The D517 is a secure Ethernet-to-Ethernet gateway. The integrated firewall implements a design-time configurable packet filter.
Most settings can be managed by a configuration file. This configuration file is stored in the internal flash memory. The packet filter configuration may be frozen for series production (i.e. the serial interface is completely disabled). There are two Ethernet interfaces, a serial interface and a JTAG interface for software update and debugging purposes. The Ethernet interfaces comply to IEEE 802.3.
The D517 is designed for harsh rolling stock environment and complies with the EN 50155 / EN 50121 / EN 61373 standards, e.g. by:
- -40 to +70°C operating temperature
- coating against humidity
- enhanced EMI and vibration robustness
The gateway is integrated in a stainless-steel housing that is mounted on a DIN rail. The device is powered directly from the vehicle battery supporting voltages ranges from 24 V up to 110 V.
The Packet Filter extracts the header fields of the incoming Ethernet frames, e.g. IP addresses, port numbers, etc. The extracted fields are checked against predefined filter rules that are stored within an on-chip memory. If the frame fulfills any of the filter rules, the packet is forwarded. Otherwise, the packet is dropped. In the case the packet matches one of the filter rules and is IP-fragmented, it is stored in the External Memory. A separate bare-metal CPU (i.e. does not run an operating system) handles the IP-fragmented packets.
The Config CPU that is equipped with a real-time OS (RTOS) brings the necessary infrastructure for the maintenance application that handles the serial interface, the JTAG interface and the access to the External Flash. The RTOS is not involved in the packet filtering functionality.
The Ethernet interfaces are galvanically isolated from the internal logic and from each other.
The JTAG and Serial (SER) interfaces are for maintenance purposes only and must not be used during regular operation. The Serial interface may be disabled if needed.