CN115226100B - Industrial heterogeneous network edge gateway based on 5G - Google Patents

Abstract

Translated fromChinese

本发明提供一种基于5G的工业异构网络边缘网关，涉及工业异构网络技术领域。该边缘网关主要用于跨域异构网络间通信，即本地和远端两个边缘网关下的节点相互通信。本发明所述边缘网关包括设备控制管理模块，网络信息管理模块，协议转换模块以及用户数据控制模块。设备控制管理模块负责建立下游工业节点间的通信关系；网络信息管理模块负责网络安全风险和网络性能参数采集，并为其它模块决策提供数据依据；协议转换模块负责接收和提取工业报文数据以及存储器地址映射，封装和发送报文；用户数据控制模块负责使用基于5G的无线链路和以太网有线链路进行边缘网关间IP帧的冗余传输，以保证工业异构网络间通信的可靠和实时性。

The present invention provides an industrial heterogeneous network edge gateway based on 5G, and relates to the technical field of industrial heterogeneous networks. The edge gateway is mainly used for cross-domain heterogeneous network communication, that is, the nodes under the local and remote edge gateways communicate with each other. The edge gateway described in the present invention includes a device control management module, a network information management module, a protocol conversion module and a user data control module. The device control management module is responsible for establishing the communication relationship between downstream industrial nodes; the network information management module is responsible for network security risk and network performance parameter collection, and provides data basis for other module decisions; the protocol conversion module is responsible for receiving and extracting industrial message data and memory address mapping, encapsulating and sending messages; the user data control module is responsible for using 5G-based wireless links and Ethernet wired links to perform redundant transmission of IP frames between edge gateways to ensure the reliability and real-time communication between industrial heterogeneous networks.

Description

Industrial heterogeneous network edge gateway based on 5G

Technical Field

The invention relates to the technical field of industrial heterogeneous gateways, in particular to an industrial heterogeneous network edge gateway based on 5G.

Background

Industrial internet and industry 4.0 are important ways for manufacturing to achieve digital transformation. Industrial networks are the basis for the industrial internet, and generally consist of industrial field networks and industrial backbone networks. The industrial field network comprises an industrial wireless network and an industrial wired network, and is used for completing information acquisition and decision control of the production process. The industrial backbone is an important hub connecting industrial production sites with the internet. With the continuous development of the next generation internet technology, the application of 5G to the factory backbone network becomes an important development trend.

In order to meet the diversified demands of industrial production, an industrial network is generally formed by mixing various industrial wired and wireless networks in a heterogeneous networking mode. Isomerism is a significant feature of industrial networks. In heterogeneous environments, devices between different networks are not communicated with a protocol conversion device. In addition, control class data in industrial networks requires highly reliable low latency transmission, and protocol conversion efficiency becomes a key factor restricting end-to-end cross-network control. In order to realize efficient protocol conversion, it is proposed to transmit heterogeneous industrial data in the internet, however, when data is transmitted in the internet, delay caused by network fluctuation, attack and the like, packet loss and data leakage are inevitably incurred. Therefore, how to safely and stably transmit industrial heterogeneous network data is an important problem for industrial network development.

Disclosure of Invention

(One) solving the technical problems

Aiming at the defects of the prior art, the invention provides the industrial heterogeneous network edge gateway based on 5G, which can support the efficient intercommunication of the cross-domain industrial heterogeneous network, prevents network attacks by using methods such as identity authentication negotiation, data encryption and the like, and ensures the stability and the efficiency of the cross-domain transmission by using 5G and Ethernet as redundant links.

(II) technical scheme

In order to achieve the purpose, the invention is realized by the following technical scheme that the industrial heterogeneous network edge gateway based on 5G comprises a device control management module, a network information management module, a protocol conversion module and a user data control module;

The equipment control management module is responsible for establishing a communication relationship between downstream industrial nodes, and comprises the following specific working steps:

the method comprises the steps that firstly, a local edge gateway and a remote edge gateway acquire a downstream equipment list through an equipment connection event;

establishing a safety information channel by the local and remote edge gateways through IPSec negotiation, and generating and exchanging keys for subsequent data safety transmission;

Creating a first virtual sub-network device and a second virtual sub-network device through manual setting or file importing modes, wherein the first virtual sub-network device is created by a far-end edge gateway and uses the same protocol with a local edge gateway downstream device;

And fourthly, establishing a communication instance at the local and remote edge gateways, and respectively informing the protocol conversion modules of the edge gateways at the two ends of the communication instance to establish a corresponding protocol conversion process and binding the protocol conversion process to the communication instance.

