Multiple RSTP domain separation
阅读说明:本技术 多rstp域分离 (Multiple RSTP domain separation ) 是由 塔默·索利曼 尤里·卢斯金 贝列兹科·科斯特亚 鲍里斯·谢采因 于 2018-12-04 设计创作,主要内容包括:一种方法和系统,用于通过使用将第二网络连接到第一环形网络的网络设备中的域分离逻辑功能,保持第一环形网络和一个或更多个第二RSTP网络的控制平面在层2上分离,同时集成第一网络和第二网络的数据平面。网络设备在将BPDU(网桥协议数据单元)释放到第一环形网络之前用标识符标识从第二网络接收的BPDU,或者如果BPDU中的标识符匹配与第二网络相关联的标识符,则在将BPDU释放到对应的第二网络之前从自第一环形网络接收的BPDU中移除该标识符。该标识符可以是所有表示控制域ID的隐藏的VLAN ID、BPDU帧内的标识或添加到控制帧的标识。(A method and system for keeping the control planes of a first ring network and one or more second RSTP networks separated at layer 2 while integrating the data planes of the first and second networks by using domain splitting logic functions in network devices connecting the second networks to the first ring network. The network device identifies the BPDUs (bridge protocol data units) received from the second network with an identifier before releasing the BPDUs to the first ring network, or removes the identifier from the BPDUs received from the first ring network before releasing the BPDUs to the corresponding second network if the identifier in the BPDUs matches an identifier associated with the second network. The identifier may be all hidden VLAN IDs representing control domain IDs, an identification within a BPDU frame, or an identification added to a control frame.)
1. A system for domain separation in a control plane of an L2 network having multiple network instances, the system comprising:
(a) a first ring network 101;
(b) a second network 103 having a plurality of network instances, each instance of the second network 103 being connected to the first ring network 101 through a plurality of network devices 102 and generating at least one second network control frame 200, and each network device keeping the control planes of the first ring network 101 and the second network 102 separate while integrating the data planes of the first network and the second network;
(c) each network device 102 receiving at least one second network control frame 200 from each instance associated with the network device and assigning by each network device 102 to each of the at least one second network control frames 200 a second network domain ID and a control frame domain ID to each network device 102 and releasing the second network control frame 200 with the control frame domain ID as a marked second network control frame 201 to be carried on the first ring network 101; and
wherein when each network device 102 receives the tagged second network control frame 201 from the first ring network 101 and the control frame domain ID of the tagged second network control frame 201 matches the control frame domain ID of a particular instance of the second network 103, the network device 102 releases the second network control frame 201 to the instance of the second network 103 associated with the control frame domain ID after removing the control frame domain ID from the tagged second network control frame 201.
2. The system of claim 1, wherein the plurality of network instances are distributed across one or more control domains of the second network 103.
3. The system of claim 2, wherein at least two of the plurality of network instances of the second network 103 belong to the same control domain.
4. The system of claim 2, wherein the second network domain ID further comprises a frame identification.
5. The system of claim 3, wherein the frame identification is appended, embedded, or associated with the second network domain ID.
6. The system of claim 4, wherein the frame identification is in a virtual container.
7. The system of claim 3, wherein the second network control frame is a BPDU.
8. The system of claim 3, wherein the first ring network is configured as an HSR ring.
9. The system of claim 3, wherein the second network is configured as an STP/RSTP domain.
10. The system of claim 3, wherein the network device is an HSR-DS device.
11. The system of claim 5, wherein the virtual container comprises a hidden VLAN for controlling traffic without affecting network traffic.
12. A method for domain separation in a control plane of an L2 network having multiple network instances, the method comprising:
(a) connecting a first ring network 101 to a second network 103 having a plurality of network instances, each instance of the second network 103 being connected to the first ring network 101 by a plurality of network devices 102;
(b) generating at least one second network control frame 200 and each network device keeping the control planes of the first ring network 101 and the second network 102 separate while integrating the data planes of the first and second networks;
(c) receiving from each network device 102 at least one second network control frame 200 from each instance associated with the network device, each of the at least one second network control frames 200 being assigned a second network domain ID and a control frame domain ID upon release of the second network control frame 200 with the control frame domain ID as a marked second network control frame 201 to be carried on the first ring network 101; and
wherein, when each network device 102 receives the tagged second network control frame 201 from the first ring network 101, and wherein the control frame domain ID of the tagged second network control frame 201 matches the control frame domain ID of a particular instance of the second network 103, the network device 102 releases the second network control frame 200 to the particular instance of the second network 103 after removing the control frame domain ID from the tagged second network control frame 201.
