Several development directions of isolation control technology in net brake
The gateway is different from the firewall, also differs from the Fortress machine, because the network gate guarantees the internal and external network not to be mutually interworking, in which the isolation control part is realizes this physical isolation the key. Here is a key analysis of some of the current popular technologies:
1. Ferry Exchange Technology
The ferry switch is the most commonly used switching mode of the net brake. In order to maintain the internal and external network of physical isolation, so in connection with the intranet, must be disconnected from the external network, but when connected with the external network, must be disconnected from the intranet. The so-called disconnect is only physical communication of the "high resistance" state or physical blackout, there is no possibility of communication.
In the internal and external network processing Unit has its own buffer space, to store the data files that need to be exchanged, in the isolation and Exchange control unit also has a data exchange area. When the electronic switch C point and a point connect, the Exchange area and the intranet connectivity, at this time and the external network disconnect, the need to exchange data in the intranet to write data exchange area, and read out the data Exchange area from the external network data, complete a ferry. But the electronic switch C point and the B point connect, the Exchange area and the external network connectivity, at this time and the intranet disconnect, the external network needs to exchange the data to write the data exchange area, simultaneously reads out the data Exchange area from the intranet data, completes two times the ferry.
Many manufacturers realize the network Gate of the data exchange of multiple networks, then replace the electronic switch with the Exchange matrix. Data is exchanged in a way that is similar to a data switch, but each network processing unit is only one connection to the data buffer. Because each network unit is connected to only one data exchange area at a time, each data exchange area is connected to only one network unit at a time, so no one time is interconnected. When a network processing unit reads data from a buffer, it reads only from its corresponding buffer and writes the data to the corresponding buffer in the target network.
2, the choice of buffer communication technology
The internal channel and the external interface of the gateway choose different communication technologies, which can both image and completely interrupt the application connection, which is a good choice for blocking the attack. There are three data regions and two internal channels in the gate, and the reasonable choice of communication technology can greatly reduce the possibility of being attacked. NET brake manufacturers generally do not disclose their own way of implementation, privacy helps the safety of the network gate. But most of them are on the internal Channel 2.
Here's a summary of several ways to achieve this:
Methods based on the common communication bus
internal and external interface using industrial control host mode, the host to Exchange data through the PCI bus into PCI card, PCI card has data buffer area, electronic switch is CPLD implementation of the control circuit, control the internal Channel 1 and 2 of the opening and closing. Internal Channel 2 can choose different is the communication bus connection, such as PCI, USB, serial communication, etc., you can also select the network mode, in the figure expressed as a data transmission Special protocol. The figure shows an example of the two area model.
Data buffer storage can choose two-port static memory (Dual port SRAM), so as long as the memory of the two ports on the control, but two switches can not be closed at the same time.