The network information management module is responsible for collecting network security risks and network performance parameters and providing data basis for decision making of other modules, and mainly comprises the following subfunctions:

1) The configuration of the management gateway port, namely, carrying out frame format and key element value checking on a data frame uploaded by downstream equipment, executing forced disconnection action on the downstream equipment with message error frequency exceeding a threshold value in an edge gateway port, and marking the port as an abnormal state;

2) The network performance analysis comprises periodically counting the communication performance parameters of the edge gateway and the downstream equipment, including throughput, packet loss rate and delay, and periodically calculating the communication quality Q_5G of the 5G link and the communication quality Q_ETH of the Ethernet link, wherein the calculation method of the link communication quality Q_link is as follows:

Wherein,And sigma_RTT are the mean value and the variance of round trip time of a plurality of ICMP frames in continuous time in a link respectively, LOSS is the packet LOSS rate of the ICMP frames, w_{a_delay}、w_{v_delay}、w_{r_loss} is the weight of three indexes, w_{a_delay} represents throughput, w_{v_delay} represents delay, and w_{r_loss} represents packet LOSS rate.

The protocol conversion module is responsible for receiving and extracting industrial message data and memory address mapping, packaging and sending messages, and respectively creating corresponding protocol conversion processes on a local edge gateway and a remote edge gateway through a communication instance established by the equipment control management module, and classifying the priorities of the messages received from downstream, specifically, classifying the data into three priorities from high to low through interface identification of downstream industrial equipment and matching of functional code word segments of data frames:

Processing command frames of network management control and emergency alarm for process data, general data and non-emergency alarm data of industrial automatic production monitoring;

the data needing protocol conversion sequentially enter a corresponding protocol conversion process waiting area according to the data priority, and the data waiting for overtime temporarily increases the data priority in the process, so that the data with low data priority is prevented from being processed all the time;

The protocol conversion process maps addresses and values among industrial protocols to be converted and uses a protocol stack of the corresponding virtual subnet device to package and send data.

The user data control module is responsible for carrying out redundant transmission of IP frames between edge gateways by using a wireless link based on 5G and an Ethernet wired link so as to ensure the reliability and real-time performance of communication between industrial heterogeneous networks, wherein the redundant transmission simultaneously uses the 5G link and the Ethernet link as physical transmission links, a sender adds a data packet serial number at the beginning of an IP frame load, and then uses a secret key generated by the equipment control management module to encrypt data during transmission by applying an AES-256 algorithm;

The receiving party receives the data of the 5G link and the Ethernet link in parallel, selects one link as a main link, only processes the data frame received from the main link, and reads the data with the same serial number from the standby link to replace when the data frame transmitted by the main link is lost, disordered and checked in error;

the transmission is performed using the ethernet link as a primary link, and when Q_5G is greater than Q_ETH for 5 periods, the 5G link is switched to the primary link and the ethernet link is switched to the backup link.

(III) beneficial effects

The invention provides an industrial heterogeneous network edge gateway based on 5G. The beneficial effects are as follows:

1. the invention uses the technologies of equipment identity authentication, data encryption and the like to protect data communication, and can prevent industrial data from being attacked or stolen during open network transmission.

2. The invention classifies the data by using the priority marking method, thereby providing network resources and storage operation resources of the industrial heterogeneous network edge gateway. Therefore, when the data cross-network communication frequency is higher, the real-time and reliability of the transmission carrying the important production element information are preferentially ensured, and the stable operation of an industrial system is further ensured.

3. The invention uses two redundant physical links to transmit the cross-network data, and establishes a reasonable backup link compensation mechanism and a main-backup link switching mechanism, when one link has occasional data disorder and packet loss, the backup link data can be immediately called for replacement, thereby greatly reducing the influence caused by occasional transmission errors. The reliability of cross-network fusion of the heterogeneous network is enhanced.

Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objects and other advantages of the invention may be realized and obtained by means of the instrumentalities and combinations particularly pointed out in the specification.

Drawings

Fig. 1 is a schematic diagram of an edge gateway function module of an industrial heterogeneous network based on 5G according to the present invention;

Fig. 2 is a schematic diagram of an edge gateway of an industrial heterogeneous network based on 5G according to the present invention;

FIG. 3 is a diagram of a data transmission path between an edge gateway and an industrial node of an industrial heterogeneous network based on 5G according to an embodiment of the present invention;

Fig. 4 is a schematic diagram of a data mapping area in an edge gateway protocol conversion process of an industrial heterogeneous network based on 5G according to the present invention.

