RI-GE-DIODE/RI-10GE-DIODE

Description:

    The application of one way transfer devices are typically in the transfer of data from "low" side ("un-secure") networks to "high" side (secure) networks. In subsequent sections, the description for a high speed one way transfer device (RI-10GE-DIODE) and a lower speed one way transfer device (RI-GE-DIODE) are detailed. The designs for both are similar with the RI-GE-DIODE being Gigabit Ethernet (100MBytes/sec Data rate) and the RI-10GE-DIODE being 10GigE (1GByte/Sec Data rate) interfaces. Both devices are discussed as one design. The only differences being the different use of SFP laser modules, and supporting hardware circuitry to support the different rates. 

    The diagrams above show conceptually the use of the One Way Transfer Diode. In implementation, the One Way transfer Diode has 2 modes of operation. The 1st mode provides for more reliable data transfer than the 2nd mode. The use of the Low Sending Computer and the High Receiving Computer are to host the Diode application software. In reality, both of these computers can be removed from the diagram and the Diode application software moved to machines on the low side and high side networks. The use of the Low Sending Computer and High Receiving Computer in the diagram are simply to show that, if desired, the application software could be hosted on single computers that attach to each network on each side. If desired by the user, the One Way Transfer Diode could be configured once by the application software and put into a mode (mode 2) that would allow it to run without use of the application software as a stand-alone network device.

Operation:

Mode #1

    In the 1st mode, sending and receiving software Application Program Interfaces (API) are used. The low side sending computer contains a software API that allows periodic "check packets" to be sent with the data. In these check packets are packet counters and checksums. When these packets are received by the Diode device the corresponding data is checked against the check packet counters and checksums in order to verify receipt of all packets from the low side network. If there are any errors in the validation of the packet count or checksum, a message is sent back to low side sending computer that the transfer needs to be made again. If all checks are validated then an "ACK" or acknowledge packet is sent back to the low side sending machine to identify that all transfers to the low side of the diode have been completed without error.

With no errors to report, the low side of the Diode passes the data AND check packets generated by the low side API through the Diode and on to the high side receiving computer. Upon receipt of the data and check packets, the receiving computer again checks the data against the check packets and determines if the data is valid. If an error is found, the high side receiving computer sends a message back to the high side Diode that the data is corrupt and needs to be re-transmitted. Upon receipt of the error message, the high side Diode circuitry re-transmits the data. If no error is initially found then the high side computer sends an ACK packet back to the high side circuitry of the Diode.

For the low side, the ability to "turn on" and "the frequency of the check packets" is selectable via the API on the low side sending computer. If the user wishes, these check packets can be sent frequently for all data. For data packets that are less prone to "drop", discard, or are of low importance, the frequency of the check packets can be set low or turned off. The amount of "checking" of the data is at the user's discretion. It can be set on an "as needed" basis. With the API on several machines on the low side network, each network data source can set the amount of data checking to be done.

Finally, it is important to note that the One Way Transfer Diode is truly a "diode". Data packets can be checked at the low side of the diode for correctness when received by the low side Diode interface. Once transferred through the "true diode" connection, these packets can be checked by the receiving high side computer. But, there is NO way to send confirmation back to the low side sending machine that data actually reached the high side computer. The receiving computer will simply only know if the data it received is correct. The receiving computer will have no way of making the low side computer "re-send" data. The most the high side computer can do is request that the high side Diode resend the last data it received through the diode from the low side. Also, the low side has NO way of acknowledging receipt of data by the high side. The low side sending computer can get acknowledges from the low side diode interface that it has received the data intact. But, once the data passes through the true diode circuitry to the high side of the diode there is no communication back to the low side of the Diode that data was received by the high side receiving computer. (See Figure 2 Above)

Mode #2

As briefly stated for the description of Mode #1  the One Way Transfer Diode can operate with check packets turned on or off. Turning the checking packets off places the Diode in true "throughput" mode. In this mode, check packets from a low side source computer are not added to the data packet stream. When these data packets reach the low side Diode interface, no checking of the data is done. The data is simply passed through the true diode circuitry to the high side sending circuitry of the Diode. Once at the high side of the Diode, the data is forwarded to high side receiving computer/network. Since no check packets have been added, the receiving computer/network cannot look for packet drops or data errors. With no check packets to compare against, the high side receiving computer does not send back an acknowledge to the high send sending circuitry of the Diode. This mode of operation would provide the user with less reliability but a significantly higher aggregate throughput of data.

As mentioned for Mode #1, the ability of adding check packets is done through the software API that would reside on low side sending machines. It would be at the user's discretion how much "checking", if any, to add to the data stream. The checking allows for data re-send capabilities between the low side sending computer/network and the low side receiving circuity of the Diode. The checking also allows for data re-send capabilities between the high side sending circuitry of the Diode and the high side receiving computer/network. But, because the One Way Transfer Diode is truly a network "diode" there is no way to acknowledge receipt by the low side computer/network that the high side computer/network actually did receive the data.

The benefit of this is that there is NO physical means of data flowing from high side to low side.

Network Diode Block Diagram

Network Diode Front View-Single Low Side To High Transfer Interface

1u Rack Mount Unit With Single Network Diode, (Optional 2nd Unit Can Be Installed)

Documentation:

            Below is the Network Diode Users Guide.  Incorporated into the User Guide is a 2 page "Quickstart" document for first time users.  The User Guide (and Quickstart) is also available on the software page and bundled into the software/firmware zip package for download.  The User Guide is a comprehensive document for first time and advanced users.   

RI-NetworkDiode-GE User's Guide Version 1.00: RI-Network_DIODE_Users_Guidev1_00.pdf

Software:

            A simple C program is used to program the Rx and Tx hardware via a hosts computer's network port.  A Linux build script is included with the software.   The configuration files rxdiodeusr.cfg and txdiodeusr.cfg are text files that can be edited to reset Primary IP and Target IP addresses.   See the software page for a complete description and a download of the most recent C programs, programming, and configuration files

RI-NetworkDIODE-GE/RI-NetworkDIODE-10GE Features