13. The method of claim 12, wherein the plurality of network instances are distributed over one or more control domains of the second network 103.
14. The method of claim 13, wherein at least two of the plurality of network instances of the second network 103 belong to the same control domain.
15. The method of claim 13, wherein the second network domain ID further comprises a frame identification.
16. The method of claim 14, wherein the frame identification is appended, embedded, or associated with the second network domain ID.
17. The method of claim 14, wherein the frame identification is in a virtual container.
18. The method of claim 14, wherein the second network control frame is a BPDU.
19. The method of claim 14, wherein the first ring network is configured as an HSR ring.
20. The method of claim 14, wherein the second network is configured as an STP/RSTP domain.
21. The method of claim 14, wherein each network device is configured as an HSR-DS device.
22. The method of claim 16, wherein the virtual container comprises a hidden VLAN for controlling traffic without affecting network traffic.
23. A network device for domain separation in a control plane of an L2 network having a plurality of network instances, the device connecting a first network 101 to a second network 103, the second network having the plurality of network instances and comprising:
(a) a first port 150 for receiving at least one second network control frame 200 from each instance associated with the network device and having a domain splitting logic function for assigning a control frame domain ID to each of the at least one second network control frames 200 prior to release to port 110 through port 120;
(b) a second port 110 for receiving a second network control frame 201 having a control frame field ID appended to the second network control frame 201;
(c) a third port 120 for:
(i) receiving said at least one tagged second network control frame 201 having a control frame domain ID from a second port 110 and comparing said control frame domain ID with a control domain ID of a particular instance of said second network 103 to determine if said control frame domain ID of said particular instance of said second network 103 matches said control frame ID of said at least one tagged second network control frame and, in the event that said tagged second network control frame 201 matches, releasing said second network control frame without said control frame domain ID as an untagged second network control frame 200 to be carried on said second network 103; and
(ii) receiving at least one second network control frame 200 from each instance associated with the network device from port 150 and assigning a control frame domain ID to each of the at least one second network control frames 200 prior to release to port 110 through port 120 according to a domain splitting logic function; and
(d) a fourth port 160 serving as a virtual switch port.
24. The device of claim 23, wherein the first network 101 is an HSR ring and port 120 is an interconnect port.
25. The apparatus of claim 24, wherein the second network is an STP/RSTP domain.
26. The apparatus of claim 23, wherein at least two of the plurality of network instances of the second network 103 belong to the same control domain.
27. The device of claim 23, wherein the second network domain ID further comprises a frame identification.
28. The device of claim 27, wherein the frame identification is appended, embedded, or associated with the second network domain ID.
29. The apparatus of claim 27, wherein the frame identification is in a virtual container.
30. The apparatus of claim 23, wherein the second network control frame is a BPDU.
31. The apparatus of claim 30, wherein the identification is embedded in the BPDU frame.
32. The apparatus of claim 27, wherein the BPDU flag is placed in a BPDU in a virtual container.
33. The device of claim 32, wherein the virtual container comprises a hidden VLAN used on the HSR-DS device for domain separation without affecting network traffic.
Technical Field
The present invention relates to multi-rapid spanning tree protocol ("RSTP") domain separation for networks in high demand or mission critical environments including, but not limited to, power plants, substations, Intelligent Transportation Systems (ITS), railways, traffic management systems, chemicals, oil and gas, critical manufacturing, and industrial applications.
Background
Communication between computers has become an important aspect of everyday life in both private and business environments. A network provides a medium for such communication, and also provides a medium for communication between various types of elements connected to the network, such as servers, personal computers, workstations, memory storage systems, or any other component capable of receiving data from or sending data to the network. These elements communicate with each other using a well-defined protocol that defines the ordered transmission and reception of information. In general, the elements view the networks as the cloud to which they are attached, and perhaps do not need to know the details of the network architecture, such as how the network operates or is implemented. Ideally, any network architecture should support a wide range of applications and allow for a wide range of underlying technologies. The network architecture should also work well for very large networks, be efficient for small networks, and adapt to changing network conditions.
Networks can generally be distinguished based on their size. At the lower end, a Local Area Network (LAN) describes a network that has features including multiple systems attached to a shared medium, high total bandwidth, low latency, low error rate, broadcast capability, limited geographical location, and a limited number of stations, and is generally unaffected by postal delivery, telegraph, and telephone regulation. On the upper end, an enterprise network describes the connection of a wide area network and a LAN that connects dispersed business units within a geographically dispersed business organization.