Detailed Description

Other advantages and effects of the present invention will become apparent to those skilled in the art from the following disclosure, which describes the embodiments of the present invention with reference to specific examples. The invention may be practiced or carried out in other embodiments that depart from the specific details, and the details of the present description may be modified or varied from the spirit and scope of the present invention. It should be noted that the illustrations provided in the following embodiments merely illustrate the basic idea of the present invention by way of illustration, and the following embodiments and features in the embodiments may be combined with each other without conflict.

Fig. 1 shows a schematic diagram of an edge gateway function module of an industrial heterogeneous network based on 5G, where the edge gateway architecture includes a device control management module, a network information management module, a protocol conversion module, and a user data control module. The device control management module is responsible for establishing a communication relation between downstream industrial nodes, the network information management module is responsible for network security risk and network performance parameter acquisition, data basis is provided for decision making of other modules, the protocol conversion module is responsible for receiving and extracting industrial message data and memory address mapping, packaging and sending messages, and the user data control module is responsible for carrying out redundant transmission of IP frames between edge gateways by using a 5G-based wireless link and an Ethernet wired link so as to ensure reliability and instantaneity of communication between industrial heterogeneous networks.

Fig. 2 shows a schematic diagram of an industrial heterogeneous network edge gateway based on 5G according to the present invention, in which two industrial protocols to be converted are controlled and configured by a gateway configuration, the gateway collects network characteristics and industrial data characteristics of the protocols at both sides, and necessary data are analyzed by a corresponding analysis module and provided to a security module and the gateway configuration, so as to optimize gateway protocol conversion and data transmission. In addition, the conversion strategy can be optimized by analyzing the protocol conversion model.

Example 1:

and the Modbus-TCP master station is used for controlling the CANopen slave station servo motor.

Fig. 3 is a data transmission path diagram of an edge gateway of a heterogeneous network and an industrial node, in which two nodes in different network areas need to indirectly convert through the edge gateway of each area, taking a mechanical arm of a Modbus-TCP master station upper computer for controlling a CANopen slave station protocol as an example, a Modbus-TCP master station node sends data to the edge gateway of the local area, then the gateway packages the data into an IP frame and transmits the IP frame to the edge gateway at a far end through an Ethernet and 5G, and the edge gateway at the far end analyzes the data packet and converts the protocol, and then forwards the data packet to the CANopen slave station by using a virtual sub-network node.

The specific operation steps are as follows:

s1, configuring virtual node communication parameters of Modbus-TCP and CANopen of a gateway, wherein an edge gateway directly connected with the CANopen is configured:

Edge gateway configuration for direct connection Modbus-TCP:

and S2, configuring a Modbus-TCP master station and a CANopen slave station, wherein the Modbus-TCP master station is replaced by Modbus master station software. The CANopen slave station is configured using special configuration software. In this example, the servo motor needs to be controlled, so that a PDO communication mode with higher real-time performance in the CANopen protocol is used. The PDO parameter configuration comprises the following steps:

I.e. the data that CANopen needs to receive are the control word, the speed and the mode three parameters.

S3, using Modbus poll software to configure parameters of the servo motor of the CANopen slave station:

firstly, configuring Modbus master station parameters:

Slave station ID	Function	Address	Quantity	ScanRate(ms)
					5	03 Read hold register	750	10	1000

The parameters that want to be configured are then written to the address:

for this example, it is necessary to write the control word 0x0F00 in the first register, then the speed values in the second and third registers, and the speed control pattern 0x0300 in the fourth register.

After the operation, the CANopen slave station servo motor under the gateway at the other end can rotate according to the set speed.

After the operation, the gateway comprises the following internal working steps:

s1, edge gateways on two sides acquire keys used in data transmission among gateways through an identity authentication and negotiation mechanism. The communication channel between the Modbus-TCP node and the CANopen node is opened.

And S2, the Modbus-TCP virtual slave node in the edge gateway receives a register writing instruction sent by Modbus poll.

And S3, analyzing the Modbus-TCP message by the edge gateway, firstly extracting the characteristic information such as IP, equipment ID and the like, simultaneously sampling the flow of the port of the gateway running the Modbus-TCP protocol, and sending the acquired data characteristics into a priority classification model together to obtain the priority of the data frame.

