JP2020099034A - Communications system - Google Patents

Abstract

To provide a communication system capable of dynamically setting a control path when a configuration is changed.SOLUTION: A communication system includes: a relay unit 22 for relaying communication between a control device such as a first ECU 40 and a device to be controlled of the control device according to a routing map set in a static RMAP 26; and an RMAP management unit 24 for dynamically setting a routing map where the relay unit 22 relays communication between an additional ECU 44 and the device to be controlled by the additional ECU 44 if a communication load on the additional ECU 44 is within a specified allowable load if information including a CANID of each of the additional ECU 44 extracted from a relay request sent from a newly implemented additional ECU 44 and the device to be controlled by the additional ECU 44 does not exist in existing relay information, sending a request response to the additional ECU 44 indicating that it can be relayed, and sending a request response to the additional ECU 44 indicating that it is not possible to relay if a communication load on the additional ECU 44 exceeds a specified allowable load.SELECTED DRAWING: Figure 1

Description

The present invention relates to a communication system related to communication between in-vehicle devices.

Various control devices (ECU: Electronic Control Unit) are mounted on a vehicle. However, when a new function is added to a sold vehicle, an additional ECU may be newly provided. FIG. 7 is a block diagram showing an example of a vehicle-mounted communication system 300 in which an additional ECU 64 is mounted in addition to the existing first ECU 60 and second ECU 62.

The communication system 300 illustrated in FIG. 7 uses CAN (Controller Area Network) as a communication protocol, and the first ECU 60, the second ECU 62, the additional ECU 64, and the CAN gateway (hereinafter, abbreviated as “CAN-GW”) 50 are bus-based. 66 are connected to each other. CAN is, for example, a protocol used to transfer vehicle speed, engine speed, brake state, failure diagnosis information, and the like.

The CAN-GW 50 is a device that relays communication between each of the control devices of the first ECU 60, the second ECU 62, and the additional ECU 64 and a device (not shown) to be controlled such as a vehicle engine. The CAN-GW 50 includes a relay unit 52 that relays communication between each of the control devices of the first ECU 60, the second ECU 62, and the additional ECU 64 and the device to be controlled, and a static routing map that stores a map for routing (route control). (Hereinafter, abbreviated as “static RMAP”) 54. The static RMAP 54 records the best route to various destinations on the vehicle network including the bus 66, and the route is set mainly at the time of designing the vehicle.

The relay unit 52 refers to the static RMAP 54 during communication between each of the control devices and the device to be controlled, determines the route of the communication packet, and transmits the communication packet to the destination via the determined route.

Patent Document 1 discloses an invention relating to a device, a method, and a system for remotely and wirelessly accessing and controlling a device to be controlled by a vehicle.

JP, 2002-176427, A

As described above, the static RMAP 54 is set mainly at the time of designing the vehicle. Therefore, when the additional ECU 64 is mounted at a later date, it is necessary to newly set a routing map between the additional ECU 64 and the device to be controlled. .. The setting is the resetting of the static RMAP 54, but the resetting of the static RMAP 54 requires updating the software of the communication system 300 by reprogramming or the like, which requires manpower and time, and after the updating, the design time There is a problem that management becomes complicated, such as management as a product separate from

The present invention has been made in consideration of the above facts, and an object thereof is to provide a communication system capable of dynamically setting a control path when the configuration of the communication system is changed.

In order to achieve the above object, the invention according to claim 1 is newly equipped with a relay unit that relays communication between a control device and a control target device of the control device according to a set control path, and an additional control device. When the relay request transmitted from the additional control device is received, the existing relay information includes information including the identifiers of the additional control device and the control target device of the additional control device extracted from the relay request. If not, if the communication load related to the additional control device is within the specified allowable load, a control route for relaying communication between the additional control device and a device to be controlled by the additional control device is dynamically set. At the same time, a request response indicating that relay is possible is transmitted to the additional control device, and if the communication load related to the additional control device exceeds a specified allowable load, a request response indicating that relay is not possible is transmitted to the additional control device. And a route management unit.

According to the first aspect of the present invention, if the communication load of the additional control device is within the specified allowable load, a control path through which the relay unit relays communication between the additional control device and the control target device of the additional control device is established. It can be set dynamically.

As described above, according to the present invention, it is possible to dynamically set the control route when the configuration of the communication system is changed.

It is a block diagram which shows the outline of the communication system which concerns on embodiment of this invention. It is the flowchart which showed an example of the dynamic routing process of the communication system which concerns on embodiment of this invention. (A) is a schematic diagram showing an example of a relay request frame, and (B) is a schematic diagram showing an example of a request response frame. It is a block diagram showing an example of composition of a communication system which authenticates an additional ECU. It is the flowchart which showed an example of the dynamic routing process including the authentication of the mounted additional ECU. (A) is a schematic diagram showing an example of a relay request frame, and (B) is a schematic diagram showing an example of a request response frame. FIG. 3 is a block diagram showing an example of a vehicle-mounted communication system in which an additional ECU is mounted in addition to the existing first ECU and second ECU.

