CN213213516U - Ethernet network for diagnosing rail vehicle and rail vehicle - Google Patents

Ethernet network for diagnosing rail vehicle and rail vehicle Download PDF

Info

Publication number
CN213213516U
CN213213516U CN202022125436.7U CN202022125436U CN213213516U CN 213213516 U CN213213516 U CN 213213516U CN 202022125436 U CN202022125436 U CN 202022125436U CN 213213516 U CN213213516 U CN 213213516U
Authority
CN
China
Prior art keywords
network
ethernet
rail vehicle
vehicle
communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202022125436.7U
Other languages
Chinese (zh)
Inventor
卢臻
程珂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens Mobility Technologies Beijing Co Ltd
Original Assignee
Siemens Mobility Technologies Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Mobility Technologies Beijing Co Ltd filed Critical Siemens Mobility Technologies Beijing Co Ltd
Priority to CN202022125436.7U priority Critical patent/CN213213516U/en
Application granted granted Critical
Publication of CN213213516U publication Critical patent/CN213213516U/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Small-Scale Networks (AREA)
  • Electric Propulsion And Braking For Vehicles (AREA)

Abstract

The utility model provides an ethernet network and rail vehicle that diagnoses are carried out rail vehicle. Wherein the Ethernet network comprises: the train control subnet includes: the train control device network includes a plurality of vehicle control devices mounted on the rail vehicle; the diagnosis database network comprises a plurality of database servers and is used for receiving and storing diagnosis data sent by each vehicle control device in the train control device network; the network equipment network comprises a plurality of switches and transmits the diagnosis data stored in the diagnosis database network; the train communication subnet includes: the communication server receives and transmits the diagnosis data; the vehicle antenna is installed on a railway vehicle and transmits diagnosis data sent by the communication server to ground equipment, wherein the communication among the train control equipment network, the diagnosis database network, the network equipment network and the communication server is controlled by a router and a firewall in a three-layer switch included by the switch. The Ethernet network has network security and is not easy to be invaded.

Description

Ethernet network for diagnosing rail vehicle and rail vehicle
Technical Field
The embodiment of the application relates to the field of vehicles, in particular to an Ethernet network for diagnosing rail vehicles and the rail vehicles.
Background
The communication network of the rail vehicle plays an important role in the aspects of safe operation, overhaul and maintenance of the rail vehicle, is a neural center of the rail vehicle, and is a technical guarantee for safe and reliable operation of the rail vehicle. With the continuous update of the technology, the requirement on the safety of the communication network of the rail vehicle is continuously increased, and the safety of the communication network of the rail vehicle is particularly important as the information communication core of the rail vehicle.
Currently, most rail vehicle suppliers provide a basic ethernet network for rail vehicle communication networks, rather than a manageable security network. Such communication networks do not have good data isolation and are prone to interference. Thus, data communication over the communication network is also insecure and susceptible to attack, intrusion, or data theft. Therefore, how to effectively improve the security of the ethernet network of the rail vehicle becomes a technical problem to be solved urgently at present.
SUMMERY OF THE UTILITY MODEL
In order to solve the technical problems, embodiments of the present application provide an ethernet network for diagnosing a rail vehicle and a rail vehicle, so as to at least partially solve the technical problems.
According to a first aspect of the embodiments of the present application, there is provided an ethernet network for diagnosing rail vehicles, each car of the rail vehicles having installed therein switches, the switches being connected to each other to form a ring topology of the ethernet network, and the ethernet network transmitting data according to a ring redundancy protocol, the ethernet network comprising: a train control subnet, the train control subnet comprising: a train control device network including a plurality of vehicle control devices installed in a car of the rail vehicle and connected to a port of the switch, the plurality of vehicle control devices communicating with each other; the diagnosis database network comprises a plurality of database servers which are arranged in a carriage of the railway vehicle and connected with ports of the switch, and the database servers are communicated with one another and used for receiving and storing diagnosis data sent by each vehicle control device in the train control device network; a network of network devices comprising a plurality of said switches and communicating between said plurality of said switches for transmitting said diagnostic data maintained by said diagnostic database network; a train communication subnet, the train communication subnet comprising: a communication server for receiving and transmitting the diagnostic data; the vehicle antenna is installed on the railway vehicle and used for transmitting the diagnosis data sent by the communication server to ground equipment; the train control equipment network, the diagnosis database network, the network equipment network and the communication server are all in communication connection with a router and a first firewall in a three-layer interface switch included by the switch, and communication among the train control equipment network, the diagnosis database network, the network equipment network and the communication server is all routed through the router and the first firewall.
Optionally, at least two mutually redundant switches are installed in each car of the rail vehicle, and the switches installed in all the cars of the rail vehicle include two mutually redundant three-layer interface switches and a plurality of two-layer management switches.
Optionally, the number of the first firewalls is two, and both the first firewalls support the device redundancy protocol.
Optionally, the train communication subnet further comprises: and the second firewall is arranged between the communication server and the vehicle antenna and used for controlling the communication between the communication server and the ground equipment.
Optionally, the number of the second firewalls is two, and both the second firewalls support the device redundancy protocol.
Optionally, the train control subnet further comprises: the diagnostic service port network comprises a service port which is arranged in a cab of the railway vehicle and connected with a port of the switch, and a maintenance computer which is used for connecting the Ethernet network.
Optionally, communications between the train control equipment network, the diagnostic database network, the network equipment network, the communications server, and the diagnostic service port network are controlled by a router and a first firewall in the three-layer interface switch.
Optionally, each of the plurality of layer two management switches is configured with a port of at least one of the following networks: the train control equipment network, the diagnostic database network, the network equipment network, and the diagnostic service port network.
Optionally, the three-layer interface switch is configured with an access port of the network device network, and the access port of the network device network is used for accessing configuration data and a management page of the switch in the network device network.
Optionally, an authentication of the maintenance computer connected to the service port is provided in the first firewall.
Optionally, the router routes data streams of the train control device network, the diagnostic database network, the network device network, the communication server, and the diagnostic service port network according to a traffic priority.
According to a second aspect of embodiments of the present application, there is provided a rail vehicle arranged with an ethernet network for diagnosing rail vehicles according to the above.
In the embodiment of the application, the vehicle control equipment, the network equipment, the database server, the communication server and other equipment which are connected in the same Ethernet network are separated into different network units (namely networks included by the train control subnet and the train communication subnet) according to different functions, so that the isolation among the equipment is realized, and the diagnosis data transmission among the network units is controlled through the router and the first firewall in the three-layer interface switch in the network equipment network, so that the requirement on network security is met, the security of the Ethernet network is improved, and the Ethernet network is not easy to be invaded and attacked. For example, when transmitting the diagnostic data, the vehicle control apparatus transmits the diagnostic data to the database server through the network of network apparatuses, and the database server receives and saves the diagnostic data; and then the database server sends the diagnosis data to the communication server, and the communication server sends the diagnosis data to the ground equipment. In the process, the database server is used as a buffer area for data transmission, so that the effect of isolating the train control subnet and the train communication subnet is realized, and the safety of the Ethernet network is further improved. In addition, each carriage of the rail vehicle is internally provided with a switch which are connected with each other to form a ring topology structure of the Ethernet network, and the Ethernet network transmits data according to a ring redundancy protocol, so that the reliability requirement of network data transmission is met, and the reliability of data transmission of the Ethernet network is effectively improved.
Drawings
The drawings are only for purposes of illustrating and explaining the present application and are not to be construed as limiting the scope of the present application. Wherein the content of the first and second substances,
fig. 1 shows a schematic structural diagram of an ethernet network for diagnosing rail vehicles according to an embodiment of the present application;
FIG. 2 shows a schematic view of a rail vehicle of an embodiment of the present application;
FIG. 3 shows a schematic diagram of a ring topology of an Ethernet network for diagnosing rail vehicles according to an embodiment of the present application;
fig. 4 is a schematic diagram illustrating an application scenario of an ethernet network for diagnosing rail vehicles according to an embodiment of the present application.
Description of reference numerals:
10. a train control equipment network;
11. a vehicle control device;
20. a diagnostic database network;
30. a network of network devices;
31. a three-layer interface switch;
311. a router;
312. a first firewall;
313. a second firewall;
32. a two-layer management switch;
40. a communication server;
50. a vehicle antenna;
60. diagnosing a service port network;
71. a wireless antenna;
72. and (4) ground equipment.
Detailed Description
In order to more clearly understand the technical features, objects and effects of the embodiments of the present application, specific embodiments of the present application will be described with reference to the accompanying drawings.
Referring to fig. 1, a schematic structural diagram of an ethernet network for diagnosing rail vehicles according to an embodiment of the present application is shown. Switches are installed in each compartment of the railway vehicle, the switches are connected with each other to form a ring topology of the Ethernet network, and the Ethernet network transmits data according to a ring redundancy protocol. The Ethernet network comprises a train control subnet and a train communication subnet.
The train control sub-network includes a train control equipment network 10, a diagnostic database network 20, and a network equipment network 30. The train control device network 10 includes a plurality of vehicle control devices 11 installed in the cars of the rail vehicles and connected to ports of the switch, the plurality of vehicle control devices 11 communicating with each other; the diagnosis database network 20 comprises a plurality of database servers which are installed in the carriages of the railway vehicles and connected with ports of the switch, and the database servers are communicated with one another and used for receiving and storing diagnosis data sent by each vehicle control device 11 in the train control device network 10; the network of network devices 30 includes a plurality of switches and communication between the plurality of switches for transmitting diagnostic data stored by the diagnostic database network 20.
The train communication sub-network includes a communication server 40 and a vehicle antenna 50. A communication server 40 for receiving and transmitting said diagnostic data; the vehicle antenna 50 is mounted on the rail vehicle for transmitting the diagnostic data sent by the communication server 40 to the surface equipment 72.
The train control equipment network 10, the diagnosis database network 20, the network equipment network 30 and the communication server 40 are all connected to the router 311 and the first firewall 312 in the three-layer interface switch 31 included in the switch in a communication mode, and the communication among the train control equipment network 10, the diagnosis database network 20, the network equipment network 30 and the communication server 40 is all routed through the router 311 and the first firewall 312.
In the embodiment of the present application, the devices such as the vehicle control device 11, the network device, the database server, and the communication server 40 connected to the same ethernet network are separated into different network units (i.e., networks included in the train control subnet and the train communication subnet) according to different functions, so as to achieve isolation between the devices, and when diagnostic data is transmitted between the network units, the devices are controlled by the router 311 and the first firewall 312 in the three-layer interface switch 31 in the network device network 30, thereby satisfying the network security requirement, improving the security of the ethernet network, and making the ethernet network not easy to be invaded and attacked. For example, in transmitting the diagnostic data, the vehicle control apparatus 11 transmits the diagnostic data to the database server through the network device network 30, receives and saves the diagnostic data by the database server; the diagnostic data is then sent by the database server to the communication server 40 and sent by the communication server 40 to the surface equipment 72. In the process, the database server is used as a buffer area for data transmission, so that the effect of isolating the train control subnet and the train communication subnet is realized, and the safety of the Ethernet network is further improved. In addition, each carriage of the rail vehicle is internally provided with a switch which are connected with each other to form a ring topology structure of the Ethernet network, and the Ethernet network transmits data according to a ring redundancy protocol, so that the reliability requirement of network data transmission is met, and the reliability of data transmission of the Ethernet network is effectively improved.
In this embodiment, the rail vehicle diagnostic ethernet network is used to transmit rail vehicle control system diagnostic data to the diagnostic database server and the surface equipment 72 and to use these diagnostic data for equipment maintenance services of the rail vehicle. The diagnostic data may be, among others, status data, fault data, log data, and the like of the vehicle control apparatus 11.
In one particular implementation, as shown in FIG. 2, a rail vehicle includes a plurality of cars (i.e., cars 1-n shown in FIG. 2), each of which may have at least one vehicle control device 11 disposed therein. The diagnostic data of the rail vehicle can be acquired by the vehicle control device 11 provided on the car. The vehicle control device 11 includes, but is not limited to, terminal devices of a master train control system, such as: a central control unit, a brake control unit, a door control unit, an air conditioner control unit, a driver display, and the like.
In order to enable the vehicle control device 11, the database server, the communication server 40 and the like in the rail vehicle to realize safe and reliable communication, thereby ensuring the safety of the Ethernet network, at least two mutually redundant switches are installed in each carriage of the rail vehicle. Thus, the vehicle control equipment 11 and the like arranged on each carriage can be connected with the switch arranged on the carriage nearby, so that the wiring difficulty of the connection of the vehicle control equipment 11 is reduced, and the reliability of the connection is ensured. In addition, through all setting up two at least switches on every section carriage for the reliability of network increases, when arbitrary one switch broke down, and another switch that each other is redundant can use, thereby guarantees that the function can not become invalid. While the communication between the vehicle control device 11 and the database server is controlled and secured by the network device network 30, thereby securing the security of the entire ethernet network.
As shown in fig. 3, the network device network 30 formed by all the switch connections on the rail vehicle may be a ring topology, with the network device network 30 acting as a backbone of an ethernet network. Optionally, to ensure the security of the ethernet network and minimize the cost, all in-car installed switches of the rail vehicle include two three-level interface switches 31 that are redundant to each other and a plurality of two-level management switches 32. For example, a two-layer management switch 32 and a three-layer interface switch 31 are arranged on the first carriage and the last carriage of the rail vehicle, and two-layer management switches 32 are arranged on the middle carriage of the rail vehicle.
The three-layer interface switch 31 serves as an interface switch in the ethernet network, and the remaining two-layer management switch 32 serves as a management switch in the ethernet network. In order to enable two mutually redundant switches in any one car to be used normally, an appropriate ring Redundancy Protocol for Redundancy management, such as MRP (Medium Redundancy Protocol), is configured in the two-layer management switch 32.
MRP is a protocol for high availability networks that improves the availability of the network by enforcing redundancy. In particular, a virtual breakpoint is configured in a switch of an ethernet network of a rail vehicle having a ring topology. The virtual breakpoint is open when the ethernet network with ring topology of the rail vehicle is working properly. When the Ethernet network with the ring topology structure of the rail vehicle generates a physical breakpoint due to a fault, the virtual breakpoint is automatically closed so as to ensure that the Ethernet network with the ring topology structure of the rail vehicle works normally. Therefore, the annular redundancy protocol is used, so that not only is the network storm caused by network loop avoided, but also the reliability of data transmission of the Ethernet network with the annular topological structure of the railway vehicle can be effectively improved.
The third layer service on the three-layer interface switch 31 uses a Redundancy Protocol such as VRRP (Virtual Router Redundancy Protocol, Virtual Router 311 Redundancy Protocol) to generate a Virtual IP address for the three-layer interface switch 31, so that when one of the three-layer interface switches 31 fails, the other three-layer interface switch 31 can be automatically switched to, which can ensure that the function does not fail, thereby improving reliability.
For example, when there are two three-layer interface switches 31 in the ethernet network of the rail vehicle, the two three-layer interface switches 31 may be configured into one virtual routing device according to the VRRP protocol, the virtual routing device is used as a default gateway of the ethernet network of the rail vehicle, and a unique fixed IP address and a unique physical address are provided for the virtual routing device. Only one of the two three-layer interface switches 31 constituting the virtual routing device is used as a master routing device (a master device for short) to transmit an ethernet data frame on behalf of the virtual routing device, and the other three-layer interface switch 31 is used as a backup routing device (a backup device for short). The standby equipment monitors the state of the main equipment at any time and is switched from the standby state to the main state according to the requirement. When the main device works normally, a heartbeat broadcast frame is sent to inform the standby device that the main operation device is in a normal working state at the moment. And if the standby equipment does not receive the heartbeat broadcast frame from the main equipment for a long time, switching the standby equipment from the standby state to the main state. Therefore, the reliability of data transmission of the Ethernet network of the rail vehicle can be effectively improved. It should be understood that the above description is only exemplary, and the embodiments of the present application are not limited in this respect.
Preferably, since the communication between the different network elements in the ethernet network is implemented via the network device network 30 and is controlled and secured by the network device network 30, the ethernet network strictly complies with the IEEE802.3 standard and does not allow proprietary modifications in order to ensure the security of the ethernet network as a whole. The switch and the vehicle control device 11 etc. comply with the ethernet network requirements in IEC 61375-3-4.
In a specific implementation, as shown in fig. 4, the three-layer interface switch 31 is deployed with a router 311 and a first firewall 312. The router 311 and the first firewall 312 may be separate hardware and installed in the three-layer interface switch 31; alternatively, the function of the router 311 and the function of the first firewall 312 are integrated directly in the three-layer interface switch 31.
Of course, in other embodiments, the three-level interface switch 31 may be used to implement routing functions, and the functions of the first firewall 312 may be implemented by separate hardware independent of the three-level interface switch 31.
In this way, devices with the same function are in the same network element (i.e. virtual local area network), and devices with different functions are isolated by different network elements, while the security of communication across network elements is ensured by the router 311 and the first firewall 312. Therefore, the routing function and the firewall function are realized, the integration level is high, and the cost can be effectively reduced.
One possible way to assign devices of the same function to the same network element is for example: ports in the switch connected to devices of the same function are allocated to the same virtual local area network.
For example, ports connected to the vehicle control devices 11 in the switches are assigned to a virtual local area network 10 (referred to as VLAN 10), and the virtual local area network 10 is the train control device network 10. Because the broadcast frame sent by the vehicle control device 11 in the virtual local area network has the tag of the located virtual local area network, and the broadcast frame with the tag of the virtual local area network can only be forwarded in the virtual local area network, the devices in the virtual local area network can access each other, but cannot be accessed by the devices outside the virtual local area network at will, thereby ensuring the security.
Similarly, ports in the switch that are connected to multiple database servers are assigned to the same virtual local area network 20 (referred to as VLAN 20), and the virtual local area network 20 is the diagnostic database network 20.
Ports of the switches connected to other switches are assigned to the same virtual local area network 30 (referred to as VLAN 30), and the virtual local area network 30 is the network device network 30. In this way, devices with different functions belong to different network units (i.e. different virtual local area networks), so that isolation between the devices is realized.
Of course, in other embodiments, the multiple switches may also adopt other suitable connection manners, so that the devices with different functions are connected in different, physically isolated local area networks, which is not limited in this embodiment.
By configuring the router 311 and the first firewall 312 in the three-layer interface switch 31, it is ensured that all communication across network elements (e.g., across a virtual local area network) is controlled by the router 311 and the first firewall 312 of the three-layer interface switch 31, thereby satisfying network security requirements.
For example, the address data of the ethernet data frame may be a source IP address and a destination IP address of the ethernet data frame. The first firewall 312 matches the source IP address, the protocol port number, and the destination IP address, the protocol port number of the ethernet data frame with the source IP address, the protocol port number, and the destination IP address, the protocol port number paired in the preconfigured white list rule, if the source IP address, the protocol port number, and the destination IP address, the protocol port number of the ethernet data frame are the same as the source IP address, the protocol port number, and the destination IP address, the protocol port number paired in the preconfigured white list rule, the ethernet data frame can be sent to the destination IP address of the ethernet data frame, if the source IP address, the protocol port number, and the destination IP address, the protocol port number of the ethernet data frame are different from the source IP address, the protocol port number, and the destination IP address, the protocol port number paired in the preconfigured white list rule, the ethernet data frame cannot be sent to the destination IP address of the ethernet data frame, thereby controlling communication between the different network elements through the first firewall 312. As described in the above example, in order to enhance security, it is generally set that a white list is used together with an IP address of a device and a port number of a transport protocol. Each white list rule is one-way transmission, and two transmission rules of positive and negative are needed for two-way data transmission.
As another example, the identification of the ethernet data frame may be a virtual local area network identification of the ethernet data frame. The first firewall 312 matches the vlan id of the ethernet data frame with the vlan id in the preconfigured white list rule, and if the vlan id of the ethernet data frame is the same as the vlan id in the preconfigured white list rule, the ethernet data frame may be sent to a corresponding vlan, and if the vlan id of the ethernet data frame is different from the vlan id in the preconfigured white list rule, the ethernet data frame may not be sent to the corresponding vlan, so that the first firewall 312 controls communication between different network units. As described in the above example, the vlan id is usually set using a white list in order to enhance security. Each white list rule is one-way transmission, and two transmission rules of positive and negative are needed for two-way data transmission.
Because the number of the three-layer interface switches 31 is two, the number of the first firewall in the train control sub-network is also two, so that two redundant first firewalls 312 are deployed in the train control sub-network to control the ethernet network communication, and the safety of the communication is ensured.
In one particular example, the device redundancy protocol may be a protocol related to a hot standby redundancy function that is set. When two first firewalls 312 are arranged in the ethernet network of the rail vehicle, the two first firewalls 312 are both set with fixed physical IP addresses, and one virtual firewall IP address generated by using the network equipment redundancy protocol is used as a unique IP address used externally. Only one first firewall 312 of the two first firewalls 312 forming the virtual firewall serves as an active firewall to guarantee the security of data transmission of the ethernet network of the rail vehicle on behalf of the virtual firewall, and the other first firewall 312 serves as a standby firewall. The virtual IP addresses of these two redundant first firewalls 312 point only to the physical IP address of the first firewall 312 in the active state. The standby firewall monitors the state of the main firewall at any time and switches from the standby state to the main state according to the requirement. When the main firewall works normally, a heartbeat broadcast frame is sent to inform the standby firewall that the main firewall is in a normal working state at the moment. And if the standby firewall does not receive the heartbeat broadcast frame from the main firewall for a long time, switching the standby firewall from the standby state to the main state. Therefore, the safety of data transmission of the Ethernet network of the rail vehicle can be effectively ensured. It should be understood that the above description is only exemplary, and the embodiments of the present application are not limited in this respect.
In this embodiment, the three-layer interface switch 31 is configured with an access port of the network device network 30, configuration data and a management page for accessing the switch in the network device network 30. Therefore, any device in other virtual local area networks can not change the configuration in the switch, thereby avoiding the external device from invading the Ethernet network to change the Ethernet network and ensuring the security of the Ethernet network.
Optionally, the train control subnet further comprises: a diagnostic service port network 60, the diagnostic service port network 60 including a service port installed in the cab of the rail vehicle and connected to a port of the switch, and a maintenance computer for connecting to the ethernet network. Through the diagnostics service port network 60, it may be used to temporarily connect maintenance computers for emergency maintenance of the ethernet network.
In one implementation, the diagnostic service port network 60 includes two service ports 61 in each cab, and all maintenance data will be routed through the three-level interface switch 31 of the train control subnet and secured through the first firewall 312.
Optionally, to improve security, the maintenance computer may be authenticated. Authentication of the maintenance computer connected to the service port is provided in the first firewall 312. In other words, the authentication may be set in the configuration of the first firewall 312 of the three-layer interface switch 31.
Optionally, communication between the train control equipment network 10, the diagnostic database network 20, the network equipment network 30, the communication server 40, and the diagnostic service port network 60 is controlled by the router 311 and the first firewall 312 in the three-layer interface switch 31. Thereby, the communication between the train control equipment network 10, the diagnostic database network 20, the network equipment network 30, the communication server 40, and the diagnostic service port network 60 is controlled by the router 311 of the three-layer interface switch 31 and the first firewall 312, and the network security requirement can be ensured.
Optionally, each layer two management switch 32 of the plurality of layer two management switches 32 is configured with ports of at least one of the following networks: a train control equipment network 10, a diagnostic database network 20, the network equipment network 30, a diagnostic service port network 60. Thereby, the devices such as the vehicle control device 11, the network device, the database server, the communication server 40, and the like connected in the same ethernet network are separated into different network elements (i.e., networks included in the train control subnet and the train communication subnet) according to the function difference, thereby achieving isolation between the devices.
In this embodiment, the train communications sub-network is used to transmit diagnostic data received from the database server to the surface equipment 72. In order to ensure the data transmission safety of the train communication sub-network, the train communication sub-network further comprises: and a second firewall 313 disposed between the communication server 40 and the vehicle antenna 50 for controlling communication between the communication server 40 and the ground equipment 72.
In the present embodiment, the number of the second firewalls 313 is two, and the two second firewalls 313 each support the device redundancy protocol to enable secure and reliable control of the external communication between the communication server 40 and the ground device 72. Since the ground device 72 and the network in which it is located do not relate to the improvement point of the present application, they will not be described in detail.
In this embodiment, the database server, the communication server 40 and the second firewall 313 are assigned to a communication network, which may be a virtual local area network, for ethernet communication between the database server and the communication server 40 (or the second firewall 313).
Optionally, the router 311 routes the data streams of the train control equipment network 10, the diagnostic database network 20, the network equipment network 30, the communication server 40, and the diagnostic service port network 60 according to traffic priority. The identification of the data priority and the adjustment of the processing sequence are realized by adding a priority label to each frame of data sent by the train control equipment network 10, the diagnosis database network 20, the network equipment network 30, the communication server 40 and the diagnosis service port network 60, thereby ensuring that the work of the Ethernet network is more efficient. In the switch, when processing a data stream, higher priority data is allowed to be processed in preference to lower priority data. In one implementation, QoS (quality of service) settings may be made for each network element (e.g., train control equipment network 10, diagnostic database network 20, network equipment network 30, communication server 40, and diagnostic service port network 60, etc.) to ensure reliable communication of high priority data in the event of network congestion.
In summary, the first firewall 312 may be used to control network communications between the train control equipment network 10, the network equipment network 30, the diagnostic database network 20, the diagnostic service port network 60, and the communication network, so as to ensure network security thereof. That is, two redundant first firewalls 312 are deployed in the train control subnet to control ethernet communications.
The second firewall 313 is used to control external communication between the control communication server 40 and the ground device 72, thereby ensuring security thereof. That is, two redundant second firewalls 313 are deployed in the train communication sub-network to control the external ethernet interface of the train control sub-network to ensure its security.
The overall transmission process of the diagnostic data in the ethernet network is as follows:
the vehicle control apparatus 11 transmits the diagnostic data to the database server through the three-layer interface switch 31. The database server stores the diagnostic data and transmits the diagnostic data to the ground device 72 through the router 311 and the first firewall 312, the communication server 40, the second firewall 313, the vehicle antenna 50 (which is the wireless antenna 71) disposed in the three-layer interface switch 31 in the vehicle control subnet, and the ground device 72 receives the diagnostic data through the wireless communication and the trackside wireless antenna 71. All vehicle diagnostic data exchanges are controlled by the ethernet network.
All data exchange of the diagnostic data is performed between the database server and the ground device 72 as a buffer, and the security of communication is ensured through the router 311 and the first firewall 312 in the train control subnet.
Configuration access of the network device is only available in the network of network devices 30, so that no device in the other network elements can alter the configuration of the network device.
The switches of the ethernet network are connected in a ring topology. Two three-layer interface switches 31 are arranged on each row of railway vehicles, and the rest are two-layer management switches, so that redundancy can be realized, the safety can be ensured, the cost can be saved, and the problem of overhigh cost caused by the arrangement of too many three-layer interface switches 31 is solved.
Isolation is performed by distributing devices of different functions among different local area networks. The router 311 and the first firewall 312 in the three-layer interface switch 31 are used for controlling all cross-local area network communication, and the network security requirement is met.
According to a second aspect of embodiments of the present application, there is provided a rail vehicle arranged with an ethernet network for diagnosing rail vehicles according to any of the above. The rail vehicle has an Ethernet network with high security, is not easy to invade and attack.
It should be understood that although the present description has been described in terms of various embodiments, not every embodiment includes only a single embodiment, and such description is for clarity purposes only, and those skilled in the art will recognize that the embodiments described herein may be combined as suitable to form other embodiments, as will be appreciated by those skilled in the art.
The above description is only an exemplary embodiment of the present disclosure, and is not intended to limit the scope of the present disclosure. Any person skilled in the art should be able to make equivalent changes, modifications and combinations without departing from the concept and principle of the embodiments of the present application.

Claims (12)

1. An ethernet network for diagnosing rail vehicles, wherein each car of the rail vehicles is installed with switches, the switches are connected with each other to form a ring topology of the ethernet network, and the ethernet network transmits data according to a ring redundancy protocol, the ethernet network comprising:
a train control subnet, the train control subnet comprising:
a train control device network (10), the train control device network (10) including a plurality of vehicle control devices (11) installed in a car of the rail vehicle and connected to ports of the switch, the plurality of vehicle control devices (11) communicating with each other;
a diagnostic database network (20), wherein the diagnostic database network (20) comprises a plurality of database servers which are installed in the carriages of the railway vehicles and connected with ports of the switch, and the database servers are communicated with one another and used for receiving and storing diagnostic data sent by each vehicle control device (11) in the train control device network (10);
a network of network devices (30), said network of network devices (30) including a plurality of said switches and communicating between a plurality of said switches for transmitting said diagnostic data held by said diagnostic database network (20); a train communication subnet, the train communication subnet comprising:
a communication server (40) for receiving and transmitting said diagnostic data;
a vehicle antenna (50), the vehicle antenna (50) being mounted on the rail vehicle for transmitting the diagnostic data sent by the communication server (40) to a ground device (72);
wherein the train control equipment network (10), the diagnostic database network (20), the network equipment network (30) and the communication server (40) are all communicatively connected to a router (311) and a first firewall (312) in a three-layer interface switch (31) comprised by the switch, and communications between the train control equipment network (10), the diagnostic database network (20), the network equipment network (30) and the communication server (40) are all routed through the router (311) and the first firewall (312).
2. Ethernet network for diagnosing rail vehicles according to claim 1, characterized in that at least two said switches redundant to each other are installed in each car of said rail vehicle, said switches installed in all cars of said rail vehicle comprising two said three-level interface switches (31) redundant to each other and a plurality of two-level management switches (32).
3. Ethernet network for diagnosing rail vehicles according to claim 1, characterized in that the number of said first firewalls (312) is two and both said first firewalls (312) support the equipment redundancy protocol.
4. The ethernet network for diagnosing rail vehicles according to claim 2, wherein said train communication sub-network further comprises:
a second firewall (313) disposed between the communication server (40) and the vehicle antenna (50) for controlling communication between the communication server (40) and the ground-based device (72).
5. Ethernet network for rail vehicle diagnostics according to claim 4 wherein the number of said second firewalls (313) is two and both of said second firewalls (313) support the equipment redundancy protocol.
6. The ethernet network for diagnosing rail vehicles of claim 5, wherein said train control subnet further comprises:
a diagnostic service port network (60), said diagnostic service port network (60) including service ports installed in the cab of said rail vehicle and connected to ports of said switch, a maintenance computer for connecting to said Ethernet network.
7. Ethernet network for rail vehicle diagnostics according to claim 6 wherein the communication between the train control equipment network (10), the diagnostics database network (20), the network equipment network (30), the communication server (40) and the diagnostics service port network (60) is controlled by a router (311) and a first firewall (312) in the three-layer interface switch (31).
8. The ethernet network for diagnosing rail vehicles according to claim 6, wherein each two-tier management switch (32) of the plurality of two-tier management switches (32) is configured with ports of at least one of the following networks:
the train control equipment network (10), the diagnostic database network (20), the network equipment network (30), the diagnostic service port network (60).
9. Ethernet network for diagnosing rail vehicles according to claim 1, characterized in that the three-layer interface switch (31) is configured with access ports of the network of network devices (30), the access ports of the network of network devices (30) being used for accessing configuration data and management pages of the switches in the network of network devices (30).
10. Ethernet network for rail vehicle diagnostics according to claim 6 wherein authentication of the maintenance computer connected to the service port is provided in the first firewall (312).
11. Ethernet network for rail vehicle diagnostics according to claim 6 wherein the router (311) routes data flows of the train control equipment network (10), the diagnostics database network (20), the network equipment network (30), the communication server (40), and the diagnostics service port network (60) according to traffic priority.
12. A rail vehicle, characterized in that the rail vehicle is arranged with an ethernet network for diagnosing rail vehicles according to any of claims 1-11.
CN202022125436.7U 2020-09-24 2020-09-24 Ethernet network for diagnosing rail vehicle and rail vehicle Active CN213213516U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202022125436.7U CN213213516U (en) 2020-09-24 2020-09-24 Ethernet network for diagnosing rail vehicle and rail vehicle

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202022125436.7U CN213213516U (en) 2020-09-24 2020-09-24 Ethernet network for diagnosing rail vehicle and rail vehicle

Publications (1)

Publication Number Publication Date
CN213213516U true CN213213516U (en) 2021-05-14

Family

ID=75822477

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202022125436.7U Active CN213213516U (en) 2020-09-24 2020-09-24 Ethernet network for diagnosing rail vehicle and rail vehicle

Country Status (1)

Country Link
CN (1) CN213213516U (en)

Similar Documents

Publication Publication Date Title
RU2653261C1 (en) Architecture of broadband communication network, unified train management network and train service network, and method of communication with its application
KR100660242B1 (en) Local area network with wireless client freedom of movement
US9686126B2 (en) Automotive neural network
US7941837B1 (en) Layer two firewall with active-active high availability support
CN101257490B (en) Method and device for processing packet under fireproof wall side road mode
WO2015180445A1 (en) Train network control system
US20040008694A1 (en) Method for implementing router interface backup with virtual router redundancy protocol
WO2009000544A1 (en) Communication system for transferring communication information within a railway train
WO2019242492A1 (en) Vehicle-mounted network system and communication method thereof
US20030069990A1 (en) Router discovery protocol on a mobile internet protocol based network
WO2001039438A9 (en) Network architecture and call processing system
WO2018061362A1 (en) Gateway, in-vehicle communication system, communication control method and communication control program
US7844312B2 (en) System for accessing information and for communication in a vehicle having a plurality of coupled units
CN113259235B (en) IPv 6-based dual-active route redundancy method and system
WO2021184482A1 (en) Network system for rail train, and rail train
WO2004107638A2 (en) Improved wireless network cell controller
CN213213516U (en) Ethernet network for diagnosing rail vehicle and rail vehicle
JP4809758B2 (en) Network relay device and method for controlling network relay device
EP2875674A1 (en) Intra-train network management system
US6781953B1 (en) Broadcast protocol for local area networks
EP2239709B1 (en) Methods, apparatus and systems for accessing vehicle operational data using an intelligent network router
US20060098665A1 (en) Systems and methods for communicating with bi-nodal network elements
CN111510494A (en) Vehicle-mounted network security architecture and implementation method
US20180013671A1 (en) Embedded communications network of a vehicle
EP1423949A2 (en) Router discovery protocol on a mobile internet protocol based network

Legal Events

Date Code Title Description
GR01 Patent grant
GR01 Patent grant