1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Intelligent Ethernet and EtherNet/IP Deployments Cisco Systems, Inc

1© 2003 Cisco Systems, Inc. All rights reserved.

Session NumberPresentation_ID

Intelligent Ethernet and EtherNet/IP Deployments

Cisco Systems, Inc.

222© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID

Why Ethernet?

• From just 500Kbps 10,100, Gig, 10 Gig

• From limited Many management management options

• Proprietary Common standards

•From isolation WW connectivity

Ethernet. . . the everlasting advantage of simplicity and total cost of ownership

Ethernet. . . the everlasting advantage of simplicity and total cost of ownership

Challenge on the Factory FloorChallenge on the Factory Floor SolutionSolution EthernetEthernet

•From single vendor Multiple vendors


Intro to Networking World: Understanding the OSI Model

NO. NAME ENCAPS / PDU DEVICES PROTOCOLS NOTES NOTES

7 Application Raw Data Software

PCs

Crayons, Pictures,

Writing, Sound

Checks availability with comm.

partner

Ideas, Thoughts

6 Presentation .doc .xls .midi .ppt .jpg .bmp .gif .mp3 .ascii .ebcdi

c

Syntax, Compressio

n, Formatting

Standardized format

5 Session NFS SQL

NetBios RPC

Establish, manage and

terminate sessions

Negotiate a session set

up

4 Transport Segment TCP UDP Windowing, Buffering

Reliable or unreliable

3 Network Packet Routers,

PCs

IP IPX Logical Addressing,

Best path

Routed or routing

protocols

2 Data Link Frame Bridges,

Switches

FR, TR, ATM, FDDI, Ethernet,

SDLC, ISDN, SNA

BIA address,

Flow Control

MAC address

1 Physical Bits Hubs,

Repeaters

Cables, Connectors,

NIC Cards

Like Morse Code


Media Transmission Chart

NAME ACRONYM LENGTH DATA RATE STANDARD

Twisted Pair TP 100 M 10 MBPS 802.3

Shielded Twisted Pair STP 10 MBPS

Coax - Thick 500 M 10 MBPS

Coax - Thin 185 M

Fast Ethernet TP (UTP)

Fast E

100 M 100 MBPS 802.3

Fiber - Multimode 2000 M

Fiber - Singlemode 15000 M

Gigabit Ethernet Gig E


Sender

Data Link

Network

Transport

Session

Presentation

Application

Physical

Receiver

Data Link

Network

Transport

Session

Presentation

Application

Physical

How the OSI Model Works

MEDIA


Ethernet – Original Implementations

PC A PC B PC C

PC F PC G

PC D

PC H PC J

PC E

Ethernet was originally designed as a bus topology


Basic Ethernet Implementation

PC A PC B PC C

PC F PC G

PC D

PC H PC J

PC E

Whoever transmits owns the wire!

Broadcast Domain


Basic Ethernet Implementation

PC A PC B PC C

PC F PC G

PC D

PC H PC J

PC E

So, What Happens When Two Data Streams Are Sent At The Same Time?

Broadcast Domain and a Collision Domain


Ethernet “Collisions”

PC A PC B PC C

PC F PC G

PC D

PC H PC J

PC E

PC’s B and D Transmit Simultaneously




PC A PC B PC C

PC F PC G

PC D

PC H PC J

PC E

If both transmit at the same time, there is a “Collision”


Collision



PC A PC B PC C

PC F PC G

PC D

PC H PC J

PC E

When there is a collision, both sides “back off” (stop, wait a for a random time segment, and re-

transmit)

Back Off



Random Backoff and Re-Transmission

PC A PC B PC C

PC F PC G

PC D

PC H PC J

PC E

Both sides re-transmit successfully

Re-send 5 ms.

Re-send 7 ms.


Watch out for COLLISION DOMAINS

• What makes up a collision domain?