Embodiments for carrying out the present invention will be described in detail below with reference to the drawings. FIG. 1 is a block diagram showing an outline of a communication system 10 according to this embodiment.

As shown in FIG. 1, the communication system 10 according to the present embodiment uses CAN as a communication protocol, and the first ECU 40, the second ECU 42, the additional ECU 44, and the CAN-GW 20 are each connected on the bus 46. ..

The CAN-GW 20 is a device that relays communication between each of the control devices of the first ECU 40, the second ECU 42, and the additional ECU 44, and a device to be controlled (not shown) such as a vehicle engine. The CAN-GW 20 includes a relay unit 22 that relays communication between each of the control devices of the first ECU 40, the second ECU 42, and the additional ECU 44 and the device to be controlled, the static RMAP 26 that stores a map for routing, and the additional ECU 44. RMAP management unit 24 for adding a dynamic RMAP 30 storing a map for routing corresponding to a dynamic change of the bus 46 such as mounting.

The static RMAP 26 is a database in which the best routes to various destinations on the network of the vehicle including the bus 46 are recorded, and the routes are set mainly at the time of designing the vehicle.

The dynamic RMAP 30 is a routing map added to cover the routing that cannot be handled by the static RMAP 26, such as the mounting of the additional ECU 44. The dynamic RMAP 30 is set by the above-mentioned RMAP management unit 24 with reference to the CAN bus additional information database (hereinafter, abbreviated as “CAN bus additional information DB”) 28 in response to a relay request from the additional ECU 44.

Information related to communication between the dynamic RMAP 30 and the RMAP management unit 24 is stored as existing relay information in the CAN bus additional information DB 28. The existing relay information includes the CANID of the additional ECU 44, the CANID of the control target device of the additional ECU 44, and the information of the route of the CAN bus (bus 46) used for the relay. Further, the CAN bus additional information DB 28 records communication load information for each bus 46.

The relay unit 22 refers to the static RMAP 26 and the dynamic RMAP 30 in communication between each of the control devices and the device to be controlled, determines the route of the communication packet, and transmits the communication packet to the destination through the determined route. To do.

Subsequently, the operation of the communication system 10 according to the present embodiment will be described. FIG. 2 is a flowchart showing an example of the dynamic routing process of the communication system 10 according to the present embodiment. The dynamic routing process shown in FIG. 2 is performed based on a session between the additional ECU 44 and the RMAP management unit 24 of the CAN-GW 20.

In step 200, the additional ECU 44 is connected to the bus (target CAN bus) 46, and in step 202, relay request transmission for transmitting a relay request frame from the additional ECU 44 to the CAN-GW 20 is performed.

FIG. 3A is a schematic diagram showing an example of the relay request frame. The relay request frame includes a request/approval CANID field in which a CANID for request/approval of the additional ECU 44 (of the additional ECU 44) is recorded, and a relay ID in which a CANID of a control target device that the additional ECU 44 desires to relay by the relay unit 22 is recorded. It includes a desired CANID field and a relay request field indicating a relay request (reception or transmission). The relay request field of the relay request frame is a field indicating a request for transmission/reception between the additional ECU 44 and the control target device.

In step 204, the CAN-GW 20 receives the relay request frame from the additional ECU 44, and the approval determination is performed in step 206. In the approval determination in step 206, whether or not to approve the relay from the additional ECU 44 to the control target device of the additional ECU 44 by referring to the existing relay information stored in the CAN bus additional information DB 28 and the communication load information of the bus 46. judge.

In step 206, for example, if the CANID of the additional ECU 44 and the CANID of the device to be controlled of the additional ECU 44 included in the relay request frame are included in the existing relay information, that is, if the description related to the additional ECU 44 is duplicated in the existing relay information, An affirmative determination is made without determining the communication load of the bus 46, and the procedure proceeds to step 208. If the description relating to the additional ECU 44 is duplicated in the existing relay information, it means that the communication between the additional ECU 44 and the device to be controlled by the additional ECU 44 has been performed in the past, so the load on the bus 46 due to the communication of the additional ECU 44 is defined. This is because it is considered to be within the allowable load.

If the description relating to the additional ECU 44 does not overlap with the existing relay information in step 206, the communication load information of the bus 46 stored in the additional information DB 28 for each CAN bus is referred to, and the load of the bus 46 due to the communication relating to the additional ECU 44 is specified and permitted. It is determined whether or not it is within the load. Specifically, the result of adding the communication load when the additional ECU 44 transmits the relay request frame to the maximum value of the communication load based on the communication load information stored in the additional information DB for each CAN bus 28 is within the specified allowable load. If there is, it is determined that the load of the bus 46 by the communication of the additional ECU 44 is within the specified allowable load. When the load due to the communication of the additional ECU 44 is within the specified allowable load, an affirmative determination is made in step 206 and the procedure proceeds to step 208.

Further, in step 206, if the description of the additional ECU 44 does not overlap with the existing relay information and the load of the bus 46 exceeds the specified allowable load due to the communication of the additional ECU 44, a negative determination is made and the procedure proceeds to step 210. ..

In step 208, the best control path between the additional ECU 44 and the device to be controlled by the additional ECU 44 is set in the dynamic RMAP 30.

In step 210, the CAN-GW 20 transmits a request response frame for transmitting a request response frame to the additional ECU 44.

FIG. 3B is a schematic diagram showing an example of the request response frame. The CANIDs described in the request/approval CANID field and the relay desired CANID field of the request response frame are the same as the above-described relay request frame. The request response frame includes, in place of the relay request field of the relay request frame, a relay permission/inhibition field indicating whether relay (reception or transmission) is possible. The description of the relay permission/prohibition field indicates that relay is possible if the determination in step 206 is affirmative, and indicates that relay is not permitted if the determination is negative in step 206.

When the request response frame is transmitted in step 210, the dynamic routing process in CAN-GW 20 ends.

In step 212, the additional ECU 44 receives the request response frame from the CAN-GW 20, and in step 214 determines whether or not the relay is possible. In step 214, if the relay permission/inhibition field of the request/response frame indicates that relay is possible, an affirmative decision is made and the procedure moves to step 216. Then, the dynamic routing process in the additional ECU 44 is completed.

In step 216, the additional ECU 44 starts the CAN transmission/reception to/from the control target device, and ends the dynamic routing process in the additional ECU 44.

As described above, the communication system 10 according to the present embodiment, when the additional ECU 44 is mounted, performs the dynamic routing process of dynamically setting the routing between the additional ECU 44 and the device to be controlled by the additional ECU 44, CAN communication between the additional ECU 44 and the device to be controlled by the additional ECU 44 becomes possible. As a result, it is possible to provide a communication system capable of dynamically updating the routing map when the configuration is changed.

In the dynamic routing process shown in FIG. 2, the routing between the additional ECU 44 and the control target device of the additional ECU 44 is dynamically set on the assumption that the additional ECU 44 has no compatibility or security problem. However, it may be necessary to authenticate whether the additional ECU 44 is appropriate. FIG. 4 is a block diagram showing an example of the configuration of the communication system 100 that authenticates the additional ECU 44. The communication system 100 illustrated in FIG. 4 further includes, in the CAN-GW 200, an authentication information database (hereinafter, abbreviated as “authentication information DB”) 32 in which authentication information for authenticating the additional ECU 44 is stored. 2 is different from the communication system 10 shown in FIG. However, other configurations are the same as those of the communication system 10 shown in FIG. 2, and thus detailed description thereof will be omitted. The authentication information stored in the authentication information DB 32 is, for example, a list of characters including characters, numbers and symbols unique to the vehicle in which the communication system 100 is installed.

FIG. 5 is a flowchart showing an example of dynamic routing processing including authentication of the installed additional ECU 44. The dynamic routing process shown in FIG. 5 is performed based on the session between the additional ECU 44 and the RMAP management unit 24 of the CAN-GW 200, as in FIG.

In step 500, the additional ECU 44 is connected to the bus 46, and in step 502, relay request transmission for transmitting a relay request frame from the additional ECU 44 to the CAN-GW 200 is performed.

FIG. 6A is a schematic diagram showing an example of the relay request frame. The relay request frame of FIG. 6A includes a request/approval CAN ID field in which the ID (of the additional ECU 44) of the CAN for request/approval of the additional ECU 44 is recorded, as in the relay request frame of FIG. 3A. The additional ECU 44 includes a relay desired CANID field in which a CANID of a control target device desired to be relayed by the relay unit 22 is included, and a relay request field indicating a relay request (reception or transmission), and further authentication related to the authentication of the additional ECU 44. It contains a data field for authentication that records information.

In step 504, the CAN-GW 200 receives the relay request frame from the additional ECU 44, and in step 506, an authentication determination is made to determine whether the additional ECU 44 is legitimate. Specifically, in step 506, an affirmative determination is made when the authentication data of the relay request frame matches the authentication information stored in the authentication information DB 32, and the procedure proceeds to step 508. If the authentication information of the relay request frame does not match the authentication information stored in the authentication information DB 32 in step 506, a negative determination is made and the procedure proceeds to step 512.

