T02 - Design Considerations for Robust EtherNet/IP Networking

Similar documents
T28 - Design Considerations for Robust EtherNet/IP Networking

Industrial Network Trends & Technologies

NI10 EtherNet I/P Best Practices & Topologies

T01 - Select the Right Stratix Switch for Your Application

Cisco & Rockwell Automation Alliance. Mr. Gary Bundoc Solutions Architect Rockwell Automation Phil Inc.

NI11 IT and Plant Floor - Breaking Down the Barriers

Under the Hood with PlantPAx CT426

Bridging the IT to OT Technology Gap Paul Didier, IoE Verticals Solution Architect Matt Tweedie, DP World PSOIOT-2005

Connected Factory Architecture Theory and Practice

L31 - Applying EtherNet/IP and Stratix Switches in Real-Time Manufacturing Applications

Unlocking the value of IoT data

Minewide Convergence of Control and Information

Future Trends in Industrial Networking

Applying EtherNet/IP in Real-time Manufacturing. Copyright 2012 Rockwell Automation, Inc. All rights reserved.

L01 - Basic Stratix Switch and EtherNet/IP Features in Converged Plantwide Ethernet (CPwE) Architectures

L03 - Introduction to Network Security

Reference Architectures for Industrial Automation and Control systems

W05 High Availability for Today s Process Market

Stratix Industrial Ethernet Switch. Features and Benefits

1756-EN2TP Parallel Redundancy Protocol Module Network Redundancy

KENDALL DATACOMM. INDUSTRIAL NETWORKING Switches, Micro Data Center (MDC), Industrial

Fundamentals of Securing EtherNet/IP Networks & Practical Security Capabilities

T22 - Industrial Control System Security

Future Trends in Industrial Networking

White Paper. Physical Infrastructure for a Resilient Converged Plantwide Ethernet Architecture

CPwE Solution Design Manufacturing and Demilitarized Zones

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

Scalability-The Best Approach to Change

CompTIA Network+ Study Guide Table of Contents

Stratix Industrial Networks Infrastructure At-A-Glance

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

2013 Cisco and/or its affiliates. All rights reserved. 1

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

Ethernet: Convergence, Choices, Complexities

TM01 - Developing Machines for the Fourth Industrial Revolution

Deployment Scenarios

Reference Manual. Embedded Switch Technology Reference Architectures

T14 - Network, Storage and Virtualization Technologies for Industrial Automation. Copyright 2012 Rockwell Automation, Inc. All rights reserved.

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

Internet of Things for Manufacturing

TSN and EtherNet/IP Networks

Realizing the IoE Opportunity with IoT ASEAN Internet of Things Forum

Drive Control via EtherNet/IP using CIP Motion and CIP Sync Profile Extensions

TOMORROW Starts Here Cisco and/or its affiliates. All rights reserved. 1

Chapter 10: Review and Preparation for Troubleshooting Complex Enterprise Networks

CISCO QUAD Cisco CCENT/CCNA/CCDA/CCNA Security (QUAD)

CCNA Industrial Overview. Sudarshan Krishnamurthi Sr.Product Manager Rami Kandah Technical Architect BRKCRT-1901

Production Software Within Manufacturing Reference Architectures

Integrated Power and Automation

CCNA. Murlisona App. Hiralal Lane, Ravivar Karanja, Near Pethe High-School, ,

IT114 NETWORK+ Learning Unit 1 Objectives: 1, 2 Time In-Class Time Out-Of-Class Hours 2-3. Lectures: Course Introduction and Overview

Integrated Architecture The Convergence of Control and Information

Applying Plantwide Industrial Wireless Communications for Cost Savings. Copyright 2012 Rockwell Automation, Inc. All rights reserved.

