RU2771431C1 - Platform for building control systems, data tranfer and processing in computer networks - Google Patents

Abstract

FIELD: computer technology.

SUBSTANCE: invention relates to the field of computer network technologies, namely to platforms for building control systems, data transmission and processing in computer networks. The expected result is achieved due to the platform, which contains a power supply unit, an interface unit and a basic computing unit built on a microprocessor with ARM architecture and having a microservice environment for the functioning of software modules, including a control system. By means of the control system, the base unit determines whether at least one switching unit is connected and the content of one or more PLDs and one or more ASICs in it, whether a block of computing modules built on an ARM architecture microprocessor is connected to the switching unit, then, if connected, issues a message to the operator about the possibility of their use and then sets the topology by the configuration specified by the operator.

EFFECT: increase in the flexibility of the platform for building control systems, data transfer and processing due to the possibility of changing its configuration and distributing the computing load across the available components.

5 cl, 1 dwg

Description

The invention relates to the field of computer network technologies, namely to platforms for building control systems, data transmission and processing in computer networks.

Such systems are equipped with a standard set of functions:

- support of existing and developing network protocols in a service-oriented software stack,

- control systems directly to the device and others that support SDN technology,

- information security - identifying potentially dangerous traffic based on signature analysis, machine learning and artificial intelligence, making a decision to block it based on a flexible system of rules,

- data flow processing on general and specialized computing cores, programmable logic integrated circuits (FPGA, FPGA), on special purpose integrated circuits (ASIC) and their combinations.

A platform for building control systems, data transmission and processing in computer networks (RU 2635896 C1, November 16, 2017) is known from the prior art, containing a basic computing unit built on an ARM architecture microprocessor, a power supply unit, an interface unit, at least one built an ARM microprocessor-based computing module and one or more FPGA-based modules. To form a multiprocessor configuration, the CompactPCI Serial standard bus is used.

The disadvantages of such a platform are the limitation on the number of plug-in modules and blocks, the inability to configure it depending on the number of connected blocks and modules, the use of only CompactPCI Serial to combine components, and the presence of a complex cooling method. This solution was chosen as a prototype.

The objective of the invention is to create a platform for building control systems, data transmission and processing in computer networks, devoid of the disadvantages of the prototype, allowing users to change the structure and configuration for various application scenarios without design and with increased reliability.

The technical result consists in increasing the flexibility of the platform for building control systems, data transmission and processing due to the possibility of changing its configuration and distributing the computational load among the existing components.

The specified result is achieved in a platform for building control systems, data transmission and processing in computer networks, containing a basic computing unit built on an ARM architecture microprocessor, a power supply unit and an interface unit, due to the fact that the main unit has a microservice environment for the operation of program modules, performing network and user functions, as well as the functions of the control system. The base unit by means of the mentioned control system is made with the possibility of the following:

determining the presence of a connection of at least one switching unit and determining the content of one or more FPGAs and one or more ASICs in it, then, if there is a connection, issuing a message to the operator about the possibility of their use, then setting the topology according to the configuration specified by the operator,

determining whether a block of computing modules is connected to the switching unit, containing a switching matrix installed on the motherboard and at least one computing module built on an ARM architecture microprocessor with a microservice environment for the operation of program modules, then, if there is a connection, issuing a message to the operator about the possibility of using the modules, then setting the topology according to the configuration specified by the operator, and if the connected unit has two computing modules of redundancy on them, the control system.

It is preferable that the base unit by means of the control system is configured to check the health of the software modules in the microservice environment on the connected computing modules and the base unit, and in case of a malfunction in the operation of the software modules, restart the unit or the corresponding one or more modules, and if a malfunction consists in the operability of the corresponding one or more computing modules, then deploying the operation of the program modules on the other one or more computing modules and issuing a message to the operator about the corresponding malfunction.

Additionally, the base unit is configured by means of the control system to check the operability of the connected at least one switching unit and, upon detection of its failure, issue a corresponding message to the user.

The base unit is advantageously configured by means of the control system to carry out a health check of one or more FPGAs and/or one or more ASICs contained in the switching unit and, if a fault is detected, issue a corresponding message to the user.

As a rule, the base unit by means of the control system is configured to determine the connection to the unit of interfaces of other platforms and, if there is a connection, form a single distributed system for controlling, transmitting and processing data in computer networks.

