching is carried out, each RIOM renews and generates a new public key and private key pair is avoided, so that the later verification of the public key and the private key is ensured to be carried out based on the main control VCU after the switching.
Supposing that the master VCU before the primary-secondary switching is VCU1, and the master VCU after the primary-secondary switching is VCU2, after the primary-secondary switching is completed, VCU2 sends a notification of updating the private key to all RIOMs, and VCU1 changes its own private key to the next private key in the first private key sequence according to the first private key sequence stored in advance; since the private keys in the rim other than VCU1 are unique, no replacement may be performed.
After the private key of the VCU1 is replaced, whether the communication between the VCU2 after the primary-secondary switching and each subsystem of each carriage of the train is normal is detected, so as to determine whether the system after the primary-secondary switching is operated normally. Since VCU1 has replaced the private key. Therefore, the public and private keys when the VCU1 is used as the master VCU will not interfere with the detection.
It should be noted that: and if the current train network is not disconnected, the public key generated each time and the private key stored in the RIOM exist in a group. If any VCU needs to update the private key sequence in the RIOM of the VCU, the updating can be represented successfully only after the private key sequences stored in the RIOMs of the two VCUs are updated at the same time, otherwise, the updating is judged to be failed.
According to the train distributed TCMS master-slave redundancy management method provided by the invention, a new public-private key pair is regenerated after each master-slave switching, so that the detection result is not influenced by the switching, and the accuracy of the detection result is effectively ensured.
Based on the content of the foregoing embodiment, as an optional embodiment, in a case where it is determined that the communication states between the main control unit and all the input and output units are normal, the method further includes:
in any communication period of data communication between the main control unit and the target input and output unit, a second public key communication code is carried in a driving data frame sent by the main control unit;
the target input and output unit decrypts the communication code of the second public key by using a private key of the target input and output unit;
under the condition that the decryption is normal, continuing to maintain the communication between the main control unit and the target input and output unit;
in the event that the decryption is not normal, a dual primary protection mode is triggered to re-determine the primary and backup control units of the two vehicle control units.
Referring to fig. 4, in order to avoid a failure of VCU platform software, the method for managing distributed TCMS active/standby redundancy of a train according to the present invention uses a private key of a target RIOM (which may be any RIOM) in the form of a public/private key pair to detect a second public key communication code carried in a drive data frame sent by the VCU 1. If the target RIOM detects that the transmission communication code has errors, the VCU1 which currently transmits the driving data frame is proved not to be the same VCU as the previous VCU, namely, a second master control VCU exists in the train network.
Under the condition that the VCU1 is the same as the previous VCU, the second public key communication code carried in the sent drive data frame is the first public key communication code, and the first public key communication code is generated by the own private key of the target RIOM and the private key of the VCU1, so that the target RIOM can determine the private key of the VCU1 according to the own private key and the first public key communication code.
In the case where the VCU1 is not the same VCU as the previous VCU, the second public key communication code carried in the transmitted driving data frame is necessarily different from the first public key communication code, so the target RIOM cannot decrypt the first public key communication code, that is, the decryption is not normal. At this time, it can be determined that two different VCUs exist in the current platform, which poses a serious threat to the driving safety of the train, and therefore, the dual-master protection mode needs to be started.
In the dual-master protection mode, the master/slave machines may be switched again in the system to re-determine the master VCU and the slave VCU in the trip, or a worker may confirm or remove the fault until the normal dual-master hot-standby redundant operation is recovered.
The train distributed TCMS master-slave redundancy management method provided by the invention can realize the third-party monitoring judgment processing of the VCU double masters on the RIOM, can avoid the problem of the train VCU double masters caused by the network disconnection of a backbone network, and effectively ensures the driving safety.
Based on the content of the foregoing embodiment, as an optional embodiment, after continuing to maintain the communication between the main control unit and the target input and output unit, the method further includes:
the target input and output unit sends a collected data frame to the main control unit, wherein the collected data frame comprises a third public key communication code, and the third public key communication code is generated by the target input and output unit according to a private key of the target input and output unit and a newly received private key of the vehicle controller;
the master control unit verifies the third public key communication code;
if the third public key communication code is the same as the second public key communication code, continuing to maintain the communication between the main control unit and the target input and output unit;
and if the third public key communication code is different from the second public key communication code, triggering a double-main protection mode to re-determine a main control unit and a standby control unit in the two vehicle control units.
As shown in fig. 4, the master VCU is further used to detect whether the received third public key communication code is generated by the target RIOM according to its own private key and private keys of other VCUs according to the third public key communication code carried in the acquired data frame sent by the target RIOM, so as to determine whether there are two master VCUs in the platform.
Specifically, in the case where only one master VCU (VCU1) exists in the platform, the third public key communication code carried in the collected data frame sent by the target RIOM is the same as the first public key communication code, that is, generated by the private key of the VCU1 and the private key of the target RIOM.
In the case where two master VCUs (VCU1 and VCU2, where VCU1 is the master VCU in the normal case) exist in the platform at the same time, the third public key communication code may be generated by the private key of VCU2 and the private key of the target RIOM, and after the third public key communication code is received by VCU1, it cannot be decrypted, i.e., the decryption is unsuccessful.
