Somerdata AROW Series Programming manual
AROW Series
Data Diode
INSTALLATION AND OPERATION
Applicable Products
AROW Data Diode All Models
Part Number: AROW-0610,
AROW-0510
AROW-0520
Document Reference
AROW-MAN-0601
Publication Date
January 2019
Published by
Somerdata Ltd.
Underwood Business Park
Wells
BA5 1AF
UK
Sales & Customer Support
Phone: +44 (0)1179 634050
E-Mail: [email protected]
Website: www.somerdata.com
AROW Series Data Diode
Installation and Operation
AROW Series Data Diode
Installation and Operation
Revision History
Issue
Date
Notes
6
August 2017
Change of contact details, troubleshooting
additions
5
May 2015
Front panel indicators clarification, V1R7
firmware additions, buffer overrun TCP reset
4
Nov 2014
UDP, Multicast information added, typo
corrections V1R6 firmware onwards
3
Jul 2013
Gateway address information added, socat
UDP example added
2
10 Jan 2013
Added LED functionality from firmware V1R3
Removed 4 byte transfer limitation
Added redundancy functionality,
characterisation and mechanism description
1
15 Aug 2012
Initial Issue
AROW Series Data Diode
Installation and Operation 1-1
CONTENTS
1. INTRODUCTION 1-1
WHAT’S IN THIS USER GUIDE 1-1
USER GUIDE AVAILABILITY 1-2
2. PRODUCT DESCRIPTION 2-1
INTRODUCTION 2-1
BLOCK DIAGRAM 2-1
3. INSTALLATION 3-1
PREPARATION 3-1
PHYSICAL INSTALLATION 3-2
CONNECTIONS 3-2
FIT SFP MODULES 3-2
RECORD MACADDRESSES 3-3
NETWORK CONNECTIONS 3-3
CONNECT POWER 3-3
NETWORK REQUIREMENTS 3-3
CONTROL NETWORK CONNECTIONS 3-4
4. CONFIGURATION 4-1
INTRODUCTION 4-1
SETTING THE CONTROL PORT IP ADDRESS 4-1
SETTING THE DATA PORT IP ADDRESS 4-2
5. OPERATION 5-1
INTRODUCTION 5-1
LOW SIDE 5-2
HIGH SIDE 5-3
UDP OVER SOCAT 5-3
UDP/MULTICAST DATA 5-4
LINUX UDP EXAMPLE: 5-5
FILE TRANSFER SOFTWARE 5-5
PERFORMANCE CHARACTERISATION 5-5
THROUGHPUT 5-5
BUFFER OVERRUNS (TCP DATA) 5-6
AROW Series Data Diode
Installation and Operation 1-2
6. CONNECTORS AND INDICATORS 6-1
INTRODUCTION 6-1
NETWORK INTERFACE MODULE SLOTS 6-2
CONNECTORS 6-4
ACPOWER INLET 6-4
CONTROL ETHERNET CONNECTOR 6-4
DATA ETHERNET 6-5
REAR PANEL INDICATORS 6-5
POWER INDICATORS 6-5
FULLY-REDUNDANT SYSTEMS 6-5
DUAL AND SINGLE SYSTEMS 6-5
CONTROL ETHERNET CONNECTOR 6-6
DATA AND SYSTEM INDICATORS 6-7
FRONT PANEL INDICATORS 6-8
POWER LEDS6-8
STATUS LEDS –REDUNDANT SYSTEMS 6-9
7. REDUNDANCY FEATURES (AROW-0610 ONLY) 7-1
INTRODUCTION 7-1
FAILURE CONDITIONS 7-1
LOSS OF GIGABIT ETHERNET LINK 7-1
LOSS OF POWER (CATASTROPHIC MODULE FAILURE) 7-1
WATCHDOG TIMEOUT (FUNCTIONAL MODULE FAILURE) 7-2
LOSS OF OPTICAL CONNECTIVITY 7-2
FAILOVER MECHANISM 7-2
LOSS OF GBE LINK 7-4
MODULE FAILURE 7-4
LOSS OF OPTICAL LINK 7-5
AC/DCCONVERTER FAILURE 7-6
8. CONTROL AND STATUS REFERENCE 8-1
INTRODUCTION 8-2
CONNECTING TO AROW’S CONTROL AND STATUS PORT 8-2
PROTOCOL 8-2
COMMANDS 8-3
AROW Series Data Diode
Installation and Operation 1-3
STATUS REQUESTS 8-4
CONTROL AND STATUS PYTHON SCRIPT 8-5
SETTING THE DATA PORT IP ADDRESS 8-5
RESETTING THE TCP STACK. 8-6
CONTROL AND STATUS MESSAGE FORMAT 8-7
MEMORY MAP 8-7
REGISTERS 8-8
SYSTEM REGISTERS 8-8
TCP/IP STACK REGISTERS 8-10
MAC CORE REGISTERS 8-14
9. FIRMWARE UPDATE 9-1
INTRODUCTION 9-1
BEFORE YOU BEGIN 9-1
TOOLS 9-1
ACCESSING THE PROGRAMMING PORTS 9-2
REMOVE TOP COVER 9-2
LOCATE PROGRAMMING PORTS 9-3
APPLY POWER 9-3
PROGRAMMING THE FLASH MEMORY 9-4
WINDOWS 9-4
LINUX 9-7
FIRMWARE UPDATE:FINISHING 9-8
CHECK FIRMWARE UPDATE HAS BEEN APPLIED 9-8
SECURE TOP COVER 9-8
10. TROUBLESHOOTING 10-1
BASICS 10-1
FIBRE CONNECTORS 10-1
ADVANCED PROBLEMS 10-2
11. SPECIFICATIONS 11-1
INTRODUCTION 11-1
PHYSICAL 11-2
DIMENSIONS 11-2
ENVIRONMENTAL 11-2
AROW Series Data Diode
Installation and Operation 1-4
TEMPERATURE (OPERATING) 11-2
TEMPERATURE (STORAGE) 11-2
RELATIVE HUMIDITY (OPERATING) 11-2
SHOCK AND VIBRATION 11-2
POWER 11-2
SUPPLY 11-2
CONNECTOR 11-2
CONSUMPTION 11-2
CONTROL AND STATUS PORT 11-3
DATA PORT 11-3
COPPER GIGABIT ETHERNET SFP MODULE 11-3
FIBRE GIGABIT ETHERNET SFP MODULE (OPTIONAL) 11-3
USB PROGRAMMING INTERFACE COMPATIBILITY 11-3
12. SUPPORT 12-1
WHAT TO DO IF YOU HAVE A PROBLEM 12-1
SERVICING,MAINTENANCE AND REPAIRS 12-1
IF YOU NEED SUPPORT 12-1
SUPPORT REQUESTS 12-2
RETURNS 12-2
SOMERDATA CONTACT INFORMATION 12-3
END-OF-LIFE DISPOSAL 12-4
WASTE ELECTRICAL &ELECTRONIC EQUIPMENT (WEEE) 12-4
13. WARRANTY 13-1
INTRODUCTION 13-1
WARRANTY:TERMS AND CONDITIONS 13-1
14. NOTICES 14-1
IN THIS SECTION 14-1
GENERAL INFORMATION 14-1
SOMERDATA AND THE ENVIRONMENT 14-2
CURRENT COMPLIANCE ACTIVITIES 14-2
RESTRICTION OF USE OF HAZARDOUS SUBSTANCES (ROHS) 14-2
DECLARATION OF CONFORMITY 14-4
AROW Series Data Diode
Installation and Operation 1-5
15. INDEX 15-1
AROW Series Data Diode
Installation and Operation 1-1
1. INTRODUCTION
In this Section
WHAT’S IN THIS USER GUIDE 1-1
USER GUIDE AVAILABILITY 1-2
What’s in this User Guide
This User Guide covers SomerData’s AROW Advance Reliable
Optical Wormhole Data Diode.
Section 2 –PRODUCT DESCRIPTION gives an overview of your
unit’s capabilities and features.
Section 3 –INSTALLATION decribes the process of physically
installing AROW.
Section 4 –CONFIGURATION describes the process of configuring
AROW for orperation
Section 5 –OPERATION describes how to use AROW.
Section 6 –CONNECTORS AND INDICATORS describes
connection, switch and indicator functions.
Section 7 –CONTROL AND STATUS describes the availabe
software controls and stataus registers.
Section 8 –FIRMWARE UPDATE describes the Process of updating
the firmware that runs AROW.
Section 9 –SPECIFICATIONS describes AROW's .