Due to the base computing unit, which is capable of setting the platform topology according to the configuration specified by the operator, depending on the number of connected switching units and computing modules, using the control system, the claimed technical result is achieved. Flexibility in this case is the ability to quickly change the configuration, add or remove elements, the ability to change the structure of the device by setting the topology without changing the hardware.

Moreover, the additional ability, in the event of a software module failure in a microservice environment, to restart the component on which the failure occurred, and in the event of a failure of one of the components to distribute the load over the remaining ones, allows to ensure the fault tolerance of the platform.

The present invention is illustrated by means of a figure showing a block diagram in which the following elements are indicated by positions:

1 - basic computing unit;

2 - power supply;

3 – block of interfaces and platform control;

4 - the minimum possible configuration of the platform of the class "Router" (router);

5 - switching block;

6 - a platform of the "Router" class (router) with increased port equipment, hardware accelerators on ASICs and FPGAs.

7 - switching matrix;

8 - computing module;

9 - block of computing modules

10 - platform in advanced equipment;

11 - other platforms for the control system, transmission and processing of data in computer networks;

12 - public network;

13 - a cluster of control systems, data transmission and processing in the enterprise computer networks;

100 - Ethernet channels from external consumers, such as servers, workstations, video surveillance systems and other interfaces connected to the block;

101 – Ethernet, USB and/or RS-232 platform control channel through channel 103 connected to unit 1. Used where a separate isolated network device control loop is used.

102 - power buses of various voltages and capacities, power supply control lines (logical and PMBus);

103 - Ethernet, USB and RS-232 channels from block 1 to block 3 for connecting external consumers via channels 100, 101, 110, 111;

105 - PCIe, Ethernet, USB, UART, SPI, I2C, GPIO channels from block 1 to one or more blocks 5 and block 9 (if any);

108 - data channels formed by the switching matrix according to a given problem-oriented configuration, between blocks 8 and through channels 105 with blocks 1, 5, and channels 135 with block 3;

110 - channels connecting platforms into a cluster 13 within the scope of the corporate trusted network of the enterprise

111 - cryptographically protected channels for transmitting information through public networks connecting platforms into cluster 13;

135 - channels from block(s) 5 to block 3 for connecting external consumers.

The platform for building control systems, data transmission and processing in computer networks includes a basic computing unit 1, which has the necessary set of operational and long-term non-volatile memory and is built on an ARM microprocessor, in particular, on the Baikal BE-M1000 microprocessor, it is also possible to use other processors with ARM architecture, both Russian and foreign-made, a power supply unit 2 of a given power and an interface unit 3, to which external data and control channels 100, 101, 110, 111 are connected. Unit 3 can provide power management for the system, its reset and displaying information on light, alphanumeric indicators or graphic screens.

The choice in favor of ARM is determined by the presence of a large number of high-speed interfaces built into the processor (PCIe, Ethernet, USB, SPI) and the existence of specialized processors with specialized data processing units and network packets.

On the base unit 1, a microservice environment for the operation of software modules that perform network and user functions is deployed. One of these modules is the control system, which consists of:

– application programming interface (API) through which interaction between software components is carried out;

– a scheduler that launches and monitors the state of a containerized application on an available resource of the base unit 1 and/or computing modules 8, both on a specific platform, for example, in equipment 10, and in a cluster 13 of platforms;

– a controller that monitors the state of applications running in a microservice virtualized environment, both on a specific platform, for example, in equipment 10, and in a cluster 13 of platforms;

– configuration and data storage subsystems;

– command line interface (CLI);

– graphical user interface (GUI);

– other software modules necessary for the functioning of the software and hardware components of the system.

The base unit 1, using the control system, provides the initial configuration of the platform in any equipment 4, 6 or 10 at the first start, detection of changes in the composition of hardware components and software blocks, followed by flexible reconfiguration of the platform, taking into account new conditions and displaying this process in the control interface. So, when new switching units 5 appear, the operator configures the platform for their use. When adding additional computing modules 8 in the form of additional computing resources, the operator configures the platform to use them.

The control system also supports SDN technology (software-defined networking), through which it is possible to configure switching matrices of the main platform (for example, 10) as well as platforms included in the cluster 13. The control system sets the topology according to the configuration specified by the operator, and also uses new resources to improve the reliability of the platform or cluster 13 in automatic mode.

In addition, the necessary network services for a device of the “Router” class (router) function on the base unit 1, which is sufficient for operability in equipment 4.

Expansion of port capacity and functionality of the platform (for example, in equipment 6) is provided by one or more switching units 5 with the necessary set of network interfaces, output through block 3 channels 135 to connect external consumers. On such blocks 5 electronic modules are placed in a given configuration:

- switching matrix of Russian production, for example, 1923KX028 (JSC "PKK Milandr") or foreign production to ensure information exchange with internal consumers via channels 105 or external consumers through block 3 via channels 100, 101, 110, 111, as well as providing information functions security (filtering and blocking traffic), aggregation and mirroring;

– FPGA of the Russian manufacturer JSC "Voronezh Plant of Semiconductor Devices-Assembly" series 5576, 5576 or foreign production for accommodating configured digital electronic circuits described in the hardware description language (HDL), which implement the functions of hardware acceleration of data processing specified by the final by the user without changing the platform;

– ASIC of domestic (Russian production of PKK Milandr JSC) or foreign production: microcontrollers, microcircuits of industrial protocols RS-232, RS-422, RS-485, CAN and others;

– other promising electronic modules.

Each block 5 contains at least one switching matrix, which is connected to the FPGA and / or ASIC, if any, as well as other electronic modules included in the block 5. Information exchange is carried out via the Ethernet interface (105). Unit 1 controls the fabric via PCIe (105), low speed SPI, I2C, USB, and other fabric-specific connections (105). Channel 105 contains data and control flows, which may be separated at the physical layer over different channels or via VLANs.

The invention can also communicate via channels 110 and 111 with other platforms 11 directly or via open data networks 12 using VPN security technology.

The platform in equipment 10 also includes block 9, which is a cluster of a given number of computing modules 8, each of which is built on a microprocessor with ARM technology of Russian BE-M1000 or foreign production, has the necessary set of operational and long-term memory and allows data to be processed by software deployed in a virtual microservice environment.

Computing modules 8 are installed in the motherboard and by means of a high-speed switching matrix 7, for example, 1923KX028 (JSC "PKK Milandr") or foreign production, are interconnected by Ethernet channels 108 according to a given topology (problem-oriented configuration) formed by the operator after his notifications by message from the control system. This forms a block of calculators 9, due to which the effective functioning of the platform 10 is achieved and its performance is increased. Controls the switching matrix in block 9 base unit 1 on channel 105.

Computing modules 8 on the board can be from 1 to 24 or more. Modules 8 can be added and replaced as needed during the life cycle of the platform or cluster 13. The control system of block 1 continuously monitors the presence and quantity of modules 8 and, if a change is detected, offers the operator possible options for using their functionality and sets the configuration specified by the operator.

The output of messages to the operator can be implemented using various graphical and not only techniques in the interface of block 3, which is obvious to a person skilled in the art.

The presence in the system of more than two modules 8 and a service-oriented software stack increases the reliability of the platform as a whole by automatically redistributing the load by the control system from faulty computing modules 8 to free ones. This is also true for improving the reliability of the functioning of the control system itself, which is backed up on two modules 8, if any. If block 1 fails, the control system is able to automatically migrate to module 8 predetermined by the operator with notification of detected problems, which will allow maintaining the platform in working condition until measures are taken to restore the operability of block 1.

Computing modules 8 are designed to implement one or more network services, such as:

- intrusion detection system (IDS);

- intrusion prevention system (IPS);

- Next-Generation Firewall (NGFW)

- virtual private network (Virtual Private Network, VPN);

- web server;

- database server;

- network storage systems (Network Attached Storage, NAS);

- other user services capable of functioning in a virtualization environment.

The use of energy-efficient microprocessors with ARM architecture in blocks 1 and 8 allows you to get a platform with a dense layout of elements and low power consumption, which in turn allows you to place a flexible solution in standard server and switching racks with a case height of 1U.

Block 1 control system, at the direction of the operator, sets the topology (problem-oriented configuration) connecting data and control channels 105, 108 between units via a PCIe interface. Unit 1 controls switch matrix 7 of unit 9 via PCIe (105), low-speed interfaces SPI, I2C, USB and others supported by a specific connection matrix (105).

Thus, the use of a service-oriented software stack and control system in the invention makes it possible to combine a certain number of platforms 11 and form a distributed secure data transmission network of an enterprise 13. And the applied software and hardware architecture ensures reliable operation of the cluster 13 in the event of failure of one or more platforms 11 or their components. This is ensured by the automatic redistribution of functions by the control system among the modules 8 of the platform 10.

The system works as follows.

After the bus 102 is powered on the platform, it boots the operating system with the virtualization environment and the control system.

If the control system has determined that this is the first launch, then the mechanism for detecting hardware modules 1, 3, 5, 8, 11 is launched, checking their performance.

If, after starting, a switching unit 5, a unit 9 of computational modules, a computational unit 8, a platform 11 is added to or removed from it, the control system determines the number of connected or removed modules, units or components.

The collected information is displayed in the CLI (Command Line Interface - command line interface) and GUI (Graphic User Interface - graphical user interface) through the interface block 3. The system operator, based on the data received from the control system, configures the equipment:

- deploys the necessary software modules on available resources;

- configures switching matrices in a given problem-oriented configuration;

- configures management interfaces, if necessary, adds a platform to cluster 13;

- if there are two computing modules 8 in the platform or connected to a cluster 13, if necessary, configures the possibility of redundant control system;

- monitors the state of the platform, and if there are several (11) - the entire cluster 13;

- performs the necessary operations to reconfigure equipment and software modules.

For example, the operator of platform 10, by solving a specific task at the facility, can configure the switching matrix 7 so that the data flow goes sequentially through two blocks 8, then starts up on the FPGA and ASIC of block 5 and then through block 8 to the output through block 3.

Based on the operator's settings, the control system sets the topology by generating low-level commands to control the switching matrices of block 5 and block 9, which in turn form data transmission channels between blocks 1, 3, 5, 8 according to a given object-oriented topology. In addition, the control system manages them by monitoring the running program blocks.

The control system also checks the operability of software and hardware modules.

If problems are identified in the functioning of one of the software modules in the microservice environment, including the control system, it is automatically restarted. In case this did not help or the node is faulty (hardware failure), then the software is deployed on available nodes within the platform or cluster 13.

Information about the measures taken by the management system is displayed in the CLI and GUI. The operator of the platform or cluster 13 takes the necessary actions to restore it:

- in case of a hardware failure, it changes the faulty node or platform;

- if necessary, manually reconfigures the platform.

The platform of the present invention is implemented using means and methods known and obvious to a person skilled in the art.

Thus, the use of the invention will increase the flexibility and fault tolerance of the platform for building control, transmission and data processing systems due to the possibility of changing its configuration and distributing the computational load among the available components.

Claims (7)

1. A platform for building control systems, data transmission and processing in computer networks, containing a basic computing unit (1) built on an ARM architecture microprocessor, a power supply unit (2) and an interface unit (3), characterized in that the main unit ( 1) has a microservice environment for the operation of software modules that perform network and user functions, as well as the functions of a control system, through which block (1) is configured to: determining the connection of at least one switching unit (5) and determining the content of one or more FPGAs and one or more ASICs in it, then, if there is a connection, issuing a message to the operator about the possibility of their use, then setting the topology according to the configuration specified by the operator, determining whether a block (9) of computing modules is connected to the switching unit (5), containing a switching matrix (7) installed on the motherboard and at least one computing module (8) built on an ARM architecture microprocessor with a microservice environment for the operation of program modules, further if there is a connection for issuing a message to the operator about the possibility of using modules (8), then setting the topology according to the configuration specified by the operator, and if there are two computing modules (8) in the connected unit (9), redundancy of the control system on them. 2. The platform according to claim 1, characterized in that the base unit (1) by means of the control system is also configured to perform a health check of program modules in a microservice environment on the connected computing modules (8) and the base unit (1) and in case of a malfunction in the operation of the software modules to restart the block (1) or the corresponding one or more modules (8) , and if the malfunction lies in the operability of the corresponding one or more modules (8), then deploy the software modules on the other one or more computing modules (8 ) and issuing a message to the operator about the corresponding malfunction. 3. The platform according to claim 1, characterized in that the base unit (1) by means of the control system is also configured to check the operability of the connected at least one switching unit (5) and, if its malfunction is detected, issue an appropriate message to the user. 4. The platform according to claim 1, characterized in that the base unit (1) by means of the control system is also configured to check the operability of one or more FPGAs and/or one or more ASICs contained in the switching unit (5) and, if a malfunction is detected, issuance corresponding message to the user. 5. The platform according to claim 1, characterized in that the base unit (1) by means of the control system is also configured to determine the connection to the interface unit (3) of other platforms (11) for building control systems, data transmission and processing in computer networks and in if there is a connection to form a single distributed control system for the transmission and processing of data in computer networks.

Images