S4, the edge gateway reads the register value information transmitted by the message, stores the register value information into the shared data area, and simultaneously stores the information of the read-write attribute, the data frame priority, the data updating mode and the like of the data area.

And S5, converting the protocol into a CANopen format by the edge gateway protocol conversion process according to a mapping table, including address and index conversion, and filling the data mapping area. A specific data mapping area structure is shown in fig. 4.

And S6, the edge gateway of the side sends the packed data load to a corresponding port of the far-end edge gateway through the Ethernet card and the 5G wireless module and marks the same data sequence number.

And S7, the transmitting submodule reads the complete entry of the shared data area, constructs an Ethernet data frame and a 5G data frame according to the content contained in the entry, constructs a transmitting queue according to the priority information, and simultaneously transmits the transmitting queue to the gateway of the receiving end through the Ethernet card and the 5G module. The receiving sub-module periodically interacts with the edge gateway of the transmitting end with the ICMP frame to calculate the link delay, and selects the link with higher communication quality as the channel for receiving and processing data. In order to ensure that the main link is not frequently switched, a timeout is set, and switching is performed when the currently selected main link has a higher delay. And finally, the receiving sub-module analyzes the received data frame and transmits the data frame to the corresponding virtual sub-network node.

And S8, the virtual CANopen master station node of the gateway on the CANopen side packs the data information into a CANopen packet and sends the CANopen packet to the servo motor of the CANopen slave station.

Finally, it is noted that the above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made thereto without departing from the spirit and scope of the present invention, which is intended to be covered by the claims of the present invention.

Claims (1)

