Switches Industrial Automation Infrastructures Industrial Switches 2 Theres

Switches Industrial Automation Infrastructures

Industrial Switches 2 There’s a Difference

For that matter, Why do I care about Managed or Unmanaged? Difference? What do you mean by Layer 2 and Layer 3? Right? As long as the green light is flashing, I’m good. 3

What is a “Layer”? § “Layer” is used to identify a network device’s position within the network as well as it’s functions and capabilities. § The term layer is derived from the “OSI - Open Systems Interconnect Model” and explains how information is processed by the networking device. 4

5

Layer 1 Remember Hubs? § If you are looking for problems on an industrial Ethernet network, hubs are the first place to look § To put it simply, never, ever use a hub in an Industrial Ethernet environment (NON-Deterministic) § Hubs are nothing more than multiport repeaters. Sometimes used as range extenders to repeat data from one segment to anothe. 6

Layer (2) Two § Every device on your network has a unique identifier, referred to as a MAC (media access control) address § When a switch first powers up, it initially behaves like a hub broadcasting all traffic everywhere MAC Address looks like: (00: 26: F 2: 96: A 1: 9 F) 7

8 Layer (2) Two § As devices pass information between ports, the switch monitors this traffic and determines which MAC address is associated with which port and places the information in a MAC address table MAC Address looks like: (00: 26: F 2: 96: A 1: 9 F) 8

Layer (2) Two § Once the switch determines which MAC address is associated with which port it will watch for information intended for that MAC address, and transmit such information only to the port associated with that address Port Number 9 MAC Address 1 00: 26: F 2: 96: A 1: 9 O 2 91: 4 G: Z 1: HH: D 3: KK 3 45: KK: HY: CQ: T 2: 8 T 4 21: P 6: V 5: D 2: 00: Z 4

Layer (3) Three § A Layer 3 switch performs IP address resolution and is commonly referred to as a router § Look at a layer-3 switch as the connection between multiple layer-2 switches § It does this by listening to and recording the IP addresses of the layer-2 switches that it communicates with 10 IP Address looks like: (198. 000. 001)

Layer (3) Three § Using the routing table the Layer-3 switch passes packets to the port that is associated with the IP address of the packet § In this way traffic is limited to the segment that it belongs to § Builds tables that will determine where addresses are located thru other switches 11 IP Address looks like: (198. 000. 001)

Managed vs. Unmanaged NOT PROGRAMABLE! § Layer 2 Only, and can only do what it was programmed to do from the factory § Not secure – All ports are open ports Managed PROGRAMABLE! § Layer 2 and 3 – Many features to aid in data priorities, securities, managing and directing data flow and traffic levels § Secure – Ports are able to be PW Protected 12

Managed vs. Un. Managed § Quality of Service allows you to prioritize your network traffic by assigning a higher priority to critical traffic § This helps ensure consistent network performance and can support delay-sensitive data Identify & Prioritize 13 Manage & Sort Process & Send

Managed vs. Un. Managed • Resiliency provides the ability to safeguard a network by providing an alternate data path for traffic, by using STP, (Spanning Tree Protocol, resolves in 1 -2 minutes) • Stratix (Cisco) has the ability to use REP, (Resilient Ethernet Protocol, resolves in 60 -70 m. Sec) 14 § Port Mirroring the switch sends a copy of network packets to a monitoring network connection. Used in troubleshooting network issues thru packet analysis

Multicast vs. Unicast vs. Broadcast https: //www. youtube. com/watch? v=gh. Rt. Px. QTTG 8 15

Internet Group Management Protocol (IGMP) Snooping A switch will flood multicast traffic to all the ports in a broadcast domain (or the VLAN equivalent). Multicast can cause unnecessary load on host devices by requiring them to process packets they have not solicited. § IGMP Snooping: – Prevents hosts on a local network from receiving traffic for a multicast group they have not explicitly joined – Provides switches with a mechanism to prune multicast traffic from links that do not contain a multicast listener (an IGMP client) – Allows a switch to only forward multicast traffic to the links that have solicited them – Takes place internally on switches and is not a protocol feature – Useful for bandwidth-intensive IP multicast applications such as IPTV or Control I/O 16

Managed vs. Unmanaged VLANs § Allow a switch to logically group devices together to isolate traffic between these groups even when the traffic is passing over the same physical switch § This segmentation and isolation of network traffic helps reduce unnecessary traffic and in many cases provides an additional level of security 17 What is the difference between a VLAN and a Subnet?

VLANs vs. Subnets § VLAN – A good way to think of this is "switch partitioning. " VLAN 101 VLAN 102 18

Logically Isolate Areas of Control 19 (Confidential – For Internal

Segmentation by Function, Not By Location Clear division of responsibilities can easily be obtained 20

VLANs vs. Subnets § Subnet – A range of IP addresses determined by part of an address and a subnet mask – IF - the netmask is 255. 0, and the network address is 192. 168. 10. 0, then that defines a range of IP addresses 192. 168. 10. 0 through 192. 168. 10. 255 – Shorthand: 192. 168. 10. 0/24 192. 168. 010. 000 255. 000 21 § VLAN – Switch Partitioning – Example: An 8 port switch that is VLAN-able. You can assign 4 ports to one “VLAN 1” and 4 ports to another “VLAN 2” “VLAN 1” will not see any of VLAN 2 traffic and vice versa – Normally, if the switch hasn't seen a MAC address it will "flood" the traffic to all other ports. VLANs prevent this

VLANs vs. Subnets § VLAN – A good way to think of this is "switch partitioning. " – Let's say you have an 8 port switch that is VLAN-able. You can assign 4 ports to one VLAN (say VLAN 1) and 4 ports to another VLAN (say VLAN 2). VLAN 1 won't see any of VLAN 2's traffic and vice versa, logically, you now have two separate switches. – Normally on a switch, if the switch hasn't seen a MAC address it will "flood" the traffic to all other ports. VLANs prevent this. 22

Other Network Devices Network Address Translation (NAT) Device (Bulletin 9300) § Helps configure multiple machines on a single line to have identical network settings, allowing easy remote support through VPN connection § The NAT device adapts the machines to specific network configurations without requiring complicated, costly, and time-consuming changes § As a result, control systems with identical settings communicate over Ethernet networks without reconfiguring settings 23

Other Network Devices Stratix™ 5900 Services Router § Combines several modern security functions into a single appliance to protect control systems networks, not only at the perimeter, but also at the cell/zone level § This router is compact, robust, and industrially hardened to provide a variety of managed switching features 24

Embedded Switch Technology § Enables Linear and Ring topologies for Ether. Net/IP devices § Network traffic is prioritized to ensure timely delivery of critical data – Ring recovery time is less than 3 ms (worst case) for a 50 node device ring. – 1588 transparent clock support ensures tight synchronization for CIP Motion and CIP Sync applications. – Supports quality of service (Qo. S) and IGMP § Open standard (ODVA) allows suppliers to develop compatible products 25

Embedded Switch Technology Linear § Linear Ethernet segments greatly extend the length of the application § No need to run cables from each device back to a centralized switch 26 Device-Level Ring (DLR) § Single fault tolerant network provides resiliency § Device level ring requires no additional hardware to implement

Embedded Switch Technology 1783 -e. Tap 2 Copper 1 Copper + 1 Fiber 27

Questions? Industrial Automation Infrastructures