无线工业网络有关资料 - 图文

王波涛 农学与生物科技学院 农村区域发展 222008326032020

目录 一 工业无线网络 ……………………………………………………..…………3

1 概述 …………………………………………………………………………………………………………….3

试平台也计划采用此种方式。…………………………………………………………..……………………. 5

2 工业无线测试平台软硬件构成 ………………………………………………………………..…………..5 3 结论………………………………………………………………………………………………………….…. 7 二Diversified Communication Services; Spacenet Introduces New Emergency Communications Service via Satellite with 'Pay-as-you-use' Service Plan Options…………………………… 7

三How to exploit spatial diversity in wireless industrial networks…………...……. 9

1. Introduction …………………………………………………………………………………………………….10 2. Spatial diversity fundamentals …………………………………………………………………...........…..12 3. Relaying for industrial applications ………………………………………………………………………14 4. A relaying framework for industrial traffic……………………… ……………………………………….20 5. Conclusions ……………………………………………………………………………………………………27 四西门子工业无线网络在集装箱码头的应用………………… …………………27

1项目介绍 ………………………………………………………………………………………………………28 2控制系统构成 ………………………………………………………………………………………………..29 3控制系统完成的功能 …………………………………………………………………………………..….30 4 运行项目 ……………………………………………………………………………………………………..31 5、应用体会 ……………………………………………………………………………………………………32 五工业无线网络的现状及发展趋势……………………………………………… 32

1、工业无线网络概述 …………………………………………………………………………………………33 2、工业无线网络发展现状…………………………………………………………………………. 33 3工业无线网络的发展趋势…………………………………………………………………………. 35 四结论 …………………………………………………………………………………………………………….36

六单片机和工业无线网络……………………………………………………….. 37

1典型的工业无线网络…………………………………………………………………………….. 37 2无线单片机 ……………………………………………………………………………………………………38

1

3无线单片系统…………………………………………………………………………………….. 38 4结语 ……………………………………………………………………………………………………………39

七基于IEEE802.15.4a 的工业无线网络嗅探器* ……………………………….40

1 嗅探器原理 ……………………………………………………………………………………………………41 2 监控网络MAC 协议………………………………………………………………………………… 41 3 系统硬件结构 …………………………………………………………………………………………………41 4 数据包捕获过滤…………………………………………………………………………………… 42 5 用户界面设计…………………………………………………………………………………….. 44

2

一 工业无线网络

Wireless industrial network 工业无线通信技术

Technology of IndustrialWireless Communication 张华良 曾鹏

（中国科学院沈阳自动化研究所， 沈阳市 110016） Zhang Hauling Singeing

(Shenyang Institute of Automation, Chinese Academy of Sciences, Shenyang 110016) 第十一章

工业无线网络测试平台研究

Abstract: This paper discusses the urgent demand of industry wireless tested technologies and introduced the design idea of an industry wireless network tested. Key words: Industry Wireless Network Tested

【摘 要】本文探讨了当前对工业无线网络测试平台技术的迫切需求，并概要介绍了一种工业无线网络测试 平台的设计思路。

【关键词】工业无线网络 测试平台

Chapter 11: Study of Industry Wireless Network Tested 1 概述

基于工业无线网络的测控系统是测控系统的重要发展方向，利用工业无线技术可以极大的降低工业测控系统的部署成本，实现对传统上由于成本原因无法全面监测的工业生产过程的全程监测，进而实现生产过程的优化，提高工业成产效率。实际应用工业无线网络需要面对恶劣的工业现场射频环境的挑战，工业现场射频通信环境所具有的强衰落、大干扰等特性对工业无线网络的吞吐率、延时等性能有极大的影响。尽管在工业无线技术的发展过程中，研究人员对于工业现场射频环境的建模及仿真已经做了大量的工作，并使用了跳频扩频、前向纠错等一些针对性的物理层技术，有效的提高了点对点通信的性能，但由于目前技术水平的限制，仅仅局限于物理层技术，尚无法满足工业无线测控系统对于通信的能耗、带宽、可靠性、延时等多方面的需求，需要从链路层、路由层协议的设计及网络的实际部署方式，如中继节点的位置、数量等多个方面对无线网络进行优化，大量的研究人员也正从事于相关领域的研究。如何对这些领域内应用 收稿日期：2008-10-09

作者简介：张华良，博士生，主要研究方向为工业无线网络设计、优 化及测试技术等。 工业无线通信技术

[编者按] 工业无线技术是继现场总线之后，工业控制领域的又一个热点技术，是降低工业测控系统成本、提高工业测控系统应用范围的革命性技术，也是未来几年工业自动化产品新的增长点。我国非常重视工业无线技术的研发和应用工作，在863 计划的支持下，中科院沈阳自动化所联合机械工业仪器仪表综合技术经济研究所、浙江大学、上海自动化仪表研究所、中科博微公司、重庆邮电大学、西南大学、东北大学、大连理工大学、北京科技大学等十余家单位开展了工业无线技术的攻关和示范应用工作，我们将通过本专题向大家介绍我国工业无线技术的最新研究进展，相信通过大家对这个专题的关注会促使我们不断完善工

3

业无线技术在各个行业的应用模式，进而推动我国具有自主知识产权工业无线技术的蓬勃发展。

Technology of Industrial Wireless Communication

无线网络的验证和测试技术是无线网络研究中的一个重要领域。目前大多数研究都通过理论分析和计算机模拟的方法进行网络性能的验证和测试。理论分析的方法虽然可以进行多个同类协议的比较，但数学模型的构建由于计算复杂度过高，在应用这些模型解决实际问题时需要做大量简化，从而降低了理论性能分析的可信度。同样，现有的模拟工具则由于难以真实体现工业现场无线通信的不稳定性，其验证的效果也无法令人满意。利用实际的无线节点建立工业无线网络测试平台 是更为真实可信的方法，因为这样可以在实际应用过程中验证测试网络的协议和算法，不仅比较全面地包含了影响网络状态的各个因素，而且也避免了因模型 简化导致的误差。但一方面由于工业现场条件非常恶劣，同时存在实验设备、调试手段等方面的限制，不便于建立测试环境。而在实验室条件下建立测试环境， 同样存在实验条件不真实的问题：首先，实验室环境难以完全真实可信的模拟工业现场射频条件；其次，在实验室内无线节点也很难组成在实际现场的复杂多跳 网状网络。由于无线网络测试对工业无线网络研究的重要性，国内外从事工业无线网络技术研究的科研团队大都自行开发了基于实际无线节点的无线网络测试平台以支撑研究工作。现有的无线网络测试平台可分为两大类： (1) 第一类测试平台特点是网络节点间通过无线 方式进行通信连接。在一个 较大的模拟工业现场环境的 区域内部署实际的无线网络 节点，工业环境下的干扰模

拟通过EMI 设备引入，对无线节点的控制和信息收集 则通过有线方式进行。这种方式的优点是测试环境比 较真实，缺点是需要很大的场地，成本高昂，同时，网 络变换拓扑连接关系比较困难。

(2) 第二类测试平台的特点是网络节点间通过有线 方式进行连接。通过射频信号分配器、合成器及衰减 器、开关矩阵构成的有线互联系统模拟多点间的无线 通信。与第一类平台的特点相对，这种方式的优点是 测试平台占用的区域很小，重构节点间的拓扑关系非 常简单。缺点是通过有线方式模拟节点间无线连接， 要真实再现射频信号的衰减和节点间的连接关系，在 射频器件的设置及控制方面需要较高的技术水平。 第一类测试平台比较适合于应用环境较为确定， 网络节点一般不移动，网络拓扑关系确定的应用，如 加拿大Breton 大学的Winter 测试平台，其应用目 标即为海洋石油平台。第二类测试平台适合于应用环 境不确定，网络节点可能会移动，网络拓扑关系可变 的应用，比如Ad hoc 网络的测试。

对于一般的工业无线网络研究，由于应用领域尚 不确定，同时，网络中也可能存在如移动输送车之类 的运动节点，或由于变化的射频环境造成的网络拓扑

4

构成变化，需要较为灵活的测试手段，因而，采用第 二类方式更适合构建一般的工业无线网络测试平台。 中科院沈阳自动化研究所正

在开发的工业无线网络测

试平台也计划采用此种方式。

2 工业无线测试平台软硬件构成

工业无线网络测试平台由硬件、软件两大系统构 成，硬件的基本结构如图1 所示：

工业无线网络测试平台的硬件系统由五个部分构成：

(1) 测试平台主体

测试平台主体结构如图2示，由射频信号分配器、合成器、衰减器、射频开关矩阵及微控制器构成。无

线节点的射频输出通过射频电缆连接到测试平台主体 的输入端口，然后通过信号分配器分成多路，并由衰 减器进行衰减。多路衰减后的信号，通过射频开关矩 阵接入信号合成器，合成器的输出信号经由开关矩阵 连接到测试平台主体的射频输出端口，从而利用有线 图1 工业无线网络测试平台硬件的基本结构

方式实现无线网络节点间的无线连接关系。微控制器 与主控计算机间通过接口控制总线通信，设置各个信 号衰减器及射频开关矩阵。 (2) 主控计算机

主控计算机通过接口控制总线与测试平台主体及 网络节点连接。主控计算机一方面完成无线通信节点 的编程、协议参数设置、数据流产生等工作，同时，根 据测试所要模拟的工业网络结构及射频环境，计算测 试平台主体内各衰减器的设置及开关矩阵开关状态， 并发送给测试平台主体内的微控制器，完成测试工作。 测试中，各通信链路的丢包率、带宽及整体网络的吞 吐率、通信延迟等参数也由主控计算机收集统计。 (3) 无线节点

无线节点构成被测的无线网络。为避免测试环境 中的干扰，节点需要取下天线装入屏蔽盒内，天线输

5

出由屏蔽射频电缆代替。无线节点与主控计算机间通 过接口控制总线相连。 (4) 射频信号记录分析设备

射频信号记录分析设备包括：矢量信号发生器、

矢量信号分析仪等。作用包括：回放在工业现场采集

到的干扰信号或输入人工设计的测试信号以及记录分析网络测试平台输出的射频信号等。射频信号记录分析设备与主控计算机间也是通过接口控制总线相连。

(5) 接口控制总线

接口控制总线采用工业以太网，实现主控计算机和各个无线节点、射频信号记录分析设备及测试平台主体间的通信和控制。图2 无线网络测试平台的主体部分构成工业无线网络测试平台的软件结构如图3 所示：图3 无线网路测试平台的软件结构

软件部分的结构可划分为以下几个层次： * 用户层：包括用户使用无线网络测试平台的相关程序，如桌面程序或浏览器等；

* 用户接口层：为用户提供配置无线节点及射频信号记录仪器，控制网络测试平台主体及生成统计报表等功能的组件；

* 执行层：生成各种配置及通信任务，调度任务及监控任务执行状态； * 数据层：利用数据库提供各类数据的存储、调用、分析等功能； * 设备接口层：为数据层及终端设备间的通信提

6

供灵活、可变的接口；终端设备层：包括无线节点、射频信号记录、分析仪器及网络分析仪主体部分。

3 结论

随着工业无线网络技术研究的不断深入和工业应用的逐步开展，研究人员越来越认识到利用真实工业无线网络节点在尽可能真实的工业现场环境下对无线

通信协议和算法进行测试，并统计评估网络性能的重要性。工业无线网络测试平台的设计涉及到网络性能、节点状态、环境模拟等多方面的内容。本文给出了一种利用有线连接模拟无线通信的无线网络测试平台的设计构想，希望能和相关研究人员开展深入的交流。工业无线通信技术

二Diversified Communication Services; Space net Introduces

New

Emergency

Communications

Service via Satellite with 'Pay-as-you-use' Service Plan Options

Anonymous. Bioterrorism Week. Atlanta: Jul 5, 2010. pg. 27

For more information on ECS and Space net’s complete line of solutions for hurricane preparedness visit

www.spacenet.com/emergency-communications. About Space net Founded in 1981, Space net Inc designs, develops, and manages wire line and wireless

7

broadband network solutions for US based business, industrial and

government customers. Space net has a longstanding tradition of industry leadership and innovation, and today has more than 100,000 operational network endpoints for customers including many Fortune 500 companies and major government agencies. Space net offers a complete product and services portfolio for applications ranging from primary communications for corporate applications and secure data transfer, to hot stand-by solutions for continuity of operations and network backup, or field deployable solutions for disaster recovery and emergency management. Space net Integrated Government Solutions, a wholly owned subsidiary of Space net Inc, delivers network and communications solutions to the Department of Defense, Homeland Security, the Intelligence community and other government related agencies. Space net is based in McLean, Virginia, and operates its own end-to-end services infrastructure including network management, field services and teleport facilities in McLean, VA; Atlanta, Georgia; and Chicago, Illinois. Space net is a wholly owned subsidiary of Gilt Satellite Networks Ltd. (Nada: GILT). Visit Space net at www.spacenet.com.

(c)Copyright 2010, Bioterrorism Week via NewsRx.com

2010 JUL 5 - ( NewsRx.com) -- Space net Inc., a wholly owned subsidiary of Gilt Satellite Networks Ltd. (Nada: GILT) and a leading provider of networking solutions, announced that it has introduced its new Emergency Communications Service (ECS). The new service offering is designed to provide a more cost-effective and flexible satellite solution, leveraging an always on pay-as-you-use service plan with dedicated satellite bandwidth for readily available and reliable emergency communications. ECS is ideal for public safety and first responder agencies such as police, fire departments, and medical emergency teams as well as federal agencies such as FEMA and the Department of Homeland Security who require network continuity for disaster planning, but also face the reality of budget limitations. The new service is being offered just in time for hurricane season and provides coverage to virtually all U.S. hurricane-prone regions (see also Diversified Communication Services).

Space net has been offering similar solutions to a number of organizations including a recent opportunity to provide satellite equipment and services to the American Red Cross through a partnership with EchoStar Satellite Services in support of disaster relief efforts in Haiti. Because satellite technology can be deployed virtually anywhere and does not depend on local network infrastructure, it has played a large part in the re-establishment of data and voice communications networks during severe weather conditions. ECS is ideal for organizations in the coastal regions and helps eliminate the risks of network outages during hurricane season, including safety concerns, lost productivity and liability.

\’s ECS offering was designed to provide a more cost-effective and reliable satellite communications solution for emergency situations,\

8

Services Mike Maze. \Space net ECS solution is drastically different than most of the existing part time services available today. Most of these services are based on a highly oversubscribed and shared bandwidth model, which can result in poor service quality, especially during emergency situations when multiple users need access. The ECS service, on the other hand, includes dedicated bandwidth and service level agreements to ensure a high-quality and reliable solution at a low cost. With ECS, customers pay a low monthly standby fee and then only pay for service when or if they actually need it, and more importantly, the service is available when they really need it.\

The ECS service is powered by the field-proven Sky Edge II VSAT technology. The VSAT router is integrated with mobile auto-deploy antenna systems and can be easily installed on mobile command vehicles and trailers, or at standard fixed locations. ECS features include a range of service packages with multi-megabit speeds; dedicated bandwidth during deployment; daily or weekly usage service plans; full support for converged data, voice and video applications; and 24 x 7 U.S. based premium customer support.

For more information on ECS and Space net’s complete line of solutions for hurricane preparedness visit www.spacenet.com/emergency-communications. About Space net Founded in 1981, Space net Inc designs, develops, and manages wire line and wireless broadband network solutions for US based business, industrial and government customers. Space net has a longstanding tradition of industry leadership and innovation, and today has more than 100,000 operational network endpoints for customers including many Fortune 500 companies and major government agencies. Space net offers a complete product and services portfolio for applications ranging from primary communications for corporate applications and secure data transfer, to hot stand-by solutions for continuity of operations and network backup, or field deployable solutions for disaster recovery and emergency management. Space net Integrated Government Solutions, a wholly owned subsidiary of Space net Inc, delivers network and communications solutions to the Department of Defense, Homeland Security, the Intelligence community and other government related agencies. Space net is based in McLean, Virginia, and operates its own end-to-end services infrastructure including network management, field services and teleport facilities in McLean, VA; Atlanta, Georgia; and Chicago, Illinois. Space net is a wholly owned subsidiary of Gilt Satellite Networks Ltd. (Nada: GILT). Visit Space net at www.spacenet.com.

Keywords: Diversified Communication Services, Gilt Satellite Networks Ltd, Technology, Telecommunications, and Space net Inc.

This article was prepared by Bioterrorism Week editors from staff and other reports. Copyright 2010, Bioterrorism Week via NewsRx.com.

三How to exploit spatial diversity in wireless industrial networks

Andreas Willing *

9

Telecommunication Networks Group, Technical University of Berlin, Germany Received 10 November 2007; accepted 3 March 2008 Available online 2 May 2008

Abstract A key challenge for wireless industrial networking is to successfully transmit a packet within a prescribed deadline despite the unfriendly

properties of the wireless transmission medium. A very promising class of approaches exploits the concept of spatial diversity to improve the

robustness of wireless transmission. The concept of relaying belongs to this class and in this paper we discuss how protocols for wireless industrial

networks can be designed to include relaying approaches. An example protocol design is presented and the achievable probability for not missing a

prescribed deadline is assessed in an example scenario, demonstrating the significant improvements possible with spatial diversity techniques.

# 2008 Elsevier Ltd. All rights reserved.

Keywords: Wireless industrial communications; Error control; Spatial diversity; MIMO; Relaying; Cooperative diversity

1. Introduction

Wireless industrial LANs differ from other wireless LANs, like the ones used in home or office environments, mainly in that they have to satisfy stringent requirements in terms of real-time and reliability at the same time, for example when

important alarms have to be transmitted (Willing, Mathews, & Owlish, 2005). It is well known that the wireless channel can introduce channel errors at significant and time-varying rates due to phenomena like interference, noise, path loss, shadowing or fading (Test & Viswanath, 2005), and these channel errors pose a significant challenge for the required real-time and reliability properties.

It is clear that this challenge needs to be addressed at the lower layers of a communication stack, namely the physical layer (PHY), the medium access control (MAC) sub layer and the link layer. The MAC layer is central for the timing aspect, whereas the link layer, and especially its error control strategy, has an immediate impact on the reliability. When the error control scheme employs redundancy in time like packet retransmissions or coding overhead, it also affects the real-time behavior. For the design of wireless industrial communication protocols, the MAC and link layer are the major playground, whereas on the PHY layer often transceivers for standardized technologies like IEEE 802.11 (LAN/MAN Standards Committee of the IEEE Computer Society, 1999) or IEEE 802.15.4 (LAN/MAN Standards Committee of the IEEE Computer Society, 2006) are preferred because of their commercial availability.

A great variety of error control schemes has been developed

10

for use over a single wireless channel. They can be broadly subdivided into error control coding and retransmission-based automatic-repeat-request (ARQ) schemes. In the last years coding schemes have been developed that, over certain types of transmission channels, are able to operate very closely to information-theoretic limits and can be considered state-of-theart in coding theory. Examples are low-density-parity-check codes and turbo codes (Bulgier, 2005; Hanson, Woodard, & Robertson, 2007). However, the usefulness of these codes in industrial applications is limited. One reason for this is their relatively high computational complexity at the receiver, which translates into higher system costs. Secondly, many of these coding schemes can play out their advantages only for large packet sizes, which does not fit well together with the (very) short packets and the limited number of packets that a node has to transmit per cycle in industrial real-time applications. Furthermore, even these codes are not able to compensate prolonged times of large channel attenuations as they are frequently encountered on wireless channels that suffer either from fading (so-called deep fades or channel outages) or from obstacles moving into the line-of-sight between transmitter and receiver. The same is true for ARQ schemes as well: immediate retransmissions on a channel that is currently in a deep fade are

often useless. The sometimes advocated idea of postponing retransmissions until the deep fade (maybe) ends is obviously

not a good idea for packets with real-time deadlines. A fundamental approach to circumvent this problem is the exploitation of spatial diversity (Kigali, Al-Hahira, Stimulus, & Calder bank, 2004). In this class of mechanisms the single-channel restriction between a wireless transmitter and receiver is removed and information is transmitted over multiple spatial channels. The hope behind this is that these different channels are stochastically independent and with only small probability in a deep fade at the same time. In this paper a brief introduction to spatial diversity

techniques is given and it is discussed how one of them, namely relaying, can be exploited in industrial communication systems with their specific requirements (short packets, deadlines, high reliability). Relaying is one example of cooperative transmission techniques, which can be implemented even with simple and cheap single-antenna nodes having limited computational facilities, and are therefore very interesting for industrial applications.

The paper is structured as follows: in Section 2 some

11

fundamentals of spatial diversity are briefly reviewed. In Section 3 the concept of relaying is explained in general, and some of its most important protocol design aspects (especially for industrial applications) are discussed. Following this, in Section 4 a relaying protocol framework suitable for small packets is proposed together with different approaches for the selection of relayers. The performance of these approaches, measured in terms of the probability to successfully deliver a packet within a prescribed deadline, is assessed for an example scenario. Conclusions are presented in Section 5. 2. Spatial diversity fundamentals

In wireless technologies information is conveyed by the transmission of radio waves through space. The transmitted waveforms are subject to reflections, diffractions or scattering, and as a result several delayed copies of a waveform are superposed at the receiver and create constructive or destructive interference. When the position of the transmitter, of the receiver or of some object in the propagation environment changes, the number of propagation paths, their respective delay and attenuation can change as well, leading to a change in the interference situation. The signal strength at the receiver hence can vary over time, thus creating a fading channel (Bulgier, Praxis, & Shaman, 1998). The fading process on a wireless channel is hardly predictable and therefore considered random. Following (Kigali et al., 2004), diversity is defined as ‘‘the method of conveying information through multiple independent instantiations of these random attenuations’’. The independency has a positive effect: as the number of instantiations is increased, the probability that none of them is of sufficient quality to allow successful decoding decreases.

In spatial diversity schemes the independent realizations are obtained from multiple antennas placed at geographically sufficiently separated locations. In the single-user case only a

single transmitter and receiver are considered, and at least one of them has multiple antennas. Recent MIMO (multiple-input,

multiple-output) techniques (Bo¨lcskei, 2006; Paul raj, Gore, Near, & Bo¨lcskei, 2004) like the upcoming IEEE 802.11n belong to this class. In the multi-user case further (geographically separated) nodes are involved in a transmission between a transmitter and receiver—this is also often referred to as cooperative diversity (Scallion, Goeckel, & Laneman, 2006). One example are relaying techniques (discussed below), another one are cooperative MIMO approaches (see for

12

example Cui, Goldsmith, & Bahai 2004; del Coso, Spagnolini, & Ibars, 2007). In cooperative MIMO, two groups of nodes form a virtual transmit and receive antenna array, respectively. When a node wants to transmit a packet to another node, the transmitting node sets up a virtual transmit array of neighbored nodes, disseminates the packet to the array members, and each array member transmits a copy of the packet. On the other side, the receiver sets up a receive array. The receive array members receive (parts of) the incoming packets and forward their observations to the ultimate receiver, which then can try to decode the packet.

Different types of gains can be achieved with spatial diversity techniques. We explain them for the example of single-user MIMO techniques, but many relationships are similar in the multi-user case. A capacity gain is achieved when the achievable transmission rate between transmitter and receiver is higher with spatial diversity techniques than without. To maximize the rate of a MIMO system, the transmitter could send independent data streams over its multiple antennas. Information-theoretic results for the capacity of MIMO channels as well as results for more practical receiver structures show that the achievable rates grow asymptotically linearly with M ? Mr ? Mt where Mt is the number of transmit antennas and Mr is the number of receive antennas. On the other hand, a diversity gain is achieved when thanks to spatial diversity techniques the bit error probability between transmitter and receiver can be reduced. This could be achieved when the multiple transmit antennas do not transmit independent information streams, but when coding is used to introduce correlation among them. The design of appropriate space-time codes (Liew & Hanzo, 2002) is currently a lively research area.

Both types of gains are available with spatial diversity techniques, but there is a tradeoff among them (Zheng & Tse, 2003).

In practical terms, for industrial applications multi-user techniques like the relaying approach discussed below are attractive. An attractive feature of multi-user approaches is that the individual nodes need only a single antenna, which reduces system complexity. True MIMO systems require significant complexity at the receiver side. Secondly, in multi-user techniques the spacing between the antennas can be larger than it is for true multi-antenna nodes, where the typically small size of the node puts practical constraints on the number of

13

mountable antennas. This can be beneficial when obstacles block the direct line-of-sight between transmitter and receiver, since a third-party node can be used as a ‘‘detour’’ for transmitting information.

Fig. 1. Basic relaying operation.

3. Relaying for industrial applications

In this section we introduce the concept of relaying and discuss the issues that need to be resolved when relaying approaches are integrated into link-layer protocols. 3.1. The concept of relaying

The concept of relaying is not new, the first theoretical works date back to the seventies (see for example Cover & El Gamal, 1979, see also Cover & Thomas, 2006, Chap. 15). In relaying schemes, there are a number of relay nodes that help in the transmission between a sender and a receiver—all involved nodes can be single-antenna nodes. These relay nodes possibly receive the senders packet and can assist with performing retransmissions when the receiver has not received the packet.1 Relaying is hence tightly coupled to ARQ protocols. Since the sender and relayers have different geographical locations, the receiver gets information over different spatial channels, thus exploiting spatial

diversity.Alot of information-theoretic research has been carried out to investigate capacity and diversity gains achievable with relaying (e.g. Kramer, Gastpar,&Gupta, 2005; Laneman, Tse,& Wornell, 2004). In the last years, there have also been significant activities towards practical integration of relaying into wireless protocols, see for exampleZhu&Cao(2006), orWillig (2003) for a proposal in an industrial setting.

In its simplest form, the relaying ARQ channel consists of three nodes S;D and R, see also Fig. 1. The source S wants to send a packet towards the destination D. A third node, the relayer R picks up S’s signals and forwards its observations to D, which can combine R’s observations with his own ones to decode the packet. Some fundamental variants of relaying are: ?? Decode-and-forward: it is required that node R successfully decodes the packet (i.e. finds a correct packet checksum) before it forwards it further towards D.

14

?? Amplify-and-forward: node R samples the waveform incoming from S without trying to decode it. After this, node R forwards the sampled waveform to D which can combine it with his own sampled waveform for joint decoding. _ A variant of decode-and-forward rests on the abilities of an ignorant transceiver: a relayer can accept (possibly erroneous) packets from its transceiver and forward them. This way the destination node receives more information to work on than in pure decode-and-forward schemes. On the other hand, the relayers transceiver already makes hard decisions on the received bits and some information is lost as compared to amplify-and-forward.

In many cases wireless industrial communication systems will have to rely on commercially available wireless transceivers and have to use their hardware interfaces. This means that amplify-and-forward schemes are not usable, as commercial transceivers do not (easily) allow users to sample an analog waveform, nor to combine own samples with (digitally represented) samples of other nodes for purposes of joint decoding. It is, however, possible to use the ignoranttransceiver mode, when the hardware allows to switch off

automated CRC checking (at the price of having to check the CRC in software later on).

In the following subsections we discuss some of the issues that arise in the design of practical wireless relaying protocols for industrial applications.

3.2. Controlling relayers and their activities In general, any node R other than the source S or the

destination D becomes a relayer candidate when it has received the packet once (from S or from any other relayer that worked on the same packet). But how should it behave then? The very first question is whether relaying is at all desired. For example, when a packet’s deadline is very close or its retransmission budget has been exhausted, no relaying should happen, since otherwise a relayer’s activities might interfere with any activities that the source starts after deadline expiration. The source must signal the relayer candidates to inhibit any activities. It is thus necessary to add header fields to the packets that are related to relaying. This inhibition information might be represented by a single bit, but other relaying-related information might require larger representations. This means that the packet size increases, and for the typical industrial case of short packets the increase might be substantial. The increase in packet size takes away channel

15

bandwidth from other packets, allows fewer retransmissions within the given deadline, and bears the risk of a higher packet loss rate—larger packets are in general more susceptible to channel errors.

The second question is whether relaying is required. In the context of an ARQ protocol, relaying is not required when the destination sends out an immediate acknowledgement and the source receives it. How could a relayer check these conditions? And how could it be ensured that all relayers and the source see the same results, so that their actions do not interfere with each other? We refer to this issue as the consistency issue. One possibility is to let the source transmit a dedicated signaling packet when it has received the acknowledgement. However,

consistency is harmed by loss of these packets. Another possibility is to let all nodes check for the presence of signal

energy at the point in time where the receiver should send its acknowledgement. Lack of signal energy is interpreted as lack of acknowledgement and as a sign that relaying is required. However, the relayer candidate and the destination could be hidden terminals to each other, so that the relayer candidate does not sense a signal when the source node actually does. On the other hand, the presence of signal energy does not

necessarily imply that: (a) the energy belongs to an acknowledgement packet, since it could be interference from a colocated wireless system operating in the same frequency band;

and (b) the source has successfully received the acknowledgement. In all these approaches it is hard to achieve consistency.

Given that relaying is desired and required, the third

question to ask is whether it is a good idea to have R as a relayer or better use another node. This is the issue of relayer quality. The key question concerns the channel quality between R and the destination. If this channel quality is constantly bad, then obviously R is not particularly attractive as a relayer. If the channel fluctuates, then R’s qualities as a relayer are timevarying. This means that R should constantly monitor the channel towards D and maintain up-to-date channel-state information. In industrial applications the networks often have a centralized topology where a number of sensors transmit information to a central controller. In addition, the central

controller frequently transmits packets, for example acknowledgements towards the sensors or poll packets to request data from the sensors. This arrangement can be nicely exploited, since it means that all the possible source nodes S (i.e.: the

16

sensors) continuously receive packets from their destination node (the central node) and hence can compute channel-state information. In other types of networks with more scattered communication relationships it is harder to obtain up-to-date channel-state information to all possible destination nodes. Furthermore, the notion of a ‘‘good relayer’’ is unnecessarily restrictive. It is intuitively clear and not hard to derive theoretically that there is a geographical region between source and destination (termed the ‘‘good region’’ in Fig. 2) where it is beneficial to have a relayer. When a relayer is placed in the complement of this region it is actually harmful to use him, for example when the single relayer is even farther away from the destination than the source node is. However, even if the good region is empty, it might well be that there exists a chain of relayers among which a packet could be successfully forwarded (compare the lower part of Fig. 2).

Fig. 2. Good relayer versus good chain.

Relaying protocols should

possibly include the usage of such chains, and the identification of good chains is a task similar to route setup in routing protocols.

Given that relaying is desired, required and that R is a reasonable relayer, the fourth question is whether there are other good relayers as well and whether R is selected to become a relayer. When the source transmits a packet, the broadcast property of the wireless medium might lead to a situation where multiple ‘‘good’’ relayers R1; R2; . . . ; Rn receive the packet. The time-varying nature of the wireless medium implies that

this ‘‘good-relayer subset’’ is of random size and varies over time. Without any coordination the relayed packets issued by

R1; . . . ; Rn would collide at the destination, rendering the whole relaying procedure useless. A further complication is that the

17

relayers might well be hidden nodes to each other, which is a problem for coordination schemes involving carrier-sensing operations. When there are multiple relayers, it should especially for fading channels be avoided to use one relayer all the time (its channel to the destination could also be in a deep fade), instead different relayers should be selected for subsequent retransmissions.

The coordination can be done in different ways. For example, the relayer candidates could use explicit control packets to select one among them. However, since such a

procedure is susceptible to hidden-node situations and timeconsuming in general (as compared to the packet deadlines), and since furthermore in industrial applications the control packets will often not be much smaller than the data packets, this kind of solutions appears to be wasteful and solutions without extra control packets are preferrable. Three fundamental approaches can be conceived for relayer selection:

source-controlled relayer selection, relayer-controlled relayer selection and destination-controlled relayer selection. In source-controlled relayer selection schemes the selection of a relayer is controlled by the source node. To achieve this, the source S includes into its packet additional MAC header fields specifying the (set of) relayers—at the expense of increased packet lengths. Examples of such information are: _ The source could include directly the MAC address of relayers. With this approach collisions and hidden terminal situations among relayers are naturally avoided, at the cost of flexibility and increased sizes of the MAC header. Furthermore, S has to make some choice of relayers, and it could be a bad one. The choice of a relayer for S can be pre-configured, or S could try to learn about the best relayer. This learning problem is similar to the k-armed bandit problem, a standard benchmarking problem for reinforcement learning methods (Kaelbling, Littman, & Moore, 1996). _ The source can include other control fields. For example, when the relayers possess channel-state information towards the destination, the source S can include a threshold value which restricts the set of potential relayers to those having a channel quality which is better than the threshold. When the source notices collisions among relayers, it could increase the threshold for the next cycle.

In relayer-controlled relayer selection schemes each candidate decides itself about whether it re-transmits the packet or not, without being explicitly controlled by any other

18

network node. On the one hand, this class of strategies does not require S to add additional MAC addresses to the packet header, on the other hand there is a higher potential for collisions at the destination, for hidden-terminal situations and consistency issues, since the set of relayers cannot as easily be controlled. To circumvent this, the relayers could use a MAC protocol with collision-avoidance features to reduce the contention among them. However, this contention resolution process again can take significant time (which in general depends on the node density) as compared to the length of short packets.

Destination-controlled relayer selection schemes can be an alternative in systems where much traffic goes to the same destination and where this destination polls the other nodes frequently—just like in many industrial communication systems. The destination computes channel-state information towards the sensors from the responses to polling packets and it can piggyback a relayer list onto frequently issued management packets. Whenever any of these pre-selected relayers receives a packet, it starts with relaying. However, the destination must not take packets coming from a relayer into account when updating the channel-state information belonging to the source node. To achieve this, the relayer must modify the packet. A minimal extension would be to use a single bit that marks the packet as a relayed one. A more significant extension adds the relayer MAC address to the packet, and as a result the destination can update the channel-state information belonging to the relayer. Another issue with destination-controlled schemes is the computational load that is put on the destination—this can be a significant burden especially in industrial cases where all traffic is directed to the central node. The problem of relayer selection is discussed for example in (Nosratinia & Hunter, 2007).