The train distributed TCMS master-slave redundancy management method provided by the invention verifies the public key communication code in the acquired data sent by each RIOM by using the private key in the master control VCU so as to detect whether two master control VCUs exist in the system at the same time, thereby effectively ensuring the driving safety,
it should be noted that, in the above embodiments of the present invention, the detection is performed by using whether the master VCU receives the public key communication code fed back by each RIOM, so as to determine whether an accident of network disconnection of the subsystem occurs in the platform; in the present embodiment, at least one or a plurality of schemes combined to form different schemes may be adopted in actual operation, which are considered as protection ranges of the present invention, and the three different detection modes, namely, whether each RIOM is used as a third-party detection platform for detecting whether dual master control exists, and whether the dual master control exists in the main control VCU detection platform, are described.
Fig. 5 is a schematic structural diagram of a train distributed TCMS active-standby redundancy management system provided by the present invention, as shown in fig. 5, including but not limited to a clock reference unit 1 and a communication cycle determining unit 2, where:
the clock reference unit 1 is mainly used for determining the minimum communication period between the train subsystems and two vehicle control units distributed at the train head and the train tail according to a reference network clock of a train ring network.
The communication cycle determination unit 2 is mainly used to determine the communication cycle between the two vehicle control units based on the minimum communication cycle.
The train ring network is constructed by switches arranged in each carriage based on Ethernet; and each switch is used for controlling the data interaction between each train subsystem related to the carriage where the switch is located and the train ring network.
Specifically, in the train distributed TCMS active-standby redundancy management system provided by the present invention, the VCU platform of the train performs periodic timing, and the clock of the train ring network is used as the timing reference of the platform. The period of the platform synchronization frame value distributed between the two VCUs at the head and the tail of the vehicle can be the shortest time of the communication task, even a value which is one N times the shortest time (wherein N is more than or equal to 2). Therefore, when the platform is switched between the main system and the standby system, the switching cycle time is shorter than the communication cycle of receiving services of each subsystem of the train, so that the problem of data synchronization deviation is avoided when the platform is subjected to main-standby reverse system processing.
Specifically, two VCUs are disposed on the train, and a communication period (i.e., a data transmission period) between the VCUs is smaller than a communication period between the VCU and all subsystems on the train. Under the condition that the train head VCU and the train tail VCU adopt the same clock source, under the condition that the communication state of the train ring network is good and the communication period between the VCUs is set to be small enough, the value of the platform synchronization frame can achieve high synchronization.
Therefore, the minimum communication period between the vehicle control unit and each train subsystem is calculated through the clock reference unit 1, and the communication period between the two vehicle control units is determined based on the minimum communication period when the communication period determining unit 2 takes a value of the platform synchronous frame each time.
The train distributed TCMS main and standby redundancy management system provided by the invention utilizes the time synchronization protocol of the train switch to carry out clock cycle correction on VCUs at two ends through the reference network clock of the train ring network, can effectively overcome the problem of synchronous deviation of operation between the VCUs, and provides a data basis and a network basis for ensuring the normal development of main and standby redundancy management.
It should be noted that, when specifically executed, the train distributed TCMS active-standby redundancy management system provided in the embodiment of the present invention may be implemented based on the train distributed TCMS active-standby redundancy management method described in any of the foregoing embodiments, and details of this embodiment are not described herein.
Fig. 6 is a schematic structural diagram of an electronic device provided in the present invention, and as shown in fig. 6, the electronic device may include: a processor (processor)610, a communication interface (communication interface)620, a memory (memory)630 and a communication bus 640, wherein the processor 610, the communication interface 620 and the memory 630 are communicated with each other via the communication bus 640. Processor 610 may invoke logic instructions in memory 630 to perform a method for train distributed TCMS active-standby redundancy management, the method comprising: determining the minimum communication period between two vehicle control units distributed at the head and the tail of a train and each train subsystem according to a reference network clock of a train ring network; determining a communication period between the two vehicle control units based on the minimum communication period; the train ring network is constructed by switches arranged in each carriage based on Ethernet; and each switch is used for controlling the data interaction between each train subsystem related to the carriage where the switch is located and the train ring network.
In addition, the logic instructions in the memory 630 may be implemented in software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
In another aspect, the present invention further provides a computer program product, where the computer program product includes a computer program stored on a non-transitory computer-readable storage medium, and the computer program includes program instructions, and when the program instructions are executed by a computer, the computer is capable of executing the train distributed TCMS active/standby redundancy management method provided by the foregoing methods, and the method includes: determining the minimum communication period between two vehicle control units distributed at the head and the tail of a train and each train subsystem according to a reference network clock of a train ring network; determining a communication period between the two vehicle control units based on the minimum communication period; the train ring network is constructed by switches arranged in each carriage based on Ethernet; and each switch is used for controlling the data interaction between each train subsystem related to the carriage where the switch is located and the train ring network.