Half Duplex Transmission

Ethernet Hubs (creates a shared bus)

• Avoid designs that create a COLLISION Domain

-- Data transmission is not predictable – NOT DETERMINISTIC

• Deploying Ethernet in a collision domain architecture is NOT acceptable for Manufacturing Control applications!!!


Deploying Deterministic Ethernet Networks

• FULL DUPLEX Ethernet vs. HALF DUPLEX Ethernet

• Switches vs. Hubs

• Intelligent Switching vs. basic Switching


Half versus Full Duplex transmission

• Half Duplex

One station transmits, other listens.

While transmitting, you do not receive, as no one else is transmitting.

If someone else transmits while you are transmitting, then a collision occurs

Any “Receive-while-Transmit” condition is considered a collision

NON-DETERMINISTIC

• Full Duplex (standardized in 802.3x)

Transmit and receive at the same time.

Transmit on the transmit pair, and receive on the receive pairs.

No collision detection, backoff, retry, etc

Collision Free. No CS, no MA, no CD. Only relationship to HD is frame format & encoding/signaling method

DETERMINISTIC


Switches vs. Hubs

Ethernet 10

One device sending at

a time

Hub

All nodes share 10 Mbps

Layer 1 DomainLayer 1 Domain

Ethernet Switch

Each node has 10 Mbps

Backbone Switched Ethernet 10

Multiple devices

sending at the same time

Layer 2 DomainLayer 2 Domain


Shared Ethernet 10

Each node has 10 Mbps

Switched Ethernet 100

•Ethernet has progressed exponentially since it was first introduced

Cost

Performance

Shared Media vs. Switches

Collisions vs. Determinism

•Requirements for an scalable industrial networking solution go even farther

•Intelligent Ethernet switches enable personalized bandwidth per port

Ethernet Switching Delivers Determinism


A C

B

2

4

1

10 Mbps

10 Mbps

• Forwards packets based on a forwarding table

Forwards based on the MAC (Layer 2) address

• Operates at OSI Layer 2

• Learns a station’s location by examining source address

Sends out all ports when destination address is broadcast, multicast, or unknown address

Forwards when destination is located on different interface

Interface

Sta

tio

ns

1 2 3 4

A X

B X

3

LAN Switch Operation


Motors, Drives,

ActuatorsRobotics

Sensors and other Input/Output Devices

Programmable Logic Controllers (PLC)

Human Machine Interface (HMI)

PC Based Controllers

Back-Office Mainframes and Servers (ERP, MES, CAPP, PDM, etc.)

Device Level Network

Ethernet

Office Applications, Internetworking, Data Servers, Storage

Corporate IT Network

Central NMS

Pager

Handheld

Scanner

Wireless Video Apps

Video Feed

Industrial Ethernet is Extended to the Control Layer


Challenges of Implementing Ethernet

Ethernet Evolution

Intelligent Services in the Network

Agenda

Availability, QoS, and Security

Summary


• Benefits

Enhanced Productivity and Efficiency

Reduced Costs

Remote Diagnostics

Streamlined Network Infrastructure

Scalability

• Challenges

Determinism: Is the Control Data always on time?

Uptime: Is my network as resilient?

Access Control: Are authorized entities the only ones accessing the control traffic and data?

The Benefits and Challenges of Ethernet


• Industrial Ethernet deployments must focus on three key areas for scalable deployments

Availability: Insure that network resources are resilient and scalable

Quality of Service: Provides assurance of low latency and delay of the Control Data

Security: Protect the factory floor data and network resources from threats and/or unauthorized access

• By implementing these functions, Industrial Networks will institute a solid foundation for supporting incremental applications and solutions

Challenges to Implementing Ethernet Can be Addressed



Ethernet Evolution


Agenda

Availability

QoS

Security

Summary


Core

Distribution

Access

Core

Distribution

Access

Ring Topology

Distribution

Core

Access

Dual Homed Tree Network Design

Traditional Redundant Network Designs


Logical Industrial Ethernet Template

SiSi SiSi

SiSi SiSi

Access/Client Layer- IGMP Snooping will be employed to control multicast Producer/Consumer communication model

Distribution/Access Layer- 802.1D, 802.1W and 802.1S will be employed to ensure layer 2 convergence <= 50ms.