Solution Architecture

"Charting the Course... Interconnecting Cisco Networking Devices Accelerated 3.0 (CCNAX) Course Summary

Cisco Certified Network Associate ( )

Study Guide. Module Two

Converged Plantwide Ethernet Overview

T61 Leveraging Integrated Architecture Using Kinetix and PowerFlex Drives

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

CCNA Routing and Switching (NI )

New Possibilities with Distributed I/O

CCNP Switch Questions/Answers Cisco Enterprise Campus Architecture

CertifyMe. CertifyMe

Integrated Architecture Midrange System

GUIDELINES FOR INDUSTRIAL ETHERNET INFRASTRUCTURE IMPLEMENTATION: A CONTROL ENGINEER S GUIDE

CCNP SWITCH (22 Hours)

PrepKing. PrepKing

Implementing and Configuring the Cell/Area Zone

Allen-Bradley Communications Modules Implementing network-based access control for users, devices and networks

Scaling the Plant Network

ASM Educational Center (ASM) Est Cisco CCNA Routing and Switching Certification

T28 Introduction to GuardLogix Integrated Safety Systems

New Ethernet Applications Industrial Networking Requirements. March 6, 2018

Deployments and Network Topologies

DoD UC Framework 2013, Section 13 Table of Contents TABLE OF CONTENTS

COURSE PROJECT SEM ATTENTION ALL ADVANCED DIPLOMA & BACHELOR STUDENTS

GUIDELINES FOR USING DEVICE LEVEL RING (DLR) WITH ETHERNET/IP. PUB00316R ODVA, Inc. Page 1 of 18

Question No : 1 Which three options are basic design principles of the Cisco Nexus 7000 Series for data center virtualization? (Choose three.

10 million cycles at 20 x diameter (TPE cable)

TEXTBOOK MAPPING CISCO COMPANION GUIDES

Technical Document. What You Need to Know About Ethernet Audio

Exam Code: Exam Code: Exam Name: Advanced Borderless Network Architecture Systems Engineer test.

: Designing for Cisco Internetwork Solutions (DESGN) v2.1

TECH SESSION -T9 - GALLERY OVERLOOK B ROCKWELL AUTOMATION SELECT THE RIGHT STRATIX SWITCH FOR YOUR APPLICATION

Industrial Automation in Manufacturing Environments - Architecture and Use Cases Connected Factory

Exam Topics Cross Reference

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

Cisco CCNA (ICND1, ICND2) Bootcamp

CCNA Routing and Switching Courses. Scope and Sequence. Target Audience. Curriculum Overview. Last updated August 22, 2018

3. What could you use if you wanted to reduce unnecessary broadcast, multicast, and flooded unicast packets?

Information and Network Technology Revised Date 07/26/2012 Implementation Date 08/01/2012

Veilige industriële netwerk oplossingen in de praktijk. Jaap Westeneng Endress+Hauser

Deploying Cisco Wireless Enterprise Networks

Interconnecting Cisco Network Devices: Accelerated

Enterprise Network Design

P ART 3. Configuring the Infrastructure

TSN Influences on ODVA Technologies. Steve Zuponcic, Mark Hantel, Rudy Klecka, Paul Didier Rockwell Automation, Cisco Systems.

Enterasys K-Series. Benefits. Product Overview. There is nothing more important than our customers. DATASHEET. Operational Efficiency.

1588v2 Performance Validation for Mobile Backhaul May Executive Summary. Case Study

Transcription:

T02 - Design Considerations for Robust EtherNet/IP Networking Scalable, Reliable, Safe and Secure Architectures for The Connected Enterprise Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 1

Agenda What s Driving This? Industrial Network Design Methodology Key Requirements, Key Tenets Additional Material Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 3

What s Driving This? Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 4

What s Driving This? Convergence of Network Technology Large LANs, Lacking Natural Boundaries and Segmentation Flat, Open & Unstructured Industrial Automation and Control System Network Infrastructure Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 6

What s Driving This? Convergence of Network Technology Smaller Connected LANs with Boundaries and Segmentation Flat, Open & Unstructured IACS Network Infrastructure Structured and Hardened IACS Network Infrastructure Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 7

