Design And Research Of Optical Network Terminal Data Isolation Device Based On FPGA

As one of the main carriers of railway information transmission,railway optical transport network shoulders the responsibility of ensuring efficient,stable and safe operation of trains.With the increasing scale of network and the deepening of information sharing,its security problems are becoming increasingly serious.Therefore,on the premise of ensuring that the transmission efficiency of the railway optical network is not degraded,it is very important to further improve the security of the railway optical network and enhance the ability of network terminal equipment to resist attacks for ensuring the safe operation of the railway system.However,at present,the development speed of railway optical network security technology can’t keep up with the expansion trend of its network scale,and there are still some potential safety hazards in the security protection measures based on private network protection.Based on the above background,this thesis analyzes and compares the existing terminal isolation technologies from the perspective of protecting network terminal equipment,and finally decides to realize the physical isolation of network terminals around unidirectional transmission control.In this thesis,the functional requirements are analyzed according to the actual usage of optical network,and a data isolation platform for optical network terminals based on FPGA is designed.The platform uses one-way transmission control to restrict the active connection initiated by the network;Using the characteristics of FPGA parallel processing,the high efficiency and reliability of data transmission are guaranteed;The hardware board running independently of the network terminal system is adopted to avoid forced cracking at the software level;A stripping and filtering mechanism for communication protocols is designed,which can identify data packets from illegal sources and prevent attacks hidden in the header of protocols.The platform uses SFP+optical module to realize photoelectric conversion and has PCIE interface,which can be placed at the network access of optical network terminals to isolate and filter the communication data of network terminals.In this thesis,the hardware design and some application logic design of the isolation platform are carried out.A one-way high-speed transparent transmission communication model is designed,and the high-speed one-way transmission and control of the FPGA platform are realized by using Vivado software and Verilog language.In FPGA,AXI4-Stream bus is used to complete the efficient transmission of information.RS forward error correction coding is used to improve the communication quality.At the same time,in order to make up for the slow processing rate of RS coding and decoding,a multi-level RS coding and decoding parallel processing method is designed.After verification,the data can be distributed and recovered normally and the bit error rate is indeed reduced.A unidirectional isolated communication model is constructed,and the key parts such as MAC address filtering are planned and designed.Finally,a self-loop test platform is built,and the internal signals of FPGA are observed by Vivado integrated logic analyzer to verify the reliability of hardware design and the rationality of logic design.In terms of functional testing,PCIE,optical fiber interface and other data transmission functions are normal;The data distribution and reorganization of the independently designed RS encoding and decoding module are correct,and the overall function meets expectations.In terms of performance test,the actual on-board test found that the overall throughput rate is about 8.64 Gbps,and the bit error rate is lower than10^-10,which meets the relevant design requirements.Tests show that the optical network data terminal isolation platform designed in this thesis realizes one-way transmission control of intranet equipment at the hardware level under the premise of ensuring high speed and high throughput.It effectively realizes the control and review of data flowing into network terminal equipment,can be used as the basis for building railway optical network system isolation,and plays a positive role in improving railway optical network security.