CN212992356U - Network isolation system - Google Patents
Network isolation system Download PDFInfo
- Publication number
- CN212992356U CN212992356U CN202021517719.XU CN202021517719U CN212992356U CN 212992356 U CN212992356 U CN 212992356U CN 202021517719 U CN202021517719 U CN 202021517719U CN 212992356 U CN212992356 U CN 212992356U
- Authority
- CN
- China
- Prior art keywords
- card
- network isolation
- pcie
- network
- slot
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
The utility model relates to a network isolation system, including first network isolation unit and second network isolation unit, first network isolation unit includes first mainboard, first switching card, first network isolation card and PCIE serial ports extension card, and PCIE serial ports extension card has a plurality of serial ports, and second network isolation unit includes second mainboard, second switching card and second network isolation card, and second network isolation card connects first network isolation card; the network isolation between the internal network and the external network can be realized under the Skylake architecture and the Baytail architecture, the data security is ensured, the service performance of the Skylake processor and the Baytail processor is improved, the practicability is high, different types of network isolation cards can be flexibly matched according to the use requirements of users, the functions of kilomega electricity, kilomega light and kilomega electricity isolation required by the users are realized, and the applicability is high; and the function of a PCIE bus for expansion is realized, the compatibility of the first mainboard is improved, and the performance of the Skylake processor is exerted to the maximum extent.
Description
Technical Field
The utility model relates to a network isolation field especially indicates a network isolation system.
Background
The Network Isolation (Network Isolation) technology is a Network security technology, and mainly refers to the Isolation purpose of exchanging data between two or more routable networks (such as TCP/IP) through a non-routable protocol or other proprietary protocols.
The existing network isolation product has single isolation function, cannot realize different isolation functions according to user requirements, and has poor applicability; in addition, the number of the existing PCIE buses is small, and PCIE devices cannot be expanded, so that the compatibility of the motherboard is poor, and the performance of the motherboard is difficult to be exerted to a large extent. In addition, the internal structure connection reasonability of the existing network isolation product is poor, the layout is complex, and the space utilization rate is low.
Therefore, in the present patent application, the applicant elaborated a network isolation system to solve the above-mentioned problems.
SUMMERY OF THE UTILITY MODEL
The utility model aims at the deficiencies of the prior art, the main object of the utility model is to provide a network isolation system, it can realize the network isolation between the internal and external networks under Skylake framework and baytail framework, guarantee data security, improve the performance of the Skylake treater of first mainboard and the baytail treater of second mainboard, the practicality is stronger, also can be according to user's user demand, and the network isolation card of different grade type of nimble collocation, realize the gigabit electricity that the user demands, gigabit light and the function of ten thousand megabytes of electricity isolation, the suitability is strong; and the function of a PCIE bus for expansion is realized, the compatibility of the first mainboard is improved, and the performance of the Skylake processor is exerted to the maximum extent.
In order to achieve the above purpose, the utility model adopts the following technical scheme:
a network isolation system comprises a first network isolation unit based on a skylake architecture and a second network isolation unit based on a Baytail architecture, wherein:
one of the first network isolation unit and the second network isolation unit is used for connecting an outer network, and the other one of the first network isolation unit and the second network isolation unit is used for connecting an inner network:
the first network isolation unit comprises a first mainboard, a first adapter card, a first network isolation card and a PCIE serial port expansion card, the first mainboard comprises a Skylake processor and a PCH chip, the Skylake processor is connected with the PCH chip through a DMI bus, and the PCH chip is connected with the first adapter card;
the first adaptor card is provided with a PCIE Switch chip, a PCIEx1 slot and a first PCIEx4 slot, the PCIEx Switch chip is respectively connected with the PCIEx1 slot and the first PCIEx4 slot, the first network isolation card is provided with a PCIEx1 golden finger, the PCIEx1 golden finger is connected with the PCIEx1 slot, the PCIEx serial port expansion card is provided with a first PCIEx4 golden finger and a plurality of serial ports, and the first PCIEx4 golden finger is connected with the first PCIEx4 slot;
the second network isolation unit comprises a second main board, a second adapter card and a second network isolation card, the second main board comprises a Baytail processor, the Baytail processor is connected with a second PCIEx4 slot, the second adapter card is provided with a second PCIEx4 golden finger and a third PCIEx4 slot, and the second PCIEx4 golden finger is connected with the second PCIEx4 slot;
the second network isolation card has a third pcie x4 gold finger, and the third pcie x4 gold finger is connected to a third pcie x4 slot; the second network isolation card is connected with the first network isolation card, and the first network isolation card and the second network isolation card are both kilomega electrical isolation cards, kilomega optical isolation cards or giga optical isolation cards.
