CN101645876B - Automatic network switching method and system - Google Patents
Automatic network switching method and system Download PDFInfo
- Publication number
- CN101645876B CN101645876B CN2008101348505A CN200810134850A CN101645876B CN 101645876 B CN101645876 B CN 101645876B CN 2008101348505 A CN2008101348505 A CN 2008101348505A CN 200810134850 A CN200810134850 A CN 200810134850A CN 101645876 B CN101645876 B CN 101645876B
- Authority
- CN
- China
- Prior art keywords
- network
- data
- outer net
- server
- switching device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of computer network security, and provides an automatic network switching method and an automatic network switching system. Data exchange between two networks is realized based on the physical isolation technology. The automatic network switching system comprises an outer net network, an intranet network, an exchange server and a network switching device, wherein the outer net network and the intranet network are respectively responsible for organizing outer net data and intranet data, and are used for the exchange server to extract and release the data; the exchange server is used for controlling the switching of the network switching device and realizing the data exchange between the outer net network and the intranet network; and the network switching device is used for switching a network connected with the exchange server. The automatic network switching method and the automatic network switching system can realize the data exchange among different networks conveniently under the requirement of the physical isolation without generating interference on the prior network, and have low cost and simple and convenient use.
Description
Technical field
The present invention relates to the computer network security technology field, relate in particular to a kind of automatic network switching method and system thereof.
Background technology
Physical isolation is with solving network security problem.Especially need the absolute secret net that guarantees safety at those; When private network is connected with the Internet with extraordinary network; In order to prevent from the attack of the Internet and to guarantee confidentiality, fail safe, integrality, anti-repudiation and the high availability of these high security networks, almost all require to adopt the physical isolation technology.
Academia it is generally acknowledged, proposes the physics isolation technology the earliest, should be the military of the Israel and the U.S..But up to the present, do not have complete definition and standard about the physical isolation technology.Word never of the same period can find out that also the physical isolation technology is developing always and developing.Word early is Physical Disconnection, and Disconnection makes disconnection, cut off, and unconnected meaning, literal translating is the physics disconnection.This situation is after being appreciated that secret net and Internet connection fully, a lot of problems to occur, before the technological means that does not solve safety problem or do not deal with problems, breaks off earlier and saying.Physical Separation was arranged afterwards, and Separation has separately, separates, and at interval and the meaning of distance, literal translates and separates for physics.Later stage is found to break off fully neither way, and the Internet will be used still, and mostly the strategy of taking is the company of this company, and what should not connect does not connect.The part of this company like this will be separated with the part that should not connect.Physical Isolation is also arranged, and Isolation has isolated, isolate, and sealing, the meaning of insulation, literal translating is physical containment.In fact, the system that does not link to each other with the Internet is few, and the purposes of the Internet is still very big, and therefore, hope can be closed the Network Isolation of a part of high security.Afterwards again Physical Gap that use more, Gap has gap, breach, the meaning of breach and difference, literal translating is physical isolation, means through making the gap of physics, reaches the purpose of isolation.To this time, this speech of Physical seems very stiff, so there is human Air Gap to replace Physical Gap.AirGap means the air gap, is clearly physically separating.Does but someone disagree with that reason is air gap just " physical isolation "? No, electromagnetic radiation, wireless network, satellite etc. all are the air gap, but do not have physical isolation, even all do not have in logic to isolate.So, E-Gap, Netgap, I-Gap etc. have come out.Now, generally claim GapTechnology, mean physical isolation, become specific term on the Internet.
Physically-isolated understanding is shown as the following aspects:
1, the direct connection of blocking-up network does not promptly have two networks to be connected on the xegregating unit simultaneously;
2, the Internet logic of blocking-up network connects, and promptly the agreement of TCP/IP must be stripped from, and the non-TCP/IP connection protocol that initial data is passed through P2P sees through the xegregating unit transmission;
3, the transmission mechanism of xegregating unit has non-programmable characteristic, does not therefore have the characteristic of infection;
4, the initial data of xegregating unit transmission does not have and attacks or the characteristic harmful to network security.Just as the txt text does not have virus, can fill order etc. yet.