To facilitate communication within a larger network, the network is typically divided into subnetworks, each of which share some common characteristic, such as geographic location or functional purpose. This division serves two main purposes: the entire network is broken down into manageable parts and users of the network are grouped logically (or physically). Network addressing schemes may take such partitioning into account, so addresses may contain information about how the network is partitioned and where the addresses fit into the network hierarchy.
One well-known problem with L2 networks is that switching loops may be created. Switching loops may cause the same frame to cycle a significant number of times, resulting in a network storm or broadcast storm that may have a severe impact on network operation or may render the network unusable. Various L2 network loop avoidance protocol standards are known, such as STP, RSTP, and other similar protocols. However, these existing protocols may not be sufficient in the operation of mission critical infrastructure.
Disclosure of Invention
RSTP domain separation is still required within the same L2 network. Domain splitting splits data into (and optionally to the split management by) logically defined domains. For large L2 networks and medium size L2 networks for critical infrastructure applications, separate RSTP domains on the same L2 network may be required. Benefits of RSTP domain splitting may include, but are not limited to, scaling, stability, fault impact isolation and better network re-convergence time in case of topology changes.
Aspects of the invention relate to: (a) enhanced resiliency of mission critical communication infrastructure; (b) better network scalability; (c) improved convergence time; (d) the ability to maintain multiple independent RSTP domains on an HSR ring topology; (e) fault isolation (e.g., a fault in one RSTP domain may have no topology change or impact on another RSTP domain (or an instance thereof) in the same L2 network); (f) using the hidden VLAN as the RSTP domain ID; and (g) creating a plurality of redundant protocol control domains on the HSR ring topology.
It is therefore an object of the present invention to at least partly overcome some of the disadvantages of the prior art. Furthermore, it is an object of embodiments of the present invention to provide an improved type of network topology for mission critical environments.
One aspect of the present invention includes a system for domain separation in a control plane of an L2 network having a plurality of network instances, the system comprising: (a) a
Another aspect of the present invention also includes the above system wherein the plurality of network instances are distributed over one or more control domains of the
Yet another aspect of the present invention also includes the above system, wherein at least two of the plurality of network instances of the
Another aspect of the present invention also includes the above system, wherein the second network domain ID further includes a frame identification.
Yet another aspect of the present invention also includes the system described above, wherein the frame identification is attached, embedded or associated with the second network domain ID.
Another aspect of the present invention also includes the above system wherein the frame identification is in a virtual container.
Yet another aspect of the present invention also includes the system as described above, wherein the second network control frame is a BPDU.
Yet another aspect of the present invention also includes the above system, wherein the first ring network is configured as an HSR ring.
Yet another aspect of the present invention also includes the system described above, wherein the second network is configured as an STP/RSTP domain.
Yet another aspect of the present invention also includes the above system, wherein the network device is an HSR-DS device.
Another aspect of the present invention also includes the system described above, wherein the virtual container includes a hidden VLAN for controlling traffic without affecting network traffic.
Another aspect of the invention includes a method for domain splitting in a control plane of an L2 network having a plurality of network instances, the method comprising: (a) connecting the
Another aspect of the invention also includes the above method wherein the plurality of network instances are distributed over one or more control domains of the
Another aspect of the invention also includes the above method wherein at least two of the plurality of network instances of the
Another aspect of the present invention further includes the method as described above, wherein the second network domain ID further includes a frame identification.
Another aspect of the present invention also includes the above method, wherein the frame identification is attached, embedded or associated with the second network domain ID.
Another aspect of the present invention also includes the above method wherein the frame is identified in a virtual container.
Another aspect of the present invention also includes the above method, wherein the second network control frame is a BPDU.
Another aspect of the present invention also includes the above method, wherein the first ring network is configured as an HSR ring.
Another aspect of the present invention also includes the method described above, wherein the second network is configured as an STP/RSTP domain.
Yet another aspect of the present invention also includes the above method, wherein each network device is configured as an HSR-DS device.
Another aspect of the present invention also includes the above method wherein the virtual container includes a hidden VLAN for controlling traffic without affecting network traffic.
Another aspect of the invention comprises a network device for domain separation in a control plane of an L2 network having a plurality of network instances, the device connecting a
Another aspect of the invention also includes the above apparatus wherein the
Another aspect of the present invention also includes the above apparatus wherein the second network is an STP/RSTP domain.
Yet another aspect of the present invention also includes the above apparatus, wherein at least two of the plurality of network instances of the
Another aspect of the present invention further includes the above device, wherein the second network domain ID further includes a frame identifier.
Another aspect of the present invention also includes the above apparatus, wherein the frame identification is attached to, embedded in, or associated with the second network domain ID.
Yet another aspect of the present invention also includes the above apparatus, wherein the frame is identified in a virtual container.