As a preferred scheme, the first interface card is located on the right side of the first motherboard, the PCIE serial expansion card and the first network isolation card are located on the right side of the first interface card in a front-back side-by-side manner, and the PCIE serial expansion card, the first network isolation card and the first motherboard are parallel to each other.
As a preferred scheme, the second adapter card is disposed between the second motherboard and the second network isolation card, and the second motherboard, the second adapter card, and the second network isolation card are parallel to each other.
Preferably, the serial port is an 232/485 serial port.
As a preferable scheme, the second pcie x4 gold finger and the third pcie x4 slot are respectively disposed on the second adapter card in a staggered manner from left to right.
As a preferable scheme, the PCH chip is connected to a fourth pcie x4 slot, and the first adapter card is connected to the fourth pcie x4 slot through a fourth pcie x4 gold finger.
Compared with the prior art, the utility model obvious advantage of output and beneficial effect particularly: the network isolation between the internal network and the external network can be realized under a Skylake architecture and a Baytail architecture by matching the first network isolation card and the second network isolation card, the data security is ensured, the service performance of a Skylake processor of the first mainboard and the service performance of a Baytail processor of the second mainboard are improved, the practicability is high, especially, the network isolation cards of different types can be flexibly matched according to the use requirements of users, the gigabit electricity, the gigabit light and the gigabit electricity isolation function required by the users are realized, and the applicability is high; moreover, the function of the PCIE bus for expansion is realized by utilizing the matching of the PCIE Switch chip of the first adapter card and the PCIE serial port expansion card, the compatibility of the first mainboard is improved, and the performance of the Skylake processor is exerted to the maximum extent;
and the whole structure is ingenious and reasonable, the layout is compact, the space utilization rate is higher, the installation space is saved, and meanwhile, the plugging and unplugging are convenient.
To more clearly illustrate the structural features and effects of the present invention, the following detailed description is given with reference to the accompanying drawings and specific embodiments.
Drawings
Fig. 1 is a schematic perspective view of a first network isolation unit according to an embodiment of the present invention;
fig. 2 is a schematic perspective view of a second network isolation unit according to an embodiment of the present invention;
fig. 3 is a schematic block diagram of an embodiment of the present invention.
The reference numbers illustrate:
10. first main board
11. Skylake processor 12, PCH chip
13. DMI bus 14, fourth PCIEx4 slot
20. Second main board
21. Baytail processor 211, second PCIEx4 slot
31. First adaptor card 311 and PCIE Switch chip
312. PCIEx1 slot 313, first PCIEx4 slot
32. Second adapter 321 and third PCIEx4 slots
41. First network isolation card 42 and second network isolation card
50. PCIE serial port expansion card 51, serial port.
Detailed Description
The present invention will be further described with reference to the accompanying drawings and the detailed description.
As shown in fig. 1 to fig. 3, a network isolation system includes a first network isolation unit based on a skylake architecture and a second network isolation unit based on a baytail architecture, in this embodiment, one of the first network isolation unit and the second network isolation unit is used for connecting an external network, and the other is used for connecting an internal network.
The first network isolation unit comprises a first mainboard 10, a first adaptor card 31, a first network isolation card 41 and a PCIE serial port expansion card 50, wherein the first mainboard 10 comprises a Skylake processor 11 and a PCH chip 12, the Skylake processor 11 is connected with the PCH chip 12 through a DMI bus 13, and the PCH chip 12 is connected with the first adaptor card 31; in this embodiment, the PCH chip 12 is connected to a fourth pcie x4 slot 14, and the first adapter card 31 is connected to the fourth pcie x4 slot 14 through a fourth pcie x4 gold finger.
The first interface card 31 is provided with a PCIE Switch chip 311, a PCIE 1 slot 312, and a first PCIE x4 slot 313, the PCIE Switch chip 311 is connected to the PCIE 1 slot 312 and the first PCIE x4 slot 313, the first network isolation card 41 has a PCIE x1 gold finger, the PCIE x1 gold finger is connected to the PCIE x1 slot 312, the PCIE serial port expansion card 50 has a first PCIE x4 gold finger and a plurality of serial ports 51, and the first PCIE x4 gold finger is connected to the first PCIE 4 slot 313; preferably, the serial port 51 is an 232/485 serial port, and an 8-way 232/485 serial port is realized to the maximum extent through the PCIE serial port expansion card 50.