Present physics isolation net gap on the market generally adopts technology such as protocol conversion, data ferry-boat, data filter.But under the not really high situation of security requirement, the cost of these equipment is too high, and uses restriction ratio more to the user, and maintenance cost is than higher.Some principle that adopts machinery to switch of existing network switch can exist the life-span weak point can't adopt computer control.The core component of some network switch adopts relay to realize the switching of circuit, exists the restriction in useful life, and in handoff procedure, exists moment to electrically contact interference, and computer network is had certain interference, reduces stability of network.
Summary of the invention
The present invention proposes in order to address the above problem just.This programme just is based on the physical isolation standard, through software and hardware combining, realizes the exchange of data between heterogeneous networks.
The purpose of this invention is to provide a kind of automatic network switching method, comprise the steps:
S1: the network switching device shifter is according to from the control information of swap server swap server being broken off with inner-mesh network and swap server being linked to each other with the outer net network;
S2: swap server detects with after the outer net network is connected, and obtains the outer net network data;
S3: the network switching device shifter is according to from the control information of swap server swap server being broken off with the outer net network and swap server being linked to each other with inner-mesh network;
S4: swap server detects with after inner-mesh network is connected, with the outer net data forwarding of obtaining to inner-mesh network;
S5: swap server obtains the data that inner-mesh network will exchange and is temporarily stored in the swap server;
S6: swap server Control Network switching device shifter breaks off inner-mesh network, connects the outer net network, and the data forwarding that will obtain from inner-mesh network is accomplished one time exchanges data to the outer net network.
Automatic network switching system provided by the invention comprises outer net network, inner-mesh network, swap server and network switching device shifter, and wherein said outer net network and inner-mesh network are responsible for tissue outer, intranet data respectively, and supply swap server to take, put data; Swap server is used for the switching of Control Network switching device shifter and realizes the exchanges data between outer net network and the inner-mesh network, and the network switching device shifter is used to switch the network that swap server connects.
Preferably, said network switching device shifter has three ports, links to each other with outer net network, inner-mesh network and swap server respectively.This network switching device shifter comprises: input, recognition device be used to detect the signal that comes from swap server, and to identify what require to connect are inner-mesh network or outer net network; Network switching is used to control being connected or disconnection of swap server and inside and outside net network; And the network switching switching device shifter, be used for network switching is switched to inner-mesh network or outer net network.。
Through the present invention, can under physically-isolated requirement, realize the exchanges data between heterogeneous networks easily.The present invention can provide the inside and outside network physical isolation features of economic security; Carry out the switching of intranet and extranet through physical switch; Swap server physically only with one of them network-in-dialing, so also can't cross physical barriers and invade another network even the hacker invades one of them network.And network switching device shifter of the present invention adopts special-purpose network chip, does not have the age limit that machine switches or relay switches, and can not produce existing network and disturb, and cost is low, uses simple aspect.
Description of drawings
The realization sketch map that Fig. 1 isolates for network physical;
Fig. 2 is the network structure of system according to the invention;
Fig. 3 is a network data exchange flow chart of the present invention;
Fig. 4 is the physical circuit figure of the network switching device shifter in the system according to the invention.
Embodiment
Following examples are used to explain the present invention, but are not used for limiting scope of the present invention.
Automatic network switching method provided by the invention and system realize the exchanges data between two networks based on physically-isolated technology.At first be how example explanation physical isolation realizes with Fig. 1.Outer net is the not high the Internet of fail safe, and Intranet is the very high internal proprietary network of fail safe.As shown in Figure 1, under the normal condition, xegregating unit and outer net, xegregating unit and Intranet, outer net and Intranet are broken off fully.Guarantee to break off fully between the network.Xegregating unit is appreciated that and is pure storage medium and simple scheduling and control circuit.The object of the invention is exactly that a method and the hardware isolated equipment that can between network, realize physical isolation and exchanges data will be provided, and realizes the secure exchange under isolation of data.
Fig. 2 is network structure of the present invention, and is as shown in Figure 2, and automatic network switching system mainly comprises swap server, outer network server, interior network server and network switching device shifter.
Wherein, swap server is responsible for from outer network server, fetching data, and forwards the data to interior network server, and swap server also is responsible for the switching of Control Network switching device shifter simultaneously.Outer network server is responsible for the tissue of outer net data, and supplies swap server to fetch data and put data.Interior network server is responsible for the tissue of intranet data, and supplies swap server to fetch data and put data.The network switching device shifter is responsible for switching the network that swap server connects.
Swap server comprises exchanger controller, swap data buffer memory and exchange record storage again.Wherein, the exchanger controller is used for the Control Network switching device shifter and perhaps is connected with the disconnection of inside and outside net network; The swap data buffer memory is used for temporarily storing the data that exchange between the inside and outside net network; The exchange record storage is used for the renewal of swap data state of storage and the inside and outside net of exchanges data record.
The network switching device shifter comprises input recognition device, network switching and network switching switching device shifter, and wherein input, recognition device are used to detect the signal that comes from swap server, and to identify what require to connect be inner-mesh network or outer net network; Network switching is used to control being connected or disconnection of swap server and inside and outside net network; The network switching switching device shifter is used for network switching is switched to inner-mesh network or outer net network.
Fig. 3 is a network data exchange flow chart of the present invention, and as shown in Figure 3, data exchange process is following:
1, under the initial condition, the control module of the exchanger of swap server is connected swap server earlier with after Intranet is broken off through serial ports control interchanger with outer net.
2, detect when being connected with outer net when exchanger, exchanger is obtained the outer net data through designated lane, temporarily is stored in the internal memory.
3, obtain the outer net data and finish after, control module control interchanger breaks off with outer net earlier, is connected to Intranet then; Forward the data to interior network server through designated lane; In exchange process, exchanger will write down the state of the data that successfully exchanged, so that the state that Updates Information.
4, after intranet data was transmitted successfully, the data that exchanger will exchange Intranet were obtained and are temporarily stored in the internal memory of forwarding server.
5, obtain intranet data success after, control module control interchanger breaks off Intranet, connects outer net, and with exchanges data to outer net, this just accomplishes the exchange of a secondary data.After the success of exchange, the data mode that outer net exchanged is according to the data mode of the successful exchange of record simultaneously, and the corresponding data mode of outer net changes.
Just accomplish the exchange of a secondary data through above 5 steps.
In a preferred embodiment of the invention, the network switching device shifter is a kind of double switch switching device.Fig. 4 is the physical circuit figure of network switching device shifter.As shown in Figure 4, the network switching device shifter adopts the RJ45 interface of standard, and one of them port links to each other with outer network switch or hub, and another port links to each other with interior network switch or hub, and also a port links to each other with swap server.
The network switching device shifter detects the signal that has the swap server serial ports to send; Identify and require to connect Intranet or outer net; The inner network switching of network switching device shifter switches to intranet and extranet accordingly, and Intranet has only one can be connected with swap server with outer net at synchronization.
Network switching adopts the communication dedicated chip TS3L100 of company of Texas Instruments (Texas Instruments).TS3L100 is four road single-pole double throws (SPDT) LAN HF switch, can satisfy the essential requirement of supporting 10Base-T and 100Base-T Ethernet signaling.
Implement Ethernet media access controller (MAC) and ethernet physical layer (PHY) equipment before this, peripheral components is many, has increased overall system cost and unsteadiness.TS3L100 reduces redundant circuit, and can not influence signal quality.
The operating voltage of TS3L100 is 3.0V to 3.6V then, has realized extremely low differential cross-talk (XTALK=-55dB typical case).The high bandwidth of minimum 350MHz is equipped with low-power consumption (Icc=3 μ A is maximum) and low conduction impedance (TS3L:Ron=5 Ω typical case), is highly suitable for high-frequency LAN and uses.
TS3L100 adopts little external form 16 pin QFN (RGY) encapsulation of saving the space, and SSOP (DBQ) and TSSOP (PW) encapsulation.
Because in 100Base-T or 10Base-T Ethernet; The the 1st, 2,3,6 four pin (1, the 2 transmission data of RJ-45 slot have only been used; 3,6 receive data); So 1,2,3,6 pins of Internet slot and network card slot are connected Y port and the I1 port of TS3L100 respectively in practical application, the I0 port is unsettled.