Another aspect of the present invention also includes the above apparatus, wherein the second network control frame is a BPDU.
Yet another aspect of the present invention also includes the above apparatus, wherein the identification is embedded in the BPDU frame.
Another aspect of the present invention also includes the above apparatus wherein the BPDU flag is placed in a BPDU in the virtual container.
Yet another aspect of the present invention also includes the above apparatus wherein the virtual container includes a hidden VLAN for use on HSR-DS devices for domain separation without affecting network traffic.
Drawings
In the drawings which illustrate embodiments of the invention:
fig. 1 shows a preferred embodiment of the present invention.
Fig. 2 shows a preferred embodiment of the invention.
Fig. 3 shows a preferred embodiment of the invention.
Detailed Description
The following description and the embodiments described therein are provided by way of illustration of one or more examples of specific embodiments of the principles and aspects of the present invention. These examples are provided to illustrate but not to limit the principles of the invention.
It should also be appreciated that the present invention can be implemented in numerous ways, including as a process, a method, an apparatus, a system, a device, or a method. In this specification, these embodiments, or any other form that the invention may take, may be referred to as processes. In general, the order of the steps of disclosed processes may be altered within the scope of the invention. The following description and the embodiments described therein are provided by way of illustration of one or more examples of particular embodiments of the principles and aspects of the present invention. These examples are provided to illustrate but not to limit the principles of the invention.
Those skilled in the relevant art will appreciate that the terms and definitions used herein may be given different names in different geographic regions and jurisdictions, but refer to the same corresponding system.
One skilled in the relevant art will appreciate that a network may be described as having multiple layers to which network-ready devices (e.g., computers) connect, communicating with each other using a "peer-to-peer" protocol. The open systems interconnection ("OSI") reference model provides a generalized way to view a network using multiple layers and is a convenient reference for mapping functions of other models and actual implementations. The distinction between layers in any given model is clear, but the implementation of any given model or the mapping of layers between different models is not clear. For example, the standard promulgated by the Institute of Electrical and Electronics Engineers (IEEE) in its 802 protocol defines a standard for LANs, and its definition overlaps the bottom two layers of the OSI model.
In any such model, a given layer communicates with either the same layer of peer end stations through the network, or the same layer of network elements within the network itself. A layer implements a set of functions that are typically logically related and enable the layer above it to operate. Layer 1 ("L1"), the physical layer, provides the functionality to send and receive unstructured bit patterns over a physical link. The physical layer itself involves issues such as the size and shape of the connector, conversion of bits to electrical signals, and bit-level synchronization. There may be more than one type of physical layer in the network. A common type of layer 1 can be found in IEEE standard 802.3 and FDDI (fiber distributed data interface). Layer 2 ("L2"), the data link layer, provides support for framing, error detection, access to the transmission medium, and addressing between end stations interconnected at or below layer 2. The data link layer is typically designed to transport packets of information over a single hop (i.e., from one end station to another within the same subnet or LAN). Layer 3, the network layer, provides support for various higher functions such as end-to-end addressing, network topology information, routing, packet fragmentation, etc. L3 may be configured to send packets along the best "route" from the L3 source to the L3 final destination. An additional feature of this layer is the ability to relay information about network congestion to the source or destination if conditions allow. Due to the success of the internet and the increasing number of products and networks that use the internet, networks often employ a combination of ISO layer 2 and layer 3. Specifically, in a typical internet associated network, designers combine implementations according to the IEEE802 standard (which overlaps with ISO layer 1 and layer 2) with Internet Protocol (IP) network layers. Those skilled in the art will appreciate that the terms "L2" and "L3" refer to layer 2 and layer 3, respectively, and to the communication components of the network. "layer" refers to how a layer configures a network. Layer 2 is a data link where data packets are encoded and decoded into bits in layer 2. The MAC (medium access control) sublayer controls how computers on the network gain access to data and permission to send it, and the LLC (logical link control) layer controls frame synchronization, flow control, and error checking. Layer 3 provides switching and routing techniques to create logical paths (called virtual circuits) for transferring data from node to node. Routing and forwarding, as well as addressing, internetworking, error handling, congestion control and packet sequencing are functions of this layer. The layer 2 data link is responsible for physical addressing, error correction, and preparation of information for the medium. Layer 3 networks are responsible for logical addressing and routing IP, ICMP, ARP, RIP, IGRP and routers.