In this embodiment, the fourth PCIE x4 slot 14 outputs 1 PCIE x1 signal, then the PCIE Switch chip 311 fans out 2 PCIE x1 signals to the PCIE x1 slot 312 and the first PCIE x4 slot 313, and the PCIE serial expansion card 50 is connected to the PCIE Switch chip 311 through the first PCIE x4 gold finger, and is converted through the PCIE Switch chip 311, so as to achieve the purpose of extending the PCIE bus.
In this embodiment, as shown in fig. 1, the first adaptor card 31 is erected on the right side of the first motherboard 10, the PCIE serial expansion card 50 and the first network isolation card 41 are located on the right side of the first adaptor card 31 side by side in front of and behind, and the PCIE serial expansion card 50, the first network isolation card 41 and the first motherboard 10 are parallel to each other.
The second network isolation unit includes a second motherboard 20, a second riser card 32, and a second network isolation card 42. The second motherboard 20 includes a Baytail processor 21, and preferably, the Baytail processor 21 is an Intel Baytail J1900 processor. The baytail processor 21 is connected to a second pcie 4 slot 211, the second pcie 4 slot 211 outputs 1 pcie 1 signal, the second adapter card 32 has a second pcie 4 gold finger and a third pcie 4 slot 321, and preferably, the second pcie 4 gold finger and the third pcie 4 slot 321 are respectively disposed on the second adapter card 32 in a left-right staggered manner.
The second PCIEx4 gold finger is connected to a second PCIEx4 slot 211; the second network isolation card 42 has a third pcie x4 gold finger, and the third pcie x4 gold finger is connected to the third pcie x4 slot 321; the second network isolation card 42 is connected with the first network isolation card 41 through a connecting line. Preferably, the first network isolation card 41 and the second network isolation card 42 both use the same type of network isolation card, and both use a gigabit electrical isolation card, a gigabit optical isolation card or a gigabit optical isolation card.
In this embodiment, as shown in fig. 2, the second riser card 32 is disposed between the second motherboard 20 and the second network isolation card 42, and the second motherboard 20, the second riser card 32 and the second network isolation card 42 are parallel to each other.
The following working principle is explained in general: suppose that the first network isolation unit is connected with an external network and the second network isolation unit is connected with an internal network. Under the default condition, the internal network and the external network are completely separated; when the data of the external network is required to connect to the internal network, the data is first transmitted from the first motherboard 10 to the first network isolation card 41, then the first network isolation card 41 strips the protocol and transmits the protocol to the second network isolation card 42 through a connection line, and the second network isolation card 42 encapsulates the data and transmits the data to the second motherboard 20.
The utility model relates to a key point lies in, it is mainly through the cooperation of first network isolation card and second network isolation card, can realize the network isolation between the internal and external networks under Skylake framework and baytail framework, guarantee data security, improve the performance of the Skylake treater of first mainboard and the baytail treater of second mainboard, the practicality is stronger, especially, can be according to user's user demand, and the nimble different grade type of network isolation card of arranging, the function of gigabit electricity, gigabit light and ten thousand megabytes electricity isolation that the realization user required, the suitability is strong; moreover, the function of the PCIE bus for expansion is realized by utilizing the matching of the PCIE Switch chip of the first adapter card and the PCIE serial port expansion card, the compatibility of the first mainboard is improved, and the performance of the Skylake processor is exerted to the maximum extent;
and the whole structure is ingenious and reasonable, the layout is compact, the space utilization rate is higher, the installation space is saved, and meanwhile, the plugging and unplugging are convenient.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the technical scope of the present invention, so that any slight modifications, equivalent changes and modifications made by the technical spirit of the present invention to the above embodiments are all within the scope of the technical solution of the present invention.