In step 508, similarly to step 206 in FIG. 2, it is determined whether or not to approve the relay from the additional ECU 44 to the control target device of the additional ECU 44 by referring to the additional information DB 28 for each CAN bus. In step 508, if the description related to the additional ECU 44 is duplicated in the existing relay information, an affirmative determination is made without determining the communication load of the bus 46, and the procedure proceeds to step 510. When the description relating to the additional ECU 44 does not overlap with the existing relay information in step 508, the communication load information of the bus 46 stored in the CAN bus additional information DB 28 is referred to, and the additional ECU 44 is related to the additional ECU 44, as in step 206 of FIG. It is determined whether or not the load on the bus 46 by communication is within the specified allowable load. If the load is within the specified allowable load, an affirmative determination is made and the process proceeds to step 510.

Further, in step 508, when the description of the additional ECU 44 does not overlap with the existing relay information and the load of the bus 46 exceeds the specified allowable load due to the communication of the additional ECU 44, a negative determination is made and the procedure proceeds to step 512. ..

In step 510, the best control path between the additional ECU 44 and the device to be controlled by the additional ECU 44 is set in the dynamic RMAP 30.

In step 512, the CAN-GW 200 transmits a request response frame for transmitting a request response frame to the additional ECU 44.

FIG. 6B is a schematic diagram showing an example of the request response frame. The CANIDs described in the request/approval CANID field and the relay desired CANID field of the request response frame are the same as the above-described relay request frame. The request response frame includes, in place of the relay request field of the relay request frame, a relay enable/disable field indicating whether relay (reception or transmission) is possible, and further includes an authentication data field in which authentication information is recorded.

The description of the relay permission/prohibition field indicates that relay is possible if the determination in step 508 is affirmative, and that relay is not permitted if the determination is negative in step 506 or step 508.

When the request response frame is transmitted in step 512, the dynamic routing process in CAN-GW 200 ends.

In step 514, the additional ECU 44 receives the request response frame from the CAN-GW 200, and in step 516, it is determined whether or not the relay is possible. In step 516, if the relay permission/inhibition field of the request/response frame indicates that relay is possible, an affirmative decision is made and the procedure moves to step 518. If the relay/rejection field of the request/response frame indicates that relay is not possible, a negative decision is made. Then, the dynamic routing process in the additional ECU 44 is completed.

In step 518, the additional ECU 44 starts transmission/reception by CAN to the control target device, and ends the dynamic routing process in the additional ECU 44.

As described above, when the additional ECU 44 is installed, the communication system 100 according to the present embodiment authenticates the additional ECU 44, confirms that the additional ECU 44 has no compatibility and security problems, and adds the additional ECU 44. Dynamic routing processing for dynamically setting the routing between the ECU 44 and the control target device of the additional ECU 44 is performed, and CAN communication between the additional ECU 44 and the control target device of the additional ECU 44 is enabled. As a result, it is possible to provide a communication system capable of dynamically setting a routing map by determining compatibility and security suitability of a new configuration when the configuration is changed.

In the communication systems 10 and 100, if the dynamic routing process is terminated because relay is not possible, it is necessary to manually set the CANID and the like of the additional ECU 44. In such a case, step 206 of FIG. 2 or step of FIG. If the authentication determination of 508 is negative, for example, information that the communication load exceeds the specified allowable load, and if the negative determination is made in step 506 of FIG. 5, information that the additional ECU 44 is not a genuine product is sent to the vehicle. It may be displayed on the connected diagnostic device to contribute to manual setting.

In addition, the control route in the claims is the routing or the routing map, the control device is the first ECU 40 and the second ECU 42, the additional control device is the additional ECU 44, the identifier is the CANID, and the dynamic route management unit is the RMAP. Each corresponds to the management unit 24.

It is needless to say that the present invention is not limited to the above-described example of the embodiment, and can be carried out in various modifications within the scope not departing from the gist of the invention, in addition to the above-described example of the embodiment.

10 communication system 22 relay unit 24 RMAP management unit 26 static RMAP
28 Additional information DB for each CAN bus
30 Dynamic RMAP
44 Additional ECU
46 bus

Claims (1)

A relay unit that relays communication between the control device and a control target device of the control device according to the set control path,
When the additional control device is newly installed, a relay request transmitted from the additional control device is received, and an identifier of each of the additional control device and the control target device of the additional control device extracted from the relay request is provided. If the included information does not exist in the existing relay information, the relay unit relays communication between the additional control device and the control target device of the additional control device if the communication load related to the additional control device is within the specified allowable load. In addition to dynamically setting the control path to be transmitted, a request response indicating that relay is possible is transmitted to the additional control device, and if the communication load related to the additional control device exceeds a specified allowable load, relay is not permitted to the additional control device. A dynamic route management unit that transmits the request response shown,
Communication system equipped with.