2/15/2016 Automation Basics: Network design fundamentals for the connected world ISA TRAINING & STANDARDS & CONFERENCES NEWS & TECHNICAL PROFESSIONAL MEMBERSHIP RESOURCES STORE CERTIFICATIONS PUBLICATIONS & EVENTS PRESS RELEASES TOPICS DEVELOPMENT Home › ISA Publications › InTech Magazine › 2015 / MarApr › Automation Basics: Network design fundamentals for the connected world Network design fundamentals for the About the Author Dan McGrath, P.E., solutions connected world manager for Panduit, helps lead Industrial IP Advantage, which is a coalition launched by Panduit, By Dan McGrath, P.E Cisco, and Rockwell Automation promoting standard, unmodified The benefits of converging industrial and Ethernet and Internet protocols for information networks with a validated industrial applications. McGrath secure architecture based on standard has more than 25 years of Internet Protocol (IP) technologies are experience in automation and well established. The benefits include industrial networking for global greater connectivity and integration manufacturing operations. He across plants, easier data sharing across holds a B.S. degree in electrical the enterprise, and better visibility into engineering and has attained realtime operations. professional engineer and ASQ certified quality engineer Bringing together information technology certifications. For more (IT) and operations technology (OT) information and educational networks is complex because of the gray resources, visit www.industrial area between IT and OT roles and ip.org. responsibilities within the company. IT and OT professionals must have a More Automation Basics common understanding of a host of Gateway physical segmentation example: techniques and technologies to Basics of continuous level two NICs for network segmentation. overcome this complexity and establish a measurements converged infrastructure that is secure Distillation column loop tuning and manageable by all critical Proper motor protection with IEC stakeholders. versus NEMA Control valves – an update The techniques and technologies used in network design can be simplified by leveraging the ISA/IEC62443 Zones and Conduits Model developed by the ISA99 committee. The three design The Art of instrument selection areas are: An hour with Doctor Flowmeter Hybrid temperature controllers cell or area zone offer more versatility production site operations Thermocouples versus RTDs enterprise zone integration See all Automation Basics Articles Designing for the cell or area zone Reader Feedback We want to hear from you! Please Several considerations must be made to ensure the network infrastructure addresses your data, send us your comments and security, and availability requirements at the cell or area network level. Machines and process skids are seeing high growth in number and criticality of IP connections. One of those considerations questions about this topic to InTechmagazine@isa.org. should be logical segmentation, which is the process of dividing end points into subnets and virtual local area networks (VLANs). A key recommendation for industrial networks is to create smaller layer 2 networks to improve performance with the maximum of 200 devices within a zone or VLAN. https://www.isa.org/intech/201504basics/ 1/4
2/15/2016 Automation Basics: Network design fundamentals for the connected world ISA VLAN spanning multiple switches Segmentation allows for smaller layer 2 domains, which helps constrain broadcast and multicast traffic. It also helps manage the network’s realtime communication properties and supports the network’s trafficflow requirements. With segmentation, manufacturers and industrial operators can meet their security requirements by limiting remote expert or original equipment manufacturer network access to only specified machines. Organizations often accomplish physical segmentation within the cell/area zone network by using separate cabling and switches. This common approach in Ethernet networks can become a hindrance to network performance if not properly planned. For example, physically separating input/output (I/O) and humanmachine interface traffic without connecting the I/O traffic to an interconnected layer 3 switch can limit overall connectivity and even cause delays. Networks should, at a minimum, be connected to a layer 2 or layer 3 switch, rather than a controller, to interconnect. VLANs are a very effective way to execute segmentation: specifically, for segmenting different traffic types—industrial and nonindustrial—as well as creating smaller layer 2 networks. Establish VLANs in a onetoone relationship with subnets to make routing easier and more straightforward. Devices on a single VLAN are typically assigned IP addresses from the same subnet, and they do not require a layer 3 switch or router to communicate among each other within the VLAN. Using a layer 3 switch or managed switches with layer 2/3 functionality allows communication between VLANs. A management VLAN should be established for management across multiple cell/area zones. Additionally, using structured cabling for interswitch links and more critical runs in your cell/area zone is a best practice network design approach. Pointtopoint cabling is the norm for connecting endpoint devices in close proximity. However, more critical connections can benefit from using industry standards designed to ensure a testable, scalable infrastructure. A structured cabling approach has better organization and testability with patching fields, permanent links, and patch cords that are validated as a highperformance system for rising data rates and high availability. Structured cabling built on TIA1005 or ENXXX standards have the bandwidth and noise immunity for challenging cell or area zone deployments to ensure uptime. Designing for production site operations The Internet of Things (IoT) has created an explosion of smart IP–enabled devices that were not traditionally connected to the network. This has created an opportunity to deploy a more flexible architecture with mobile access to data and connectivity within the production environment. Wireless network technology is one of the key enablers for realizing the value of IoT. Wireless technology offers new capabilities, such as “bring your own device” and wireless security cameras, to protect assets and lower installation and operational costs. Wireless local area networks are significantly different from wired LANs, and they should be designed for your security, reliability, bandwidth, and throughput requirements. For example, WiFi Protected Access 2 with Advanced Encryption Standard encryption is the only mechanism recommended for control and automation wireless applications, and it should be used in combination with other security methods, such as preshared key authentication. Wireless channel packet rates should be limited to 2,200 packets per second to help avoid packet delays, and they should be reduced in areas that experience interference and radiofrequency issues. Also, avoid the more heavily used 2.4GHz band for industrial control applications because you may encounter interference. The 5GHz band provides dedicated bandwidth and less interference. Conducting a site survey will also help you identify and curtail other potential interference within a production environment. https://www.isa.org/intech/201504basics/ 2/4
Recommend
More recommend