Those skilled in the relevant art will appreciate that the rapid spanning tree protocol ("RSTP") standard (IEEE802.1W) is an improvement over the spanning tree protocol ("STP") standard (ieee802.1d). RSTP provides significantly faster spanning tree convergence after topology changes, introducing new convergence behavior and bridge port roles to do this. Although STP may take 30 to 50 seconds to respond to a topology change, RSTP is typically able to respond to a change within 3 times Hello time (default: 3 times 2 seconds) or within a few milliseconds of physical link failure. Hello time is an important and configurable time interval used by RSTP for some purpose; the default value of Hello time is 2 seconds.
One skilled in the relevant art will appreciate that a "topology" of a network refers to a particular physical (e.g., real) or logical (e.g., virtual) arrangement of elements and/or devices comprising the network. For example, if the connection configuration is the same, the two networks may have the same topology, although the networks may differ in physical interconnection, distance between nodes, transmission rate, and/or signal type. One skilled in the relevant art will appreciate that there are many kinds or types of network topologies, including, but not limited to, bus topologies, fully connected topologies, hybrid topologies, mesh topologies, star topologies, tree topologies, and the like. The preferred embodiment of the present invention uses a "ring" topology where each node has exactly two branches connected to it.
Elements of the present invention may be implemented using computer systems known in the art. Generally, a computer includes a central processor, a system memory, and a system bus that couples various system components (typically disposed on a card that includes the system memory) to the central processor. The system bus can be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. The structure of the system memory may be well known to those skilled in the art, and may include a basic input/output system (BIOS) stored in Read Only Memory (ROM) and one or more program modules, such as an operating system, application programs, and program data, stored in Random Access Memory (RAM). The computer may also include various interface units and drives for reading and writing data. A user or member may interact with the computer using a variety of input devices, all of which are known to those skilled in the relevant art. The computer may operate in a networked environment using logical connections to one or more remote computers or other devices, such as a server, a router, a network personal computer, a peer device or other common network node, a wireless telephone or wireless personal digital assistant. The computer of the present invention may include a network interface that couples the system bus to a Local Area Network (LAN). Networking environments are commonplace in offices, enterprise-wide computer networks, and home computer systems. A Wide Area Network (WAN), such as the Internet, may also be accessed by the computer or mobile device. The computer may operate in a networked environment using logical connections to one or more remote computers or other devices, such as a server, a router, a network personal computer, a peer device or other common network node, a wireless telephone or wireless personal digital assistant. The computer of the present invention may include a network interface that couples the system bus to a Local Area Network (LAN). Networking environments are commonplace in offices, enterprise-wide computer networks, and home computer systems. A Wide Area Network (WAN), such as the Internet, may also be accessed by the computer or mobile device.
Although this specification describes components and functions implemented in the embodiments with reference to standards and protocols known to those skilled in the art, the present disclosure and embodiments of the invention are not limited to any particular standard or protocol. Each of the standards for the Internet and other forms of computer network transport (e.g., TCP/IP, UDP/IP, HTML, and HTTP) represent examples of the prior art. These standards are periodically superseded by faster or more efficient equivalents having essentially the same function. Accordingly, replacement standards and protocols having the same functions are considered equivalents.
The preferred embodiments of the present invention can be implemented in numerous configurations depending on implementation choices based on the principles described herein. Various specific aspects are disclosed, which are illustrative embodiments and should not be construed as limiting the scope of the disclosure. Although this specification describes components and functions implemented in the embodiments with reference to standards and protocols known to those skilled in the art, the present disclosure and embodiments of the invention are not limited to any particular standards or protocols.
Those skilled in the art will appreciate that "mission critical" refers to the system or component, device, person, process, program, software, etc. associated therewith as necessary for operation. Failure or destruction of such mission critical systems or components thereof will result in a severe impact on operation. Mission critical systems are systems that are critical to business and operational safety. These are elastic systems with high availability and performance matching stringent performance requirements. Those skilled in the art will appreciate that these are set forth in various industry standards, including, for example, IEC standard 61850-3, and the like.
Some portions of the detailed descriptions which follow are presented in terms of procedures, steps, logic blocks, processing, and other symbolic representations of operations on data bits that can be performed on computer memory. These descriptions and representations are the means used by those skilled in the data processing arts to most effectively convey the substance of their work to others skilled in the art. A procedure, computer-executed step, logic block, process, etc., is here, and generally, conceived to be a self-consistent sequence of operations or instructions leading to a desired result. The operations are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated in a computer system. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like.
The present invention relates to electronic devices (e.g., data transfer devices) and methods of use thereof. More particularly, the present invention relates to a critical infrastructure security framework for network usage in high demand or mission critical environments.