Section 10 –SUPPORT describes the procedure and contact details
for obtaining customer support on this product.
Section 11 –WARRANTY your rights and obligations in support of
this product.
Section 12 –NOTICES statutory documentation and certificates.
Section 13 –INDEX
AROW Series Data Diode
Installation and Operation 1-2
User Guide Availability
Printed copies of Hardware and Software User Guides are supplied
with the original products on request.
Additional printed copies, including the Programmer’s Reference
Guide can be supplied on request. Please contact your local supplier
or SomerData for ordering details.
Electronic copies (Adobe Acrobat files) are included on the
SomerData electronic delivery medium that is supplied with the
original products.
The User Guide library, which also includes product data sheets, can
be accessed by browsing the \Documents\ folder for the required
document.
Additional and updated copies are available through our website. or
can be supplied on request. Please contact your local supplier or
SomerData for ordering details.
AROW Series Data Diode
Installation and Operation 2-1
2. PRODUCT DESCRIPTION
In this Section
INTRODUCTION 2-1
BLOCK DIAGRAM 2-1
Introduction
AROW is a 1U rack mountable high availability, IPv4 based
Gigabit Ethernet uni-directional network access device (Data
Diode). TCP, UDP and Mulitcast protocols are supported
natively.
Internal simplex optical links between the unsafe nework (dirty)
and the secure and restricted network (clean) ensure a reliable
data link in one direction and guarantees no reverse data path.
AROW may be supplied in any of 3 basic configuations –single
channel, dual channel or high-availability redundant single-
channel.
Plug-in data interfacing allows connections to RJ-45 Copper
Gigabit Ethernet and/or Optical Fibre Gigabit Ethernet.
Block diagram
AROW
Server on
“clean” network
Server on
“dirty” network
Messages and protocol
encapsulation
TCP/IP socket
TCP/IP socket
Messages and protocol de-
capsulation
AROW Series Data Diode
Installation and Operation 3-1
3. INSTALLATION
In this Section
PREPARATION 3-1
PHYSICAL INSTALLATION 3-2
CONNECTIONS 3-2
FIT SFP MODULES 3-2
RECORD MACADDRESSES 3-3
NETWORK CONNECTIONS 3-3
CONNECT POWER 3-3
NETWORK REQUIREMENTS 3-3
CONTROL NETWORK CONNECTIONS 3-4
Preparation
These instructions should be followed before installation, and any
time the unit is moved, connections changed or re-installed.
Check the items received to ensure that they match your data
input/output configuration requirements.
No special tools are required. You will need a large flat headed
screwdriver.
In common with other electroonic equipment of this class, AROW
needs to be installed in a controlled environment where the
temperature will not go above 40°C or below 0°C, and where the
relative humidity is between 15% and 55%, and is non-condensing.
Ensure that you allow the unit to stabilise in this environment before
use, especially if it has been subjected to transportation in low-
temperature or high-humidity environments
Check that the cables that you will be using to connect to the data
inputs and the control and data Ethernet ports are of correct length
and are well and correctly labelled. The cables should be tied into a
wiring loom for tidiness. Electrical Data cables should be a minimum
of Cat 5e for GBE operation, optical cables should be laser
compatible (yellow sheath), 9/125 terminated for LC connection.
AROW Series Data Diode
Installation and Operation 3-2
Remove the unit from all packaging. Locate the accessories pack,
Gigabit Ethernet SFP (Small Form-factor Pluggable) modules and the
power supply cable.
Physical Installation
The unit is designed to fit in a 19”rack enclosure with M6 (supplied),
10-32UNF or 12-24UNC fasteners to attach the unit to the rack. Note
that the unit is NOT self-supporting and may require additional
bracing or tray support in some vibration environments. It should be
removed from the rack for transportation.
Using the screws and washers supplied in the accessories bag and a
large flat head screwdriver, screw the unit into your rack.
Connections
Fit SFP modules
The Gigabit Ethernet SFP modules have been packaged separately for
transport. Push each SFP modules into the SFP cages, until it clicks into
place.
AROW Series Data Diode
Installation and Operation 3-3
Record MAC addresses
Control MAC addresses should be supplied with your unit and are printed
on each module control port. These should be recorded s they will be
needed for configuration.
Control port MAC address
Low live
00:20:4A:
Low backup
00:20:4A:
High Live
00:20:4A:
High backup
00:20:4A:
Network connections
Connect low side Control and Data network ports to the dirty network(s)
and High side network ports to the clean network(s) prior to power
connection.
Connect power
Connect power and turn switch to on position. Please note: while it is
usually safe to connect data and control connections with the unit power
applied, precautions should be taken when connections have come from
a different electrical environment or over long cable runs, where
common-mode voltage differences or electro-static potentials may arise.
Ensure that all rack ground connections are secure before powering on
the unit and connecting data cables. Power-cycling may be required to
re-initialise non-High-Availability types of unit.
Network requirements
High side data connections must be on low-contention Gigabit Ethernet
networks. Any network delays on the high side network will cause
AROW's buffers to fill. If delays on the high side network are greater than
on the low side, the buffers will overrun, causing loss of data.
Buffer state ( and thus network performance) can be monitored by
reading status (see section 8 CONTROL AND STATUS)
Low side
High side
Power
Live
Live
Backup
Backup
AROW Series Data Diode
Installation and Operation 3-4
Redundant Configuration
If supplied in fully-redundant mode, the Backup Control and Data
connections should be connected to a suitable backup switch/router.
While configuration of a fully-redundant network is beyond the scope of
this document, a standard configuration will involve two servers with
independent communication between them, suitable for either automatic
backup or manual intervention for maintenance etc. AROW’s unique
ability to switch network addresses on network failure means that no
further reconfiguration is required when switching between main and
back-up servers.
Data ports must be connected to 1000base-T ports. Before plugging in a
network cable, the LED labelled "SFP" will flash (If it is off, this indicated
that no SFP module is detected).
When a Gigabit Ethernet link has been established, this LED will remain
constantly on.
Control Network Connections
Once setup, AROW does not need any further configuration, however for
remote monitoring purposes, each module has it’s own independent
network port. These should normally NOT be connected to the data
network, and since they control the data network port addressing should
not be used in an insecure environment where an attacker may be able
to gain control of the unit and deny access.
Control port should be connected to a 10/100Base-T network only. When
a good connection is made, the left LED on the control port RJ45 socket
will turn green to indicate the link is up. The right LED will flash with
Ethernet traffic.
Control port link
LED
Data port link
LED
Control port
transfer LED
Data port
transfer LED
AROW Series Data Diode
Installation and Operation 4-1
4. CONFIGURATION
In this Section
INTRODUCTION 4-1
SETTING THE CONTROL PORT IP ADDRESS 4-1
SETTING THE DATA PORT IP ADDRESS 4-2
Introduction
To integrate AROW into a network, the IP address for each Control
and each Data port must be set. AROW will have been factory-set
with network addresses before delivery
Setting the control port IP address
The control port IP address can only be set from a machine on the
same sub network. You will need the MAC address for each control
port to be set. This is printed on each module panel.
Open a Windows command prompt (Start, Run, enter command or
CMD depending on your operating system). For linux, open a
command line terminal.
From the command prompt enter the new ARP (Address Resolution
Protocol) entry for the IP address you want to set as shown below:
This will associate a network address with a MAC address.
ARP –S 192.168.xxx.xxx 00-20-4A-xx-xx-xx
(for linux: arp -s 192.168.xxx.xxx 00:20:4A:xx:xx:xx)
Hit return
Open a new command prompt.
Type ping –t 192.168.xxx.xxx
(linux: ping 192.168.xxx.xxx)
The “pings” will fail to start with but will give an indication of progress.
Back to the first command prompt telnet to the same IP address
using port 1.
e.g. Telnet 192.168.xxx.xxx 1
Hit return. (message ‘failed to connect’ should appear within 2 to 3
seconds)
The “Pings” should start to work.
AROW Series Data Diode
Installation and Operation 4-2
At the next command prompt telnet to the same IP address using
port 9999.
Telnet 192.168.xxx.xxx 9999
Hit return. You will be prompted to "Press Enter to go into Setup
Mode"
Hit return again as soon as you see the prompt to access the
configuration choices. The prompt will time out after ~ 3 seconds.
Select 0 for server configuration.
Manually enter the IP Address. This permanently assigns the IP
address,
Manually enter the gateway address (optional)
Manually enter the host bits for the subnet mask
Select 9 to save and exit
Repeat these steps for each module’s control port.
Setting the data port IP address
Linux:
You will need Python 2.7 installed on your Linux box. For each Live
Data port, set the IP address using the "control_arow.py" python
script supplied on the delivery medium:
./control_arow.py -H 192.168.xxx.xxx -i 192.168.yyy.yyy
-H 192.168.xxx.xxx defines the control port that will be used to set the
data port IP address and -i 192.168.yyy.yyy defines the data port IP
address.
Windows:
Use the WinAROW program supplied on the delivery medium. This
graphical program allows for configuration and dynamic status display
of the module .
If AROW is in fully-redundant configuration, a backup module's data
port will automatically receive its settings from the live module
AROW is now ready to be used.
AROW Series Data Diode
Installation and Operation 4-3
AROW Series Data Diode
Installation and Operation 5-1
5. OPERATION
In this Section
INTRODUCTION 5-1
LOW SIDE 5-2
HIGH SIDE 5-3
UDP OVER SOCAT 5-3
UDP/MULTICAST DATA 5-4
LINUX UDP EXAMPLE: 5-5
FILE TRANSFER SOFTWARE 5-5
PERFORMANCE CHARACTERISATION 5-5
THROUGHPUT 5-5
BUFFER OVERRUNS (TCP DATA) 5-6
Introduction
Both high side (clean) and low side (dirty) AROW TCP socket servers
listen to connections on port 9876. UDP data can use any normally
permitted port, Multi-cast data is supported for any address in the normal
multi-cast range.
Redundant Version
For firmware version 1 revision 3 and later, a dual redundant backup
path is provided with automatic failover mechanisms.
All versions
Any data received on the low side socket is transferred over the internal
optical link to the high side.
Any data received from the optical link is sent on the high side socket.
There is no reverse data path. Data received on the high side socket will
be silently discarded. As the low side optical connections are not made,
no data will ever be sent from AROW out through a low side TCP socket.
AROW Series Data Diode
Installation and Operation 5-2
Low Side
Any data received by the socket on the low side host is transmitted over
fibre optic to the high side.
TCP example (assuming low side ip address is 10.0.0.9):
low side host:~$ nc -vvn some_file.raw 10.0.0.9 9876
or for streaming data:
low side host:~$ dd if=/dev/zero bs=65536 |pv| nc -vvn
10.0.0.9 9876
or for streaming checkable data:
low side host:~$ generator -p dword -f eti |pv| nc -vvn
10.0.0.9 9876
or for webcam streaming:
low side host:~$ avconv -f video4linux2 -s 640x480 -r 25 -i
/dev/video0 -f mpegts -q 2 tcp://10.0.0.9:9876
TCP
socket
server
TCP
socket
server
Control & status
Control & status
Control & status
Control & status
TCP
socket
server
TCP
socket
server
Dirty
Clean
Live Low side
packet driver
Backup Low side
packet driver
Live high side
packet receiver
Backup high
side packet
receiver
Live high side
server
Backup high
side server
Low side
server
This manual suits for next models
3
Table of contents
Popular Network Hardware manuals by other brands
Honeywell
Honeywell 35 Series user guide
Solid State Logic
Solid State Logic SB i16 user guide
RuggedCom
RuggedCom RuggedWireless RS900W Family Upgrade guide
ADTRAN
ADTRAN 3.125 Gigabit Ethernet Job aid
Devor IP
Devor IP NVR3636A Quick installation guide
Extreme Networks
Extreme Networks NetSight NS-A-20 installation guide
Huawei
Huawei LUNA2000-97KWH-1H1 Maintenance manual
Riverbed
Riverbed SteelHead CX xx70 Series Upgrade and Maintenance Guide
Televes
Televes TOX Series User instructions
Grandstream Networks
Grandstream Networks UCM6510 How to configure
Bull
Bull Escala Power7 Series installation guide
CAMBRIONIX
CAMBRIONIX TS2-16 user manual
CTC Union
CTC Union STE-10 Operation manual
Patton electronics
Patton electronics RocketLink-G 3088 Series user manual
Oracle
Oracle Acme Packet 4600 Hardware installation and maintenance guide
AVYCON
AVYCON HN500 Series quick start guide
Comtrol
Comtrol InterChangeVS 1000 Installation reference guide
websense
websense V10000 Getting started