In another aspect, the present invention further provides a non-transitory computer readable storage medium, on which a computer program is stored, where the computer program is implemented by a processor to execute the method for primary and standby redundancy management of a distributed TCMS for a train provided in the foregoing embodiments, where the method includes: determining the minimum communication period between two vehicle control units distributed at the head and the tail of a train and each train subsystem according to a reference network clock of a train ring network; determining a communication period between the two vehicle control units based on the minimum communication period; the train ring network is constructed by switches arranged in each carriage based on Ethernet; and each switch is used for controlling the data interaction between each train subsystem related to the carriage where the switch is located and the train ring network.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A train distributed TCMS master-slave redundancy management method is characterized by comprising the following steps:
determining the minimum communication period between two vehicle control units distributed at the head and the tail of a train and each train subsystem according to a reference network clock of a train ring network;
determining a communication period between the two vehicle control units based on the minimum communication period;
the train ring network is constructed by switches arranged in each carriage based on Ethernet; and each switch is used for controlling the data interaction between each train subsystem related to the carriage where the switch is located and the train ring network.
2. The distributed TCMS active-standby redundancy management method for a train according to claim 1, further comprising:
under the condition that initial power-on is successful or main-standby conversion is completed, determining a main control unit and a standby control unit in the two vehicle control units;
the master control unit broadcasts an updated private key notification to all the input and output units;
the input and output unit responds to the private key updating notification, acquires the private key of the main control unit, generates a first public key communication code according to the private key of the main control unit, and feeds the first public key communication code back to the main control unit;
and the main control unit determines the communication state between the main control unit and all the input and output units according to the received first public key communication code.
3. The train distributed TCMS active-standby redundancy management method according to claim 2, wherein the determining, by the master control unit, the communication states with all the input/output units according to the received first public key communication code includes:
determining that the communication state between the master control unit and all the input/output units is normal when the master control unit receives the first public key communication codes sent by all the input/output units;
and determining that the communication between the main control unit and any input/output unit is interrupted when the main control unit does not receive any first public key communication code sent by all the input/output units.
4. The train distributed TCMS active-standby redundancy management method according to claim 2, wherein the first public key communication code is generated together according to a private key of the master control unit and a private key of the input-output unit.
5. The distributed TCMS active/standby redundancy management method for trains according to claim 2, wherein after the master control unit broadcasts the update private key notification to all the input/output units, the method further comprises:
the backup control unit updates a private key of the backup control unit based on the sequence of backup private keys in response to the update private key notification.
6. The train distributed TCMS active-standby redundancy management method according to claim 3, wherein when it is determined that the communication states between the main control unit and all the input/output units are normal, the method further comprises:
in any communication period of data communication between the main control unit and the target input and output unit, a second public key communication code is carried in a driving data frame sent by the main control unit;
the target input and output unit decrypts the communication code of the second public key by using a private key of the target input and output unit;
under the condition that the decryption is normal, continuing to maintain the communication between the main control unit and the target input and output unit;
in the event that the decryption is not normal, a dual primary protection mode is triggered to re-determine the primary and backup control units of the two vehicle control units.
7. The distributed TCMS active-standby redundancy management method for a train according to claim 6, further comprising, after continuing to maintain communication between the main control unit and the target input-output unit:
the target input and output unit sends a collected data frame to the main control unit, wherein the collected data frame comprises a third public key communication code, and the third public key communication code is generated by the target input and output unit according to a private key of the target input and output unit and a newly received private key of the vehicle controller;
the master control unit verifies the third public key communication code;
if the third public key communication code is the same as the second public key communication code, continuing to maintain the communication between the main control unit and the target input and output unit;
and if the third public key communication code is different from the second public key communication code, triggering a double-main protection mode to re-determine a main control unit and a standby control unit in the two vehicle control units.
8. A train distributed TCMS master-slave redundancy management system is characterized by comprising:
the clock reference unit is used for determining the minimum communication period between the two vehicle control units distributed at the head and the tail of the train and each train subsystem according to a reference network clock of the train ring network;
a communication cycle determination unit for determining a communication cycle between the two vehicle control units based on the minimum communication cycle;
the train ring network is constructed by switches arranged in each carriage based on Ethernet; and each switch is used for controlling the data interaction between each train subsystem related to the carriage where the switch is located and the train ring network.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor when executing the computer program implements the train distributed TCMS active standby redundancy management method steps of any one of claims 1 to 7.
10. A non-transitory computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the train distributed TCMS master backup redundancy management method steps of any of claims 1 to 7.
CN202011459035.3A 2020-12-11 Train distributed TCMS (train control system) main-standby redundancy management method and system Active CN112492046B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011459035.3A CN112492046B (en) 2020-12-11 Train distributed TCMS (train control system) main-standby redundancy management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011459035.3A CN112492046B (en) 2020-12-11 Train distributed TCMS (train control system) main-standby redundancy management method and system

