1. Field of the Invention
The present invention relates to packet-switching transmission networks designed to convey vital security information with special requirements in terms of guarantees and transportation deadlines. Security transmission networks of this kind have many possible fields of application including the interconnection of onboard equipment in an aircraft for the exchange of vitally important instructions and information.
2. Description of the Prior Art
A packet-switching transmission network is generally called an ATM (Asynchronous Transfer Mode) network or switched Ethernet. It consists of a set of switches or interconnection nodes, joined by transmission links, which may or may not be wired. These nodes constitute a meshing of the space in which the entities that have to communicate with one another are distributed.
To be transmitted on a packet-switching transmission network, a piece of information must undergo one or two successive shaping operations: a digital shaping operation and an analog shaping operation.
The digital shaping operation is designed to make it possible for the packet switches to manipulate the information to be transmitted. This digital shaping, after an operation to digitize the information to be transmitted, results in the constitution of binary data packets or datagrams compliant with a certain format, with one or more message bits and one or more service bits fields containing several instructions useful for routing within the network, including identifiers or the packet addressee entities.
Analog shaping relates to the packets or datagrams that result from the digital shaping operation. The analog shaping operation gives these packets the form of electrical or optical transmission signals adapted to the physical characteristics of the transmission links interconnecting the switches of the network to one another and with the communicating entities.
The packet transmission networks are differentiated from one another chiefly by the use of variably sized packets (64 to 1518 bytes) for the Ethernet and by the use of fixed-size packets for the ATM networks. Hereinafter, it is assumed that the packets may have any size whatsoever, so that the description can remain at a general level.
A network switch carries out chiefly the following operations:                an operation of detection and demodulation, at each of its input/output ports, of the transmission signals that reach it through the transmission links with which it is directly connected in order to restore the datagram shape to the information that reaches it.        the temporary storage, in a buffer memory, of the datagram traffic received by all the input/output ports pending the execution of routing to one or more output ports of the switch,        an analysis of the service bits of each datagram in order to deduce a distribution profile determining the output ports to which the datagram considered must be routed,        the execution, as soon as possible, of the distribution profile consisting of a retrieval, in a buffer memory, of the datagram concerned and its presentation at the desired output ports,        the remodulation of the datagrams at the output ports in order to give them back the shape of a transmission signal adapted to their conveyance on the transmission links connected to the output ports.        
To fulfill these different tasks, a packet switch generally comprises the following peripheral equipment at each of its input-output ports: an individual modulator-demodulator circuit known as a MAC (Medium Access Control) circuit providing the interface, in both directions, between the datagrams circulating internally and the transmission signals that correspond to them externally, on the physical interconnection links of the network directly connected to the input/output ports considered, as well as a logic automaton for the management of sending queues that resolves conflicts between datagram forwarding requests that are far too close to each other to be satisfied immediately. The packet switch furthermore comprises, centrally, a buffer memory consisting of a multiple random-access memory storing the datagrams received by the packet switch for the period of their routing, a central sequencer for the addressing of the buffer memory to make it work as several circulating memory banks, with one bank per incoming port, and a central routing automaton determining a distribution profile, namely the list of input-output ports of the network switch by which a datagram must be re-sent, prepared as a function of the localization of the packet switch concerned within the packet switch transmission network and service data pertaining to this datagram, essentially the identity of the destination entities.
The increasing importance of the security aspect has led to the adoption, in packet-switching transmission networks, of measures to guarantee the most efficient possible conveyance of a piece of information within an maximum deadline, even in the event of downgraded operation, through the greatest possible elimination of risks of congestion in the network. These measures act at two levels: the packet or datagram level and the level of the virtual paths followed by the datagrams within the network, a virtual path being associated with a particular data stream having the same sender and addressee entities and being defined by instantaneous states taken by the switches of the network when they are crossed by the datagrams belonging to this information stream.
The network anti-congestion security measures taken at the datagram level consist of the verification of the integrity and freshness of the datagrams during their stay within the packet switches of the network, namely all the packet switches or only some of them, and the rejection of the packets that are not integrated or have stayed far too long in a packet switch, so as not to unnecessarily encumber the transmission links of the network with datagrams that have become unusable by the addressee entities.
The verification of the integrity of the datagram is based on the compliance of the datagram, as perceived at a packet switch of the network, with a report located in its service bits and consisting of information on the type of packet or redundancy information given by an error correction code.
The verification of the freshness of a datagram at the packet switch is based on the comparison of the current time with the date of reception of the datagram by the packet switch considered. When a datagram stays far too long in a packet switch before being forwarded, there is a risk that the packet switch will have its storage possibilities over-stretched and that it will mistake datagrams for one another. It is therefore necessary to eliminate every reference to a datagram once its stay in a packet switch tends to stretch out abnormally.
The network anti-congestion safety measures taken at the virtual path level are of two kinds. They consist, firstly, in verifying that, when a datagram passes through a packet switch, it is truly following an authorized virtual path, failing which it is rejected so that it does not unnecessarily encumber the transmission links with packets that will not be properly exploited by the addressee entities because they have been poorly routed. These measures consist, secondly, in keeping the virtual path bit rates, at the different packet switches, below the authorized maximum values, if necessary by means of shedding operations through the authoritative elimination of datagrams in excess. This is done in order to limit an operating fault on the part of a sender entity or a packet switch solely to the virtual paths that are assigned to it.
The verification of the fact that a datagram matches the virtual path that it takes at a packet switch is based on verification of the compatibility of the port by which the datagram is received at a packet switch with the virtual path that was originally assigned to the datagram. This originally assigned virtual path is deduced from service bits contained in the datagram that identify the addressee entities of the datagram and possibly other service bits identifying the sender entity or the type of datagram.
The data bit rate of a virtual path is kept below the maximum values authorized at the different packet switches that it crosses. This is done by monitoring of its real bit rate at these packet switches, tallying the datagrams that it conveys, this tallying taking account of the fact that the datagrams often sent out at a regular pace by a sender entity may be affected by a variable level of jitter owing to the possible existence of queues at the packet switches, and the assertive or authoritative limiting of the real bit rate to a level below the maximum bit rate through the elimination of the datagrams in excess.
These measures seek to eliminate the risks of loss or delay in the conveyance of information as a result of congestion in the network. Other measures are designed to ensure that information which, despite precautions, have lost their integrity during conveyance, are rejected so as not to encumber the transmission links and unnecessarily take up processing time in the packet switches.
Since it is useful to reduce the number of datagrams stored in the central buffer memory of a packet switch to the maximum extent, it is advantageous to verify the integrity of a datagram at the input port by which it reaches the packet switch considered. Indeed, this enables this datagram to be eliminated before it is presented to the central buffer memory if a lack of integrity should detected. The function of verifying the integrity of each packet received is then entrusted to the MAC circuits whose structure is adapted to this purpose.
For all the other anti-congestion safety measures of the network, it is advantageous, for cost reasons, to entrust their implementation to the central routing automaton. However, this greatly increases the workload of the central routing automaton and entails an equivalent increase in the computation power of this automaton.