By Philip Burgert
Design and initial configuration are among the most important stages when constructing an industrial network.
Proper configuration can be easier, and a consistent network operation ensured by evaluating a few tips gathered from software and network suppliers.
Tip #1: Configuration should keep real-time traffic in the same local area network and at the same time keep local area networks as small as possible while establishing a firewall demilitarized or demarcation zone between process manufacturing and office or enterprise networks, says Mark Fondl, president and CEO at Network Vision.
Tip #2: With virtual local area networks, be sure to configure network address ranges and subnet masks properly to allow access by routers, Fondl says. Make sure all the subnet masks in a network are in the same range. Organize the VLAN based on application or broadcast domains, not on equipment type. This means segmenting Ethernet traffic to the same structures as traditional industrial networks like SCADA, drives, I/O, and peer-to-peer.
Tip #3: Build networks with the cost of downtime in mind, says Tony Oberkirch, market analyst for N-Tron. It makes no sense to purchase low-cost or low-quality cable and infrastructure components to save a few dollars, only to find that these components cause regular network outages that cost tens of thousands of dollars with each occurrence, he adds.
Tip #4: For control applications, use devices equipped with dual, redundant power inputs. Oberkirch notes that most industrial Ethernet devices have mean time between failure (MTBF) figures that exceed those of power supplies. Dual power supplies will ensure maximum uptime and availability of the network.
Tip #5: Information security has become a major concern, particularly with wireless networks, reminds Sachin Gupta, senior wireless consultant with Invensys Process Systems. He recommends changing default passwords needed to access wireless devices as well as the default service set identifier or network name, along with disabling SSID broadcast. Network crackers know passwords set by manufacturers and default names of various brands of equipment. A default name in use suggests the network has not been secured. Gupta also recommends using a name that will not be associated with the network owner in order to avoid being specifically targeted.
Tip #6: If possible, wireless network access points should be arranged to provide radio coverage only in the desired area. Any wireless signal that spills outside of the needed area is an opportunity for a cracker to access the network without entering the premises, Gupta notes. Directional antennas should be used, if possible, at the perimeter directing their broadcasting inward. Some access points allow the signal strength to be reduced in order to minimize such signal leakage.
Tip #7: A full-duplex, switched network is very predictable, notes Larry O'Connell, senior product manager, Cisco Systems. To further ensure that a control network guarantees delivery in an expected time interval, even during network congestion, he recommends the use of quality of service or QoS. Equipment supporting QoS can identify data by its application, prioritize it accordingly and even allocate bandwidth to guarantee performance, he states.
Tip #8: OConnell notes that network design and configuration tools are available widely, but tend to require a high level of IT networking background or experience to be used effectively. The good news is that new levels of interoperability between automation and control applications give plant-floor personnel more information and control over the networks they rely on, he says. For example, new industrial network devices can act as industrial devices to the automation and control system. These network devices can be monitored and configured directly from the automation and control applications that plant personnel are accustomed to, which significantly improves the manageability of industrial networks for small to large plants, OConnell says.
Tip #9: Kenneth Austin, Ethernet marketing specialist for automation systems, Phoenix Contact, recommends use of simple network management protocol (SNMP) to let network management systems monitor devices on the network for conditions that warrant action. SNMP-capable devices describe their configuration and management information through a set of variables called object identifiers (OIDs) that can be queried and often set by management applications. SNMP is popular and is recognized as the standard for integrated management of diverse network devices, notes Austin.
Tip #10: Austin recommends Internet group management protocol snooping, noting that Ethernet and Internet protocol devices generate large volumes of multicast packets and making it necessary to limit which end devices receive the traffic. When a switch without IGMP snooping receives multicast messages, it floods all ports, potentially overloading end devices and other network switches, says Austin. A switch with active IGMP snooping watches passing multicast messages and adds the necessary ports to a multicast table, ensuring that only the devices that require a given multicast stream actually receive it.
Phil Burgert can be reached at [email protected].