Those skilled in the art will appreciate that a website-based application refers to any program accessed over a network connection using HTTP, rather than a program residing within the memory of the device. Web-based applications typically run within a web browser or web portal. Web-based applications may also be client-based, where a small portion of the program is downloaded to the user's desktop, but processing is done over the internet on an external server. The network-based application may also be a dedicated program installed on an internet-ready device such as a smart phone.
One skilled in the relevant art will appreciate that high availability seamless redundancy ("HSR") IS a network protocol for ethernet (IS IEC62439-3) that provides seamless failover for the failure of any network component. Ethernet has been established as a standard technology in office communications. Ethernet is now being used for new applications in industrial control and substation automation. Ethernet is also used in the automotive industry for diagnostic access and has been explored for further use in vehicular applications. Thus, HSR provides a ring redundancy protocol related to substation automation.
The embedded ethernet MAC and switch are used to provide ethernet connectivity to the host processor. The host processor may generally perform any number of functions, such as: device functions such as capturing sensor data from various sensors such as temperature sensors, accelerometer sensors, and position sensors; actuator functions, such as controlling synchronous motors, linear actuators, solenoids, and valves; hybrid functions, such as combining sensor and actuator functions; a human-machine interface function; a data logger function; and a gateway function, for example, connecting a plurality of sensors and actuators by another communication means. The host functions may also include controller functions to control various devices and sensors; a supervision function for setting up and maintaining other elements on the network; and independent subsystem functions.
The use of dual port switches in industrial networking may be typical for at least two reasons. One reason may be to provide daisy chain and ring networking topologies, while another reason is to provide redundancy. Daisy chain networking reduces wiring and installation costs, eliminates dedicated infrastructure switch equipment, provides a familiar installation method, and requires a reduced cabinet footprint, i.e., a reduced number of infrastructure switches. A so-called "ring network" is a network topology in which each node is connected to exactly two other nodes, forming a single continuous path (e.g., a "ring") for signals passing through each node. Data travels from node to node, with each node following a path along which each packet is processed. With the proper network management protocol in the ring topology, the dual port switch provides no loss of functionality at a single point of failure in the network.
As understood by those skilled in the relevant art, switching loops or bridging loops occur in computer networks when there is more than one L2(OSI model) path between two endpoints (e.g., multiple connections between two network switches or two ports connected to each other on the same switch). Since the broadcast and multicast are forwarded by the switches outside each port, the loop creates a "broadcast storm" and one or more switches will repeatedly rebroadcast the broadcast messages of the flooding network. Since the L2 header does not support a time-to-live (TTL) value, a frame can always loop if it is sent into a loop topology. Physical topologies containing switches or bridged loops are attractive for redundancy and reliability reasons, however the switching network must be loop free. One solution is to allow physical loops to create a loop-free logical topology using only the Shortest Path Bridging (SPB) protocol or the older Spanning Tree Protocol (STP) on the network switches.
Proprietary protocols that run on top of standard ethernet networks also require daisy chain or ring topologies as an essential part of their operation. Such protocols include, but are not limited to, PROFINET IRT (class C), Sercos III, EtherNet/IP DLR, HSR (ring redundancy protocol related to substation automation), and ethecrcat. PRP is another redundancy protocol associated with substation automation, requiring two ports, but not operating as a switch.
Those skilled in the art will appreciate that a "failover" is a switchover to a redundant or standby computer server, system, hardware component, or network upon a failure or abnormal termination of a previously active application, server, system, hardware component, or network. The failover and normal switchover are essentially the same operation, except that the failover is automatic and typically operates without warning, while the normal switchover requires manual intervention. HSR nodes have two ports and act as switches (e.g., bridges), which allows them to be arranged in a ring or mesh structure without the need for a dedicated switch. HSR is suitable for applications requiring high availability and short switching times, for example in mission critical environments (e.g. for protection of substations, synchronous drives (e.g. printers) or high power inverters). For such applications, the recovery time of common protocols, such as the Rapid Spanning Tree Protocol (RSTP), is too long. HSR requires hardware support to forward or drop frames in microseconds and allows zero failover time supported by implementation, path redundancy, and frame replication. HSR has the limitation that ring topologies are required to function, while in practical situations other network physical topologies may exist and need to be adapted. Due to this fact, it may be necessary to combine HSR with other technologies and protocols similar to RSTP using the specific topology used to provide some flexibility. While STP/RSTP offers advantages and while it achieves flexibility, the protocol has a reconvergence time that may be above zero in the event of a link failure, and may also have scalability limitations that are governed by the portion of the standard defined as the STP/RSTP diameter. It is therefore an aspect of the present invention to overcome one or more of these limitations by allowing more scalability and partitioning of the network into multiple STP/RSTP domains that operate independently and in such a way that a failure in one domain may not have an impact on the other domains. Segmentation not only helps fault isolation and scalability, but may also help to get better re-convergence time in the affected domain when a fault occurs. The improvement in re-switching time is because the switching can be a function of the size of the domain, and because the domain can be partitioned into smaller domains or sub-domains, better convergence can be achieved with L2 connectivity maintained at all times.
The network control domain is a self-contained control domain within the same L2 network. The network control domain may contain one or more network instances within the same L2 network, where the network instances may be topologically separated.
The connection redundancy protocol may be a network protocol that invalidates redundant paths in the network to avoid undesirable network traffic loops closing and activates the invalid paths to secure network traffic in the network in the event of a network failure. Such connection redundancy protocols may be, for example, Spanning Tree Protocol (STP), such as Rapid Spanning Tree Protocol (RSTP), Media Redundancy Protocol (MRP), media redundancy real-time protocol (MRRT), ethernet ring protection protocol (ERP), ethernet automatic protection switching protocol (EAPS), high availability seamless redundancy protocol (HSR), or Parallel Redundancy Protocol (PRP). Other redundancy protocols at communication layer 1 or 2 may also be used. The HSR network protocol for ethernet provides seamless failover to any network component failure. HSR nodes or devices have two ports and act as switches or bridges, which allows them to be arranged in a ring or mesh structure without the need for a dedicated switch. HSR network protocols are typically used in a ring topology or another mesh topology. A ring network is a network topology in which each device is connected to exactly two other devices, forming a single continuous path for signals passing through each device. Data is propagated from device/node to device/node, where each device/node processes each data packet.
The operation of the network-ready devices (e.g., mobile device, workstation, etc.) may be controlled by various program modules. Examples of program modules are routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. It should be appreciated that the invention may be practiced with other computer system configurations, including multiprocessor systems, microprocessor-based or programmable consumer electronics, network PCS, minicomputers, mainframe computers, and the like. Moreover, the invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote memory storage devices. One skilled in the relevant art will appreciate that the device connections mentioned herein are for illustration purposes only, and that any number of possible configurations and choices of peripheral devices may be coupled to the computer system.
Embodiments of the present invention may be implemented by a software program for processing data by a computer system. One skilled in the relevant art will appreciate that the computer system can be a personal computer, a mobile device, a notebook computer, a server computer, a mainframe, a networked computer (e.g., a router), a workstation, and the like. The program or its corresponding hardware implementation is operable for providing user authentication. In one embodiment, a computer system includes a processor coupled to a bus and a memory coupled to the bus. The memory may be volatile or non-volatile (i.e., transitory or non-transitory) and may include removable storage media. As will be appreciated by those skilled in the relevant art, a computer may also include a display, means for data input and output, and the like.
Some portions of the detailed descriptions which follow are presented in terms of procedures, steps, logic blocks, processing, and other symbolic representations of operations on data bits that can be performed on computer memory. These descriptions and representations are the means used by those skilled in the data processing arts to most effectively convey the substance of their work to others skilled in the art. A procedure, computer-executed step, logic block, process, etc., is here, and generally, conceived to be a self-consistent sequence of operations or instructions leading to a desired result. The operations are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated in a computer system. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like.
It should be appreciated that in establishing a user interface, the taskbar may preferably be at the top of the screen to provide a user interface. Preferably, a textual representation of the task name is presented in the user interface, preferably as a button, and if the display space of the button is limited, the task name can be shortened as desired. The markup buttons with task names preferably operate as a hyperlink type, whereby the user/viewer can immediately switch to the activity, viewing, etc. of each task by selecting the button containing the applicable name from the taskbar. In other words, the user or viewer is redirected by the application program through the hyperlink of the selection tag to the function represented by the task button. Preferably, the task items associated with the currently displayed work unit view may be displayed in different graphical representations (e.g., using different colors, fonts, or highlighting). In a preferred embodiment, a display may be provided with a selectable "X" in the taskbar entry for each task: if the user clicks on "X", their associated task may end and the view of their work cell may be removed. The user interface may be website-based, application-based, or a combination thereof.
It should be borne in mind, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities. Unless specifically stated otherwise as apparent from the following discussions, it is appreciated that throughout the present invention, discussions utilizing terms such as "receiving," "creating," "providing," or the like, refer to the action and processes of a computer system, or similar electronic computing device (including embedded systems), that includes an embedded system that manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage, transmission or display devices.
Those skilled in the relevant art will appreciate that a "bridge protocol data unit" ("BPDU") is a data message transmitted over a local area network to detect loops in a network topology. The BPDUs contain information about ports, switches, port priorities and addresses, and contain information necessary to configure and maintain the spanning tree topology.
One skilled in the relevant art will appreciate that a virtual LAN ("VLAN") is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (e.g., L2). To subdivide the network into virtual LANs, network devices may be configured.
One skilled in the relevant art will appreciate that the term "domain separation" refers to the logical separation of domains in the control plane in relation to convergence protocols including, but not limited to, STP, RSTP, or similar protocols. Data (e.g., L2) connectivity is maintained over domains in the control plane as long as the networks belong to the same L2 data domain. STP/RSTP domain separation requires that multiple domains operate independently from a loop prevention perspective without requiring or requiring the ability to receive BPDUs for other STP/RSTP domains, even though they exist on the same L2 data domain. In mission critical systems, availability and reliability are critical issues for time critical applications, as a malfunctioning communication system may result in interruption of the application, shutdown of the industrial equipment, or collision of vehicles controlled by the industrial equipment. Thus, communication network redundancy is an important feature of mission critical communication systems requiring high availability, particularly those systems that use ethernet-based communications with commercial switches. A key factor of redundant systems is recovery delay in the event of a failure, i.e., the time it takes until the redundant component takes over the role of the failed component. Time critical processes have a certain recovery delay in the order of milliseconds or, preferably, even a seamless recovery invisible to the user. If the delay is too long, an interruption of service may trigger undesirable consequences.
In a ring network, a switching node has two communication ports connected to two adjacent nodes and capable of forwarding frames from one port to the other according to a bridging rule. The switching elements may also be integrated within the node where the source or destination application runs, forming a switching end node. With full duplex links, the ring network can operate in one direction or two directions. As a result, the ring network provides resilience to link failures. The ring protocol, or HSR, is known from the Fiber Distributed Data Interface (FDDI) or token ring for maintaining reliability in a ring topology, while protocols such as RSTP (ieee802.1d) ensure that frames cannot circulate indefinitely in a ring topology or any other topology with redundant links. The ring topology provides cost-effective redundancy in that only one additional link is required to prevent any single link failure. In some cases, other topologies may be more efficient and practical because other topologies may provide flexibility in the topology.
Figure 1 illustrates a preferred embodiment of the present invention. A representative L2 network topology is shown having a
In a preferred embodiment, one or more domain separation devices (see, e.g., fig. 1, which provides
Embodiments of the present invention relate to an HSR-DS device, which may be any network device configured for domain separation in the control plane of an L2 network connecting a first network and a second network, where the second network has multiple network instances (which may be in one of more control domains). In a more preferred embodiment, the HSR-DS device is capable of performing a "domain splitting" logic function (see
In another preferred embodiment, the HSR-DS device may include one or more second "device side" ports (see, e.g.,
As shown in fig. 1, four separate regions, domains, or instances (103, 103', 103", and 103" ') of a
As shown in fig. 1 and 2, a unique second network domain ID or RSTP domain ID may be configured on each HSR-
In a preferred embodiment, the BPDU201 (see FIG. 2) may be carried on an HSR ring identified by or associated with an alphanumeric "logo" or numeric "designation". In a preferred embodiment, the identity may be included in the BPDU 201' (e.g., embedded therein), modified to a BPDU frame or by placing identities from different domains in separate virtual containers. In a preferred embodiment, the sequence number, frame size and path identifier may be appended in a 6 octet HSR identification or header. In the preferred embodiment, STP/RSTP protocol traffic in the form of BPDUs 200' is contained within each domain and is not shared between domains. In a preferred embodiment, the virtual container may be a hidden VLAN used on HSR-DS devices only for domain separation purposes without affecting network traffic.
As shown in fig. 2, in the preferred embodiment, BPDUs 201 are carried on the
Upon receipt from the port 150 ("switch side" as shown in fig. 3), the untagged BPDU200' control network frames may be "identified" with the applicable STP/RSTP domain ID identification as configured on the
Fig. 2 illustrates an embodiment of the invention in which two HSR-
As shown in fig. 3, there is a preferred embodiment that can implement STP/RSTP domain splitting on an HSR ring using HSR-DS devices, where the HSR ring is represented as an STP/RSTP state machine as a
As described above, the STP/RSTP domain generated by BPDU200' from the switch side (
The invention has been described and illustrated with reference to certain preferred embodiments thereof. In the second case of the invention, as shown in fig. 1, it is understood that the invention is not limited to these embodiments. Rather, the invention includes all embodiments which are functional or mechanical equivalents to the specific embodiments and features already described and illustrated.
- 上一篇:一种医用注射器针头装配设备
- 下一篇:用于向自主用户装备(UE)递送警报的系统和方法