Translated fromChinese

1.一种基于5G的工业异构网络边缘网关，其特征在于，包括设备控制管理模块、网络信息管理模块、协议转换模块以及用户数据控制模块；1. A 5G-based industrial heterogeneous network edge gateway, characterized by comprising a device control management module, a network information management module, a protocol conversion module and a user data control module;所述设备控制管理模块负责建立下游工业节点间的通信关系；所述设备控制管理模块，具体的工作步骤：The equipment control management module is responsible for establishing the communication relationship between downstream industrial nodes; the equipment control management module has the following specific working steps:步骤一：本地和远端的边缘网关通过设备连接事件获取下游设备列表；Step 1: The local and remote edge gateways obtain the downstream device list through device connection events;步骤二：本地和远端的边缘网关通过IPSec协商建立安全信息通道，并生成和交换用于后续数据安全传输的密钥；Step 2: The local and remote edge gateways establish a secure information channel through IPSec negotiation, and generate and exchange keys for subsequent secure data transmission;步骤三：通过手动设置或文件导入方式创建第一虚拟子网设备和第二虚拟子网设备，其中，第一虚拟子网设备由远端边缘网关创建，并与本地边缘网关下游设备使用相同协议；第二虚拟子网设备由本地边缘网关创建，并与远端边缘网关下游设备使用相同协议；Step 3: Create a first virtual subnet device and a second virtual subnet device by manual setting or file import, wherein the first virtual subnet device is created by the remote edge gateway and uses the same protocol as the downstream device of the local edge gateway; the second virtual subnet device is created by the local edge gateway and uses the same protocol as the downstream device of the remote edge gateway;步骤四：在本地和远端的边缘网关建立通信实例，并分别通知两端边缘网关的协议转换模块创建对应的协议转换进程并绑定到通信实例上；Step 4: Establish communication instances at the local and remote edge gateways, and notify the protocol conversion modules at both ends of the edge gateways to create corresponding protocol conversion processes and bind them to the communication instances;所述网络信息管理模块负责网络安全风险和网络性能参数采集，为其它模块决策提供数据依据；所述网络信息管理模块，主要包含以下子功能：The network information management module is responsible for collecting network security risks and network performance parameters, and provides data basis for decision-making of other modules; the network information management module mainly includes the following sub-functions:1)管理网关端口配置：对下游设备上传的数据帧进行帧格式以及关键要素取值核查，对于边缘网关端口中报文出错频率超过阈值的下游设备执行强制掉线动作，并将此端口标记为异常状态；1) Management gateway port configuration: Check the frame format and key element values of the data frames uploaded by the downstream devices, and perform forced disconnection actions on the downstream devices whose message error frequency in the edge gateway port exceeds the threshold, and mark this port as abnormal;2)网络性能分析：周期性统计边缘网关与下游设备通信性能参数，包括吞吐量、丢包率、延迟，以及周期性计算5G链路的通信质量Q_5G和以太网链路的通信质量Q_ETH，链路通信质量Q_link的计算方法是：2) Network performance analysis: Periodically count the communication performance parameters between the edge gateway and downstream devices, including throughput, packet loss rate, and latency, and periodically calculate the communication quality of the 5G link Q_5G and the communication quality of the Ethernet link Q_ETH . The calculation method of the link communication quality Q_link is:其中，和σ_RTT分别为链路中连续时间内多个ICMP帧的往返时间的均值和方差，LOSS为ICMP帧的丢包率，w_{a_delay}、w_{v_delay}、w_{r_loss}为三个指标的权值，w_{a_delay}代表吞吐量、w_{v_delay}代表延迟、w_{r_loss}代表丢包率；in, and σ_RTT are the mean and variance of the round-trip time of multiple ICMP frames in the link in a continuous time, respectively. LOSS is the packet loss rate of ICMP frames. w_{a_delay} , w_{v_delay} , and w_{r_loss} are the weights of the three indicators. w_{a_delay} represents throughput, w_{v_delay} represents delay, and w_{r_loss} represents packet loss rate.所述协议转换模块负责接收和提取工业报文数据以及存储器地址映射，封装和发送报文；所述协议转换模块通过所述设备控制管理模块所建立的通信实例在本地和远端边缘网关上分别创建对应协议转换进程，对从下游接收到的报文进行优先级分类，具体是通过对下游工业设备进行接口识别，以及数据帧的功能码字段匹配来将数据从高到低分为三个优先级：The protocol conversion module is responsible for receiving and extracting industrial message data and memory address mapping, encapsulating and sending messages; the protocol conversion module creates corresponding protocol conversion processes on the local and remote edge gateways respectively through the communication instance established by the device control management module, and classifies the priority of the messages received from the downstream. Specifically, the data is divided into three priorities from high to low by identifying the interface of the downstream industrial equipment and matching the function code field of the data frame:处理网络管理控制与紧急告警的命令帧，用于工业自动化生产监控的过程数据，一般数据和非紧急的报警数据；Processing network management control and emergency alarm command frames, process data for industrial automation production monitoring, general data and non-emergency alarm data;需要进行协议转换的数据依照此数据优先级依次进入对应协议转换进程等待区，等待超时的数据会在此过程中暂时提高数据优先级，防止低数据优先级数据一直得不到处理；The data that needs to be converted into a protocol will enter the corresponding protocol conversion process waiting area in sequence according to the data priority. The data that has timed out will temporarily increase its data priority during this process to prevent low-priority data from not being processed.协议转换进程在需要进行转换的工业协议之间进行地址和数值映射并使用对应虚拟子网设备的协议栈进行数据封装与发送；The protocol conversion process performs address and value mapping between industrial protocols that need to be converted and uses the protocol stack of the corresponding virtual subnet device to encapsulate and send data;所述用户数据控制模块负责使用基于5G的无线链路和以太网有线链路进行边缘网关间IP帧的冗余传输，以保证工业异构网络间通信的可靠和实时性；冗余传输同时使用5G链路和以太网链路作为物理传输链路，发送方在IP帧负载的开头加入数据包序列号，然后在发送时使用设备控制管理模块产生的密钥应用AES-256算法对数据进行加密；The user data control module is responsible for redundant transmission of IP frames between edge gateways using 5G-based wireless links and Ethernet wired links to ensure the reliability and real-time communication between industrial heterogeneous networks; redundant transmission uses both 5G links and Ethernet links as physical transmission links, and the sender adds the data packet sequence number to the beginning of the IP frame payload, and then uses the key generated by the device control management module to encrypt the data using the AES-256 algorithm when sending;接收方并行接收5G和以太网链路的数据，并选举出其中一条链路作为主要链路，只处理从主要链路接收到的数据帧，当主要链路传输的数据帧出现丢失、乱序、校验错误时，从备用链路读取同序列号的数据作为替代；The receiver receives data from 5G and Ethernet links in parallel, selects one of the links as the primary link, and only processes data frames received from the primary link. When data frames transmitted by the primary link are lost, out of order, or have a check error, data with the same sequence number is read from the backup link as a replacement.使用以太网链路作为主要链路进行传输，当5个周期内的Q_5G都大于Q_ETH时，5G链路切换为主要链路，以太网链路切换为备用链路。The Ethernet link is used as the primary link for transmission. When Q_5G is greater than Q_ETH within 5 cycles, the 5G link is switched to the primary link and the Ethernet link is switched to the backup link.