3.3. Integration into existing ARQ schemes In real wireless networks relaying schemes must be incorporated into practical protocols. This requires some adaptations to the ARQ protocols.

The ARQ protocol running on S must be aware of the fact that one or more relayers transmit to D after S has finished its

packet. This must be considered when S decides about its timeouts for the arrival of acknowledgement packets and the

point in time where S starts its own retransmissions. A more delicate issue concerns acknowledgement packets. Short data packets are not much longer than acknowledgements,

19

and if on a fading channel a short data packet

does not get through from source S to destination D, then D’s acknowledgement packet does not have much better chances. Instead, relayers should also try to receive the acknowledgement packet from the destination and forward it back to the source.

4. A relaying framework for industrial traffic

In this section we present a simple relaying framework that is tailored to the case of small data packets and therefore useful for wireless industrial applications. Consistency issues are already avoided by construction. 4.1. Framework description

This framework adopts source-controlled relayer selection and does not require any lengthy contention process among relayer candidates. The source can use one or more relayers, or it can avoid the usage of relayers at all.

The framework is round-based (compare Fig. 3). A round starts with a transmission from the source S to the destination D. This initial packet is followed by a number of n relay slots (separated by a small guard time for transceiver turnaround, processing times, etc.), one acknowledgement slot for the destination and finally n acknowledgement slots for the relayers (arranged in reverse order as compared to the relay slots) in which the relayers forward the acknowledgement when they have picked it up.

More precisely, the framework operates as follows. The source transmits the initial data packet. The extended MAC header of this packet contains a flag indicating the desire to enable relaying, the number n of relaying slots following the source’s packet, a list of n relayer MAC addresses, and a field denoting the current relaying slot (initialized with zero, denoting a transmission coming directly from the source). When at the beginning of relay slot i2f1; . . . ; ng the relayer Ri listed at position i possesses a correct copy of the packet, it simply transmits the packet in this slot. In addition, Ri writes its slot number i into the packet header of the relayed packet and re-calculates the packet checksum. This has two purposes: _ It allows the destination at any time to calculate the point in time where it can send its acknowledgement.

_ It gives ‘‘downstream’’ relayers a chance to operate even when they have not received the packet from the source. When a downstream relayer R successfully decodes the packet, it can check whether there is a slot allocated for it and,

20

Fig. 3. Round structure for the smallpacket relaying framework (n ? 2).

using the slot number, it can check whether this slot has already passed or whether there is still a chance for it to transmit.

The n data slots and the n acknowledgement slots occur unconditionally—there is no additional carrier sensing by the relayers to check for the presence of an acknowledgement. This simplifies the design and eliminates consistency issues upfront. Furthermore, the lack of channel-sensing makes the protocol less vulnerable against interference from the outside. As a downside, however, when no relayer picks up the sources packet, the time for all the n data slots and the n acknowledgement slots is wasted. For this reason the framework is probably suboptimal for larger packet sizes. 4.2. Relayer selection

The source has any freedom to decide about n and the relayers it wants to use. The choice of n will in practice be determined by the packet deadline. The source schedules new rounds as long as the deadline is not expired. The choice of relayers is more delicate. When the

deployment (i.e. the nodes, their geographical positions and mutual channel qualities) is static and known, then for each source node its set of relayers could be optimally configured. When the deployment is not known, a source could learn about relayers to use—more specifically, and adopting the terminology introduced in Section 3.2, a source should learn about good relayer chains of length n.2 When a source has m neighbor nodes, then a chain is an ordered selection of n distinct out of m neighbors of the source, and the total number of available chains given by jCn;mj ? em!=em _ nT!T. A learning scheme faces two difficulties: for larger neighborhoods m the number of chains can become quite large (for example jC2;40j ? 1560; jC3;40j ? 59; 280 and jC3;50j ? 117; 600), and furthermore for each chain a number Tof tests must be made to have a reasonably reliable estimate of the quality of the chain. It would thus be practically unfeasible to test all chains and find the ones that really optimize the probability to successfully deliver a packet within a prescribed deadline. We therefore adopt two sub-optimal approaches,

briefly described next, followed by the description of two nonlearning schemes.

21

4.2.1. Selection scheme 1: Find good nodes

This scheme tries only to find good nodes (i.e. nodes in the good region) and does not look for good chains. In the initial training phase only one relayer R is used in each round (n ? 1), for T successive trials. The number T should be large enough to

achieve a reasonably accurate estimate of R’s relaying qualities. At the end of the training phase the source sorts its neighbors in

descending order according to their relaying quality. In the following steady-state phase the number of relayers n can be configured to a higher value and the source simply uses the n best nodes as relayers.

4.2.2. Selection scheme 2: A genetic algorithm

Genetic algorithms are a well-known approach to find local extrema in large search spaces (Goldberg, 1989). Our approach for identifying good chains works as follows:

_ The algorithm works on a population of individual chains (each of length n), having a fixed population size. Initially, the population is selected at random.

_ Each chain in the population is tested for T times. An individual test is either successful (i.e. the source receives an acknowledgement when using this specific chain) or fails. Testing all the members of a population is referred to as a testing round. The algorithm performs a limited number of testing rounds.

_ At the end of a testing round a new population is created using the results available for the current population. The a _ 100% of the best (having the highest number of successes) members of the current population are carried over into the new population. These are called survivors. The next b _ 100% of the members of the new population are created from mutations of randomly chosen members of the a _ 100% survivors. Specifically, to create a mutated member one survivor chain cs ? eN1; . . . ; NnT is picked randomly and one of the neighbor addresses Ni is changed randomly. The next g _ 100% of the members of the new population are created from crossovers of the survivors. Specifically, two survivor chains c1 ? eN1; . . . ; NnT and c2 ? eM1; . . . ;MnT are picked randomly and a new chain is created as c ? eN1; . . . ; Nn=2;Mn=2t1; . . . ;MnT. The remaining e1 _ a _ b _ gT _ 100% of the members are randomly chosen from the set of all possible chains. 4.2.3. Selection scheme 3: Random selection

This scheme is provided as a baseline scheme. Specifically, for a given n the source node selects n distinct out of its m

22

neighbors at random.

4.2.4. Selection scheme 4: Preconfigured with helper nodes For some applications learning a good node or a good chain

might not be an option, but instead a source node could be preconfigured with a list of relayers to use. Such a scheme can be useful when a number of helper nodes is placed around the central controller, which are not part of an industrial control system but which only help with relaying packets for other nodes.

4.3. Performance results

We provide here some exemplary performance results for the previously described relaying framework. The adopted performance measure is the probability of delivering a packet

Fig. 4. Investigated node deployment (40 nodes, including one central controller in the middle of the square area).

successfully within a prescribed deadline of 10 ms from a source S to the destination D —this is called the success probability. We have chosen a two-dimensional deployment with a centralized controller, to which all packets are directed, and a number of source nodes which want to transmit packets to the controller. All nodes are placed in a square of 40m _ 40 m, centered at the origin, where also the central controller is placed. There are 40 nodes in total, including 39 source nodes. The source nodes are randomly placed in the square. The placement is for reference shown in Fig. 4.

For each of the possible source nodes i we simulate until the relative precision for the success probability pi at a confidence

23

level of 1% is below 1% of the achieved success probability, however, always a minimum of 30,000 packets is simulated. Queueing effects and medium access control are not considered.

The channel model is very simple. Between each pair of nodes a separate wireless channel exists, which is stochastically independent of all other channels. Each channel c is a binary symmetric channel (BSC), i.e. each bit on this channel is, independently of other bits, erroneous with a certain fixed probability pc. The probability pc depends on the geographical distance between the two nodes through the path loss (the path loss exponent is three), and on the chosen modulation scheme (coherent BPSK). The relevant physical layer parameters are based on existing IEEE 802.15.4 transceivers (Chipcon, 2004). The data rate is 250 kbit/s, and the transceiver turnover time between transmit and receive modes corresponds to 40 bit times.

The other important parameters have been chosen as follows: for all selection policies except the ‘‘preconfigured’’ policy the number n of relay slots is n ? 4, the number of test trials per chain or per node is T ? 30, the width of a relayer MAC address is 8 bits (each relayer’s MAC address must be added to the packet), the number of testing rounds for the genetic algorithm is 15 and the population size is 20. The operational parameters for the genetic algorithm have been chosen as a ? 0:3; b ? 0:2 and g ? 0:2. The user data size is

24

Fig. 5. Comparison of selection policies for their success probability. (a) Pure ARQ, (b) random selection, (c) find good nodes, and (d) genetic.

25

Fig. 6. Comparison of selection policies,

preconfigured relayers.

80 bits, the MAC header and trailer size (without relayingrelated fields) is 76 bits, and the acknowledgement is of size 56 bits. For the preconfigured selection scheme we have assumed four helper nodes at positions e0; 6T; e0;_6T; e6; 0T and e_6; 0T, and each source was configured with the closest two (n ? 2) of these.

In Figs. 5 and 6 we compare the success probabilities of the different relayer selection schemes and the pure ARQ scheme (i.e. a scheme where the source makes immediate retransmissions without using any relayer) by means of density plots. In the figures, brighter areas indicate a higher success probability, darker areas a smaller one. It should be noted that for visualization purposes the plots are smoothed. The results indicate that relaying clearly pays out in areas where the pure ARQ scheme works badly. In addition, in those areas where pure ARQ is doing very well, the relaying schemes do not loose performance. Visually, the genetic selection scheme slightly outperforms the find-good-nodes scheme, and these two outperform all other schemes. This is substantiated by the finding that the average success probability (taken over all source nodes) for the find-good-nodes scheme is _0:93 (with minimum observed success probability of 0), for the genetic scheme it is _0:96 (minimum 0:16), whereas the pure ARQ scheme has an average of _0:64 (minimum 0) and the

preconfigured scheme has an average of 0.81 (minimum 0). The advantage of the genetic scheme is due to its ability to find good chains when there are no good relayers. While not shown here, this advantage of the genetic scheme is also confirmed when many independent instantiations of the random source positions are investigated and becomes more pronounced for lower node densities.

一 工业无线网络 3

1 概述 3

26

试平台也计划采用此种方式。 5

2 工业无线测试平台软硬件构成 5

3 结论 7 二Diversified Communication Services; Spacenet Introduces New Emergency Communications Service via Satellite with

'Pay-as-you-use' Service Plan Options 7

三How to exploit spatial diversity in wireless industrial networks 9

1. Introduction 10

2. Spatial diversity fundamentals 12 3. Relaying for industrial applications 14 4. A relaying framework for industrial traffic 20

5. Conclusions 27

5. Conclusions

In this paper we have explored the usage of spatial diversity schemes, and in particular relaying, in industrial settings. It became apparent that the properties of industrial traffic (especially the small packet size) can successfully shape the design of protocols and that indeed significant improvements in terms of success probabilities can be made. It should be noted that the proposed relayer selection schemes (and their parameters) are not the result of a long phase of experimentation and optimization but are more an ‘‘educated guess’’ of good schemes and parameters, and significant refinements and performance improvements should be possible.

More generally, the author is convinced that spatial diversity is a key component for the design of protocols for wireless industrial systems and should not be omitted from future standards.