Though the present invention combines an embodiment statement; But those skilled in the art can be to wherein some characteristic appropriate change or apply it to other field addressing the above problem in addition, so all relevant expansions of on the basis of present embodiment, carrying out of those skilled in the art and use the protection range that all should fall into the application.
Claims (1)
1. automatic network switching system; Comprise outer net network, inner-mesh network and swap server; Wherein said outer net network comprises outer net database server and outer net file server; Said inner-mesh network comprises intranet data storehouse server and Intranet file server, and said outer net network and inner-mesh network are responsible for tissue outer, intranet data respectively, and supply swap server to take, put data; Swap server is used to realize the exchanges data between outer net network and the inner-mesh network, it is characterized in that:
This system also comprises the network switching device shifter, is used to switch the network that swap server connects; The network switching device shifter adopts the RJ45 interface of standard, and one of them port links to each other with outer network switch or hub, and another port links to each other with interior network switch or hub, also has a port to link to each other with swap server; Said network switching device shifter comprises:
Input, recognition device are used to detect the signal that comes from swap server, and to identify what require to connect be inner-mesh network or outer net network;
Network switching is used to control being connected or disconnection of swap server and inside and outside net network; And
The network switching switching device shifter is used for network switching is switched to inner-mesh network or outer net network;
Said network switching is four road single-pole double throw LAN HF switches, adopts the TS3L100 communication dedicated chip;
Said swap server comprises:
The exchanger controller is used for the Control Network switching device shifter and perhaps is connected with the disconnection of inside and outside net network;
The swap data buffer memory is used for temporarily storing the data that exchange between the inside and outside net network; With
The exchange record storage is used for the renewal of swap data state of storage and the inside and outside net of exchanges data record;
Said swap server is broken off with Intranet through serial ports Control Network switching device shifter by exchanger under initial condition and is connected with outer net; Be used for the switching of Control Network switching device shifter afterwards, said inner-mesh network has only one can be connected with swap server with the outer net network at synchronization.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101348505A CN101645876B (en) | 2008-08-04 | 2008-08-04 | Automatic network switching method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101348505A CN101645876B (en) | 2008-08-04 | 2008-08-04 | Automatic network switching method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101645876A CN101645876A (en) | 2010-02-10 |
| CN101645876B true CN101645876B (en) | 2012-11-28 |
Family
ID=41657596
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008101348505A Expired - Fee Related CN101645876B (en) | 2008-08-04 | 2008-08-04 | Automatic network switching method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101645876B (en) |
Families Citing this family (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102970127A (en) * | 2011-08-31 | 2013-03-13 | 上海夏尔软件有限公司 | Device and method for internetwork file ferry |
| CN102377697A (en) * | 2011-11-16 | 2012-03-14 | 华为技术有限公司 | Data processing method under condition of network physical isolation |
| CN103166933B (en) * | 2011-12-15 | 2015-08-19 | 北京天行网安信息技术有限责任公司 | A kind of data security switching system and method |
| CN102780609A (en) * | 2012-05-17 | 2012-11-14 | 江苏中科梦兰电子科技有限公司 | Data exchange system and exchange method under multi-network environment |
| CN103391295A (en) * | 2013-07-24 | 2013-11-13 | 佳都新太科技股份有限公司 | Data exchange mechanism for performing real-time security communication with public security in-network system |
| CN103957172B (en) * | 2014-04-30 | 2017-07-04 | 无锡中科软信息技术有限公司 | A kind of inside and outside network physical isolation network data automatic switch-board |
| CN104486289B (en) * | 2014-10-30 | 2017-09-29 | 中国人民解放军信息工程大学 | Data unidirectional transmission method and system |
| CN105635161A (en) * | 2016-01-12 | 2016-06-01 | 浪潮(北京)电子信息产业有限公司 | Data transmission method and system |