Claims (6)
1. A network isolation system, characterized by: the system comprises a first network isolation unit based on a skylake architecture and a second network isolation unit based on a Baytail architecture, wherein:
one of the first network isolation unit and the second network isolation unit is used for connecting an outer network, and the other one of the first network isolation unit and the second network isolation unit is used for connecting an inner network;
the first network isolation unit comprises a first mainboard, a first adapter card, a first network isolation card and a PCIE serial port expansion card, the first mainboard comprises a Skylake processor and a PCH chip, the Skylake processor is connected with the PCH chip through a DMI bus, and the PCH chip is connected with the first adapter card;
the first adaptor card is provided with a PCIE Switch chip, a PCIEx1 slot and a first PCIEx4 slot, the PCIEx Switch chip is respectively connected with the PCIEx1 slot and the first PCIEx4 slot, the first network isolation card is provided with a PCIEx1 golden finger, the PCIEx1 golden finger is connected with the PCIEx1 slot, the PCIEx serial port expansion card is provided with a first PCIEx4 golden finger and a plurality of serial ports, and the first PCIEx4 golden finger is connected with the first PCIEx4 slot;
the second network isolation unit comprises a second main board, a second adapter card and a second network isolation card, the second main board comprises a Baytail processor, the Baytail processor is connected with a second PCIEx4 slot, the second adapter card is provided with a second PCIEx4 golden finger and a third PCIEx4 slot, and the second PCIEx4 golden finger is connected with the second PCIEx4 slot;
the second network isolation card has a third pcie x4 gold finger, and the third pcie x4 gold finger is connected to a third pcie x4 slot; the second network isolation card is connected with the first network isolation card, and the first network isolation card and the second network isolation card are both kilomega electrical isolation cards, kilomega optical isolation cards or giga optical isolation cards.
2. The network isolation system of claim 1, wherein: the first adaptor card is vertically arranged on the right side of the first mainboard, the PCIE serial port expansion card and the first network isolation card are arranged on the right side of the first adaptor card in a front-back side-by-side mode, and the PCIE serial port expansion card, the first network isolation card and the first mainboard are parallel to each other.
3. The network isolation system of claim 1, wherein: the second adapter card is arranged between the second mainboard and the second network isolation card, and the second mainboard, the second adapter card and the second network isolation card are parallel to each other.
4. The network isolation system of claim 1, wherein: the serial port is an 232/485 serial port.
5. The network isolation system of claim 1, wherein: the second pcie x4 gold finger and the third pcie x4 slot are disposed on the second adapter card in a staggered manner from left to right.
6. The network isolation system of claim 1, wherein: the PCH chip is connected to a fourth pcie x4 slot, and the first adapter is connected to the fourth pcie x4 slot through a fourth pcie x4 gold finger.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202021517719.XU CN212992356U (en) | 2020-07-28 | 2020-07-28 | Network isolation system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202021517719.XU CN212992356U (en) | 2020-07-28 | 2020-07-28 | Network isolation system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN212992356U true CN212992356U (en) | 2021-04-16 |
Family
ID=75429687
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202021517719.XU Active CN212992356U (en) | 2020-07-28 | 2020-07-28 | Network isolation system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN212992356U (en) |
-
2020
- 2020-07-28 CN CN202021517719.XU patent/CN212992356U/en active Active
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN202084028U (en) | Modularized multi-serial port expanding device | |
| CN111367837B (en) | Data interface board of reconfigurable radar signal processing hardware platform | |
| CN1901530B (en) | Server system | |
| CN212009333U (en) | Interface board compatible with multiple interface signals | |
| CN207397268U (en) | A kind of USB interface multiplex system | |
| CN212992356U (en) | Network isolation system | |
| CN101894055A (en) | Method for realizing blade mainboard interface with redundancy function | |
| CN212677310U (en) | Network access system with multiple network access modes | |
| CN112948316A (en) | AI edge computing all-in-one machine framework based on network interconnection | |
| CN211149445U (en) | High-speed data processing platform | |
| CN209072526U (en) | Ethernet exchanging device | |
| CN111177052A (en) | System for redirecting serial port of computer peripheral equipment to network far end | |
| CN213582152U (en) | PCIE signal bit width automatic switching device of desktop and server system | |
| CN214042270U (en) | KVM switch based on Type-C port | |
| CN201234270Y (en) | High-speed InfiniBand switch blade | |
| CN103544133B (en) | Conversion device and conversion method | |
| CN203522744U (en) | Multi-service optical access apparatus | |
| CN219179797U (en) | Edge box and control system | |
| CN217085751U (en) | Safe communication system based on Skylake framework processor | |
| CN213904337U (en) | Skylake architecture processor-based multi-interface extended communication system | |
| CN210627189U (en) | Extension multiplexing PCIE bus control system based on PLX chip | |
| CN210742828U (en) | Industrial control mainboard with switch function | |
| CN219761045U (en) | Communication system based on sea light processor | |
| CN214256754U (en) | PCB connecting plate module for data synchronization of fault-tolerant computer | |
| CN216527155U (en) | Data line for communication between two USB HOST interface devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |