CN2896709Y - Kilomega-digit network fire-retardant-wall device - Google Patents
Kilomega-digit network fire-retardant-wall device Download PDFInfo
- Publication number
- CN2896709Y CN2896709Y CN 200620069217 CN200620069217U CN2896709Y CN 2896709 Y CN2896709 Y CN 2896709Y CN 200620069217 CN200620069217 CN 200620069217 CN 200620069217 U CN200620069217 U CN 200620069217U CN 2896709 Y CN2896709 Y CN 2896709Y
- Authority
- CN
- China
- Prior art keywords
- pci
- bus
- interface
- chip
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The model utility relates a billibit network firewall device and belongs to the technical art of data communication. The device includes: a CPU with PCI X or PCI E bus (1), a memory (2), a secondary power module (3), a clock circuit (4), a CF card interface or an IDE interface (5), a programmable electronic logic circuit (6), a FLASH chip (7), a billibit net card chip (8, 9, 10 and 11) and a net interface (1, 2, 13,1 4 and 15), the memory (2), programmable electronic logic circuit (6) and FLASH chips (7) is connected by a bus and create CF card interface or IDE interface by programmable electronic logic circuit (6); the said billibit net card chip is connected with CPU (1) through PCI X bus or PCI E bus; billibit net card chip is separately connected with net interfaces. The model utility makes real processing capacities of each of net card up to full duplex billibits, which improves processing capacities of firewall while improve the safety of firewall equipments so as to significantly reduce the power consumption.
Description
Technical field:
The utility model relates to a kind of network information security equipment, is specially a kind of giga-bit network firewall box.Belong to the data communication technology field.
Background technology:
Network firewall is a kind of senior access control apparatus, it is the combination that places a series of parts between the heterogeneous networks security domain, be unique passage of communication stream between the heterogeneous networks security domain, the visit behavior of safety policy control that can be relevant (allow, refuse, monitor, write down) turnover network according to enterprise.Firewall box typical case in network use as shown in Figure 1, and firewall box generally is provided with outer network interface, interior network interface, DMZ interface, and special occasions also needs a plurality of outer network interfaces or DMZ interface or interior network interface.
The gigabit firewall of Xiao Shouing in the market, except that high-end processor Network Based (NP) or special-purpose asic chip fire compartment wall, limited by hardware configuration, most of gigabit firewall devices its communication speed in theory do not reach the disposal ability of gigabit full duplex at all.Because along with the enhancing of CPU disposal ability, communication speed major technique bottleneck is that this bus speed does not reach required bandwidth 2 G of gigabit full duplex on the bus between CPU and the network card chip.The CPU of most of gigabit firewall is connected 32 or 64 the pci bus standards of adopting with network card chip.On 32 pci buss, overall rate can only reach the disposal ability of 1G bit each second in theory, therefore adopt the gigabit firewall of 32 pci buss, under the situation of having only a network interface card, only to reach the single worker's speed of gigabit, can not reach the disposal ability of gigabit full duplex speed in theory; 64 pci buss are operated under the 66MHz frequency, can reach the disposal ability of 4G bit in theory, but can only support maximum two PCI-Express this moment, realize the gigabit full-duplex communication.
The central processing unit of the firewall box of main flow is based on the CPU of X86 framework mostly in the market, for example Intel PIII, Intel P4 etc., the CPU of X86 framework belongs to sophisticated vocabulary CPU, the ordering calculation efficient of CPU is low, a common clock cycle can only be calculated an instruction, and the power consumption height, generally more than 50W, have in addition surpass 100W.The instruction set of X86 framework is known by the public in addition, so this firewall box is subjected to the attack on the automatic network easily, the probability that is broken is higher.
The PCI-X bus works under the 66MHz frequency, can reach the disposal ability of 4G bit in theory, can support 4 PCI-Express.In the structure that adopts the PCI-E bus, though be referred to as bus, be actually a kind of connection of point-to-point, each equipment is the unnecessary shared bandwidth by special-purpose a connection all.A typical PCI-E connection uses two LVDS (low-voltage differential signal) right, and a pair of being used for sends, and a pair of being used for receives.In this structure, there is not sideband signals.A PCI-E passage transmits data and uses the 8b/10b coding with 2.5Gb/s simultaneously in each direction.At present number of C PU suitable powerful and power consumption on operational capability is very low, the PowerPC high-performance CPU that produces of Motorola Inc. for example, belong to reduced instruction set computer CPU, each clock cycle can be carried out the instruction more than two, ordering calculation efficient is higher, the instruction of PowerPC is known by the public unlike X86 in addition, adopt this class to have the CPU of the embedded type CPU of PCI-X or PCI-E bus as fire compartment wall, can strengthen the fail safe of firewall box, simultaneously, the power consumption of this class CPU is quite low, be usually less than 15W, adopt this CPU can effectively reduce energy resource consumption, reduce device heating, improve the reliability of complete machine.
Summary of the invention:
The purpose of this utility model is to overcome above-mentioned deficiency, a kind of giga-bit network firewall box is provided, make the true disposal ability of each network interface card reach full duplex gigabit position in theory, when improving the firewall box disposal ability, strengthen the fail safe of firewall box, reduce power consumption widely.
The purpose of this utility model is achieved in that a kind of giga-bit network firewall box, it is characterized in that it comprises: CPU with PCI-X or PCI-E bus, internal memory, secondary power supply module, clock circuit, CF card or ide interface, programmable electronic logical circuit, FLASH chip, PCI-Express chip and network interface, adopt the internal bus mode to be connected between described and internal memory, programmable electronic logical circuit, the FLASH chip, generate CF card or ide interface by the programmable electronic logical circuit; Described PCI-Express chip links to each other with CPU by PCI-X bus or PCI-E bus; The PCI-Express chip links to each other with network interface respectively.Network interface is copper cash electrical interface or optical fiber interface or copper cash optical fiber compatibility interface.
A kind of giga-bit network firewall box of the utility model, the MPC8540 that described CPU with PCI-X bus adopts Motorola Inc. to produce; Internal memory adopts the memory bar of DDR512M; The programmable electronic logical circuit has the interface of compatible CF card or IDE compatibility; The two-way network card chip Intel82546 that the PCI-Express chip adopts two Intel Companies to produce, two Intel82546 link to each other with MPC8540 by the PCI-X bus.
A kind of giga-bit network firewall box of the utility model, MPC8547, MPC8548 that described CPU with PCI-E bus adopts Motorola Inc. to produce; Internal memory adopts the memory bar of DDR 512M; The programmable electronic logical circuit has the interface of compatible CF card or IDE compatibility; The PCI-Express chip all adopts the BCM5789 or the BCM5751 of four Broadcom companies; The BCM5789 of four Broadcom companies or BCM5751 link to each other with MPC8540 by the PCI-E bus.
The utility model provides a kind of novel giga-bit network firewall box, because adopted advanced PCI-X or PCI-E bus, make four kilomegabit network interface cards of firewall box reach the disposal ability of kilomegabit in theory, improving the firewall box disposal ability.Because adopted the CPU of non-x86 framework, use the CPU of PowerPC framework again, instruction set is not known by general public, has strengthened the fail safe of the network equipment, has reduced power consumption greatly, has saved the energy.
Description of drawings:
Fig. 1 is a circuit logic diagram of the present utility model.
Fig. 2 is a kind of typical embodiment of the present utility model.
Embodiment:
Referring to Fig. 1, the utility model giga-bit network firewall box is made up of CPU1, internal memory 2, secondary power supply module 3, clock circuit 4, CF card or ide interface 5, programmable electronic logical circuit 6, FLASH chip 7, four 8,9,10,11 and four network interfaces 12,13,14,15 of PCI-Express chip.Described 1 with internal memory 2, programmable electronic logical circuit 6 and FLASH chip 7 between adopt the internal bus mode to be connected, generate CF card or ide interfaces by programmable electronic logical circuit 6.Described four PCI-Express chips 8,9,10 link to each other with CPU1 by PCI-X bus or PCI-E bus with 11.Described four PCI-Express chips 8,9,10 link to each other with 15 with four network interfaces 12,13,14 respectively with 11.Described secondary power supply module 3 provides required DC power supply for entire equipment.Described clock circuit 4 provides clock for whole veneer.
Described CPU1 with PCI-X or PCI-E bus, the necessary connected mode of supporting PCI-X or PCI-E bus.
Described four PCI-Express chips 8,9,10 and 11 must be supported the connected mode of PCI-X bus or PCI-E bus.
Described four network interfaces 12,13,14 and 15 can be copper cash electrical interface or optical fiber interface or copper cash optical fiber compatibility interface.
Referring to Fig. 2, Figure 2 shows that a kind of typical embodiment of the present utility model.The MPC8540 that the CPU1 with PCI-X or PCI-E bus of described giga-bit network firewall box adopts Motorola Inc. to produce; Internal memory 2 adopts the memory bar of DDR 512M; Secondary power supply module 3 adopts 12V and 3.3V two-way input mode, and the output of 3.3V, 1.25V, 2V and four kinds of magnitudes of voltage of 2.5V is provided; Clock circuit 4 provides clock for CPU; The interface 5 of compatible CF (Compact Flash) card or IDE compatibility is provided by programmable electronic logical circuit 6 (CPLD); Plate carries 8MFLASH chip 7; Four two-way network card chip Intel82546 that PCI-Express chip 8,9,10,11 all adopts two Intel Companies to produce, this network card chip is equivalent to the PCI-Express Chip Packaging of two single channel in a chip; Provide 3 RJ45 interfaces, the SFP interface of a copper cash optical fiber compatibility.
Adopt internal bus (LOCAL BUS) mode of CPU to be connected between MPC8540 and internal memory, programmable electronic logical circuit, the FLASH chip; Two Intel82546 link to each other three RJ45 interfaces, the SFP interface of a copper cash optical fiber compatibility by the PCI-X bus with MPC8540.
The technical scheme that provides according to the utility model, can also adopt the PCI-E bus mode in the specific implementation, can further improve the bandwidth of access to netwoks, when adopting the PCI-E bus, can replace MPC8540 with MPC8547 or the MPC8548 that Motorola Inc. produces, can replace Intel82546 with the PCI-Express chip of supporting the PCI-E bus, for example select the BCM5789 or the BCM5751 of Broadcom company for use.
Claims (4)
1, a kind of giga-bit network firewall box, it is characterized in that it comprises: CPU (1) with PCI-X or PCI-E bus, internal memory (2), secondary power supply module (3), clock circuit (4), CF card or ide interface (5), programmable electronic logical circuit (6), FLASH chip (7), PCI-Express chip (8,9,10,11) and network interface (12,13,14,15), described (1) and internal memory (2), programmable electronic logical circuit (6), adopt the internal bus mode to connect between the FLASH chip (7), generate CF card or ide interface (5) by programmable electronic logical circuit (6); Described PCI-Express chip (8,9,10,11) links to each other with CPU (1) by PCI-X bus or PCI-E bus; PCI-Express chip (8,9,10,11) links to each other with network interface (12,13,14,15) respectively.
2, a kind of giga-bit network firewall box according to claim 1 is characterized in that: described network interface (12,13,14,15) is copper cash electrical interface or optical fiber interface or copper cash optical fiber compatibility interface.
3, a kind of giga-bit network firewall box according to claim 1 and 2 is characterized in that: the MPC8540 that the CPU of the described PCI-X of having bus (1) adopts Motorola Inc. to produce; Internal memory (2) adopts the memory bar of DDR 512M; Programmable electronic logical circuit (6) has the interface (5) of compatible CF card or IDE compatibility; The two-way network card chip Intel82546 that PCI-Express chip (8,9,10,11) adopts two Intel Companies to produce, two Intel82546 link to each other with MPC8540 by the PCI-X bus.
4, a kind of giga-bit network firewall box according to claim 1 and 2 is characterized in that: MPC8547, MPC8548 that the CPU of the described PCI-E of having bus (1) adopts Motorola Inc. to produce; Internal memory (2) adopts the memory bar of DDR 512M; Programmable electronic logical circuit (6) has the interface (5) of compatible CF card or IDE compatibility; PCI-Express chip (8,9,10,11) all adopts the BCM5789 or the BCM5751 of four Broadcom companies; The BCM5789 of four Broadcom companies or BCM5751 link to each other with MPC8540 by the PCI-E bus.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200620069217 CN2896709Y (en) | 2006-02-10 | 2006-02-10 | Kilomega-digit network fire-retardant-wall device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200620069217 CN2896709Y (en) | 2006-02-10 | 2006-02-10 | Kilomega-digit network fire-retardant-wall device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN2896709Y true CN2896709Y (en) | 2007-05-02 |
Family
ID=38066281
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200620069217 Expired - Fee Related CN2896709Y (en) | 2006-02-10 | 2006-02-10 | Kilomega-digit network fire-retardant-wall device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN2896709Y (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114553543A (en) * | 2022-02-23 | 2022-05-27 | 安天科技集团股份有限公司 | Network attack detection method, hardware chip and electronic equipment |
-
2006
- 2006-02-10 CN CN 200620069217 patent/CN2896709Y/en not_active Expired - Fee Related
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114553543A (en) * | 2022-02-23 | 2022-05-27 | 安天科技集团股份有限公司 | Network attack detection method, hardware chip and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN207408936U (en) | A kind of multiplex roles PCIE device adapter | |
| CN101840387A (en) | USB (Universal Serial Bus) Key device and method for realizing smart card communications using USB interface | |
| CN103220040A (en) | Method and system for switching state of embedded optical port BYPASS | |
| Ran et al. | The design of communication convertor based on CAN bus | |
| CN2896709Y (en) | Kilomega-digit network fire-retardant-wall device | |
| CN205004841U (en) | Intelligence substation equipment and data transmission system thereof | |
| CN209030246U (en) | A kind of modular switch of multiport flexibly configurable POE | |
| CN202406141U (en) | Fire wall | |
| KR200443148Y1 (en) | Network expansion apparatus utilizing a high speed cable | |
| CN208384572U (en) | A kind of Computer Data Security protective device | |
| CN209017058U (en) | The master control borad and MMC Control protection system of MMC Control protection system | |
| CN206892854U (en) | A kind of mainboard of raising PCIE data channel utilization rates | |
| CN103634237B (en) | Micro telecommunication computing architecture Shelf Management Controller | |
| CN203645704U (en) | Card type network management switch of CPCI bus | |
| CN202713340U (en) | Mdu | |
| CN111984583A (en) | Master control device suitable for VPX framework server | |
| CN110502070A (en) | Node mainboard device suitable for super integration rack | |
| CN104065543A (en) | Network card drive design method based on data transmission management | |
| CN201750410U (en) | Safety information transmitting system among WBS (work breakdown structure)-C stations applied to directional circuit | |
| CN205210761U (en) | CPEX industrial control computer mainboard based on explain majestic nest plate | |
| CN210324195U (en) | CPCI-E industrial control computer mainboard based on Shenwei 121 processor | |
| CN205193686U (en) | Computing equipment | |
| CN202583799U (en) | Hot-plug master programmable logic controller (PLC) | |
| CN2768328Y (en) | Network safety apparatus | |
| CN216795016U (en) | Safety monitoring device suitable for industrial control network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of utility model: Kilomega-digit network fire-retardant-wall device Effective date of registration: 20120229 Granted publication date: 20070502 Pledgee: Jiangyin Jiangsu rural commercial bank Limited by Share Ltd fortress branch Pledgor: Jiangsu Huali Network Engineering Co., Ltd. Registration number: 2012990000072 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20130114 Granted publication date: 20070502 Pledgee: Jiangyin Jiangsu rural commercial bank Limited by Share Ltd fortress branch Pledgor: Jiangsu Huali Network Engineering Co., Ltd. Registration number: 2012990000072 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of utility model: Kilomega-digit network fire-retardant-wall device Effective date of registration: 20130114 Granted publication date: 20070502 Pledgee: Jiangyin Jiangsu rural commercial bank Limited by Share Ltd fortress branch Pledgor: Jiangsu Huali Network Engineering Co., Ltd. Registration number: 2013990000032 |
|
| PLDC | Enforcement, change and cancellation of contracts on pledge of patent right or utility model | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20150107 Granted publication date: 20070502 Pledgee: Jiangyin Jiangsu rural commercial bank Limited by Share Ltd fortress branch Pledgor: Jiangsu Huali Network Engineering Co., Ltd. Registration number: 2013990000032 |
|
| PLDC | Enforcement, change and cancellation of contracts on pledge of patent right or utility model | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070502 Termination date: 20150210 |
|
| EXPY | Termination of patent right or utility model |