| CN106503104A (en) * | 2016-10-17 | 2017-03-15 | 山东浪潮商用***有限公司 | Oracle database data copy method under a kind of tertiary-structure network pattern |
| CN108551476A (en) * | 2018-03-27 | 2018-09-18 | 深圳市创智成科技股份有限公司 | A kind of control method and system for realizing file transmission |
| CN111083104A (en) * | 2019-10-31 | 2020-04-28 | 中国船舶重工集团公司第七0九研究所 | Method and system for realizing simultaneous access of host to internal and external networks |
| CN111383150B (en) * | 2020-03-04 | 2023-08-22 | 青岛海信网络科技股份有限公司 | Method and device for identifying and supervising traffic police traffic violation |
| CN112822180B (en) * | 2020-12-30 | 2022-07-29 | 广东电网有限责任公司 | Intranet and extranet cross-link communication method and device, computer equipment and storage medium |
| CN113904896B (en) * | 2021-08-18 | 2023-11-10 | 北京市大数据中心 | Three-network switching gateway for multi-element data fusion platform |
| CN114640540B (en) * | 2022-04-07 | 2024-01-09 | 国网河北省电力有限公司电力科学研究院 | Photovoltaic management system and control method thereof |
| CN115242446A (en) * | 2022-06-22 | 2022-10-25 | 中国电子科技集团公司第五十二研究所 | Cloud desktop one-way data importing system and method under intranet environment |
| CN115622799B (en) * | 2022-11-29 | 2023-03-14 | 南京科讯次元信息科技有限公司 | Safety architecture system based on network isolation system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2561012Y (en) * | 2002-06-26 | 2003-07-16 | 京东方科技集团股份有限公司 | Physical isolated exchange board |
| CN1674515A (en) * | 2004-03-26 | 2005-09-28 | 联想(北京)有限公司 | Network insulating apparatus and method |
-
2008
- 2008-08-04 CN CN2008101348505A patent/CN101645876B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2561012Y (en) * | 2002-06-26 | 2003-07-16 | 京东方科技集团股份有限公司 | Physical isolated exchange board |
| CN1674515A (en) * | 2004-03-26 | 2005-09-28 | 联想(北京)有限公司 | Network insulating apparatus and method |
Non-Patent Citations (1)
| Title |
|---|
| 王帮海.基于网络隔离与数据交换安全***的研究与实现.《中国优秀博硕士学位论文全文数据库(硕士)信息科技辑》.2003,(第2期), * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101645876A (en) | 2010-02-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101645876B (en) | Automatic network switching method and system | |
| CN102185753B (en) | Device for realizing dual-backup switching of Ethernet link inside communication equipment | |
| US9853856B2 (en) | Method and device for protecting service reliability and network virtualization system | |
| US7957283B2 (en) | Multi-port ethernet transceiver | |
| JP5021037B2 (en) | Communication system having master / slave structure | |
| US20080068985A1 (en) | Network redundancy method and middle switch apparatus | |
| US20160142225A1 (en) | Communication system, communication apparatus, and protection method | |
| CN104734998A (en) | Network device and information transmission method | |
| CN101394288B (en) | Port mirroring implementing method and apparatus for Ethernet apparatus | |
| CN101986626A (en) | Method and device for protecting equipment | |
| CN101291243A (en) | Split brain preventing method for highly available cluster system | |
| CN108055163A (en) | A kind of dual-homed equipment and its protection switching method | |
| EP1839051B1 (en) | Dual-purpose uplinks used in a fault-tolerant stack | |
| CN108900415A (en) | Master-slave equipment switching method and system under fault of M L AG interface | |
| CN104253765A (en) | Data packet switching method, data packet switching device, access switch and switching system | |
| CN102158384A (en) | Novel MRing Ethernet ring network protection technology | |
| CN102231703A (en) | Method for realizing Virtual Switch Cluster (VSC) cross equipment data forwarding and equipment thereof | |
| CN201766606U (en) | Network switching device based on physical layer state detection and fault screening strategy | |
| CN102255958A (en) | Data synchronization method and system thereof | |
| CN104113434B (en) | A kind of data center network redundancy control apparatus using multiple cases group system | |
| CN102907061B (en) | A kind of system and method for the treatment of data | |
| CN101340315B (en) | End-to-end Ethernet protection method and communication apparatus adopting the same | |
| CN105049238A (en) | Redundancy backup method and equipment for LTE (Long Term Evolution) gateway equipment exchange subsystem | |
| CN204633800U (en) | The switch of a kind of administrative unit and the two redundancy of crosspoint | |
| CN101291290A (en) | Method and apparatus for service retransmitting |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121128 Termination date: 20130804 |