VLAN 102VLAN 103

VLAN 104VLAN 105

VLAN 101

Core Layer- RMON, CDP,NTP and SNMP will be employed to aid in management.

In all instances where applicable a QOS template should be engineered and deployed. A minimum configuration to classify traffic at the access layer must be employed to ensure a QOS template in the future.

Backbone Network

CellCell

ZoneZone

CellCell


• IEEE 802.1w standard providing sub-second redundant link resilience (Non Timer Based)

• Eliminate forwarding delay on point-to-point links using explicit handshaking protocol

Learning

Forwarding

Blocking

Forwarding

20 sec

Listening15 sec

15 sec

Blocking

802.1d 802.1w(p2p link) < 1 sec

Proposal-AgreementHandshake

What is 802.1w? Inter-Switch Determinism


• Most Proprietary convergence schemes disable or cannot support Spanning Tree

• Disabling Spanning Tree can cause loops in the network.

• Control Networks can now rely on a standards base method for sub-second convergence

• Backward compatible with 802.1D (Spanning Tree Protocol) allowing for a direct connection with traditional data networks

IEEE 802.1w in Control Networks


Mb

ps

Producer-Consumer

Multicast Traffic

Unicast Traffic

No. of Control Devices

Mb

ps

Traditional Multicast

Unicast Traffic

Multicast Traffic

No. Multicast Users

Traditional vs. Producer-Consumer Multicast Models


• A Layer 2 switch will flood multicast packets to all ports within the same VLAN by default

• An Intelligent switch will “Snoop” or intercept IGMP Joins and Leaves received on interfaces from hosts

• Traffic is forwarded only to those ports which have “Joined” the multicast group

• Traffic continues to be forwarded until the client issues a Leave Message at which time the switch will stop forwarding traffic on that port.

• When all nodes have “left” the particular group, the multicast router will prune off the traffic

IGMP Snooping and Intelligent Ethernet


• Without IGMP Snooping hosts (I/O Devices) can be overwhelmed by traffic not addressed to them

• In a Consumer-Producer Model traffic grows exponentially with the number of hosts unless multicasts are constrained

• IGMP Snooping provides scalability for Consumer-Producer Data Models by limiting the amount of multicast traffic

• Performance benefits of the Consumer-Producer model are maintained (all consumers have equal access to data)

Mb

ps

Producer-Consumer

Multicast Traffic

Unicast Traffic

No. of Control Devices

Multicast with IGMP Snooping

IGMP Snooping Summary



Ethernet Evolution


Agenda

Availability

QoS

Security

Summary


Data Collection

Mission-Critical (Control)

Back Office

Configuration (File Transfer)

• Classification

• Policing

• Congestion avoidance

What Is Quality of Service (QoS)?

QoS enables determinism in Industrial Ethernet deployments


Aggregation

Speed Mismatch

10 Mbps

1000 Mbps

• Points of substantial speed mismatch and points of aggregation

• If a buffer fills it is not possible to place new traffic into it DROPS!

• Increasing the size of the buffer can help avoid drops but introduces delay

Why QoS? Congestion,Control Operational Determinism


Control Control VideoVideo Data (Best-Effort)

Data (Best-Effort)