四西门子工业无线网络在集装箱码头的应用

The Application of SIEMENS’S Wireless Network on International Container Terminals 解海龙

北京节点通网络技术有限公司(北京100081)

摘要：当前大部分集装箱码头均使用无线网络系统为多种现场应用提供数据链路，各种应用系统因为多方 面原因分别搭建了无线网络。为合理利用无线系统资源、减少投资，建议使用西门子工业无线网络 产品搭建无线网络，将多种应用数据整合到一套无线网络内传输。

27

关键词：工业无线网络VIAN数据优先级

Abstract：At present，most of the container terminal is using a wireless network system for applications in a variety of

on—site data link，each applications have their own wireless network for various reasons．We propose to use the Sie—

mens Industrial wireless networking products to build wireless network，to a variety of data applications into a wireless

network，for the rational use of wireless system resources and reduce investment． Key words：Industrial wireless networks VLAN Priority

1项目介绍

天津港太平洋国际集装箱码头有限公司是由天津港股份有限公司与新加坡港务集团合资筹建，公司坐落于经国务院批准的天津东疆保税港区，是东疆保税港区内第一个码头项目。码头岸线长度为2300m，建设6个10万t级专业化集装箱泊位，码头结构兼顾15万t级集装箱船停靠作业，码头年设计吞吐能力400万TEU，码头现有岸桥23台、场桥58台、流机13台、拖车100余辆。天津港太平洋国际集装箱码头有限公司作业场地内使用西门子工业无线网络设备搭建无线网络，项目使用西门子自动化设备如下： SIEMENS SCALANCE X一400，1套； SIEMENS SCALANCE W788—2Pro，32套； SIEMENS SCALANCE W746—1 Pro，81套。

集装箱码头的主要业务是办理集装箱的装卸、转运、堆存、搬运等，完成这些任务需要大量使用岸桥、场桥、叉车、拖车等机械设备。要提高整个集装箱码头的工作效率就必须提高作业流程的信息化程度，充分利用机械设备。通常集装箱码头作业流程的信息化建设中会包括以下内容：集装箱作业调度指挥系统、集装箱监控管理系统、远程监控管理系统(RCMS)，如下 图1所示。

1．1集装箱作业调度指挥系统

采用字符和图形化相结合的操作方式，通过先进的控制平台和各种优化算法对泊位、堆场空间和机械设备等资源进行智能控制。充分考虑了岸桥、场桥、叉车、拖车等机械设备的操作特点，能更好的满足大 规模集装箱码头的需求。重点解决了传统管理方式中一些常见问题，例如现场调度和作业信息反馈不及 时、业务流程不统一、业务手续繁琐等问题，能够大

幅提升集装箱码头作业系统的工作效率。

1．2 集装箱监控管理系统是在目前集装箱码头生产体系的基础上，通过引人先进的全球卫星定位系统(GPS)、地理信息系统GIS)等技术，对现有的集装箱码头作业工艺和生产信息流进行整合。加强现有生产作业系统生产过程的可控性和可视性，满足操作层、调度层、管理层和决策层对现场的数据需求，为企业生产、计划、调度、决策提供多角度、全方位的科学数字依据，构建出具有国际一流水平的生产系

28

统，从而实现对港口生产要素(堆存、集装箱、装卸机械)的精确定位、动态跟踪、过程控制和可视化管理，提高装卸效率，有效地解决现有码头生产过程中司机操作不受控、生产要素实时信息滞后、生产过程中存在的某些安全隐患以及特殊天气和光照不足及堆场标线不清对生产的影响等问题。该系统的应用9将有效提高码头公司港口集装箱生产作业系统的装卸效率，使企业的科技、管理、服务、形象水平得到提升。 1．3远程监控管理系统(RCMS)

集装箱码头的岸桥、场桥等大型机械设备是集装箱作业系统的关键部分，要求设备有非常高的可靠性。远程监控管理系统具备以下3个主要功能： (1)故障实时监控能

力。设备出现故障时，抢修人员可通过RCMS系统查出故障信息，迅速判断故障原因，加快故障处理速度。 (2)状态实时监控能力。RCMS能够记录设备实际工作时间、各个机构实际工作时间和次数、抓箱工作旋锁次数等数据，为设备的科学维护提供了数据支持。

(3)设备预维护系统功能。预维护系统有树型结构和图形结构两种形式，维修人员可自行添加维护项目，打印维护清单，为设备的科学管理提供信息化平台。RCMS系统的应用对提高港口生产效率、降低生产中设备故障的维修时间，优化生产设备的科学管理都起到了突出作用。目前大部分集装箱码头的作业调度指挥系统、监控管理系统、设备远程监控管理系统因为应用需求或是建设时间不同等原因，分别搭建无线系统。在有限空间内重复建设无线系统不仅浪费投资，各无线系统间或是周边无线干扰也是难以回避的问题。为提高无线系统效率、合理建设网络、减少投资，将不同应用整合到—套无线系统是更合理解决方案。集装箱码头作业机械设备的运动方式均为轨道或轮胎，需要在场地内流动作业，因此在作业流程信息化中附加于这些机械设备的3套系统的数据通道无法通过有线方式连通，必须通过以电磁波为传输媒介的无线提供数据连通。集装箱码头的作业系统依赖无线网络为其提供数据连通，因此对无线系统提出了更高要求： (1)无线设备高可靠性：无线系统提供的数据通 道是作业系统正常运行的基础，因此对无线设备连续 无故障运行时间有更高要求；

(2)恶劣环境的适应性：集装箱码头通常位于海岸或河岸，温、湿度变化范围较大，环境条件比较恶 劣；

(3)稳定的无线链路：集装箱作业调度指挥、集装箱监控管理、设备远程监控管理3套系统的数据通信都依赖无线系统，要保证整个码头的作业进度就必 须有稳定的无线系统；

(4)抗干扰能力：2．4GHz和5．8GHz无线频段均为可免费使用，可能存在大量同频干扰，因此设备要 有足够的抗干扰能力，尽量保证无线链路的可用性；

(5)足够可用带宽：集装箱码头作业设备众多、各套系统数据交互频繁，为保证每条作业指令及时、准确到达目的设备，无线系统必须要有足够可用带宽；

(6)链路冗余备份：任何情况下都不能保证无线设备永远不发生故障，在设备故障发生后应有备用链路保证系统正常运行；

(7)设备兼容性和可扩展性：为保证在已有设备下的升级改造，系统须考虑可方便地融人或添加新的设备、新的应用；

(8)多应用整合：可根据应用需求将不同的应用系统整合到一套无线系统中，保证各系统自成体系，提高设备利用率，减少投资；

(9)维护管理：传统的商业网络维护管理工作复杂，出现故障时不能及时恢复，因此集装箱码头无线系统应维护简单，出现故障能快速排除、恢复。

2控制系统构成

为提高系统利用率，节约投资，在保证满足应用需求条件下，合理的解决方案是将不同应用整合到一

套无线系统。综合分析集装箱作业调度指挥、集装箱监控管理、远程监控管理3套系统应用及数据传输特点，

29

选用西门子工业网络产品X一400、W788—2Pro、W746—1Pro搭建无线网络。考虑到集装箱码头场地的实际环境及使用条件，建议西门子基站W788—2Pro安装于场地内通信塔顶部，高度约为30m，客户端W746—1Pro安装于岸桥电

器房顶、场桥支撑臂顶部。设备安装图例如图2、图3

所示。

国3客户端安装图

3控制系统完成的功能

无线系统主要为集

装箱作业调度指挥系统、集装

箱监控管理系统、远程监控管理系统(RCMS)3套应 用系统提供数据通道，同时还要保证各套应用系统间 的数据不相互影响。西1]子工业以太网交换机X一 400支持根据端口划分VLAN，配合W788—2Pro基站 的VLAN功能将3种应用系统的终端设备划分到不同 VLAN，以隔离不同应用系统的数据。西门子无线基 站W788—2Pro根据需要将每个Radio虚拟为3个 VAP(最多8个)，每个VAP分配不同ESSID对应不同 应用无线客户端，同时根据不同应用对数据传输性的 要求，分别定义每个VAP对应ESSID的数据优先级 (优先级分为8个级别)以保证在1套系统中3种不同 应用系统的数据按照需求先后传输。系统结构图如图

4所示，远程监控管理系统界面如图5所示。__

30

4 运行项目

太平洋国际集装箱码头有限公司作业现场无线网络自交付使用的一年时间里，无线系统运行稳定，在码头作业系统中起到了关键作用，同时多套应用系统整合为客户节省了大量投资，得到了客户的高度评价。

一 工业无线网络 3

1 概述 3

试平台也计划采用此种方式。 5

2 工业无线测试平台软硬件构成 5 3 结论 7 二Diversified Communication Services; Spacenet Introduces New Emergency Communications Service via Satellite with

'Pay-as-you-use' Service Plan Options 7

31

三How to exploit spatial diversity in wireless industrial networks 9

1. Introduction 10

2. Spatial diversity fundamentals 12 3. Relaying for industrial applications 14 4. A relaying framework for industrial traffic 20

5. Conclusions 27

四西门子工业无线网络在集装箱码头的应用 27

1项目介绍 28 2控制系统构成 29 3控制系统完成的功能 30

4 运行项目 31 5、应用体会 32 5、应用体会

在设计、实施、维护太平洋国际集装箱码头有限公司无线网络过程中，对西门子工业通信产品有了更深了解：

(1)西门子工业通信产品构建的无线网络可以将多种应用整合到一套无线网络系统中，节省了设备投资，同时也相应减少了潜在的无线干扰；

(2)划分数据优先级，可以保证关键数据及时、优先到达；

(3)系统扩展性好，由于采用无线为传输介质，需要增加系统容量时只需增加客户端，需要增加新应用时也只需调整基站及交换机配置即可；

(4)稳定性好，西门子工业无线通信产品的防护级别达到了IP65标准，模块接口达到了IP67；设备的工作温度范围在一20％一+60。C，因此可以更好的工作在集装箱码头这种恶劣的环境下；

(5)可靠性高，借助强制漫游功能，基站设备可以自动判断逻辑链路通信状态，出现故障时强制跟随的客户端漫游到正常工作的基站上，防止出现“孤岛”现象。

五工业无线网络的现状及发展趋势

The Situation and Future Developmep, t of Wireless Industrial Networks

高汉荣冯冬芹

浙江大学信息学院控制系先进控制研究所(杭州310027)

摘要：概要介绍工业无线网络的特点及面临的难题。通过对ZigBee、无线HART、SPl00这3种工业无线标

准特点及应用的介绍描述工业无线网络的发展现状。最后，探讨工业无线网络的发展趋势。二j

关键词：工业无线网络Zigbee无线HART SPl00 ：

Abstract：This paper first summarizes the features of the wireless industrial networks and the challenges it confronts，then introduces the features and applications of ZigBee，wireless HART and ISA SPl00 in detail

32

to describe．the situation，of wireless industrial networks．Finally，this paper discusses the future development of wireless industrial networks． i

Key words：Wireless industrial networks ZigBee Wireless HART SPl00

1、工业无线网络概述

随着计算机、通信和网络技术的飞速发展，无线传感器网络应运而生。传感测试技术正朝着多功能化、微型化、智能化、网络化、无线化的方向发展。工业无线网络是从新兴的无线传感器网络发展而来的，具有低成本、低能耗、高度灵活性、扩展性强等特点，已经成为继现场总线技术后的又一个研究热点。由于工业现场环境复杂以及工业应用的特殊要求，工业无线网络面临着通信实时性、可靠性、安全性以及抗干扰能力等问题。

2、工业无线网络发展现状

目前，工业无线网络的研究热点主要集中于网络 国家创新研究群体科学基金(NCRGSFC：60721062)； 国家高技术研究发展计划(863计划2006AA040302)； 国家高技术研究发展计划(863计划2007AA041201)； 国家高技术研究发展计划(863计划2006AA040301)

技术和通信协议方面。在数据管理、软件开发环境和 工具等方面的研究工作还不多，研究成果很少。工业无线网络技术尚缺乏统一的国际标准，这严重阻碍了无线网络技术的应用和普及。以下对3种工业无线通讯标准的特点及应用进行简单介绍。

2．1 ZigBee标准

ZigBee是一种近距离、低复杂度、低功耗、低数据传输率、低成本的双向无线通信技术，由IEEE802．15．4和ZigBee联盟共同制定。ZigBee协议主要由物理层、数据链路层、网络／安全层、应用框架及高层应用规范构成。其中物理层与数据链路层由IEEE定义，网络层与应用层由ZigBee联盟定义。ZigBee技术的主要特点如下：

(1)低功耗：采用ZigBee技术的设备功耗非常低，仅几个MW，普通五号电池可使用6个月以上； (2)短距离：节点设备间的距离一般在10～75m，用于短距离通信； (3)低数据传输率：数据传输率只有10—250kb／s，用于低速率通信；

(4)低成本：ZigBee数据传输速率低，协议简单，大大降低了成本，采用ZigBee技术的设备节点成本一般只有几美元；

(5)低延时：设备节点的时延很短，信道接人时延为15ms，休眠激活的时延为30ms； (6)网络容量大：ZigBee网络可以容纳65 536个节点；

(7)高可靠性和安全性：可根据不同的应用场合实施不同的安全加密算法。ZigBee技术广泛应用于各种短距低速的场合，如医疗护理、汽车自动化、农业自动化和遥测遥控等。

2．2无线HART标准

HART通信基金会HCF从2004年起，宣布开发无线HART协议，要求HART无线通信技术保证支持产品的互操作性，与

有线HART仪表的无缝连接，提升HART智能仪表的智能和可连接性。历经近3年的努力，经HCR成员投票，无线HART的规范和通信协议已在2007年6月正式通过。WirelessHART是基于IEEE 802．15．4，可在全球应用的2．4GHz频带，具有信道跳频、Mesh网络拓扑鲁棒性和信息安全的低功耗无线通信规范。它旨在为过程测量和控制提供有足够确定性、并具有可互操作性的无线通信标准。将无线通信纳入HART规范，将在HART原有一切功能的基础上进一步提升具有HART功能的现场仪表和主系统的技术能力。这就是说，有线HART和无线HART

除了通信介质不同而产生的必要规范以外，它们运用同样的HART命令结构、同样的软件丁具。现有的

HART应用(包括控制系统、PLC工具、资产设备管理应用等)，无需进行任何软件升级，都可以利用无线HART

协议。1个无线HART传感器网络由无线HART网络设备、至少1个无线HART网关和1个无线HART网络管理器组成。

33

其组成结构如图1所示。无线HART标准为过程测量与控制、设备资产管理提供了一个健全的无线协议。无线HART是基于已经被人们熟悉并证实了的有线HART协议，通过与现有设备、工具和系统的兼容，使人们快速简便地感受无线技术的特点。无线HART的特点如下：

(1)可靠性：通过网状网络、跳频技术和时钟同步通信等技术，在干扰的情况下也能保证可靠性。保证了无线HART与其他无线网络的共存；

(2)安全性：无线HART通过加密、校验、密码管理、认证等各种安全措施保证网络和数据时刻处于保护状态； (3)供电特性：无线HART允许用户和设备设计者根据自己的需要选择供电模式。比如电池、太阳能和回路供电。

图

同有线HART一样，无线HART支持全部的过程监测和控制应用，包括： (1)设备和过程监测； (2)环境监测，能量管理；

(3)资产管理，预先维护，提前诊断；

(4)闭环控制。无线技术的应用能够补充而不是取代有线仪表，工厂中通常是两种并行使用。无线HART技术

具有向上兼容性，包括HART指令结构和设备描述语言，使得无线HART技术能够支持使用同种工具的有线和无线设备。无线HART技术提供了真正意义上的超越瓦换性的互操作性，这意味着用户能够不依赖厂商而选择最好的无线HART设备，从而在主系统控制层上保证兼容设备协调工作和相互替换。

2．3 SPl00标准

2004年12月，美国仪表系统和自动化学会成立了]工业无线标准SPl00委员会，启动了工业无线技术的标准化进程。2006年，SPl00委员会成立了新的SPl00．1la工作组，力争推出一个面向过程控制应用的工业无线技术子标准，并于2007年12月推出了该标准的草案。ISAl00．1 l a是由ISAl00无线工作组定义的标准，用于向非关键性的监测、警报、预测控制、开环控制、闭环控制提供安全可靠的操作。ISAIOOa为低数据传输率的无线连通设备定义了OSI堆栈、系统管理、网关和安全规范，这些设备支持有限能源消费要求。ISAl00．1la的研究焦点定位于周期性监测和过程控制的性能需求，这些周期性的监测和过程控制只能容许大约lOOms的延时。ISAl00．1la还定位于低功耗设备。ISAl00．11a系统提供了现场设备的无线基础结构、与旧设备的接口、应用程序、安全与系统管理需求。其中应用程序、安全与系统管理需求的功能是可升级的。SPl00的特点如下：

(1)各层次之间的相互独立性：ISAl00．1la允许不同的层次进行独立修改，比如，定义了一个新的物理层，可以将其加入到协议中，标准的其他部分受到最小的影响(如果有的话)；

(2)设备的可交换性：来自于不同厂商的具有相同结构、功能并符合ISAl00．1la标准的设备之间是可交换的。ISAl00．1la规定了一组所有设备都支持的必需功能和一组少数设备支持的可选功能。设备执行的任何一个可选功能都应该能够被操作使其无效。这样就使所有的设备具有相容性和互通性；

(3)世界范围的适应性：ISAl00．11a标准旨在支持所有世界主要领域的已建立标准。ISAl00．1 l a设备必须能够支持具体领域的规定，不能执行那些会阻止它在该领域操作的特性。ISAl00．1la标准提供了一些可选项使设备用于未指定领域。ISAl00．1 1 a的设备类型包括：现场设备和基础设施设备，每一个设备具有特定

34

的逻辑角色，包括系统管理器、网关、主干路由、系统时间源、非路由设备、现场路由等。ISAl00．1la设备的架构要求用OSI基本接口模型描述，如图2所示。ISAl00．1la的所有节点类型都源自于这个模型，都是在此模型基础上进行扩展或限制而来的。

3工业无线网络的发展趋势

无线通信网络技术在工业现场中的应用并不是简单的化有线为无线，它延伸了原有的工业网络的控制范围，并提供了极高的灵活性，成为有线网络、现场总线的一个有效补充。在未来的若干年内，工业无线网络将会得到快速的发展，市场预测，大约到2010年，大多数仪表及自动化产品都将嵌入无线传输功能。但是无线通讯并不会代替有线通讯，无线只会在有线不能实现或成本比较高的地方代替有线。两种通讯技术结合起来，有线的稳定性、可靠性和无线的灵活性、经济性互相补充，将会有效地促进我国工业技术的发展。

注：Physical Layer一物理层 PLDE SAP一物理层数据实体服务接口 PLME SAP一物理层管理实体服务接口 MAC Sub—layer—MAC子层 MLDE SAP—MAC层数据实体服务接口 MLME SAP—MAC层管理实体服务接口 Data lank Layer一数据链路层

DLDE SAP一数据链路层数据实体服务接口 DLME SAP一数据链路层管理实体服务接口 Network Layer一网络层

NLDE SAP一网络层数据实体服务接口 NI，ME SAP一网络层管理实体服务接口 Trmmpozt Layer一传输层

TLDE SAP一传输层数据实体服务接口 TLME SAP一传输层管理实体服务接口 Application Sub—Layer一应用子层 AsI．DE SAP一应用子层数据实体服务接口 ASLME SAP一应用子层管理实体服务接口 u∞r Application Process一用户应用进程 UAPME SAP一用户应用进程管理实体服务接口 User Application Process一用户应用进程 UAPME SAP一用户应用进程管理实体服务接口 Device Manager一设备管理器 图2 ISAl00．1la参考模型

35

定信息需求的代码及状态在网络中传播与处理，并将信息传输给数据管理中心(与协调节点连接)。ZigBee应用层提供了基于IP网络技术面向用户应用的协同应用服务接口，使应用子层得以实现网络上不同设备之间的通信、应用信息获取和服务设置多个ZigBee网络，特别是不同应用的网络互联时，也可以利用中间件技术实现消息代理和消息转发，将会使工业无线技术在应用软件开发方面得到更好的发展。

一 工业无线网络 3

1 概述 3 试平台也计划采用此种方式。 5 2 工业无线测试平台软硬件构成 5

3 结论 7

二Diversified Communication Services; Spacenet Introduces New Emergency Communications Service via Satellite with

'Pay-as-you-use' Service Plan Options 7

三How to exploit spatial diversity in wireless industrial networks 9

1. Introduction 10

2. Spatial diversity fundamentals 12 3. Relaying for industrial applications 14 4. A relaying framework for industrial traffic 20 5. Conclusions 27

四西门子工业无线网络在集装箱码头的应用 27

1项目介绍 28 2控制系统构成 29 3控制系统完成的功能 30

4 运行项目 31 5、应用体会 32

五工业无线网络的现状及发展趋势 32

1、工业无线网络概述 33 2、工业无线网络发展现状 33 3工业无线网络的发展趋势 35

四结论 36

四结论

ZigBee技术功能强大、适应性好、组网方便灵活、成本低，是工业自动化领域很有发展前途的无线接

36

入标准。ZigBee网状网如果可以可靠地应用于工业自动化领域，基于路由发现、设备发现、业务发现的功能，可以组成一个较大覆盖范围、高可靠性的、具有自组织、自愈功能的无线接入网络。

ZigBee标准在工业无线通信应用中，还需要考虑工业自动化领域的特殊性，以及如何在这种特定的网络中建立一个很完善的数据管理系统，最大效率地实现网络数据传输与管理。

六单片机和工业无线网络

M1crOcOnfrOller and industrial Wireless Network

一何小庆

如同今天的许多通用单片机(MCU)已经把USB、CANON以太网作为标准外役集成在芯片内部一样，越来越多的无线网络芯片和无线网络解决方案也在向集成SoC方向发展，比如第一代产品，Nordic公司nRF905，Chipcon公司cc1010他们集成了8051兼容的单片机．这些无线单片机适合一般的点对点和点对多点的私有网络应用，如单一产品的遥控器和

抄表装置等。无线通讯技术给智能装置的互连互通提供了便捷的途径，工业无线网络作为面向工业和家庭自动化的网络技术

图1 GG2430应用电路 也正在向着智能，标准和节能方向发展。

应用电路示意图

1典型的工业无线网络

目前在工业控制和消费电子领域使用的无线网络技术有ZigBee、无线局域网(Wi—Fi)、蓝 (Blutooth)、GPRS通用分组无线业务、ISM、IrDA等， 未来还能有3G、超宽频(UWB)、无线USB、Wimax等。当然还有大量的私有和专用无线

网络在工业控制和消费电子装置中使用，其中ZigBee、GPRS是在目前在国内工业控制中讨论和使用比较多的两种，蓝 和无线局域网是在消费电子产品如手机、耳机、打印机、照相机和家庭中小企业网络中广泛使用的无线协议(个别工业产品也有应用，如无线视频监控和汽车音响系统)，当然私有无线网络技术和产品在工业也有很多的应用。 ZigBee是一个低功耗、短距离和低速的无线网络技术，工作在2．4GHz国际免执照的频率，在IEEE标准上它和无线局域网、蓝牙同属802家族中的无线个人区域网络，ZigBee是有两部分组成， 物理和链路层符合IEEE802．15．4，网络和应用层符合ZigBee联盟的规范。ZigBee联盟(www．zigbee．org)是在2002年成立的非盈利组织，有包括TI、霍尼威尔、华为在内两百多家成员，ZigBee联盟致力推广兼容802．15．4~ZigBee协议的平台，制定网络层和应用架构

37

的公共规范，希望在楼宇自动化、居家控制、家用电器、工业自动控制和电脑外设等多方面普及ZigBee标准。

GPRS是在现有的GSM 网络发展出来的分组数据承载业务，它工作在标准的GSM频率，由于是一个分组交换系统，它适合工业上的突发，少量的数据传输，还因为GSM 网络覆盖广泛，永远在线的特点，GPRS特点适合工业控制中的

远程监控和测量系统。在工业控制应用中GPRS芯片一般是以无线数传模块形式出现的，它通过RS232全双工接口和单片机连接，软件上这些模块都内置了GPRS，PPP和TCP／IP协议，单片机侧通过AT指令集向模块发出测试，连接和数据收发指令，GPRS模块通过中国移动cmnet进入互联网和其他终端或者服务器通讯。目前市场常见的模块有西门子G24TC45、TC35i，飞思卡尔G24，索爱GI 7／48，还有Wavecom 的集成了ARM9核的GPRS SoC模块WMP50／100。GPRS模块有区分自带1℃P／IP协议和不带协议两种，一般来讲，如果是单片机侧有嵌入式操作系统和TCP／IP协议支持

的话或者应用的要求只是收发短信和语音功能的话，可以选择不带协议的模块。

2无线单片机

先进的SoC技术正在无线应用领域发挥重要的作用。德州仪器收购了Chipcon公司以后发布的CC2430是市场上首款SoC的ZigBee单片机， 见图1，它把协议栈z—stack集成在芯片内部的闪存里面，具有稳定可靠的CC2420收发器，增强

性的8051内核，8KRAM，外设有I／o 口，ADC，SPI，UART和AES128安全协处理器，三个版本分别是32／64／128K的闪存，以128K为例，扣除基本Z—stack协议还有3／4的空间留给应用代码，即使完整的ZigBee协议，还有近1／2的空间留给应用代码，这样的无线单片机除了处理通讯协议外，还可以完成一些监控和显示任务。这样无线单片机都支持通过SPI或者UART与通用单片机或者嵌入式CPU结合。2008年4月发表CC2480新一代单片zibBee认证处理器就展示出和TI MSP430通用的低功耗单片机结合的例子。工业控制领域的另一个芯片巨头— —飞思卡尔的单片ZigBee处理器MC1321X的方案也

非常类似，集成了HC08单片机核心，16／32／64K闪存，外设有GPIo，I2C；~[iADC，软件是Beestack协议，只是最多4K RAM 对于更多的任务显得小了些。但是凭借32位单片机Coldfire；~[i系统软件方面经验和优势，飞思卡尔在满足用户应用的弹性需求方面作的更有特色，它率先能够提供从低一中一高各个层面的解决方案，见

图2。

以Wavecom 为代表的GPRS SoC无线单片机同时在演绎着GPRS无线处理器的革命，~WMP50是一个带有四频GSM网络无线通讯工业处理器，内置了AIRY[9 CPU支持128K闪存，128KRA M ， 外设有11个GPIO，I2C，SPI，5X5键盘，2个UARTUSB

，

2．0并口，ADC，DAC等。WMP50内部有一个可强制的实时多任务操作系统，它支持应用任务工作在比GPRS任务高优先级的方式，即能保证控制响应要求。总之无论是GPRS无线单片机，还是ZigBee单片机都在朝着更低成本，更标准化和

更高性能的方向发展。2007年4月，后起之秀{ennic推出了5美元zigbee／IEEE802，15．4参考设计，这个价格是包括了JN513932位无线单片机PCB天线设计和其他辅助器件的BOM成本，据称RF性能能够达到1公里的距离。

3无线单片系统

无线单片机配合C语言开发调试工具可以胜任一个传输或者接收模块的系统设计，比如使用CC2430，IAR公司embeddedworkbench(EW)编译调试工具和TI公司Z—stack的simpleAPI设计的一个无线传感节点，用户可以使用针对无线传感网络的TinyOS，或者uc／OS—II，或者不使用嵌入式操作系统，再比如无线远程抄表终端，你可以使用MSP430或者CYGNAL C8051或者HC08单片机和一颗无线数传模块，如G24，开发工具可以使用KEIL IDE 或者IAREW430／8051，或者是codewarror， G24内置了TcP／IP和GPRS协议，通过使用AT指令的测试，接入互联网，连接服务器，收发数据的操作完成GPRS无线通讯的任务。单片机通过传感器完成电表数据采集任务。但是如果你计划设计一个智能家居的通讯节点

38

的时候，这样的无线单片机就不能够满足需求了，因为这样的节点除了它们是通过ZigBee~]络采集室内环境(如温度，湿度)，电、水和气三表的数据，家用电器开关和家庭安全报警外，另外一个很重要的功能是这个节点还应该通过有线以太网络，或者无线Wi—Fi网络连接家庭服务器，这个服务器是家庭PC、电视、录像，音响的核心，智能家居的通讯节点、家庭服务器和互联网(小区宽带)路由器组成一个家庭网络系统。要设计实现这样的通讯节点是需要一定的系统软件支撑和一定开销的处理器能力，因为它是工业装置，它的可靠性、安全性、功耗和易操作要求就比家用电器严格得多，目前看到的设计方法有这样两种，一种是使用一个大规模的嵌入式操作系统，如Linux、WinCE，它们有良好的网络和设备驱动支持能力，代价是需要一个ARM9以上MMU嵌入式处理器，32M以上存储

空间和32M以上执行空间(WinCE要求可能还更高)，比如业内领先的无线传感网络平台公司Crossbow的irnote2(汇聚节点)使用Marvell 416 MHzPXA271处理器和一个TI公司ZigBee收发器，这样的设计好处是明显的，但是随即可能

的问题是如何控制好系统的功耗和可靠性，工业无线网络多数安放在一个无人值守场地，还可能是一个恶劣自

然环境，无论是开源Linux，商业嵌入式Linux，还是WinCE电源管理技术都还不很完善，系统引导和恢复的功能和时间都还不能完全满足工业控制应用的要求。取而代之的另外一种方式是目前多家MCU半导体公司推荐的方案；硬件是ST、NXP的ARM 单片机和Freescale coldfire单片机，比如M CF52335， 系统软件是Interniche公司和Freescale合作的Nichelitecoldfire TCP／IP Lite一个针对coldfire免费的轻量级的嵌入式TCP／IP软件，它包含了TCP，UDP，ICMP，DHCP(用户端)，TFTP和一个简单的非抢占的RTOS(www．freertos．corn)，大约只有20K的代码，加上Freescale的Web server，Flash文件系统，对于工业网络汇聚点应用是可以满足的了。当然如果这些免费的软件模块还不能满足应用的要求，Interniche还有PPP，SNMP，DHCP(服务器)，FTPJ]~务器，IPSEC，RTP等模块选择，甚至升级到全功

能版本的nichestack。ST ARM、NXP LPC单片机也有基于Nichelite类似的解决方案。这个方案的好处是MCU可以使用低主频的ARM／coldfire Flash单片机，起到降低功耗和增加可靠性作用，系统软件由半导体公司免费授

权给用户，这样用户只要购买常规的单片机开发工具， 如IAR EW ，ARM M DK，Codewarrior就可以完成一个工

业网络通讯节点的设计任务，开发难度和产品整体核算成本要低。更近一步的看，传统的单片机正在大踏步的进入工业无线网络领域的各个方面，除了前面的SoC单芯片无线单片机外，比如最近TI的SimplicTI，一种TI私有的射频网络，也可以说是一种简化的ZigBee网络方案。比较起ZigBee协议，SimplicT1支持点～点和星型网络，代码只有4K，结构和使用都很简单，颗TI MSP430 16位单片机加上RFCC1100／CC2500就可以组成一个烟感，瓦斯泄漏报

一

警和抄表节点设计，SimplicTI的开发目前还是个典型的单片系统，使用IAR EW43O工具，RF协议软件和库程序都

一

是由TI免费提供源代码，SimplicTI的AP1只有6个函数；初始化，连接和监听，发送和接受，配置，配置参数简单明了，包括有频率，安全令牌，网络拓扑(点一点、星型)，电源管理和内存分配。瑞典IAR公司最近移植Powerpack RTOS和支持MSP430单片机的开发，这使得在RTOS支持下430无线节点设计功能可以再复杂些，设计的弹性也大。图3是SimplicTI开发板，

chipcon radio interface你可以安装CCl100／2500器件。TI

资料显示，未来SimplicTI还支持CC2430这样的ZigBee．~线单片机升级CC2430支持SimplicTI还意味着TI对无线网络支持更加宽泛和灵活，升级换代方便了。

4结语

无线技术是未来嵌入式系统发展最快速的领域之一，单片机是嵌入式和工业控制系统最传统的核心部件，SoC和微

39

电子制造工艺的发展推动单片机的变革，无线技术和应用是单片机发展的一个热点，是包括 I，Freescale，ST，NXP，Atmel，Microchip这些工业芯片半导体巨头和专业无线公司Ember，Jennic，Nordic角逐的重要舞台。无论是把

射频器件和单片机核心集成在一起的SoC无线单片机，还是单片机加上射频器件或者射频单片机的无线单片系统，都将嵌入在在未来形形色色电子设备里。工业控制系统的无线网络由于其行业的特殊性，决定选择一种无线网络技术的因素很多，如通讯范围、环境干扰、连接方式、速率和功耗等，但会逐渐的从私有模式向通用方向迈进。正如今天我们看到的以太网和CAN总线是新一带工业设计的主流网络一样，在工业控制系统里采用标准无线网络，比

如今天我们能够看到的ZigBee，GPRS，Wi-Fi，Blutooth的应用将越来越多，未来将是大势所趋。但是，需要指出的是，在某些特殊的环境和条件下，短波和卫星通讯方式依然在工业无线网络中使用，比如此次四川汶川地震后水情自动测报系统，就是由北斗卫星，卫星终湍，传输设备和太阳能供电装置组成，实现了在地震灾区这样基本通讯方

式无法保证的环境下，远程工业无线网络设备正常工作

七基于IEEE802.15.4a 的工业无线网络嗅探器*

张锦1， 侯维岩1, 2， 杨傲雷2

(1． 郑州大学信息工程学院, 河南郑州450001； 2． 上海大学机电工程与自动化学院, 上海200072）

摘要: 针对基于IEEE802.15.4a 的工业无线传感器监控网络嗅探器的研究和实现, 从分析嗅探器原理，介绍了IEEE802.15.4a 协议，详细描述了嗅探器的系统结构及设计中对数据包的捕获和过滤过程。给出了针对4 种不同过滤设置条件所对应的类定义，可根据用户要求对指定类型、特定站点或设定时间段及包含热点关键字的数据进行捕获过滤，动态显示网络的实时状况。经过试验，本嗅探器完全达到了设计要求，实现了对无线传感器网络的主动侦听监控。

关键词: IEEE802.15.4a ； 嗅探器； 无线传感器网络； 包捕获； 切普扩频 中图分类号: TP393 文献标识码: A

A sniffer oriented industrial wireless network based on IEEE802.15.4a ZHANG Jin1，HOU Wei Yan1,2，YANG Ao Lei2

（1． College of Information Engineering, Zhengzhou University, Zhengzhou 450001, China ； 2． College of Mechatronics Engineering and Automation, Shanghai University, Shanghai 200072, China ）

Abstract: The design and implementation of sniffer for industrial wireless network are described, which is based on IEEE

802.15.4a. The principle of sniffer and the protocol of IEEE 802.15.4a are introduced in the paper. The system structure of the

sniffer and the process of capture and filtering are described as well. According to four kinds of capture options, the definition of

the packet class is given, which make it possible that the sniffer can capture all kinds of data we need and show networks′ states

dynamically. The sniffer can run effectively in the industrial wireless control network environment and meet the requirements of active monitoring for the industrial wireless network.

