Designing Ethernet/Ip Machine/Skid Level Networks: Rev 5058-Co900D

Designing EtherNet/IP Machine/Skid Level
Networks
Rev 5058-CO900D
Copyright 2013 Rockwell Automation, Inc. All Rights Reserved.
Session Description
EtherNet/IP provides a single network technology for motion, safety,

discrete, drives, and process applications. In this session you will learn
recommended machine level architectures with best practices, and design
considerations for typical machine control system applications. A prior
understanding of general Ethernet concepts, or attendance of the
Fundamentals of EtherNet/IP session is recommended.
Agenda
Selecting Infrastructure
Information Integration
Best Practices and Example Architectures
Where
to learn more
Reference
Architectures
Solutions
33
Machine level Network Considerations

Control Requirements
I/O and motion control how much how fast
Integration to upstream or downstream equipment

Line Controller
Safety interlocking
Integration of data
SQL or other servers for data collection and monitoring
Supply chain integration
Remote Access
Troubleshooting, monitoring, program changes
44
Agenda
Selecting Infrastructure
Reference Architectures Solutions

55
Switch Considerations
Advantages
Managed
Switches
Segmentation services (VLANs)

Diagnostic information
Security services
Prioritization services (QoS)
Multicast management services
Network resiliency
Loop prevention
Unmanaged
Switches
Inexpensive
Simple to set up
Embedded
Switches
Diagnostic information
Prioritization services (QoS)
Time Sync Services (1588 Transparent
Clock)
Network resiliency
Loop prevention
Disadvantages
More expensive
Requires some level of support and
configuration to start up
No management capabilities
No security
No diagnostic information
Difficult to troubleshoot
No resiliency support
No loop prevention
Limited management capabilities

May require minimal configuration
Topology Flexibility with EtherNet/IP
LINEAR - Simplify cable management

HYBRID Obtain maximum flexibility
STAR Connect broad range of devices

RING Maximum availability
EtherNet/IP is topology neutral for maximum flexibility

Technology Segmentation
Safety System
ControlLogix chassis
EtherNet/IP
SERCOS
DeviceNet
PV+ EOI
Stratix 8000
PowerFlex 755
POINT I/O
Kinetix
6000
ArmorBlock I/O
CIP Bridge Segmentation

Safety System
Stratix 8000
EtherNet/IP
PV+ EOI
Sercos
EtherNet/IP
ArmorBlock I/O
POINT I/O
Kinetix
6000
PowerFlex 755
Converged Network Segmentation

Remote User VLAN
Control VLAN
Control Vlan
EtherNet/IP
PV+ EOI
PowerFlex 755
Stratix 8300
Kinetix
6000
POINT I/O
Safety System
ArmorBlock I/O
Control VLAN
Control VLAN
Safety VLAN
Video VLAN
Converged Network Segmentation

Enterprise Zone
Network
Enterprise
ERP, Email, Wide Area

Network (WAN)
DMZ
Industrial
Zone
Catalyst 3750 SERIES
1
SYST
RPS
MASTR
STAT
DUPLX
SPEED
STACK
MODE
9 10
11 12
13 14
15 16
17 18
19 20
21 22
23 24
1X
11X
13X
23X
2X
12X
14X
24X
Catalyst 3750 SERIES
1
SYST
RPS
MASTR
STAT
DUPLX
SPEED
STACK
MODE
9 10
11 12
13 14
15 16
17 18
19 20
21 22
23 24
1X
11X
13X
23X
2X
12X
14X
24X
Lightweight AP
(LWAP)
Mobile User
AP as Workgroup
Bridge (WGB)
Cell/Area Zone #1
Cell/Area Zone #2
Cell/Area Zone #3
Cell/Area Zone #4
Security Considerations
Physical Access Security
Disable unused switch ports
Lock a port to only allow specific devices to be
connected
Change passwords from default settings
Access Control Lists and Firewall Features
Limit access to secure areas of the network.
Limit access to secure services on the
network
Block remote access to secured devices
VLANs
Simplify security enforcement by creating
function groups
Control Access by function, by user, by
location, etc.
Infrastructure Performance
Bandwidth
1 at 4ms RPI
3 at 10ms RPI
4ms updates
10ms RPI
Total 8,100 PPS (Less than 10% of bandwidth on a single link)

13
Infrastructure Performance
Jitter
1 at 4ms RPI
3 at 10ms RPI
4ms updates
10ms RPI
14
CIP Sync System of Clocks

HIPROM GPS
0000
HP-GPS
EN2T
CNB/E
OB16IS
L63
0000
0000
GM
15
Copy
Agenda
Information Integration
Reference Architectures Solutions

Copyright 2009 Rockwell Automation, Inc. All rights reserved.
16
16
Physical vs. Logical segmentation

Isolated networks - two NICs for
physical network segmentation
Converged networks - logical

segmentation
Information Network
Control
and
Information
Network
Control Network
Benefits
Clear network ownership demarcation line
Challenges
Limited visibility to control network devices
for asset management
Limited future-ready capability
Benefits
Plantwide information sharing for data
collection and asset management
Future-ready
Challenges
Blurred network ownership demarcation line
IP address management
17
Network Address Translation

Send message
to Machine 2
CMX
10.104.2.100
10.104.100.23
Machine 2 NAT
10.104.x.x :
192.168.1.x
Machine 1 NAT
10.104.x.x :
192.168.1.x
192.168.1.100
192.168.1.100
192.168.1.104
Within a Machine
192.168.1.104
Between Machine and Line Network

Connectivity to Plant Dual NIC vs. NAT

Plant
PV+ or PV+
Compact
PV+ or PV+
Compact
10.10.10.10
192.168.1.2
CompactLogix L4
PowerFlex
4/40 AC
Drive
PowerFlex
4/40 AC
Drive
Dual NIC
Pros:
IP Addresses private to machine

IT manage external IP address
Program does not change when IT address changes
Cons:
Plant
2 Communications interfaces in controller

Web diagnostics not available outside machine
Many network services will not pass through this
gateway (SNMP, DNS, DHCP, etc.)
Knowledge of route path at the application level
10.10.10.10 192.168.1.2
CompactLogix 5370 L3
NAT
Pros:
IP Addresses private to machine

1 Communications interface in controller
Web diagnostics available outside machine
Cons:
Additional cost for NAT device or switch

Some additional complexity and management
19
Connectivity to Plant IP Routing vs. NAT

Plant VLAN
PV+ or PV+
Compact
PowerFlex
4/40 AC
Drive
Plant
10.10.10.10
PV+ or PV+
Compact
PowerFlex
4/40 AC
Drive
Machine
VLAN
IP Routing
Pros:
No machine level switch configuration needed if the
machine is a single VLAN
Removes single point of failure for NAT device
Designed to allow network services (SNMP, VPN,
DNS, DHCP)
Cons:
IP addressing must be unique at the machine level
10.10.10.10 192.168.1.2
CompactLogix 5370 L3
NAT
Pros:
IP Addresses private to machine (not visible outside of

machine network)
Web diagnostics available outside machine
Cons:
Additional cost for NAT device or switch

Some additional complexity and management
20
Strengths and Weaknesses NAT vs

Layer 3 routing
IP-routing
For pre-commissioning at
equipment manufacturer
easily possible (+)
Equipment manufacturer
requires a planned
address list (-)
Duplication of equipment
easily possible (+)
IP addressing in programs
may differ (-)
Avoid address collision

with other users of private
addresses
easily possible (+)
Centralized management
of the entire address
space needed (-)
Additional maintenance
effort for the required 1:1
NAT address mappings
(private public)
required (-)
not required (+)
Failure probability
NAT router is a "single

point of failure" (-)
Low because of redundant

router/layer 3 switch (+)
Availabilty of network
services (ie. DHCP, DNS,
Remote access)
difficult (-)
easily possible (+)
Operate and
Maintain
NAT router
Design and
Install
Criterion
Remote Access Approaches
Inside-Out
Remote
Desktop
Conference
Technology
Outside-In
VPN
Dial-Up
Modems
22
Secure Remote Access

From Cisco and Rockwell Automation
Meeting the security requirements

of IT while enabling manufacturers to
leverage shared, distributed company
resources and trusted partners
Management of assets - monitor,
configure and audit
Simplify change management,
version control, regulatory
compliance and software license
management
Simplify remote client
health management
Enterprise
Data Center
Cisco VPN Client
Internet
Enterprise Zone
Levels 4 and 5
Enterprise Edge
Firewall
S SL V P N
Secure remote access for

employees and trusted
partners such as machine
builders and system
integrators
I P S EC VPN
Remote Engineer
or Partner
Enterprise
Connected
Engineer
Enterprise
WAN
HTTPS
Enterprise Zone
Levels 4 and 5
Patch Management
Terminal Services
Application Mirror
AV Server
Demilitarized Zone (DMZ)
Gbps Link Failover

Detection
Cisco
ASA 5500
Firewall
(Standby)
Firewall
(Active)
Remote Desktop
Protocol (RDP)
Demilitarized Zone (DMZ)
FactoryTalk Application Servers
View
Historian
AssetCentre
Transaction Manager
FactoryTalk Services
Platform
Directory
Security/Audit
Data Servers
Remote Access Server
Catalyst
6500/4500
RSLogix 5000
FactoryTalk View Studio
Catalyst 3750
StackWise
Switch Stack
EtherNet/IP
Manufacturing Zone
Site Manufacturing
Operations and Control
Level 3
Cell/Area Zones
Levels 02
23
Agenda
Best Practices and Example Architectures
24
24
Machine with motion and safety
PanelView Plus
HMI
Ethernet Switch
EtherNet/IP
Vision
I/O
GuardLogix
Controller
EtherNet/IP
PowerFlex
Drives
Copyright 2010 Rockwell Automation, Inc. All rights reserved.
Kinetix 6500
Servo Drives
25
Process Skid application

Discrete (On / Off) Sensors
840E Level 837
Sensor
Temperature
Sensor
836
Pressure
Sensor
CompactLogix
Plant Network
Connectivity
Point I/O
PowerFlex40 VFDs
PanelviewPlusCE
837E
Temperature
Transmitters
836E
Pressure
Transmitters
839E Flow
Transmitters
HMI / SCADA System
O
R
873P
Ultrasonic
Level
Sensors
26
Machine level best practices summary

Best practices for machine level design:
Verify Physical Layer devices
Verify Speed and Duplex settings on
devices (should be running at
100/Full Duplex)
Use Gigabit ports whenever possible
for trunks and uplinks between
switches
Apply port security to protect open
ports on the switch
Apply password to the switches to
prevent unauthorized changes
Limit the size of broadcast domain
with segmentation
27
Agenda
Where
to learn more
Reference
Architectures
Solutions
28
28
Additional Material
Rockwell Automation
Networks Website: http://www.ab.com/networks/

EtherNet/IP Website: http://www.ab.com/networks/ethernet/
Publications:
ENET-UM001-EN-P EtherNet/IP Network Configuration
ENET-AP005-EN-P Embedded Switch application guide
ENET-RM002-EN-P EtherNet/IP Design Considerations
Network and Security Services Website:
http://www.rockwellautomation.com/services/networks/
http://www.rockwellautomation.com/services/security/
ODVA Website
http://www.odva.org
29
Additional Material
Cisco and Rockwell Automation Alliance
Website
http://www.ab.com/networks/architectures.html
Design Guides
CPwE DIG 2.0
Education Series
Whitepapers
Securing Manufacturing Computer and
Controller Assets
Production Software within Manufacturing
Reference Architectures
Achieving Secure Remote Access to Plant Floor
Applications and Data
30
Additional Material
Cisco and Rockwell Automation Alliance
Education Series Webcasts
The Trend - Network Technology and Cultural Convergence
What every IT professional should know about Plant Floor Networking
What every Plant Floor Controls Engineer should know about working with IT
Industrial Ethernet: Introduction to Resiliency

Fundamentals of Secure Remote Access
for Plant Floor Applications and Data
Securing Architectures and Applications
for Network Convergence
Available Online
http://www.ab.com/networks/architectures.html
31
Questions?
Rev 5058-CO900D
Thank you for participating!

Please remember to tidy up your work area for the next session.
We want your feedback! Please complete the session survey!
Rev 5058-CO900D

Designing Ethernet/Ip Machine/Skid Level Networks: Rev 5058-Co900D

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Designing Ethernet/Ip Machine/Skid Level Networks: Rev 5058-Co900D

Diunggah oleh

Hak Cipta:

Format Tersedia

Designing EtherNet/IP Machine/Skid Level

Copyright 2013 Rockwell Automation, Inc. All Rights Reserved.

EtherNet/IP provides a single network technology for motion, safety,

Copyright 2013 Rockwell Automation, Inc. All Rights Reserved.

Machine level Network Considerations

Integration to upstream or downstream equipment

Reference Architectures Solutions

Segmentation services (VLANs)

Limited management capabilities

Copyright 2013 Rockwell Automation, Inc. All Rights Reserved.

Topology Flexibility with EtherNet/IP

LINEAR - Simplify cable management

STAR Connect broad range of devices

EtherNet/IP is topology neutral for maximum flexibility

Copyright 2013 Rockwell Automation, Inc. All Rights Reserved.

CIP Bridge Segmentation

Copyright 2013 Rockwell Automation, Inc. All Rights Reserved.

Converged Network Segmentation

Converged Network Segmentation

ERP, Email, Wide Area

Catalyst 3750 SERIES

Catalyst 3750 SERIES

Copyright 2013 Rockwell Automation, Inc. All Rights Reserved.

Total 8,100 PPS (Less than 10% of bandwidth on a single link)

Copyright 2013 Rockwell Automation, Inc. All Rights Reserved.

CIP Sync System of Clocks

Copyright 2013 Rockwell Automation, Inc. All Rights Reserved.

Reference Architectures Solutions

Copyright 2013 Rockwell Automation, Inc. All Rights Reserved.

Physical vs. Logical segmentation

Converged networks - logical

Network Address Translation

Between Machine and Line Network

Connectivity to Plant Dual NIC vs. NAT

IP Addresses private to machine

2 Communications interfaces in controller

IP Addresses private to machine

Additional cost for NAT device or switch

Copyright 2013 Rockwell Automation, Inc. All Rights Reserved.

Connectivity to Plant IP Routing vs. NAT

IP Addresses private to machine (not visible outside of

Additional cost for NAT device or switch

Copyright 2013 Rockwell Automation, Inc. All Rights Reserved.

Strengths and Weaknesses NAT vs

easily possible (+)

easily possible (+)

Avoid address collision

easily possible (+)

not required (+)

NAT router is a "single

Low because of redundant

easily possible (+)

Copyright 2013 Rockwell Automation, Inc. All Rights Reserved.

Remote Access Approaches

Copyright 2013 Rockwell Automation, Inc. All Rights Reserved.

Secure Remote Access

Meeting the security requirements

Cisco VPN Client

Secure remote access for

Demilitarized Zone (DMZ)

Gbps Link Failover

FactoryTalk Application Servers

Remote Access Server