Publications (2)

Publication Number Publication Date
CN112492046A true CN112492046A (en) 2021-03-12
CN112492046B CN112492046B (en) 2024-07-02

Family

ID=

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113364551A (en) * 2021-06-18 2021-09-07 广东电网有限责任公司 Clock synchronization method and device for domain type protection device of power distribution network
CN113835337A (en) * 2021-10-19 2021-12-24 中车株洲电力机车有限公司 Method and system for train network redundancy control
CN114567652A (en) * 2022-01-19 2022-05-31 中车南京浦镇车辆有限公司 Communication redundancy-based asymmetric partition real-time Ethernet train network system

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103197978A (en) * 2013-04-03 2013-07-10 浙江中控技术股份有限公司 Controller, multi-redundancy control system and synchronous control method thereof
CN103647684A (en) * 2013-12-17 2014-03-19 北京交通大学 System and method for testing urban rail train security detection sensing network
WO2014165024A1 (en) * 2013-03-13 2014-10-09 Wabtec Holding Corp. Train network management system and method
WO2014166062A1 (en) * 2013-04-09 2014-10-16 Jian Lian Collision avoidance information system for urban rail transport train
JP2014220863A (en) * 2013-05-01 2014-11-20 株式会社日立製作所 Train control system
CN105656592A (en) * 2015-12-31 2016-06-08 深圳市汇川技术股份有限公司 Ethercat communication system master station and communication method
CN109219019A (en) * 2018-10-12 2019-01-15 北京特种机械研究所 Train Communication Network multi-hop dispatching method based on Ethernet
CN109753368A (en) * 2018-12-20 2019-05-14 清华大学 A kind of real time data sending method and system
CN110040158A (en) * 2019-05-05 2019-07-23 中车青岛四方车辆研究所有限公司 Track train traction braking level control method
US20190322299A1 (en) * 2018-04-20 2019-10-24 General Electric Company Locomotive control system
EP3666620A1 (en) * 2018-12-12 2020-06-17 SpeedInnov Railway vehicle train consist and railway vehicle
CN111585683A (en) * 2020-05-11 2020-08-25 上海交通大学 High-reliability clock synchronization system and method for time-sensitive network
CN111717239A (en) * 2020-07-06 2020-09-29 中车大连机车车辆有限公司 Maglev train control and management system and communication method thereof
CN111781816A (en) * 2020-08-05 2020-10-16 中车大连电力牵引研发中心有限公司 Train master control equipment high-speed redundancy switching method and system based on double buses