What s Driving This? Industrial IoT & Industrial IT (Bridging OT-IT) Wide Area Network (WAN) Data Center - Virtualized Servers ERP - Business Systems Email, Web Services Security Services - Active Directory (AD), Identity Services (AAA) Network Services DNS, DHCP Call Manager Identity Services Enterprise External DMZ/ Firewall Internet Enterprise Zone Levels 4-5 Information Technology Physical or Virtualized Servers Patch Management AV Server Application Mirror Remote Desktop Gateway Server Plant Firewalls Active/Standby Inter-zone traffic segmentation ACLs, IPS and IDS VPN Services Portal and Remote Desktop Services proxy Industrial Demilitarized Zone (IDMZ) Physical or Virtualized Servers FactoryTalk Application Servers and Services Platform Network & Security Services DNS, AD, DHCP, Identity Services (AAA) Storage Array Level 3 - Site Operations (Control Room) Wireless LAN Controller (WLC) Active Standby Identity Services Remote Access Server Core Switches Distribution Switch Stack Distribution Switch Stack Access Switches Cell/Area Zone Levels 0 2 Access Switches Cell/Area Zone Levels 0 2 Industrial Zone Levels 0 3 (Plant-wide Network) Industrial IT Camera WGB Phone Controller LWAP SSID 5 GHz WGB Controller LWAP Cell/Area Zone - Levels 0 2 Redundant Star Topology - Flex Links Resiliency Unified Wireless LAN (Lines, Machines, Skids, Equipment) LWAP SSID 2.4 GHz IFW Controller Rockwell Automation Stratix 5000/8000 Layer 2 Access Switch Drive HMI Soft Starter Cell/Area Zone - Levels 0 2 Ring Topology - Resilient Ethernet Protocol (REP) Unified Wireless LAN (Lines, Machines, Skids, Equipment) I/O Instrumentation IFW Servo Drive Safety Controller HMI Robot Safety I/O AP SSID 5 GHz Cell/Area Zone - Levels 0 2 Linear/Bus/Star Topology Autonomous Wireless LAN (Lines, Machines, Skids, Equipment) Safety I/O WGB Industrial IoT Operational Technology Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 8

Industrial Network Design Methodology Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 14

Industrial Network Design Methodology Structured and Hardened Network Infrastructure Understand application and functional requirements Devices to be connected industrial and non-industrial Data requirements for availability, integrity and confidentiality Communication patterns, topology and resiliency requirements Types of traffic information, control, safety, time synchronization, drive control, voice, video Develop a logical framework (roadmap) Migrate from flat networks to structured and hardened networks Define zones and segmentation (smaller connected LANs), place applications and devices in the logical framework based on requirements Develop a physical framework to align with and support the logical framework Deploy a holistic defense-in-depth security model Reduce risk, simplify design, and speed deployment: Use information technology (IT) and operational technology (OT) standards Use reference models and reference architectures AUDIT Avoiding Network Sprawl!! Enabling OEM Convergence-Ready Solutions MANAGE / MONITOR IMPLEMENT ASSESS DESIGN/PLAN Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 15

Key Requirements, Key Tenets Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 16

Structured and Hardened Architectures Reliable and Secure Network Architectures for The Connected Enterprise Key Requirements Scalable Reliable Safe Secure Future-ready Key Tenets Smart Endpoints Segmentation (Zoning) Managed Infrastructure Resiliency Time-critical Data Wireless - Mobility Holistic Defense-in-Depth Security Convergence-ready Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 17

Key Tenet Smart Endpoints EtherNet/IP: Network Technology and Devices Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 18

Single Industrial Network Technology OSI 7-Layer Reference Model - Smart Endpoints Open Systems Interconnection Layer No. Layer Name Function Examples Layer 7 Application Network Services to User App CIP - IEC 61158 Layer 6 Presentation Encryption/Other processing Layer 5 Session Manage Multiple Applications Layer 4 Transport Reliable End-to-End Delivery Error Correction IETF TCP/UDP Layer 3 Routers Network Packet Delivery, Routing IETF IP Layer 2 Switches IES Data Link Framing of Data, Error Checking IEEE 802.3/802.1/802.11 Layer 1 Cabling/RF Physical Signal type to transmit bits, pin-outs, cable type TIA - 1005 5-Layer TCP/IP Model Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 19

Single Industrial Network Technology OSI 7-Layer Reference Model - Smart Endpoints Open Systems Interconnection What makes EtherNet/IP industrial? Layer No. Layer Name Function Examples Layer 7 Application Network Services to User App CIP - IEC 61158 Layer 6 Presentation Encryption/Other processing Layer 5 Session Manage Multiple Applications Layer 4 Transport Reliable End-to-End Delivery Error Correction IETF TCP/UDP Layer 3 Routers Network Packet Delivery, Routing IETF IP Layer 2 Switches IES Data Link Framing of Data, Error Checking IEEE 802.3/802.1/802.11 Layer 1 Cabling/RF Physical Signal type to transmit bits, pin-outs, cable type TIA - 1005 Physical Layer Hardening Infrastructure Device Hardening Common Application Layer Protocol Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 20

EtherNet/IP Device Selection Smart Endpoints ODVA Conformance tested, with declaration of conformity PlugFest - interoperability testing in a full multi-vendor system configuration Controllers # EtherNet/IP ports, types, topology Environment: on-machine / in-panel Communication speed Maximum # of nodes Minimum requested packet interval (RPI) Maximum I/O data size per RPI Sensor / Actuators Application Requirements Environment: on-machine / in-panel # EtherNet/IP ports, types, topology Communication speed Minimum RPI (how fast) Maximum I/O Data Size per RPI Selection Tools Integrated Architecture Builder (IAB) EtherNet/IP Capacity Tool Popular Configuration Drawings (PCDs) Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 23

EtherNet/IP Advantage Single Industrial Network Technology - Smart Endpoints Single industrial network technology for: Multi-discipline Network Convergence - Discrete, Continuous Process, Batch, Motor, Safety, Motion, Power, Time Synchronization, Supervisory Information, Asset Configuration/Diagnostics Established Risk reduction broad availability of products, applications and vendor support ODVA: Cisco Systems, Endress+Hauser, Rockwell Automation are principal members Supported Conformance testing, defined QoS priority values for EtherNet/IP devices Standard IEEE 802.3 Ethernet and IETF TCP/IP Protocol Suite Enables convergence of OT and IT common toolsets (assets for design, deployment and troubleshooting) and skills/training (human assets) Topology and media independence flexibility and choice Device-level and switch-level topologies; copper - fiber - wireless Portability and routability seamless plant-wide / site-wide information sharing No data mapping simplifies design, speeds deployment and reduces risk Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 24

Key Tenet Segmentation Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 25

Segmentation Structured and Hardened Network Infrastructure Smaller Connected LANs to help: Minimize network sprawl Building block approach for scalable, reliable, safe, secure and futureready network infrastructure Smaller Layer 2 broadcast domains Restrict Layer 2 broadcast traffic Smaller fault domains (e.g. Layer 2 loops) Smaller domains of trust (security) Multiple techniques to create smaller network building blocks (Layer 2 domains) Logical zoning geographical and functional organization of IACS devices Multiple network interface cards (NICs) e.g. CIP bridge Campus network model - multi-tier switch hierarchy Layer 2 and Layer 3 Virtual Local Area Networks (VLANs) Network Address Translation (NAT) Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 26

Key Tenet Segmentation Logical Zoning Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 27

Segmentation Logical Zoning Converged Plantwide Ethernet (CPwE) Architectures Logical Model Plant-wide Zoning Functional / Security Areas Smaller Connected LANs Smaller Broadcast Domains Smaller Fault Domains Smaller Domains of Trust Building Block Approach for Scalability Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 30

Segmentation Logical Zoning Converged Plantwide Ethernet (CPwE) Architectures Logical Framework Wide Area Network (WAN) Data Center - Virtualized Servers ERP - Business Systems Email, Web Services Security Services - Active Directory (AD), Identity Services (AAA) Network Services DNS, DHCP Call Manager Identity Services Enterprise External DMZ/ Firewall Internet Enterprise Zone Levels 4-5 Physical or Virtualized Servers Patch Management AV Server Application Mirror Remote Desktop Gateway Server Plant Firewalls Active/Standby Inter-zone traffic segmentation ACLs, IPS and IDS VPN Services Portal and Remote Desktop Services proxy Industrial Demilitarized Zone (IDMZ) Physical or Virtualized Servers FactoryTalk Application Servers and Services Platform Network & Security Services DNS, AD, DHCP, Identity Services (AAA) Storage Array Level 3 - Site Operations (Control Room) Wireless LAN Controller (WLC) Active Standby Identity Services Remote Access Server Core Switches Distribution Switch Stack Distribution Switch Stack Access Switches Cell/Area Zone Levels 0 2 Access Switches Cell/Area Zone Levels 0 2 Industrial Zone Levels 0 3 (Plant-wide Network) Camera WGB Phone Controller LWAP SSID 5 GHz WGB Controller LWAP Cell/Area Zone - Levels 0 2 Redundant Star Topology - Flex Links Resiliency Unified Wireless LAN (Lines, Machines, Skids, Equipment) LWAP SSID 2.4 GHz IFW Controller Rockwell Automation Stratix 5000/8000 Layer 2 Access Switch Drive HMI Soft Starter Cell/Area Zone - Levels 0 2 Ring Topology - Resilient Ethernet Protocol (REP) Unified Wireless LAN (Lines, Machines, Skids, Equipment) I/O Instrumentation IFW Servo Drive Safety Controller Robot Safety I/O Cell/Area Zone - Levels 0 2 Linear/Bus/Star Topology Autonomous Wireless LAN (Lines, Machines, Skids, Equipment) Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 31 HMI AP SSID 5 GHz Safety I/O WGB

Key Tenet Segmentation Network Services Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 34

Segmentation Network Services Multiple Network Interface Cards (NICs) - CIP Bridge Plant Network Level 3 Layer 2 Network Shared Layer 2 Network Plant Network Level 3 VLAN 102 Converged Network Control Network Levels 0-2 Layer 2 Network Benefits Clear network ownership demarcation line Challenges Limited visibility to control network devices for asset management Limited future-ready capability Smaller PACs may not support Control Network Levels 0-2 Benefits Plant-wide information sharing for data collection and asset management Future-ready Challenges Blurred network ownership demarcation line Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 35

Segmentation Network Services Multiple Network Interface Cards (NICs) - CIP Bridge Enterprise-wide Business Systems Levels 4-5 Data Center Enterprise Zone Level 3.5 - IDMZ Plant LAN VLAN 17 - Layer 2 Domain Plant IP - Subnet 10.17.10.0/24 Plant-wide Site-wide Operation Systems Line/Area Controller Level 3 - Site Operations Physical or Virtualized Servers Application Servers & Services Platform Network Services e.g. DNS, AD, DHCP, AAA Remote Access Server (RAS) Storage Array Industrial Zone Levels 0-3 Cell/Area Zones Levels 0-2 Cell/Area Zones Levels 0-2 Cell/Area Zones Levels 0-2 Cell/Area Zone #1 Subnet 192.168.1.0/24 Cell/Area Zone #2 Subnet 192.168.1.0/24 Cell/Area Zone #3 Subnet 192.168.1.0/24 Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 36

Segmentation Network Services Switch Hierarchy, Virtual LANs (VLANs) Plant-wide IACS VLAN 40 IP Subnet 172.16.40.0/24 Plant-wide IACS VLAN 40 IP Subnet 172.16.40.0/24 Plant-wide IACS 1734 Point I/O Stratix 8300 Ring EWS OWS 1732E Slim ArmorBlock I/O VLAN 10 Plant-wide IACS 1734 Point I/O Stratix 8300 Layer 3 Stratix 8000 Ring EWS OWS Stratix 5700 VLAN 5 1732E Slim ArmorBlock I/O Machine #1 OEM #1 Stratix 8000 ControlLogix 1756-EN2T Layer 2 Stratix 5700 Large Layer 2 Broadcast Domain CompactLogix 5370 L3 Machine #2 OEM #2 Machine #1 OEM #1 Machine #1 (OEM #1) VLAN 20 IP Subnet 10.20.20.0/24 VLAN 10 IP Subnet 10.10.10.0/24 ControlLogix 1756-EN2T VLAN 20 CompactLogix 5370 L3 VLAN 30 Smaller Layer 2 Broadcast Domains Machine #2 OEM #2 Machine #2 (OEM #2) VLAN 30 IP Subnet 192.168.30.0/24 VLAN 5 IP Subnet 192.168.1.0/24 Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 39

Segmentation Network Services Switch Hierarchy, Virtual LANs (VLANs) Multi-Layer Switch Layer 2 VLAN Trunking Layer 3 Inter-VLAN routing Layer 3 Switch Layer 2 Network Multiple VLANs Layer 2 Network Multiple VLANs Drive Drive HMI Controller HMI Controller = VLAN 102 EtherNet/IP Device = VLAN 102 EtherNet/IP Device = VLAN 10 - VoIP = VLAN 10 - VoIP = VLAN 42 Scanners/Cameras = VLAN 42 Scanners/Cameras Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 40

Segmentation Network Services Network Address Translation (NAT) Network Address Translation is a service which can translate a packet from one IP address to another IP address Can be a Layer 2 or Layer 3 device Has two forms: One to One (1:1) Allows for the assignment of a unique outside IP address to a specific inside IP address One to Many (1:n) a.k.a. TCP/UDP Port Address Translation (PAT). Allows Multiple devices to share one Outside address Outside Subnet (ex. 10.0.0.x) Many Outside IP addresses (One per device wishing to be accessible from the Outside Subnet) NAT Enabled Device Many Inside IP addresses (One per connected device) Inside Subnet (ex. 192.168.1.x) Inside Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 41

Segmentation Network Services Network Address Translation (NAT) Line Controller 10.10.10.5 HMI.11 I/O.14 Skid / Machine #1 Inside VLAN 2 192.168.1.0/24 Outside VLAN 2 10.10.10.0/24.13 Controller 192.168.1.10 IES-1 VFD.12 IES-2 IES-4 Stratix 5700 w/nat IES-3 Cell/Area Zone - Levels 0-2 Controller 192.168.1.10 VFD.12 I/O.13.14 Industrial Zone Levels 0-3 (Plant-wide Network) HMI.11 Skid / Machine #2 Inside VLAN 2 192.168.1.0/24 Multiple Skids/Machines Each Skid/Machine Aggregated by One Stratix 5700 Layer 2 NAT Switch Single VLAN Architecture Inside to Outside NAT Table Outside to inside NAT Table Inside to Outside NAT Table Outside to inside NAT Table IES-3 Stratix 5700 w/ NAT Inside Outside 192.168.1.10 10.10.10.20 Outside Inside 10.10.10.5 192.168.1.5 IES-2 Stratix 5700 w/ NAT Inside Outside 192.168.1.10 10.10.10.10 Outside Inside 10.10.10.5 192.168.1.5 Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 42

Segmentation Network Services VLAN Segmentation with NAT Enterprise-wide Business Systems Levels 4-5 Data Center Enterprise Zone Level 3.5 - IDMZ Plant LAN VLAN 17 - Layer 2 Domain Plant IP - Subnet 10.17.10.0/24 Plant-wide Site-wide Operation Systems Level 3 - Site Operations Physical or Virtualized Servers Application Servers & Services Platform Network Services e.g. DNS, AD, DHCP, AAA Remote Access Server (RAS) Storage Array Industrial Zone Levels 0-3 Cell/Area Zones Levels 0-2 Cell/Area Zones Levels 0-2 Cell/Area Zones Levels 0-2 Cell/Area Zone #1 VLAN 10 Subnet 192.168.1.0/24 Cell/Area Zone #2 VLAN 20 Subnet 192.168.1.0/24 Cell/Area Zone #3 VLAN 30 Subnet 192.168.1.0/24 Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 43

Key Tenet Managed Infrastructure Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 44

Managed Infrastructure Selection Industrial Ethernet Switch Type Selection Managed Switches Unmanaged Switches ODVA Embedded Switch Technology Advantages Loop prevention and resiliency Security services Management services (Multicast, DHCP per port and DLR) Diagnostic information Segmentation services (VLANs) Prioritization services (QoS) Inexpensive Simple to set up Cable simplification with reduced cost Ring loop prevention and resiliency Prioritization services (QoS) Time Sync Services (IEEE 1588 PTP Transparent Clock) Diagnostic information Disadvantages More expensive Requires some level of support and configuration to start up No loop prevention or resiliency No security services No diagnostic information No segmentation or prioritization services Difficult to troubleshoot, no management services Limited management capabilities May require minimal configuration Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 45

Managed Infrastructure Selection Managed Switches Access switching or distribution routing Diagnostic information Network Address Translation (NAT) Segmentation / VLAN capabilities Prioritization services (QoS) Network resiliency Security Appliances Secure real-time control communication Routing and firewall capabilities Intrusion protection Access control lists Wireless Technology Connect hard-to-reach and remote areas Mobile access to equipment and key business systems Minimizes hardware and wiring Premier Integration to the Rockwell Automation Integrated Architecture system and embedded Cisco Technology Manageability by OT and IT tools Topologies - Switch-level and device-level Switching network services Routing connected, static, dynamic Wireless Access Points - Autonomous and Unified Architectures Security Appliances - Industrial firewalls with inspection profiles for EtherNet/IP deep packet inspection (DPI) Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 46

Key Tenet Resiliency Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 47

Resiliency Redundant Path Topologies with Resiliency Protocols Switch-level Topologies Redundant Star Flex Links Switch Stack Ring Resilient Ethernet Protocol (REP) Switch Stack Star/Bus Linear Cisco Catalyst 2955 HMI HMI Controller HMI Controllers Controllers HMI Controllers, Drives, and Distributed I/O Cell/Area Zone Cell/Area Zone Controllers, Drives, and Distributed I/O Cell/Area Zone Device-level Topologies Switch-level and Device-level Topologies Controllers, Drives, and Distributed I/O Cell/Area Zone VFD Drive I/O I/O I/O VFD Drive Controller Servo Controllers, Drive Drives, and Distributed I/O Cell/Area Zone VFD Drive HMI HMI Controller I/O Instrumentation Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 49

Resiliency Design and Implement a Robust Physical Layer Environment Classification - MICE More than cable Connectors Patch panels Cable management Noise mitigation Bonding, Shielding and Grounding Standard Physical Media Wired vs. Wireless Copper vs. Fiber UTP vs. STP Single-mode vs. Multi-mode SFP LC vs. SC Standard Topology Choices Switch-Level & Device-Level Industrial Ethernet Physical Infrastructure Reference Architecture Design Guide ODVA Guide Fiber Guide ENET-TD003 Cable Selection ENET-WP007 Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 50

Key Tenet Time-critical Data - Time Synchronization and Data Prioritization Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 54

Time-critical Data Time Synchronization CIP Sync, IEEE 1588 Precision Time Protocol Industrial Zone Levels 0-3 (Plant-wide Network) Supervisory PAC GM TC TC AP Distribution Switch TC TC CIP Sync Defines time synchronization services and object for EtherNet/IP devices IEEE-1588 precision clock synchronization protocol CIP Safety Produced Consumed Mobile PAC S CIP Sync I/O, Safety I/O WGB BC WGB Cell/Area Zone Levels 0-2 (Lines, Machines, Skids, Equipment) GM - Grandmaster BC - Boundary Clock TC - Transparent Clock S - Slave Referred to as precision time protocol (PTP) Provides +/- 100 ns synchronization (hardware-assisted clock) Provides +/- 100 µs synchronization (software clock) Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 55

Time-critical Data Data Prioritization ODVA Quality of Service (QoS) Policies Traffic Type PTP event (IEEE 1588) PTP General (IEEE 1588) CIP Priority DSCP Layer 3 CoS Layer 2 CIP Traffic Usage n/a 59 7 PTP event messages, used by CIP Sync n/a 47 5 PTP management messages, used by CIP Sync CIP class 0 / 1 Urgent (3) 55 6 CIP Motion CIP UCMM CIP class 3 Scheduled (2) 47 5 Safety I/O I/O High (1) 43 5 I/O Low (0) 31 3 No recommendations at present All 27 3 CIP messaging QoS helps mitigate the following network issues: End-to-end delay Fixed delay latency Variable delay jitter Provides preferential forwarding treatment to some data traffic, at the expense of others Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 56

Key Tenet Convergence-Ready Network Solutions Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 57

Convergence-Ready Network Solutions Design and Implementation Considerations Partner Solution(s) e.g. Machine Partner Solution(s) e.g. Process Skid Plant-wide Industrial Automation Systems The OEM Guide to Networking ENET-RM001_-EN-P Plant-wide / Site-wide Industrial Automation Systems Design and deployment considerations that a partner (e.g. OEM, SI, Contractor) has to take into account to achieve seamless integration of their solution (e.g. machine, skid) into their customers plant-wide/site-wide network infrastructure. Early, open and two-way dialogue is critical! Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 58

Convergence-Ready Network Solutions Design and Implementation Considerations IP addressing schema Who manages? End User (OT/IT) or OEM? Address range (class), subnet, default gateway (routability) Implementation conventions static/dynamic, hardware/software configurable, NAT/DNS Use of Network Services Segmentation Data prioritization Topologies - switch-level, device-level, hybrid Availability loop prevention, redundant path topologies with resiliency protocols Time Synchronization Services IEEE 1588 Precision Time Protocol (PTP w/e2e) first fault, SOE, Motion Security alignment with industrial security standards IEC 62443, NIST 800-82 Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 59

Additional Material Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 60

Additional Material Education - Industrial IoT & Industrial IT (Bridging OT-IT) Network Design elearning course available at www.industrial ip.org with promotional code EVENTS2017 A go-to resource for training and educational information on using standard Internet Protocol (IP) for industrial applications Community of like-minded companies Cisco, Panduit, and Rockwell Automation Receive monthly e-newsletters with articles and videos on the latest trends Scenario-based training on topics such as: logical topologies, protocols, switching, routing, wireless and physical cabling Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 67

Thank You! www.rockwellautomation.com Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 69

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback