Yokogawa Electric Corporation YCAU II Copyright © Yokogawa Electric Corporation Friday, October 24, 2006 Industrial Ethernet and Networking October 24,

Yokogawa Electric Corporation

YCAU II Copyright © Yokogawa Electric CorporationFriday, October 24, 2006

Industrial Ethernet

andNetworking

October 24, 2006

Craig LaRoseProduct Sales EngineerNetwork Solutions

Industrial Ethernet and Networking Page.2YCAU IICopyright © Yokogawa Electric CorporationJuly 2005

Basic hardware and addressing

TCP/IP protocol

Routers, Bridges, & Switches

Webservers, Email & FTP

Dial-up networking

OPC connectivity software

Wireless networking

Additional Resources

What You Will Learn


What is Ethernet?

It is not the cable you connect to your PC

•It is group of standards which cover the transmission of data over a medium

Term Alert: ETHERNET


OSI 7 Layer Model

•The Open Systems Interconnection (OSI) model is an attempt to standardize the functionality of end to end computer communications.

Standards

How can we best describe these standards


Open Systems Interconnect (OSI) Model

7 Layer OSI Model

Application

Presentation

Session

Transport

Network

Data Link

Physical

7 – Network Application

6 – Formatting of data and encryption

5 – Establishment and maintenance of sessions

4 – Provides reliable end-to-end delivery

3 – Packet delivery, including routing

2 – Framing of information and error checking

1 – Physical Medium requirements

Layer Function


The path of data through the stack

OSI Model

Application

Presentation

Session

Transport

Network

Data Link

Physical

Application

Presentation

Session

Transport

Network

Data Link

Physical

Sender Receiver


How Ethernet Fits in the OSI Model

7 Layer OSI Model

Application

Presentation

Session

Transport

Network

Data Link

Physical

Ethernet Standard

Determine of Data Path in Network

Error Checking

Logical Link ControlMedia Access

Control

Media specifications


Layer 1 Specifications

7 Layer OSI Model

Application

Presentation

Session

Transport

Network

Data Link

Physical

Ethernet Standard


Error Checking


Control



Format Data Rate Max Segment Length Topology Media Notes

10BASE-T 10 Mb/s 100 m Star Cat 3,4, or 5 UTP Most common

10BASE5 10 Mb/s 500 m Bus Coax Thick

10BASE-FL 10 Mb/s 2000 m Star Fiber Optic

100BASE-TX 100 Mb/s 100 m Star 2 PairCat 5 UTP Fast Ethernet

1000BASE-T 1 Gb/s 100 m Star 4 Pair Cat 5 Replacing 100BASE-TX

Physical Layer Specifications


Cables and Connectors

10baseT

Speed= 10 Mbps Physical Media

(Twisted Pair)

Cat 5e: voice and data at 100 mbpsCat 6: voice and data at 250 mbpsPatch cable: straight thru; used with hubs & routersCross cable: crossed; used for PC to device directRJ45: standard 10baseT (twisted pair) connector*

100baseFL

Speed= 100 Mbps Physical Media

(Fiber Optic)



7 Layer OSI Model

Application

Presentation

Session

Transport

Network

Data Link

Physical

Ethernet Standard


Error Checking


Control



Logical Link Control Sub layer

•Establishes and Controls Logical Links between Local Devices on a Network

•Makes it Possible for Different Technologies to Work Seamlessly with Higher Layers

Layer 2 : Data Link


Media Access Control Layer

• Procedures used by devices to control access• Responsible for final encapsulation of data frames that are sent over the network• Responsible for Final Addressing of Messages on Network.• Responsible for Error Detection and Handling..

Layer 2 : Data Link


MAC AddressingEach device on a Network has a unique number called a MAC Address that is used to ensure that data for an intended machine gets to it properly.

• Made up of a 48 bit number• First 6 bytes assigned by IEEE (Vendor’s ID)• Last 6 bytes assigned by Vendor

Layer 2 : Data Link

00-80-a3-13-34-04

Vendor Device00-00-64 is the Yokogawa vendor ID


MAC Addresses: How do you find yours?

Layer 2 : Data Link

Windows NT/2000/2003/XP• Open the command prompt from “Run” • From the command prompt type "ipconfig /all" • Find the network adapter you want to know the MAC address of • Locate the number next to Physical Address. This is your MAC address

Note: there are 248 = 2.81474977 × 1014 availableMac addresses. Don’t worry we wont run out.



7 Layer OSI Model

Application

Presentation

Session

Transport

Network

Data Link

Physical

Ethernet Standard

Logical AddressingRouting

Logical Link ControlMedia Access Control

Error Checking



Network Layer Functions

• Logical Addressing – every device over a network has a logical address.

• For example the Internet Protocol (IP) is the network layer protocol and every machine has an unique IP address.

• Routing – responsible for information to move data across interconnected networks.•Datagram Encapsulation•Fragment and Reassembly•Error Handling and Diagnostics

Layer 3 : Network Layer


The TCP/IP protocol suite is named for two of its most important protocols.

Transmission Control Protocol (TCP)Internet Protocol (IP)

The design goal of TCP/IP was to build an interconnection of networks that provided universal communication services: an Internet.

TCP/IP provides a common interface for user-applications inderpendent of the underlying physical network.

IP (Internet protocol) address–Known as the logical address–What Network is the device on?

Term Alert: TCP/IP


An IP address is a unique identifier for a node or host connection on an IP network Every IP address consists of two parts, one identifying the network and one identifying the node. The Class determines which part belongs to the network address and which part belongs to the node

Class A addresses begin with 1 to 126Class B addresses begin with 128 to 191Class C addresses begin with 192 to 223Class D addresses begin with 224 to 239Class E addresses begin with 240 to 254

www.yokogawa.com 203.174.79.168www.us.yokogawa.com 65.203.177.26

The Big 3: IP, Subnet, Gateway

Class CClass A

IP Addressing


network.host.host.hostnetwork.network.host.hostnetwork.network.network.host

20.10.2.5134.140.2.5

192.230.10.5

Class Range Example Max. Host PurposeA 1-127 020.010.002.005 16, 777,214 Large Org.B 128-191 134.140.002.005 65,534 Medium Org.C 192-223 192.230.010.005 254 Small Org.D 224-239 224.154.128.001 N/A Multicast GroupsE 240-254 240.132.120.101 N/A Experimental

Internet Assigned Numbers Authority 4676 Admiralty Way, Suite 330 Marina del Rey, CA 90292 USA+1-310-823-9358 (phone) +1-310-823-8649 (facsimile)www.iana.org

More About IP Addresses


Can be done for use of different physical media, preservation of address space, security, or more commonly to control network traffic

Example 1:


Example 2:

Subnetting

10001100.10110011.11110000.11001000 140.179.240.200 Class B IP Address 11111111.11111111.00000000.00000000 255.255.000.000 Default Class B Subnet Mask --------------------------------------------------10001100.10110011.00000000.00000000 140.179.000.000 Network Address Default subnet masks

10001100.10110011.11011100.11001000 140.179.220.200 IP Address 11111111.11111111.11100000.00000000 255.255.224.000 Subnet Mask --------------------------------------------------- 10001100.10110011.11000000.00000000 140.179.192.000 Subnet Address 10001100.10110011.11011111.11111111 140.179.223.255 Broadcast Address

Total of 49,140 node versus 65,534 using a unsubnetted Class B address


A Default Gateway is a node (Router) on a computer network that serves as an access point to another network.

Example:


Gateway

IP Address:192.168.4.5Subnet: 255.255.255.0 Default Gateway: 192.168.4.1




IP Address:192.168.4.1

•NETWORK ADDRESSES RANGE FROM 192.168.4.0 TO 192.168.4.255

• Packets addressed outside of this range, for example 192.168.12.3 are instead sent to the default gateway address, in this case to 192.168.4.1, which is resolved into a MAC address as usual. The destination IP address will stay 192.168.12.3, it is just the next-hop physical address that is used, in this case it will be the router's interface physical address.

IP Address:192.168.12.1



Recap : IP and MAC Addresses

IP Address 192.168.10.3Subnet Mask 255.255.255.0Gateway 192.168.10.1

IP address tells you which network and what device in that network IP addresses must be unique within a network Subnet mask identifies network vs. device Gateway defines a router that moves data to higher level networks

255 means network

0 means device

This is the 192.168.10 networkThis is the .3 device

IP

MACMediaAccessControl

InternetProtocol

00-00-64-13-34-04

Vendor Device MAC address identifies the device at hardware level (physical address) MAC addresses contain unique vendor and device ID’s


Network Info on DX2000


IPv4 to IPv6

IPv4 supports 4.3 Billion addresses– Will not be enough to support the future

IPv6 will support 3.4 x 1038 addresses

There are fewer grains of sands in the Sahara Desert than will be available IP addresses

Will this be enough address to support our needs?


Domain Name Server

Software running on a host machine that linksan IP address with a name. Allows users toconnect to a device by IP address or by name.

dx200.yca.com

Domain names ending with .biz, .com, .info, .name, .net or .org can be registered through many different companies (known as "registrars").

Term Alert: DNS


Dynamic Host Configuration Protocol

Process of automatically assigning an IPaddress when a device is connected to alocal area network. Typically used in anoffice to conserve IP addresses.

DX2000 and MW100 can run staticor dynamic (DHCP)

Term Alert: DHCP


Static IP Dynamic IP(DHCP)

Static vs. Dynamic Addressing


winipcfg (W95, W98, ME)ipconfig (NT 4.0, 2000)

Looking at Your Network


“Pinging” to test an IP addressReply from 65.203.177.86: bytes=32 time<10ms TTL=128

IP Address

Number of bytes transmitted Time To LiveMaximum Hops

Round TripTime

Looking at Your Network



7 Layer OSI Model

Application

Presentation

Session

Transport

Network

Data Link

Physical

Ethernet Standard


Error Checking




• Provides transparent transfer of data between hosts.• It is usually responsible error recovery and flow control, and ensuring complete data transfer.

Reliable Data The Transport layer can detect and repair data errors.

Flow Control The Transport layer controls the amount of data flow on the network. The amount of memory on a computer is limited, and without flow control a larger computer might flood a computer with so much information that it can't hold it all before dealing with it.

Byte Orientation Rather than dealing with things on a packet-by-packet basis, the Transport layer may add the ability to view communication just as a stream of bytes. This is nicer to deal with than random packet sizes, however, it rarely matches the communication model which will normally be a sequence of messages of user defined sizes.

Ports Ports are essentially ways to address multiple entities in the same location. Computer applications will each listen for information on their own ports, which is why you can use more than one network-based application at the same time.

On the Internet there are a variety of Transport services, but the two most common are TCP and UDP. TCP is the more complicated, providing a connection and byte oriented stream which is almost error free, with flow control, multiple ports, and same order delivery. UDP is a very simple 'datagram' service, which provides limited error reduction and multiple ports. TCP stands for Transmission Control Protocol, while UDP stands for User Datagram Protocol. Other options are the Datagram Congestion Control Protocol (DCCP) and Stream Control Transmission Protocol (SCTP).

Layer Four: Transport


Collision

Devices wait until “the wire” is empty

Allows two devices to try and talk at the same time

Collisions occur (contention based)

Has methods to handle collisions

802.3 is a broadcast network

SuccessSuccess

IEEE 802.3 Ethernet

Carrier Sense Multiple Access/Collision Detection


Port numbers are divided into three ranges:

Well Known Ports 0 - 1023Registered Ports 1024 - 49151Dynamic and/or Private Ports 49152 - 65535

Type Port NumberFTP 21Telnet 23SMTP 25www-http 80POP3 110Daqstation data 34260Daqstation maintenance 34261

Term Alert: Ethernet Ports


Wide Area Network

Wide-area networks (WANs) interconnect LANs with geographically dispersed users to create connectivity. Some of the technologies used for connecting LANs include T1, T3, ATM, ISDN, ADSL, Frame Relay, radio links, and others. New methods of connecting dispersed LANs are appearingeveryday.

Term Alert: WAN


WAN

PC

DARWINDC100

DX200

DX200

PLC

Router: 65.203.177.76Plant BPlant A

PCPC

Router:66.222.124.56Corporate

Router:67.222.124.56

InternetServiceProvider

Network: 10.196.1.0Non-Routeable

Using NAT

Network: 65.203.177.0Routeable

Network: 66.222.124.0Routeable


Layer 5,6,7 Specifications

7 Layer OSI Model

Application

Presentation

Session

Transport

Network

Data Link

Physical

Application LayerHTTP, FTP & SMTP


Error Checking




What Can We Do on the Application Layer?

Configure DevicesView operations remotelyControl operations remotelyTransfer data filesTransfer graphics


Web Server

Application software embedded in a network device that automatically delivers a pre-formatted screen and data views to a PC when a browser (Internet Explorer or Netscape) connects to the device over a network.

Uses software technology like html, JAVA, and CGI.

Provides access with custom software!

Term Alert: Web Server


PC(10.2.2.1)

DX20010.2.1.11/C2 optionMB master

What is a Web Server ?


Configuration via Network


PNG Graphic Files via Network



Network Interface Card

A computer card containing and Ethernet controller chip and communications transceivers able to connect to the “wire” and talk using Ethernet rules and format.

Desktop “NIC” CardIEEE802.3

Laptop PCMCIA CardIEEE802.3

Laptop PCMCIA CardWireless IEEE802.11

Desktop “NIC” CardIEEE802.3u

Term Alert: NIC


Layer 1 Devices

Hardware

Application

Presentation

Session

Transport

Network

Data Link

Physical

Device Types•Repeaters•Media converters•Hubs

Function•Signal regeneration•Media conversion•Isolate network faults by segmenting

•How they work•Operate at the Ethernet physical layer•Receive Messages, regenerate and repeat on all ports


• All devices in the same collision domain

• All devices in the same Broadcast domain

• Devices share the same bandwith

Hub: Good Performance


LAN

192.168.225.102 192.168.225.103 192.168.225.104

192.168.225.101

LAN

Hub

Data Flow in TCP/IP Networks


Layer 2 Devices

Hardware

Application

Presentation

Session

Transport

Network

Data Link

Physical

Device Types•Bridges•Switches

Function•Segmentation of Networks•Speed Transition

•How they work•Processes Ethernet header information•Learns a node’s location by examining source address, forwards messages based on the destination address


• Each device has a unique collision domain

• All devices in the same broadcast domain

• Devices do not share bandwith

Switch: Better Performance


Layer 3 Devices

Hardware

Application

Presentation

Session

Transport

Network

Data Link

Physical

Device Types•Routers•Layer 3 Switch

Function•Coupling of subnets•Network transition (ISDN – Ethernet)•Internet Connectivity

•How they work•Processe IP header information•Forwards packets between networks based on Network layer information


•Unique collision domain for each device

•Unique broadcast domain for each device

• Devices do not share bandwith

Router: Best Performance


Data Flow with a Switch

Switch

192.168.225.101

192.168.225.105192.168.225.104192.168.225.103

Hub

192.168.225.102

Send Packet

Send Reply



File Transfer Protocol

A format and procedure making it easyto send/receive/view files between devices on anetwork.

DX uses FTP to automatically send files toa network server, eliminating need for manual collection of data files.

Term Alert: FTP


Using an FTP client onthe PC, files on DX canbe copied &deleted.Internet Explorer hasan embedded FTP client.

PC(10.2.2.1)

Server

Client

PC “pulls” files

DX=FTP Server, PC=FTP Client


PC(10.2.2.1)

Using an FTP server onthe PC, DX willautomatically send filesto the PC.

Server

Client

DX “pushes” files

DX=FTP Client, PC=FTP Server


Internet Information Services (IIS) is the Windowscomponent that makes it easy to publish information andbring business applications to the Web. IIS makes it easyfor you to create a strong platform for network applicationsand communications.

Setup your PC as an ftp Server

Internet Information Services



Simple Mail Transfer ProtocolPost Office Protocol Version 3

SMTP is a protocol in OSI 7 layer model that defines format and procedure for a network device to send “email” to another device on the network.

POP3 is a protocol that defines how to retrieveemail on the Internet

Term Alert: SMTP & POP3


ArgosoftMail server

POP

SMTP

PC(10.2.2.1)

DX with SMTP

Email Server/Client



Device Servers enable non-Ethernet readyproducts to communicate via Ethernet(TCP/IP).

YokogawaChart RecorderSerial RS422

Interface

DeviceServer

IP Address192.168.1.3

Virtual Com PortRedirector

COM5 = 192.168.1.3:3001

192.168.1.2

Terminal/Device Servers


OLE for Process Control

A software standard developed by hardwarevendors, software vendors and end users thatspecifies a common client/server interface format between hardware and software.

SCADA/HMI vendors create OPC clients.

Hardware vendors create OPC servers.

Term Alert: OPC


The OPC Concept

OtherVendorDevices

PC Running OPC Server

SCADA/HMI Software• Wonderware• Intellution• Iconics• RSView• Lookout

Plant Information Management Software

• Yokogawa Exaquantum

• OSI PI

• Aspentech

Ethernet or Serial Interfaces



MODBUS, a defacto standard from Modicon

Three basic types, RTU, ASCII, TCP

MODBUS TCP is over Ethernet

MODBUS Plus is an enhanced peer to peer

Layer Description Examples

Application Internet Explorer, Outlook

Presentation Data Coding and Conversion

SessionManages Communications Sessions, Request & Response between Apps.

Transport Error checking, Flow Control,TCP, UDP

NetworkNetwork Address, IP Internet Protocol, Routing Data

IP, ARP

Data Link Physical Address, Topololgy, flow control

Physical Wire, Electrical, Distance

Ethernet, IEEE802.3, FDDI

Telnet, FTP, SMTP, HTTP

Modbus TCP is Modbus Protocol encapsulated in a TCP Packet.

MODBUS Protocol


Daqstation

A-B PLCwith ProsoftMODBUS card

Modbus provides a common interface betweenhardware from multiple products.

RS422/485

MODBUS: DX to SLC500


30 Analog Inputsvia ModbusRS422/485

Serial

DARWIN I/ORS422/485

Modbus Slave Device

DAQSTATIONRS422/RS485

Modbus Master Device

30 Analog Inputs30 Analog Inputs

101010101 101010101101010101

Eth

ern

et

MODBUS: Extended Inputs


DAQSTATIONCX

RS422/RS485Modbus Master Device

16 Single Loop Controllersvia ModbusRS422/485

Serial

20 Analog Inputs

Ethernet

MODBUS: External Controllers


World's First FOUNDATIONTM Fieldbus-Compatible RecorderDAQSTATION will support the FOUNDATIONTM Fieldbus that's becoming the bi-directional digital com

munication standard for instrumentation in the 21st century.

The FOUNDATIONTM Fieldbus can:◆Dramatically increase the amount of data transmitted.

◆Drastically reduce the wiring costs.

◆Support a multivendor environment.

◆Simplify control.

DPharp EJADigital differential pressuretransmitter

YEWFLOVortex flowmeter

YVPValve positioner

ADMAG-AEElectromagnetic

flowmeter

YTATemperature transmitter

DAQSTATION

●Device type: Link master

●Function blocksAI: 8 blocksMAI: 8 channels 1 blockMAO: 8 channels 1 block

Foundation Fieldbus


Fieldbus Applications






65.203.177.1 65.203.177.2 65.203.177.3 65.203.177.4

65.203.177.240

VPN Server

IP:192.168.1.2SN:255.255.255.0DG:192.168.1.1

Hub

Hub

192.168.?.?

INTERNET

RemoteUser

VPN Client

Typical Office LANTypical Office LAN

Typical Data Acquisition LANTypical Data Acquisition LAN

FtpServerPrimary

192.168.1.6

FtpServer

Secondary192.168.1.7

LAN Router

WAN Router

PI DatabaseServer

192.168.1.8

ISP

192.168.1.1

65.203.177.1

IP:192.168.1.3SN:255.255.255.0DG:192.168.1.1

IP:192.168.1.4SN:255.255.255.0DG:192.168.1.1

IP:192.168.1.5SN:255.255.255.0DG:192.168.1.1

Recap


http://kb.us.yokogawa.com http://www.us.yokogawa.com/support/events/seminars/network/default.htm

- Copy of PowerPoint- PDF’s of tutorials and white papers- Links to useful sites

Additional Resources


What You Will Learn Today

Introduction to basic network conceptsRadio frequency and spread spectrum technology basicsWired and wireless standardsWireless topologies (Ad Hoc vs. Infrastructure)Security in wireless networksSetting up an office grade wireless routerRadio PhysicsTypes of wireless radios (industrial and office)Implementation issues (antennaes, site surveys)Typical uses of wireless in industrial settings


Microwaves, RC Cars, Cordless Phones, & Door Openers

These everyday devices use radio frequency technology

Microwave(2.5 GHz)

Garage Door Opener(300-400 MHz)

Cordless Phones(900MHz, 2.4GHz, 5.8GHz)

RC Toys(27 or 49 MHz)


A Look At Radio Frequencies

Radio frequency spectrum is assigned by governments– CB radio: 26.96 - 27.41 MHz– FM radio: 88 - 108 MHz– WiFi for PC’s: 2.4 GHZLicensed vs. Unlicensed bands– Licensed provides more power!Two licensed frequency bands– 400 MHz– 900 MHz3 unlicensed frequency bands in U.S.– ISM bands (Industrial, Scientific, Medical)– 902-928 MHz– 2.4 to 2.483 GHz– 5.725 to 5.875 GHz (U-NII*)

.

*Unlicensed National Information Infrastructure


Frequencies By CountryNorth America

•License-free 900MHz, 2.4 GHZ, and 5.4 GHZ spread spectrum

•Licensed 400MHz to 500MHz fixed frequency

Europe

•License-free 433 MHz (all countries)

•UK, Sweden, Finland, Spain, Portugal, Poland, Czech also have special channels in the 400 MHz band •869MHz 500mW 10% duty factor or 5mW 100% duty factor

•Licensed 450MHz (most countries)

South America

•License-free 900MHz spread spectrum (most countries)

•Licensed 400MHz to 500MHz fixed frequency

Asia

•License-free 450MHz (Singapore, Hong Kong)

•License-free 220MHz fixed frequency (China)

•Licensed 400MHz to 500 MHz fixed frequency (most countries)

Middle East

•Licensed 900MHz spread spectrum (some countries)

•Licensed 400MHz to 500 MHz fixed frequency (most countries)

Africa

•License-free 433MHz (some countries)

•Licensed 400MHz to 500MHz fixed frequency www.Elprotech.com


Sending Information by Radio

Start with “data”

Modulate the data “over” the fixed frequency carrier

Resulting signal has data


Narrow Band vs. Spread Spectrum

Two approaches for signal delivery

http://catalog.omnispread.com

Spread Spectrum is our interest for Office and Industrial


Who is this Woman?

Hedwig Eva Maria Kiesler


What is Spread Spectrum?

Original application of spread spectrum was Military

Industrial radios use spread spectrum technology– Lower power density (less power at any given frequency)– Higher noise immunity and resistance to interference – Improved security

Two types of spread spectrum– Direct Sequence (DSSS)– Frequency Hopping (FHSS)

The signal from the radio transmitter is “spread” across a wider range of radio frequency than is required for standard narrow band applications (like F

M radio)


A Bit of History : The Frequency Hopping Patent

In the United States Hedy Lamarr and George Antheil, shunned by the Navy, no longer pursued their invention. But in 1957, the concept was taken up by engineers at the Sylvania Electronic Systems Division, in Buffalo, New York. Their arrangement, using, of course, electronics rather than piano rolls, ultimately became a basic tool for secure military communications. It was installed on ships sent to blockade Cuba in 1962, about three years after the Lamarr-Antheil patent had expired. Subsequent patents in frequency changing, which are generally unrelated to torpedo control, have referred to the Lamarr-Antheil patent as the basis of the field, and the concept lies behind the principal anti-jamming device used today, for example, in the U.S. government's Milstar defense communication satellite system.

Heddy Lamarr


Back to Basics

The Two Commonly Used Typesof Spread Spectrum Technology

FHSS

Frequency Hopping

DSSS

Direct Sequence


DSSS (Direct Sequence Spread Spectrum)

• Base transmission is centered at a specific frequency• Transmitted with frequency changing many times per data bit• Multiple copies of each original data bit are sent at different frequencies• Transmission at each frequency is sent at lower power

DSSS “Spreads” the message across a wide frequency


DSSS Encoding Scheme

http://wireless.industrial-networking.comTHE WIRELESS OPTION FOR INDUSTRIAL ETHERNET

www.breezecom.com

0 = 01001 1 = 10110

• Encoding is done in the data stream before transmission• Direct sequence encoding uses psuedo-random noise generator (PN)• Each data bit is encoded into a longer data string • Resulting longer message is now encrypted, only matching radio can decode


DSSS Signal Advantages

• Encoded data looks like noise

• Transmission is sent at low power so it is harder to detect

• RFI noise can easily be discriminated from data signal


FHSS (Frequency Hopping Spread Spectrum)

• A single data packet is transmitted at one frequency• The radio then “hops” to a new frequency to transmit the next packet• Transmitter and receiver are programmed with the same hop pattern• The frequency hops appear random to observers• Hopping avoids interference (usually narrow band at one frequency) • Redundancy is achieved by re-transmitting at different frequency

FHSS moves the message between different frequencies


FHSS Encoding

http://wireless.industrial-networking.comTHE WIRELESS OPTION FOR INDUSTRIAL ETHERNET

• Frequency hopping encoding is done at transmission• The hop pattern for the frequency is encoding• Data itself is not directly encoded (as in direct sequence)• Observed frequencies do not show any obvious pattern


Comparison of DSSS vs. FHSS

DSSS encodes the data FHSS encodes the frequency

Data speed: DSSS has higher rates (FHSS has hop latency )

Power: FHSS is lower power (DSSS has complex circuits)

Cost: FHSS is generally lower in costRobustness: FHSS has stronger noise immunityDensity: More FHSS in one area than DSSSData Accuracy: DSSS wins on this one


OFDM: Orthogonal Frequency Division Multiplexing

• Used in 802.11g and 802.11a home/office radios• Provides higher data rates• Uses multiple sub-carrier frequencies each centered at different frequencies• Breaks the data message into parts• Transmits all the parts at the same time using the sub-carriers• Fast transmission is sent as many parallel slow transmissions

• Not used in current generation of industrial radios

A Third Type of Spread Spectrum Technology !


Quick Quiz #1Do industrial radios use narrow band or spread spectrum technology?– Spread spectrum

Name the 2 types of spread spectrum technology used in industrial radios– DSSS: Direct Sequence Spread Spectrum – FHSS: Frequency Hopping Spread Spectrum

Which is capable of higher speeds, DSSS or FHSS?– DSSS

ISM is an abbreviation for what?– Industrial, Scientific, and Medical

How many ISM bands exist? – Three

Are the ISM bands licensed or unlicensed?– Unlicensed

What are the frequencies of the ISM bands?– 900 MHz, 2.4 GHz, 5.8 GHz

What is the primary advantage of a licensed band?– More power than unlicensed bands (i.e. more power is more distance)


Wired & Wireless Standards

Wired

802.3

802.3i

802.5

802.3u

802.3af

10base-T ethernet

Token Ring (IBM…)

100base-TX ethernet

Powered ethernet

802.3ab 1000base-T gigabit copper

Wireless

WPAN (wireless personal area network)

802.1x

802.11

802.11a

802.11b

802.11g

802.16

802.15

54 Mbps at 5.4 GHz

“Wi-Fi”, 11 Mbps in 2.4 GHz

54 Mbps at 2.4 GHz

802.15.1 Bluetooth

802.15.4 Zigbee

WMAN (wireless metropolitan area network)

WLAN (wireless local area network)


Wireless Standards802.11 – 1 or 2 Mbps transmission in the 2.4 GHz band – Frequency hopping spread spectrum (FHSS)– Direct sequence spread spectrum (DSSS)

802.11b (2.4 to 2.497 GHz)– Data speeds to 11Mbps– DSSS only – Wi-Fi is interoperability standard for 802.11b (WECA)

802.11g (2.4 to 2.497 GHz)– 54 Mbps speed extension of 802.11b with OFDM– Backward compatible with 802.11b for <11 Mbps

802.11a (5.15 to 5.875 GHz)– Data speeds to 54 Mbps– 300 MHz bandwidth indoor, OFDM– Orthogonal frequency division multiplexing (OFDM)


Wireless A B GWirelessStandard

Wireless BWireless G (802.11 G)

Wireless G w/Speedbooster

WirelessA/G

Wireless G with SRX

Wireless G with SRX200

Wireless G with SRX400

N/AUp to 5 Times Faster Than Wireless B

35% Faster than Wireless G

Uncrowded 5GHz Band

Up To 8X Faster than Wireless G. Range up to 3X farther



2.4Ghz 2.4Ghz 2.4Ghz 2.4Ghz & 5Ghz 2.4Ghz 2.4Ghz 2.4Ghz

Typically Up To 150ft

Up to 150 ft Up to 150 ft

Up to 150 ft (Wireless G)Up to 150 ft (Wireless G)

Up to 3X farther than Wireless G



More Popular Standards for

hotspotsYes Yes

Yes in a Wireless-G Mode

Growing use in Wireless-A

Yes Yes Yes

802.11b & 802.11g

802.11b & 802.11g

802.11b & 802.11g

802.11a, 802.11b & 802.11g

802.11b & 802.11g Based on MiMo Tech

nology

802.11b & 802.11g Based on MiMo Technology

802.11b & 802.11g Based on MiMo Technology

Legacy Standard Fast Speed Faster Speed

Fast Speed with less interferance from other Wireless

LANs. Works with all wireless standa

rds

Farthest Range & Fastest

Speed

Superior Range & Superior

SpeedPremium Range & Speed


Why are the Standards numbered 802?

IEEE’s development of LAN standards was assigned the project number 802, for February 1980 when the committee convened.

Get it? 2/80 or 802


Quick Quiz #2What is the 802 sub-designation for wireless technologies– 802.11

802.11b is known by the common name of ?– Wi-Fi

The max data rate of 802.11b is ??? Mbps– 11 Mbps

True or False, 802.11b supports both FHSS and DSSS?– False. FHSS is not available in 802.11b. FHSS is too slow to support 11 Mbps

True or False, All industrial radios support 802.11 standards – False, many industrial radios use proprietary FHSS or DSSS

A microwave oven could interfere with which 802.11 technologies– 802.11b and 802.11g because they are 2.4 GHz & a microwave is 2.5 GHz


Wireless Topologies: Ad-Hoc vs. Infrastructure

Ad-Hoc (or point-to-point)– 2 or more network devices transfering dat

a directly between themselves.– Most efficient network with a minimum of

network overhead

Infrastructure (or access point)– With this network one of the Ethernet radi

o modems is configured as the "access point ".

– Access Point is then used as a wireless bridge to the cabled LAN network.

– All nodes (either wireless cards or other Ethernet radio modems configured as remotes) communicate only with the Access Point that serves the WLAN as a HUB

THE WIRELESS OPTION FOR INDUSTRIAL ETHERNET by Eric Marske from http://wireless.industrial-networking.com


A Little About Channels in 802.11b/g

11 channels with each channel 22MHz in width.Each channel is centered at 5MHz intervals starting at 2.412GHz and ending at 2.462GHz . 802.11b and 802.11g standards have a maximum of three non-overlapping channels carrying 11 Mbps throughput each (33 Mbps total) and 54 Mbps (162 Mbps total) throughput802.11a has a maximum of eight non-overlapping channels carrying 54 Mbps throughput each, or 432 Mbps total throughput.

1 2 3 4 5 6 7 8 9 10

22 MHz

3 MHz

2.4

01

GH

z

2.4

12

GH

z

11

2.4

73

GH

z

2.4

62

GH

z


Our Wireless Network

MX100192.168.20.20

FA-M3 PLC192.168.20.8

Linksys G Wireless Router192.168.20.1

802.11gwireless

802.11bwireless

UT351192.168.30.2

CX1000192.168.30.3

Radiolinx192.168.30.1


Hands-On #1: Setting Up an Office 802.11g Router

802.310baseThardwire

802.11gwireless

192.168.20.1

192.168.20.8

192.168.20.22(internal wireless)

1. Use web configuration to setup wireless router IP address2. Keep SSID at default of linksys3. Set up channel (1 thru 11)4. Do not activate WEP encryption 5. Activate DHCP (dynamic host configuration protocol)

FA-M3PLC



Security

SSID (Service Set IDentifier) - Your wireless network's name.

WEP (Wired Equivalent Privacy) - A method of encrypting data transmitted on a wireless network for greater security.

WPA (Wi-Fi Protected Access ) -WPA was designed to be a replacement for WEP networks without requiring hardware replacements. Now WPA2 is being offered.


A Few Terms

VPN – “Virtual Private Network”– Creates another layer of networking on top of

wireless.– This layer is encrypted.– Independent of any weakness in the network

technology


So What About Security in Wireless?

1) MAC Address Spoofing

Packets transmitted over a network, either your local network or the Internet, are preceded by a Packet Header. These packet headers contain both the source and destination information for that packet. A hacker can use this information to spoof (or fake) a MAC Address allowed on the network. With this spoofed MAC Address, the hacker can also intercept information meant for another user.

2) Data Sniffing

Data "sniffing" is a method used by hackers to obtain network data as it travels through unsecured networks, such as the Internet. Tools for just this kind of activity, such as protocol analyzers and network diagnostic tools, are often built into operating systems and allow the data to be viewed in clear text.

3) Man in the Middle Attacks

Once the hacker has either sniffed or spoofed enough information, he can now perform a "man in the middle" attack. This attack is performed, when data is being transmitted from one network to another, by using this information to reroute the data and appear to be the intended destination. This way, the data appears to be going to its intended recipient. From Linksys VPN whitepaper

The first and obvious weakness of wireless is “no wire”

Three Popular “hacking” methods


How to Improve Basic Security in 802.11 Networks

Let’s look at a live example with the Linksys router

– Change SSID (must know or guess SSID to connect)– Turn off SSID broadcast (cannot automatically see

network)– Activate WEP encryption (data is visible but not readable)– Turn off DHCP (Even if you connect, you must guess IP)– Activate MAC filtering (Must specify MAC address)


A Quick Comparison: Office vs. Industrial

Power

Distance

OperatingTemp

ConstructionMounting

500 mW

20 miles outdoor

-30 C to 60 C

Aluminum

32 mW

200 feet indoors

0 C to 40 C

Plastic


Hands-On #2: Setting Up an Industrial 802.11b radio

802.310baseThardwire

802.11bwireless

192.168.30.1

192.168.10.4

192.168.30.22(internal wireless)

1. Use web configuration to setup wireless router IP address2. Set up SSID as Radiolinx3. Set up channel as 14. Activate WEP encryption to improve security

192.168.20.4

UT351EController


A Few Quick Points on RF Propogation

Higher frequencies have higher data rates (bandwith)– There is 1000 times more spectrum between 1-2 GHz as there

is between 1-2 MHz.

RF waves lose power as they travel in the air– Higher frequencies lose power (attenuate) faster

RF waves attenuate as they pass through objects– Higher frequencies attenuate faster

Lower Frequencies (i.e. 900 mHz have greater distance)


Performance of 2.4 GHZ vs. 900 MHz

• 2.4 GHz has 10-20% of the reliable distances of 900 MHz

• 900 MHz has 5-10 times the distance of 2.4 GHz inside

2.4GHz, 1W plus 6dB gain antennas 5 – 15 miles

900MHz, 1W plus 6dB gain antennas 15 – 25 miles

2.4GHz, 100mW plus 16dB antennas 10 – 40 miles

900MHz, 100mW plus 16dB antennas 20 – 60 miles

2.4GHz, 1W 100 – 600 feet

900MHz, 1W 500 – 5000 feet

Typical Outdoors with Line of Sight

Typical Indoors in Congested Environment


The Physics of Radios: Terms and Formulas

What is a decibel (dB)?RF power calculation basicsEIRP (Effective Isotropic Radiated Power)Types of propogation losses (attenuation)– Free space loss– Penetration loss Multipath fading

Near/far problem in DSSS radiosInterference from other RF sourcesCollocation


What is a decibel?

The decibel (abbreviated dB) must be the most misunderstood measurement since the cubit. Although the term decibel always means the same thing, decibels may be calculated in several ways, and there are many confusing explanations of what they are.

The decibel is not a unit in the sense that a foot or a dyne is. Dynes and feet are defined quantities of force and distance. A decibel is a RELATIONSHIP between two values of POWER.

Decibels are designed for talking about numbers of greatly different magnitude, such as 23 vs. 4,700,000,000,000. With such vast differences between the numbers, the most difficult problem is getting the number of zeros right.

We could use scientific notation, but a comparison between 2.3 X 10 and 4.7 X 1012 is still awkward. For convenience, we find the RATIO between the two numbers and convert that into a logarithm. This gives a number like 11.3. As long as we are going for simplicity, we might as well get rid of the decimal, so we multiply the number times ten. If we measured one value as 23 hp and another as 4.7 trillon hp, we say that one is 113dB greater than the other. The usefulness of all this becomes becomes apparent when we think about how the ear perceives loudness. First of all, the ear is very sensitive. The softest audible sound has a power of about 0.000000000001 watt/sq. meter and the threshold of pain is around 1 watt/sq. meter, giving a total range of 120dB.

In the second place, our judgment of relative levels of loudness is somewhat logarithmic. If a sound has 10 times the power of a reference (10dB) we hear it as twice as loud. If we merely double the power (3dB), the difference will be just noticeable. [The calculations for the dB relationships I just gave go like this; for a 10 to one relationship, the log of 10 is 1, and ten times 1 is 10. For the 2 to one relationship, the log of 2 is 0.3, and 10 times that is 3. Incidentally, if the ratio goes the other way, with the measured value less than the reference, we get a negative dB value, because the log of 1/10 is -1.]

www.howstuffworks.com

Decibels measure the power of a radio system!


Understanding Gain Measurements

Antenna performance is primarily established by its gain. There are three common references used when defining gain in radios:

Gain referenced to a dipole antennae: dBd

Gain referenced to an isotropic source: dBi

Gain referenced to power in milliwatts: dBm


Understanding Power in Radios

• RF transmitter and receiver power is expressed in watts.

• RF power can also be expressed in dBm (decibels relative to milliwatts)

• dBm for RF power is useful when calculating radio system gains (since other gains and losses from cables & Antennas are in dB’s)

The relation between dBm and watts can be expressed as follows:

Power(dBm) = 10 x Log10 Power(mW)

1 Watt = 1000 mW; PdBm = 10 x Log10(1000) = 30 dBm

100 mW; PdBm = 10 x Log10 (100) = 20 dBm

1mW: PdBm = 10 x Log10 (1) = 0 dBm

Power(mW) = 10(Power(dBm)/10)

15 dBm = 10 (15/10) = 10 (1.5) = 32 mW


A Table of mW to dBm


EIRP (Effective Isotropic Radiated Power)

www.breezecom.com

Take the following example:

transmitter power out = Pout = 50mWcable loss (attenuation) = Ct = 4dBtransmitting antenna gain = Gt = 6 dBi

convert transmitter power from mW to dBm10 x log (50/10) = 17 dBm

EIRP = 17dBm - 4 dBm + 6 dBm = 19 dBm

EIRP is the effective power transmitted from the antenna.

EIRP = (power at transmitter) - (cable attenuation) + antenna gain

EIRP = Pout - Ct - Gt

Pout = output power of transmitter in dBmCt = transmitter cable attenuation in dB

Gt = transmitting antenna gain in dBi


Discuss RSSI Sensivitiy Calculations

Look at specs with RSSI -dBm and BEC rate….


Radiolinx Products sold by Yokogawa

• RLX-FHE: Frequency Hopping Ethernet ($1,395 per radio)• Use with Ethernet DAQ/FA-M3/Controllers• Does not use 802.11b so it will not link to PC wireless

• RLX-FHS: Frequency Hopping Serial ($1,250 per radio)• Use with serial DAQ/FA-M3/Controllers• Supports MODBUS RTU • Runs Yokogawa protocol in transparent mode

• RLX-FHES: Frequency Hopping Ethernet with serial server ($1,495 per radio)• Has RS232/RS485 port built-in• Use when you need to get serial protocol into Ethernet

• RLX-IH: 802.11b “HotSpot” ($1,549)• Use when you need Ethernet with PC wireless connectivity

• Antennas, connectors and cables are also available from Yokogawa


RLX-FHE Frequency Hopping Ethernet (2.4GHz)

• Mobile configuration and data logging without wires!• Frequency hopping 2.4 GHz unlicensed (ISM band)• Not compatible with 802.11 wireless (Wi-Fi)• Designed for industrial environment (-40 to 158 degF)• Up to 16 mile range with line of sight with hi gain antennas• Proprietary radio frequency protocol (158 hopping patterns)• 40 or 128 bit hardware data encryption

$1,395 per radio


RLX-FHE Frequency Hopping Ethernet (2.4 GHz)

DX104

DX104

DX104

RLX-FHE

RLX-FHE

RLX-FHE

RLX-FHE

RS232 MODBUS

RTUSlave #1

RS232 MODBUS

RTUSlave #2

RS232 MODBUS

RTUSlave #3

10BaseTEthernet

Data from Remote DX100’s is Consolidated in PC

PC running:• DAQStandard (configuration)• DAQLogger• SCADA/HMI with OPC


RLX-FHS Frequency Hopping Serial (2.4GHz)

• Mobile data logging without wires!• Frequency hopping 2.4 GHz unlicensed (ISM band)• Modbus RTU, Modbus ASCII, DF1, generic ASCII• RS232, RS422, or RS485• Flexible set-up modes

• Point to point• Point to multi-point• Peer to peer

• Designed for industrial environment (-40 to 158 degF)• Up to 16 mile range with line of sight with hi gain antennas• Proprietary radio frequency protocol (158 hopping patterns)• 40 or 128 bit hardware data encryption

$1,250 per radio


RLX-FHS Frequency Hopping Serial (2.4 GHz)

DX104

DA100

UT450

RLX-FHS

RLX-FHS

RLX-FHS

RLX-FHS

DX220RS232

MODBUSRTU

RS232 MODBUS

RTUSlave #1

RS485 MODBUS

RTUSlave #2

RS485 MODBUS

RTUSlave #3

10BaseTEthernet

Data from Remote DX100’s is Consolidated in DX200


RLX-IH 802.11b Industrial Wireless Radio

• Mobile configuration and data logging without wires!• 802.11b direct sequence spread spectrum radios• Can be implemented with a single radio!• 2.4 GHz unlicensed (ISM band)• Compatible with standard PC wireless cards• Designed for industrial environment• Up to 20 mile range in outdoor settings

$1,549 per radio


UT351 with Radiolinx 802.11b Hotspot

Laptop with 802.11b“Wi-Fi” wireless ability

Laptop with 802.11b“Wi-Fi” wireless ability


Site Surveys : Indoor

Software packages such as Ekahau ESS site survey

• Determine performance characteristics• Help locate access point positions• Determine antennae selection and positioning• Detect “foreign” connections


Site Surveys : Outdoors


Site Surveys : Outdoors


Industrial Radio Types

Radio Modems (Ethernet and Serial data )I/O (Telemetry)Wireless gatewaysCombined Data and I/OWireless Device ServersCellularSatellite


Product Samples: Ethernet Radio Modems

MDS iNET900ELPRO 905U-D YLink RadioLinx

2.4 GHz FHSS900 MHz FHSS900 MHz FHSS

SCADALINK LANBRIGDE

900 MHz FHSS


Product Samples: Serial Radio Modems

SCADALINK SM900

900 MHz FHSS

Prosoft RadioLinx

2.4 GHz FHSS

Put serial devices on radio


Product Samples: (I/O) Telemetry

SCADALINK IO900

900 MHz FHSS

Elpro 905-U

900 MHz FHSS

Phoenix (Omnex)

Think of 4-20 ma radios!


Product Samples: Wireless Protocol Gateways

105UG105UG

105UG105UG

105UG105UG

ProfibusProfibus

DF1DF1

ModbusModbus


Glossary

Yokogawa Electric Corporation

YCAU II Copyright © Yokogawa Electric CorporationFriday, October 24, 2006

Yokogawa DAQ Systems:

Network Security

July 2005


Corporate and Plant Network


Plant Network Detail

Increasing Plant Floor Security TodayRockwell Automation


Security Problems with PC’s on a Network

Unauthorized access (Invasion)Viruses (via email or hackers)HackersEmail spam“Leakage” of System InformationResulting security problems– Unauthorized control of equipment or process– Data manipulation– File deletion– Configuration changes or deletion– Corruption of operating system


The Basic Defense at Corporate IT Level

• Routers• Firewalls• Proxy servers• VPN’s • Virus protection• Anti-spy software

IT Tools


Corporate IT vs. Plant Floor Network


Ports and TCP Servers


Test Your System Five Ways

1) Open ports2) Simple network management protocol (SNMP) robustness3) Malformed packets4) Broadcast traffic storms 5) Resource starvation

Test your System 5 WaysInTech March 2003Eric Byres


Why is a DAQSTATION Safer than a PC?

No Intel chipsNo Microsoft softwareProprietary OS based on u-Itron realtime OSDoes not accept emailBuilt-in username/password loginPassword access


Preventive Actions

Standard IT security– Routers, proxy servers and firewalls– Intrusion detection software– Turn of ICMP (ping) in routers– Consider VPN for remote access– Implement a security and risk assessment

DAQStation– Utilize control logins with username/password

• Restrict access• Change on a periodic basis

– Use passwords for webserver access– Isolate FTP server from primary network


ISA 99: Network Security

•Part 1: Models and Terminology •Part 2: Establishing a Manufacturing & Control Systems Security Program •Part 3: Operating a Manufacturing and Control Systems Security Program •Part 4: Specific Security Requirements for Manufacturing & Control Systems


21 Steps to Improving SCADA Security

Department of Energy

Office of Energy Assurance


Steps 1-11


Steps 12-21

Documents

Yokogawa Electric Corporation YCAU II Copyright © Yokogawa Electric Corporation Friday, October 24, 2006 Industrial Ethernet and Networking October 24,