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014165024A1 (en) * 2013-03-13 2014-10-09 Wabtec Holding Corp. Train network management system and method
CN103197978A (en) * 2013-04-03 2013-07-10 浙江中控技术股份有限公司 Controller, multi-redundancy control system and synchronous control method thereof
WO2014166062A1 (en) * 2013-04-09 2014-10-16 Jian Lian Collision avoidance information system for urban rail transport train
JP2014220863A (en) * 2013-05-01 2014-11-20 株式会社日立製作所 Train control system
CN103647684A (en) * 2013-12-17 2014-03-19 北京交通大学 System and method for testing urban rail train security detection sensing network
CN105656592A (en) * 2015-12-31 2016-06-08 深圳市汇川技术股份有限公司 Ethercat communication system master station and communication method
US20190322299A1 (en) * 2018-04-20 2019-10-24 General Electric Company Locomotive control system
CN109219019A (en) * 2018-10-12 2019-01-15 北京特种机械研究所 Train Communication Network multi-hop dispatching method based on Ethernet
EP3666620A1 (en) * 2018-12-12 2020-06-17 SpeedInnov Railway vehicle train consist and railway vehicle
CN109753368A (en) * 2018-12-20 2019-05-14 清华大学 A kind of real time data sending method and system
CN110040158A (en) * 2019-05-05 2019-07-23 中车青岛四方车辆研究所有限公司 Track train traction braking level control method
CN111585683A (en) * 2020-05-11 2020-08-25 上海交通大学 High-reliability clock synchronization system and method for time-sensitive network
CN111717239A (en) * 2020-07-06 2020-09-29 中车大连机车车辆有限公司 Maglev train control and management system and communication method thereof
CN111781816A (en) * 2020-08-05 2020-10-16 中车大连电力牵引研发中心有限公司 Train master control equipment high-speed redundancy switching method and system based on double buses

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
孙荣坤;马悦;: "北京西郊线有轨电车网络控制系统设计", 铁道机车与动车, no. 05 *
张岩;唐涛;马连川;徐田华;: "基于交换式以太网安全通信协议的模型和仿真研究", 铁道学报, no. 03, 15 June 2010 (2010-06-15) *
邓绍华;: "基于逻辑控制单元和相关以太网标准的列车控制系统", 工业技术创新, no. 02 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113364551A (en) * 2021-06-18 2021-09-07 广东电网有限责任公司 Clock synchronization method and device for domain type protection device of power distribution network
CN113364551B (en) * 2021-06-18 2022-08-09 广东电网有限责任公司 Clock synchronization method and device for domain type protection device of power distribution network
CN113835337A (en) * 2021-10-19 2021-12-24 中车株洲电力机车有限公司 Method and system for train network redundancy control
CN113835337B (en) * 2021-10-19 2023-07-11 中车株洲电力机车有限公司 Train network redundancy control method and system
CN114567652A (en) * 2022-01-19 2022-05-31 中车南京浦镇车辆有限公司 Communication redundancy-based asymmetric partition real-time Ethernet train network system

Similar Documents

Publication Publication Date Title
CN107229221A (en) Fault-tolerant mode and handoff protocol for multiple hot and cold standby redundancies
US9934111B2 (en) Control and data transmission system, process device, and method for redundant process control with decentralized redundancy
JP5509730B2 (en) Fault tolerant computer and power supply control method
EP2632081B1 (en) Path switch-back method and apparatus in transport network
US20100229046A1 (en) Bus Guardian of a User of a Communication System, and a User of a Communication System
CN110658718A (en) Multi-master-control redundancy switching control method and system
JP2017505586A (en) Bus participant apparatus and method of operation of bus participant apparatus
CN101488863B (en) Method, apparatus and system for eliminating route oscillation in neighbor reconstruction
JP5707355B2 (en) Hot-standby client-server system
JP7023722B2 (en) Duplex control system
JP2009201334A (en) Double-system train control device
JP2020195035A (en) Communication system and communication control method
WO2015045062A1 (en) Communication system, standby device, communication method, and standby program
CN112492046A (en) Train distributed TCMS (train communication control system) master-slave redundancy management method and system
CN112492046B (en) Train distributed TCMS (train control system) main-standby redundancy management method and system
JP2014106874A (en) Coaxial two-wheel moving body and control method therefor
JP2010061606A (en) Pci card, motherboard, pci bus system, control method and program
AU2012323190B2 (en) Method for operating a control network, and control network
KR101233607B1 (en) Method for managing path of osek networks
CN116382060A (en) CAN communication vehicle-mounted domain controller system with uninterrupted faults
JP4541241B2 (en) Plant control system
JP5589719B2 (en) Multiplexing system and method for controlling multiplexed system
CN110901691B (en) Ferroelectric data synchronization system and method and train network control system
US20200287845A1 (en) Method and system for a geographical hot redundancy
JP6288609B2 (en) Redundant controller

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant