UserGroup · the Industrial Internet of Things (IIoT) • Local instructor-led training ......

UserGroupTechnical Seminars

Our presentation will begin at 12:00 pm Central

Design Considerations for EtherNet/IP NetworkJanuary 2020

Presenters:

Luis RamosSolution Architect

Rockwell Automation

Wayne WelkAutomation Specialist

The Reynolds Company

2020 Events

• Monthly technical seminars

• Stay current on the latest trends, products & solutions

• Hands on workshops with FactoryTalk Studio

• Cloud-based, work from your office

• Seminars and workshops that explore the Industrial Internet of Things (IIoT)

• Local instructor-led training

• Certificate programs available

https://trcautomation.solutions/events/

Future User Group Topics

February 12th

Industrial LED Lighting ControlsMarch 18th

IIoT Update with HMS NetworksApril 15th

Bringing Augmented Reality (AR) to the Factory Floor


Future Dev Day Workshops

January 28th

Introduction to Distributed HMI with FactoryTalk View SE

Also available as on-demand workshops


Future IIoT Learning Series Topics

March 18th

IIoT Update with HMS NetworksMarch 31st

Flexy 205 Advanced Functionality Workshop


Industrial Network DesignStructured and hardened network infrastructure

PUBLIC | Copyright ©2019 Rockwell Automation, Inc. | #ROKLive | 8

• What are reference architectures?• Blueprint for baseline architectures, considerations and best

practices for design and implementation

• Reference Architectures:• Marketectures – high-level marketing architectures and

illustrations• White papers and Knowledgebase articles based on

proof-of-concept (POC) testing• Accelerator Toolkits:

• Examples - Drives and Motion, Safety, Energy Management

• System Configuration Drawings• Examples – Stratix®, MCC, Wi-Fi, ControlLogix®

• Converged Plantwide Ethernet (CPwE) Architectures:• Collection of Architected, Tested & Validated Designs

• Test labs – Cisco, Panduit, and Rockwell Automation

• White papers, design guides, application guides

Reference ArchitecturesStructured and hardened network infrastructure

https://www.rockwellautomation.com/global/support/product-selection-configuration/overview.page?pagetitle=Control-Systems-Configuration-Tools&docid=01503dfdb8a20bf09c86944a6f44364b

https://www.rockwellautomation.com/global/detail.page?pagetitle=System-Configuration-Drawings&content_type=tech_data&docid=b481b5f052775d0f7aaf7590d854c4cd

https://www.rockwellautomation.com/global/capabilities/industrial-networks/overview.page?pagetitle=Network-Architectures&docid=04cf49e1d6b46f5d3dcbf777464e6e53


• Smart Industrial IoT Devices• EtherNet/IP™ Industrial IoT Technology, Hardened,

ODVA Conformance Tested• Managed Infrastructure – Stratix® for:

• Zoning (Segmentation), Resiliency, Security, Diagnostics

• Zoning (Segmentation)• Logical Model based on Standards• Physical – e.g. CIP Bridge• Switch Hierarchy (L2/L3), VLANs, Firewalls• Software-Defined Security Groups

• Resiliency• Robust Physical Layer• Redundant Paths with Resiliency Protocols• Redundant Switches, Wireless and Firewalls

• Time-critical Data• Data Prioritization via Quality of Service (QoS)• Time Synchronization via IEEE 1588 Precision

Time Protocol (PTP) and CIP Sync™

• Wireless – Mobility• Unified and Autonomous Architectures• Equipment and Personnel

• Holistic Defense in Depth Security• Multiple Layers, at different IACS Levels, with

diverse technology, implemented by different personas

• Convergence-ready• Network Address Translation (NAT)

Key tenets of Converged Plantwide Ethernet (CPwE):Structured and hardened network infrastructure

Managed infrastructure


Industrial Ethernet switch type selectionManaged infrastructure

Advantages Disadvantages

Managed Switches

Unmanaged Switches

Device Level Ring (DLR) –Embedded Switch Technology

• Loop prevention and resiliency• Segmentation services (VLANs and security groups)• Security services• Management services (Multicast, DHCP per port and DLR)• Diagnostic information• Prioritization services (QoS)

• Inexpensive• Simple to set up

• More expensive• Requires some level of support and

configuration to start up

• No loop prevention or resiliency• No security services• No segmentation or prioritization services• No diagnostic information• Difficult to troubleshoot, no management services

• Ring loop prevention and resiliency• Cable simplification with reduced cost• Prioritization services (QoS)• Time Sync Services (IEEE 1588 PTP Transparent Clock)• Diagnostic information

• Limited management capabilities• May require minimal configuration


• Manageability by OT and IT tools• Topologies - switch-level and device-level• Switching • Routing • FactoryTalk® Network Manager™ software

Managed infrastructure enables network and security servicesManaged infrastructure

Stratix® 8000/8300 Stratix® 5400 Stratix® 5410

Stratix® 5700/ ArmorStratix™ 5700

Stratix® 2500

Stratix® 5800

Industrial Ethernet Switches (IES)

• Layer 2 switching or Layer 3 routing• Diagnostic information• Network Address Translation (NAT)• Segmentation / VLAN capabilities• Prioritization services (QoS)• Network resiliency


• QoS helps mitigate the following network issues:• End-to-end delay

• Fixed delay – latency• Variable delay – jitter

• Bandwidth capacity issues• Packet loss

Quality of Service (QoS)Time-critical data - Data prioritization

Stratix® Managed Industrial Ethernet

Switches (IES)


What Is DHCP?• Dynamic Host Configuration Protocol (DHCP)

• Protocol for assigning dynamic IP addresses to devices on a network.

• DHCP Server functionality • Assigns IP address from a pool of available addresses to the devices (DHCP Clients)• If a device leaves and then rejoins the network, it may not get the same address.

• DHCP Persistence • Can be used to assign specific IP addresses.

Segmentation


Isolated Local Area Networks (LANs)Segmentation – Network services

PhysicalMultiple NIC

IsolatedNetworks

Plant-wide / Site-wide Network

Control NetworkLevels 0-2


Virtual LANs (VLANs)Segmentation – Network services

Layer 2

Stratix®

Ring

Plant-wide /

Site-wide IACS

Machine #1

OEM #1

Machine #2

OEM #2

EWSOWS

Controller

I/OI/O

Controller

Plant-wide / Site-wide IACSVLAN 40IP Subnet 172.16.40.0/24

Large Flat LANLarger Layer 2 Broadcast Domain

Machine #1 (OEM #1)VLAN 20IP Subnet 10.20.20.0/24 VLAN 10IP Subnet 10.10.10.0/24

Machine #2 (OEM #2)VLAN 30IP Subnet 192.168.30.0/24VLAN 5IP Subnet 192.168.1.0/24

Plant-wide / Site-wide IACSVLAN 40IP Subnet 172.16.40.0/24

VLAN10 Ring

Plant-wide /

Site-wide IACS

Machine #1

OEM #1

Machine #2

OEM #2

EWSOWS

Layer 3

VLAN20

VLAN30

VLAN5

Small Connected LANsSmaller Layer 2 Broadcast Domains

Stratix®Stratix®

IES IES

Controller

I/OI/O

Controller

Stratix®

Stratix®Stratix®

IES IES

Topology Design Considerations

PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 19

Redundant Path Topologies with Resiliency ProtocolsResiliency

Switch-level Topologies

Device-level Topologies

VFDDrive

I/O I/O

VFDDrive

HMII/O

I/O

Instrumentation

VFDDrive

Controller

ControllerServoDrive

Switch-level, Device-level and Hybrid Topologies

Controllers,Drives, and Distributed I/O

Cell/Area Zone

HMI

RedundantStarFlex Links

HMI

CiscoCatalyst 2955

Cell/Area Zone

Switch Stack


Cell/Area Zone

HMI

Controller

RingResilient Ethernet Protocol (REP)

HMI

Cell/Area Zone

Controllers

Controllers, Drives, and Distributed I/O

Switch Stack

Star/BusLinear

Cell/Area ZoneControllers, Drives, and Distributed I/O

HMI

Controllers


Switches (IES)


Switches (IES)

PUBLIC | TechEd | #ROKLive | Copyright ©2019 Rockwell Automation, Inc. 20

Networking Design Considerations - Topology ChoiceResiliency

Redundant Star Ring Linear

Cabling RequirementsEase of ConfigurationImplementation CostsBandwidthRedundancy and ConvergenceDisruption During Network UpgradeReadiness for Network ConvergenceOverall in Network TCO and Performance Best OK Worst

RedundantStarFlex Links

HMI

CiscoCatalyst 2955

Cell/Area Zone

Switch Stack


Cell/Area Zone

HMI

Controller

RingResilient Ethernet Protocol (REP)

HMI

Cell/Area Zone

Controllers

Controllers, Drives, and Distributed I/O

Switch Stack

Star/BusLinear

Cell/Area ZoneControllers, Drives, and Distributed I/O

HMI

Controllers


Switches (IES)

Device Level Ring (DLR)


Device Level Ring (DLR) Overview

A DLR network is a single-fault tolerant ring network

Advantages include: Simple installation

Resilience to a single point of failure on the network

Fast recovery (3ms) time when a single fault occurs on the network

Comprehensive diagnostics

Hardware Support: Stratix 5700 / 5400 / 5800

IO / Power / Visualization / E-Taps

A full report is provided in ENET-TD015_-EN-P


Device Level Ring protocol

Device Level Ring Topology

• Supervisor blocks traffic on one port

• Sends Beacon frames on both ports to detect break in the ring

• Once ring is restored, supervisor hears beacon on both ports, and transitions to normal ring mode, blocking one port

Beacon Beacon

Announce AnnounceBlocking

Forwarding

I/O I/O

Active Ring Supervisor

Controller

VFDI/O

IES


Device Level Ring (DLR) ExampleDevice Level Ring (DLR) Faceplate - Diagnostics

Shown using DLR faceplates: Available diagnostics:

Network Supervisor

Node

Ring Participant

Node

Connection Link Status (Red/Green)

Supervisor Takeover

Order


Redundant Gateway and DHCPDHCP for DLR Overview

Combines Direct DLR and DHCP: Provides assignment of fixed IP addresses to devices on the

Device Level Ring

Similar to DHCP per port except that end devices are recognized by their location on the ring

DHCP switch must be the ring supervisor

Table does not have to include all devices on the ring

Parallel Redundancy (PRP)


• What is PRP?• PRP, parallel redundancy protocol, IEC standard

62439-3• Fault tolerant, fully redundant Ethernet infrastructure

at Layer 1 and 2• Same packet is sent on both LANs

• Typical applications for PRP• Where redundant network infrastructure is desired• Process applications (eg. 24x7x365 operational

requirements)• ControlNet redundant media migration opportunities,

such as transportation tunnels

PRP (Parallel Redundancy Protocol)

LAN A LAN B

Overview


• PRP terminology• DAN, Dually Attached Node, has PRP protocol built in and attaches to both LANs• SAN, Singly Attached Node, is a node that does not have PRP built, attaches to one LAN• RedBox, facilitates PRP connectivity for standard devices• VDAN, Virtually attached Node would be the device connected through the RedBox.

PRP (Parallel Redundancy Protocol)IEC standard terminology

LAN ALAN B

SAN

DANs in I/O chassis

VDANs

RedBox –Stratix® 5400


• Smart Industrial IoT Devices• EtherNet/IP™ Industrial IoT Technology, Hardened,

ODVA Conformance Tested• Managed Infrastructure – Stratix® for:

• Zoning (Segmentation), Resiliency, Security, Diagnostics

• Zoning (Segmentation)• Logical Model based on Standards• Physical – e.g. CIP Bridge• Switch Hierarchy (L2/L3), VLANs, Firewalls• Software-Defined Security Groups

• Resiliency• Robust Physical Layer• Redundant Paths with Resiliency Protocols• Redundant Switches, Wireless and Firewalls

• Time-critical Data• Data Prioritization via Quality of Service (QoS)• Time Synchronization via IEEE 1588 Precision

Time Protocol (PTP) and CIP Sync™

• Wireless – Mobility• Unified and Autonomous Architectures• Equipment and Personnel

• Holistic Defense in Depth Security• Multiple Layers, at different IACS Levels, with

diverse technology, implemented by different personas

• Convergence-ready• Network Address Translation (NAT)

Key tenets of Converged Plantwide Ethernet (CPwE):Structured and hardened network infrastructure

Happy New Year…

UserGroup · the Industrial Internet of Things (IIoT) • Local instructor-led training ......

Documents

Transcript of UserGroup · the Industrial Internet of Things (IIoT) • Local instructor-led training ......