VoiceVoice

BandwidthBandwidth Low to ModerateLow to

ModerateModerate to High

Moderate to High

Moderate to High

Moderate to High

LowLow

Random Drop Sensitivity

Random Drop Sensitivity

HighHigh LowLow HighHigh ModerateModerate

Delay SensitivityDelay Sensitivity

HighHigh HighHigh LowLow Moderate to High

Moderate to High

Jitter SensitivityJitter Sensitivity HighHigh HighHigh LowLow HighHigh

Not All Traffic Is Created Equal


Application

Device Profiles

L2 Data Link

L1 Physical

IPV4 ToS L3 Network

L4 Transport

Physical Layer

EtherNetMAC/LLC

IP

TCP UDP

Message Routing, Connection Management

Data Management ServicesExplicit Messages, I/O Messages

Application Object Library

Semi-conductor

Valves Drives Robots Other

Fieldbus Specific

QoS Parameters

802.1Q/p CoS802.1Q/p CoS

Quality of Service and the OSI Model


ClassificationPolicing/Metering

Marking

Queue/Schedule

Congestion Control

INGRESS ACTIONS EGRESS ACTIONS

Distinguish Traffic by examining L2-L4 labels and QoS fields.CoS changed depending on trust state at port.

Ensure conformanceto a specified rate

DSCP-CoS or CoS-DSCP mapping 4 queues/port with

Priority scheduling

• QoS classification based on Layer 2/3/4 attributes:

• Destination MAC Address• Ethertype• Source / Destination IP Address• TCP / UDP Source or Destination Port Number

Aggregate QoS Model for Industrial Ethernet


An Example: EtherNet/IP Model

UDPUDP

ARPARP IP RARPRARP

ICMPICMPOSPFOSPF

TCP

FTP HTTPBOOTPDHCPSMTP SNMP

IGMPIGMPIGRPIGRP

IEEE 802.3 Ethernet

Application

Data LinkPhysical

Network

Transport UDPUDP

IP

TCP

CIP

ExplicitMessaging

Real-timeI/O Control

Priority on Control Traffic (UDP Port 2222) guarantees that there will not be delay or jitter affecting any control functions such as interlocking

Control traffic can be tagged at L2 or L3 depending on the existing network architecture


• QoS enables low-latency of Control Traffic guaranteeing a deterministic behavior for critical control data

• L2-L4 packet inspection and tagging should be used to establish traffic priorities

• Buffer management is a key part of QoS

• As networks evolve to support more services QoS becomes even more critical

• QoS is an essential component for scalable deployments

QoS Benefits Industrial Network Deployment



Ethernet Evolution


Agenda

Availability

QoS

Security

Summary


Security in IP Networks

• Any IP network that does not implement the appropriate security mechanism is susceptible to intrusion

• Intrusion by malicious entities can potentially bring down a network and capture key competitive information

• Large scale secure EtherNet/IP networks are successfully deployed today in numerous critical services (financial, medical, process control, etc.)

• Intelligent Ethernet Switches support security features that work at different layers to identify, prevent, and alert malicious or unauthorized activities on the data network


Intelligent Ethernet and Security

• Security FiltersInspection and classification of L2-L4 packets can insure that only the authorized MAC and IP addresses go through the switch. L4 port inspection can insure that only the authorized applications are running.

• Port SecurityProvides a means to ensure the appropriate user is on the network by limiting access based on MAC addresses

• 802.1x authenticationProtects network access by allowing RADIUS server to

authenticate user allowing/disallowing access to the network


•MAC Address NotificationProvides an alert to a management station so that network

administrators know when and where users came on to the network and can take appropriate actions

•AAA control and central Management

•SNMPv3Provides network security by encrypting administrator traffic

during SNMP session to configure/troubleshoot switch

•Secure Shell (SSH)Encrypts administration traffic during Telnet sessions while

configuring or troubleshooting switches

Intelligent Ethernet and Security



Ethernet Evolution


Agenda

Availability, QoS, and Security

Summary


Intelligent Ethernet Enables

• Reduced operational and capital expense by leveraging a single, common network infrastructure

• Connectivity and real-time decision making in a secure environment

• Network availability and reliability

While maintaining industrial grade networking and connectivity

454545© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID 454545© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID

Documents

1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Intelligent Ethernet and EtherNet/IP Deployments Cisco Systems, Inc