Key words: IEEE802.15.4a ； sniffer； wireless sensor network ； packet capture ； CSS 工业过程及生产现场环境中， 对于一些禁止使用通信电缆（ 如超净或真空封闭的房间） 或者很难使用电缆（ 如高速旋转的设备、强腐蚀恶劣环境） 的场合， 其通信过程是很难或甚至是无法用普通的有线网络

40

实现的， 但可以采用无线通信技术来组建现场设备互连通信网络。IEEE802.15.4a 是基于切普扩频(CSS) 的无线短距离传输技术， 特别适合于对抗干扰性能要求很高的工业无线（ 传感器） 监控网络， 其在2007 年7 月成为国际标准后引起了多家研究单位的重视， 有了许多研究和应用实

例。网络嗅探技术是网络管理和监测中的一项重要技术。它是通过捕获并分析数据报文， 获取实时有效的网络状态信息， 以方便对网络的运行状况进行分析和管理。网络嗅探技术在有线网络的维护和管理中已经得到了广泛应用[ 1 ] 。但基于IEEE802.15.4a 标准的工业无线监控网络嗅探器的设计在国内外尚不多见。鉴于此，本文阐述了嗅探器的工作原理， 并简要介绍了IEEE802.15.4a 协议, 以及一种针对该协议标准的工业无线传感器监控网络嗅探器的系统结构、数据包的捕获和过滤过程及其对应的类定义、嗅探器的用户界面设计,对本嗅探器进行了实验验证， 实现了对无线传感器网络的主动侦听监控。

1 嗅探器原理

网络嗅探是指捕获在网络中传输的封包信息并对其进行译码和分析， 从而获取网络的状态、数据流动情况以及网络上传输的数据等信息， 以方便找到网络的潜在问题等。在共享式有线网络中， 同一网段上的所有网络接口都有接收物理媒体上传输所有数据的能力。网卡将根据所设置的接收模式进行接收。通常情况下， 网络接口只接收与自身地址相匹配的帧和广播帧。如将接收模式设置为混杂(Promiscuous) 模式， 则网卡能够接收到总线上的所有数据， 从而实现对共享式网络的监听[ 2]。而对交换式有线网络的侦听则是在普通的侦听上辅以一定的欺骗方法， 以扩展的中间人监听的方式来实现[ 3]。对于无线网络， 所有的无线站点都能够监听到目标工作频段内所有符合目标物理层协议的无线信号。即使站点对于非广播包、非组播包且目的地址与接收站点地址不匹配包都丢弃, 而只要将无线网络接口设置为射频监听模式(RF-MON Mode) 都可以接收所有包， 以实现无线网络嗅探[ 4]。

2 监控网络MAC 协议

目前成熟的无线传感器网络MAC 协议中， 使用较多的是S-MAC 与CSMA 协议。IEEE802.15.4a 的MAC 层使用CSMA， 物理层使用CSS (Chirp Spread Spectrum), 即宽带线性调频扩频， 又简称切普扩频。CSS 是新一代短距离无线数字传输技术， 已被IEEE802.15.4a 任务组选定为基准物理层标准。其每一位传输所需功耗是IEEE802.11b 的1/6 、蓝牙的1/60 。其数据传送速率最高可达到2 Mb/s ， 室外视距达900 m， 接收灵敏度为-92 dBm/Mb/s 。CSS 综合了FSK、PSK 和ASK 3 种方法的优点， 能十分有效地抑制工业环境中的各种噪音和多径漫射， 并且在拥挤的ISM(Industrial Scientific Medical)频段与其他现有的信号互不影响， 用于实时精准位置和感应网络。简单地说，CSS 技术加上IEEE802.15.4的MAC 协议和组网规则就构成了改进的IEEE802.15.4a ，特别适合在工业自动化现场设备层控制网络使用。

3 系统硬件结构

嗅探器的系统硬件结构如图1 所示。其中微控制器采用Atmel 公司的ATmega128L 。它采用低功耗CMOS 工 艺， 基于RISC 结构， 具有片内128 KB 的程序存储器(Flash) 、4 KB 的数据存储器(SRAM) 和4 KB 的EEPROM；有8 个10 位ADC 通道、2 个8 位和2 个16 位硬件定时/计数器、8 个PWM 通道， 具有可编程看门狗定时器和片上振荡器、片上模拟比较器、JTAG、UART、SPI 、

41

I2C

总线等接口。ATmega128L 可在多种不同模式下工作， 除了正常操作模式外， 还具有6 种不同等级的低能耗操作模式， 适合于低能耗的应用场合。为了与PC 机的串口相联， 使用了MAXIM 公司的串行收发芯片MAX3232CSE 来完成RS232 电平到TTL 电平的转换。无线通信芯片采用德国NanoTron 公司的NA1TR8 ，该芯片符合最新IEEE802.15.4a 标准， 其内部集成1 个可编程控制器， 该控制器又分为2 个部分： 一个是基带控制器(baseband controller) ， 功能有帧的产生、错误纠正、解包/封包等； 另一个是MAC 控制器， 主要作用是控制介质访问控制， 如CSMA/CA、TDMA 等。NA1TR8 的Memory 在逻辑上有1 024 B 的编址空间， 这1 024 B 由两部分组成： 一个是128 B 的寄存器， 该寄存器依据编址为0x7F 的索引寄存器低2 位的不同设置， 在地址空间中被映射成4 个128 B 的地址空间； 另一个是512 B 的基带RAM (Baseband memory ，BBRAM), 由Segment0 、Segment1、Segment2、Segment3 组成，每个Segment 占用128 B。此RAM 根据不同的设计需要可以设置成4 种不同的配置模式： Auto /Duplex 、Auto / Simplex 、Transparent /Duplex 、 Transparent/Simplex 。这4 种配置模式各有优劣， 需要根据具体的应用需求作出选择。嗅探器的主要功能是接收数据而不是发送数据。鉴于此， 监测仪的BBRAM 的配置采用Auto/Simplex 模式，此模式下的BBRAM

配置如图2 所示。

在Auto/Simplex 模式下，Segment0 、Segment1 被保留下来专用于存储MAC 帧头、加密/解密、站点地址、实时时钟(RTC) 等信息。Segment2 、Segment3 用于发送和接收时共享Buffer 。针对嗅探器BBRAM 的配置， 可以将Segment2、Segment3 都用于数据的接收。

4 数据包捕获过滤

4.1 IEEE802.15.4a 中的数据帧格式物理层及MAC 层的数据帧格式如图3 所示。物理层由4 个域组成， 分别是前： 导码， 其作用是自动增益控制校验及位同步； 同步字段， 其作用是帧同步；MAC 帧域及尾字符域， 其作用是尾部与帧间间隔的分隔符。MAC 层有6 种帧格式， 分别是数据帧(Data) 、应答帧 (Ack) 、广播帧（Brdcast ） 、时间信标帧(TimeB) 、请求发送

42

帧(Req2S) 、清除发送帧(Clr2S) 。依据上述不同的6 种帧格式，MACFrame 包含10 个域， 每个域的详细功能描述可参见芯片NA1TR8 的相关文档， 这里不再赘述。 4.2 数据包捕获

对无线网络进行监听， 首先必须对目标侦听网络中符合物理层通信协议的数据包进行捕获。这是对网络进 行监控分析的基础。在这里首先需要取消监听站点的地址匹配， 并设置为监听模式， 使其可以监听到所有其他站点发送的数据。再将接收的有效协议数据单元传送至PC 机串口。当串口监视进程

CSerialPort::CommThread ( )监测到串口有数据到达时， 发送WM_COMM_RXCHAR消息给主框架窗口， 由响应函数CMainFrame::OnComm( )对收到的数据进行初步的判断处理。而数据包则定义了 一个普通类， 其具体定义如下： class CPacket{public:??

void GetReceiveTime( ); // 获取高精度时间 CString m_pTime; // 数据捕获时间

CString m_pPacket; // 数据包的十六进制代码 CString m_pData; // 传感数据

CString m_pPacketNum; // 传感数据包顺序号 CString m_pNetNum; // 网络群号 CString m_pSendAdd; // 数据包源地址 CString m_pToAdd; // 数据包目的地址 CString m_pType; // 数据包类型 CString m_pLength; // 数据包总长度

??};其 中,GetReceiveTime ( ) 对普通的CTime 类进行了扩展， 提高了时间的精度， 为数据的进一步分析处理和网络管理提供了很好的时间记录。本设计中使用了绝对时间戳。这样， 当知道某事件发生的大概时间时， 可以快速找到详细的数据包解析以及对应的源码。 4.3 数据包过滤

嗅探器在默认情况下会对网络中所有包进行捕获。但实际的监听过程中捕获包的数量是相当巨大的，而且通常需要关注采集的只是具有某些特定特征的包。这就需要对捕获的数据包按照要求进行过滤， 且显示结果。

过滤条件的设定主要分为如下4 类： 数据包的类型， 收发地址， 时间， 关键字。详细的参数设置界面

43

如图4 所示。其具体过滤功能由

COutputBar::OutFilter( ) 函数实现。过滤条件的设置可在数据监听前预设也可在监听过程中及时按需修改。

5 用户界面设计

嗅探器在WM_CREATE 消息处理函数CMainFrame::OnCreate （ ） 中创建了2 个子控件窗口， 将整个主窗口分为数据分析和网络监控2 个区， 如图5 所示。捕获数据在嗅探器客户端的显示由

COutputBar::ShowNetworkMessage（ ） 实现。其中， 一区的上部为解码区， 给出了数据包的收发时间、地址、类型、具体的传感数据等详细分析信息； 一区的下部显示了对应数据包的原始十六进制编

码。而二区则以图形化的方式显示了整个无线网络的拓朴状态， 以实现对整个网络的实时监控。以对令牌传递的监控为例， 从图6 所示的嗅探器解码区所显示的详细分析信息可以看到， 令牌在网络内传递的一个过程： 包70 、71 表明站点5 传送完数据后将令牌传送至主站点； 而包72 中主站点将令牌传给站点6 ； 包73 则是站点6 获得令牌并进行了数据传输； 最终， 从包74、75 中可看出，站点5 再次获得令牌并传输了数据。从嗅探器的运行结果可看出， 嗅探器能够捕获无线传感器网络中的数据， 并对其过滤分析，提供了整个无线网络的图形化监控等功能， 而且未被原网络发现， 也没有对其运行造成影响， 最终实现了对IEEE802.15.4a 无线传感器网络的主动侦听监控。

44

资料来源：

【1】 百度文库 【2】 豆丁网

【3】 ProQuest 数据库 【4】 web of science

【5】 Elsevier SDOL(ScienceDirect Online)数据库 【6】 维普资讯 【7】 万方数据库 【8】 CNKI学术期刊

2010年8月19日星期四

45

本文来源：https://www.bwwdw.com/article/yahx.html