Separating different train communications networks or zones, retrofitting existing vehicles by adding new functionalities/devices and installing secure communication networks for improved diagnostic monitoring and maintenance.
Typical applications include:
- Retrofitting legacy communication systems using railway field buses like MVB, WTB, serial or CAN, real-time Ethernet protocols like TRDP, CIP, IPTCom, PROFNET or custom protocols as required by the customer.
- Providing train operators with secure train communication networks and solutions for monitoring, diagnostic and condition-based maintenance.
- Network separation of train communication networks with operational cybersecurity software in a secure Ethernet-to-Ethernet gateway with integrated firewall
As the leader in the field of secure communication and control solutions for the rolling stock market, we also offer gateways to convert any protocol that is commonly used on board of a train, into another one. Fieldbuses include WTB, ETB, MVB, Ethernet, serial (RS232, RS422, RS485), CAN, HDLC, Modbus, PROFIBUS, LoRaWAN, CurrentLoop, LON, FIP. This can be enhanced by leading edge security features to protect network and subsystems from cybersecurity threats like hacker attacks.
Network connection for retrofit
Gateways can be used to retrofit existing train communication networks based on legacy fieldbuses, to integrate existing devices into a retrofitted network, or to integrate retrofitted devices into an existing network.
This is necessary if the existing hardware cannot meet the necessary requirements. For example: if the required TCN interface is not available on the subsystem or is not fully compliant, if there is no slot for the interface card on the hardware platform or if the hardware resources of the subsystem controller are insufficient (CPU, memory).
Also, implementing the software to fulfil the required functionality is quite complex with real-time communication stack and additional ETH protocols), maintenance services and cybersecurity requirements.
This application example shows the connection of the radio system (MVB) to the existing real-time Ethernet control network retrofit.
In this retrofit project, a legacy radio communication system is replaced by a new Train Radio System with an MVB interface. The D503 gateway was used to connect the new radio system with MVB to the existing Ethernet.
One of the advantages of using a gateway, compared to other possible solutions such as new hardware development, software implementation or recertification, is the relatively low effort, thus saving time and costs.
Monitoring and Diagnostics
Another common application of gateways is monitoring and diagnostics. This includes passive monitoring of the train network (e.g., MVB read-only), data logging, condition-based maintenance, and access to train communication networks for diagnostic and maintenance purposes via train operator or IT networks.
In this project, train operation was monitored by installing the D503 MVB read-only gateway to sniff and log all process data transmitted via the MVB. The data is transferred to a computer via Ethernet (UDP) and stored there. The data can then be transferred to the offshore IT infrastructure via cellular network (e.g. preventive maintenance, diagnostics).
The D503 is available as a platform to build a customer-specific application or as gateway with a standard configurable gateway application. The platform variant is accompanied by a development library that enables fast and efficient design of customer-specific applications.
Interconnection of train communication networks
The connection of train communication networks can require protocol translations between two coexisting networks with different protocols, critical systems (e.g. SIL) such as CBTC or fire protection, communication between Consist network and subnetworks, and communication between train backbone and Consist network (part of the train backbone node).
For this project, the D517 gateway was used as a firewall, or packet filter between vital and the non-vital networks like the Passenger Information System (PIS) and CCTV systems which are open networks, and therefore vulnerable to attacks. Other similar application scenarios are possible (e.g. cascading two firewalls for diversity).
The D517’s hardware is based on the well-known and proven D50X series. The gateway implements a bi-directional packet filter, which is implemented in FPGA logic. Up to 100 filter rules can be defined by the user (IP address, protocol, port number, etc.). Non-fragmented IP packets are handled entirely by the FPGA logic, while IP-fragmented packets are handled by the soft-core processor. The serial interface (CLI) used for configuration can be disabled, if required. The simple and robust hardware and software design of the D517 and its fixed filter configuration provide a clear advantage in terms of cybersecurity.
at duagon we have a wide range of standard products ready for use, and our products can all be customized for use in a specific application environment.
Our gateways are fully configurable and can be freely programmed for specific applications. Contact our engineering team to support you in building your system and configuring your application.
Our sales team is also available to provide more specific information about our standard hardware range, our software technology, the required standards and certifications, and, together with our team of engineers, developing the optimal solution to your specific application requirements.