1 © 2003 cisco systems, inc. all rights reserved. session number presentation_id intelligent...
TRANSCRIPT
1© 2003 Cisco Systems, Inc. All rights reserved.
Session NumberPresentation_ID
Intelligent Ethernet and EtherNet/IP Deployments
Cisco Systems, Inc.
222© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Why Ethernet?
• From just 500Kbps 10,100, Gig, 10 Gig
• From limited Many management management options
• Proprietary Common standards
•From isolation WW connectivity
Ethernet. . . the everlasting advantage of simplicity and total cost of ownership
Ethernet. . . the everlasting advantage of simplicity and total cost of ownership
Challenge on the Factory FloorChallenge on the Factory Floor SolutionSolution EthernetEthernet
•From single vendor Multiple vendors
333© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Intro to Networking World: Understanding the OSI Model
NO. NAME ENCAPS / PDU DEVICES PROTOCOLS NOTES NOTES
7 Application Raw Data Software
PCs
Crayons, Pictures,
Writing, Sound
Checks availability with comm.
partner
Ideas, Thoughts
6 Presentation .doc .xls .midi .ppt .jpg .bmp .gif .mp3 .ascii .ebcdi
c
Syntax, Compressio
n, Formatting
Standardized format
5 Session NFS SQL
NetBios RPC
Establish, manage and
terminate sessions
Negotiate a session set
up
4 Transport Segment TCP UDP Windowing, Buffering
Reliable or unreliable
3 Network Packet Routers,
PCs
IP IPX Logical Addressing,
Best path
Routed or routing
protocols
2 Data Link Frame Bridges,
Switches
FR, TR, ATM, FDDI, Ethernet,
SDLC, ISDN, SNA
BIA address,
Flow Control
MAC address
1 Physical Bits Hubs,
Repeaters
Cables, Connectors,
NIC Cards
Like Morse Code
444© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Media Transmission Chart
NAME ACRONYM LENGTH DATA RATE STANDARD
Twisted Pair TP 100 M 10 MBPS 802.3
Shielded Twisted Pair STP 10 MBPS
Coax - Thick 500 M 10 MBPS
Coax - Thin 185 M
Fast Ethernet TP (UTP)
Fast E
100 M 100 MBPS 802.3
Fiber - Multimode 2000 M
Fiber - Singlemode 15000 M
Gigabit Ethernet Gig E
555© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Sender
Data Link
Network
Transport
Session
Presentation
Application
Physical
Receiver
Data Link
Network
Transport
Session
Presentation
Application
Physical
How the OSI Model Works
MEDIA
666© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Ethernet – Original Implementations
PC A PC B PC C
PC F PC G
PC D
PC H PC J
PC E
Ethernet was originally designed as a bus topology
777© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Basic Ethernet Implementation
PC A PC B PC C
PC F PC G
PC D
PC H PC J
PC E
Whoever transmits owns the wire!
Broadcast Domain
888© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Basic Ethernet Implementation
PC A PC B PC C
PC F PC G
PC D
PC H PC J
PC E
So, What Happens When Two Data Streams Are Sent At The Same Time?
Broadcast Domain and a Collision Domain
999© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Ethernet “Collisions”
PC A PC B PC C
PC F PC G
PC D
PC H PC J
PC E
PC’s B and D Transmit Simultaneously
Broadcast Domain and a Collision Domain
101010© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Ethernet “Collisions”
PC A PC B PC C
PC F PC G
PC D
PC H PC J
PC E
If both transmit at the same time, there is a “Collision”
Broadcast Domain and a Collision Domain
Collision
111111© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Ethernet “Collisions”
PC A PC B PC C
PC F PC G
PC D
PC H PC J
PC E
When there is a collision, both sides “back off” (stop, wait a for a random time segment, and re-
transmit)
Back Off
Broadcast Domain and a Collision Domain
121212© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Random Backoff and Re-Transmission
PC A PC B PC C
PC F PC G
PC D
PC H PC J
PC E
Both sides re-transmit successfully
Re-send 5 ms.
Re-send 7 ms.
131313© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Watch out for COLLISION DOMAINS
• What makes up a collision domain?
Half Duplex Transmission
Ethernet Hubs (creates a shared bus)
• Avoid designs that create a COLLISION Domain
-- Data transmission is not predictable – NOT DETERMINISTIC
• Deploying Ethernet in a collision domain architecture is NOT acceptable for Manufacturing Control applications!!!
141414© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Deploying Deterministic Ethernet Networks
• FULL DUPLEX Ethernet vs. HALF DUPLEX Ethernet
• Switches vs. Hubs
• Intelligent Switching vs. basic Switching
151515© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Half versus Full Duplex transmission
• Half Duplex
One station transmits, other listens.
While transmitting, you do not receive, as no one else is transmitting.
If someone else transmits while you are transmitting, then a collision occurs
Any “Receive-while-Transmit” condition is considered a collision
NON-DETERMINISTIC
• Full Duplex (standardized in 802.3x)
Transmit and receive at the same time.
Transmit on the transmit pair, and receive on the receive pairs.
No collision detection, backoff, retry, etc
Collision Free. No CS, no MA, no CD. Only relationship to HD is frame format & encoding/signaling method
DETERMINISTIC
161616© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Switches vs. Hubs
Ethernet 10
One device sending at
a time
Hub
All nodes share 10 Mbps
Layer 1 DomainLayer 1 Domain
Ethernet Switch
Each node has 10 Mbps
Backbone Switched Ethernet 10
Multiple devices
sending at the same time
Layer 2 DomainLayer 2 Domain
171717© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Shared Ethernet 10
Each node has 10 Mbps
Switched Ethernet 100
•Ethernet has progressed exponentially since it was first introduced
Cost
Performance
Shared Media vs. Switches
Collisions vs. Determinism
•Requirements for an scalable industrial networking solution go even farther
•Intelligent Ethernet switches enable personalized bandwidth per port
Ethernet Switching Delivers Determinism
181818© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
A C
B
2
4
1
10 Mbps
10 Mbps
• Forwards packets based on a forwarding table
Forwards based on the MAC (Layer 2) address
• Operates at OSI Layer 2
• Learns a station’s location by examining source address
Sends out all ports when destination address is broadcast, multicast, or unknown address
Forwards when destination is located on different interface
Interface
Sta
tio
ns
1 2 3 4
A X
B X
3
LAN Switch Operation
191919© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Motors, Drives,
ActuatorsRobotics
Sensors and other Input/Output Devices
Programmable Logic Controllers (PLC)
Human Machine Interface (HMI)
PC Based Controllers
Back-Office Mainframes and Servers (ERP, MES, CAPP, PDM, etc.)
Device Level Network
Ethernet
Office Applications, Internetworking, Data Servers, Storage
Corporate IT Network
Central NMS
Pager
Handheld
Scanner
Wireless Video Apps
Video Feed
Industrial Ethernet is Extended to the Control Layer
202020© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Challenges of Implementing Ethernet
Ethernet Evolution
Intelligent Services in the Network
Agenda
Availability, QoS, and Security
Summary
212121© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
• Benefits
Enhanced Productivity and Efficiency
Reduced Costs
Remote Diagnostics
Streamlined Network Infrastructure
Scalability
• Challenges
Determinism: Is the Control Data always on time?
Uptime: Is my network as resilient?
Access Control: Are authorized entities the only ones accessing the control traffic and data?
The Benefits and Challenges of Ethernet
222222© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
• Industrial Ethernet deployments must focus on three key areas for scalable deployments
Availability: Insure that network resources are resilient and scalable
Quality of Service: Provides assurance of low latency and delay of the Control Data
Security: Protect the factory floor data and network resources from threats and/or unauthorized access
• By implementing these functions, Industrial Networks will institute a solid foundation for supporting incremental applications and solutions
Challenges to Implementing Ethernet Can be Addressed
232323© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Challenges of Implementing Ethernet
Ethernet Evolution
Intelligent Services in the Network
Agenda
Availability
QoS
Security
Summary
242424© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Core
Distribution
Access
Core
Distribution
Access
Ring Topology
Distribution
Core
Access
Dual Homed Tree Network Design
Traditional Redundant Network Designs
252525© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Logical Industrial Ethernet Template
SiSi SiSi
SiSi SiSi
Access/Client Layer- IGMP Snooping will be employed to control multicast Producer/Consumer communication model
Distribution/Access Layer- 802.1D, 802.1W and 802.1S will be employed to ensure layer 2 convergence <= 50ms.
VLAN 102VLAN 103
VLAN 104VLAN 105
VLAN 101
Core Layer- RMON, CDP,NTP and SNMP will be employed to aid in management.
In all instances where applicable a QOS template should be engineered and deployed. A minimum configuration to classify traffic at the access layer must be employed to ensure a QOS template in the future.
Backbone Network
CellCell
ZoneZone
CellCell
262626© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
• IEEE 802.1w standard providing sub-second redundant link resilience (Non Timer Based)
• Eliminate forwarding delay on point-to-point links using explicit handshaking protocol
Learning
Forwarding
Blocking
Forwarding
20 sec
Listening15 sec
15 sec
Blocking
802.1d 802.1w(p2p link) < 1 sec
Proposal-AgreementHandshake
What is 802.1w? Inter-Switch Determinism
272727© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
• Most Proprietary convergence schemes disable or cannot support Spanning Tree
• Disabling Spanning Tree can cause loops in the network.
• Control Networks can now rely on a standards base method for sub-second convergence
• Backward compatible with 802.1D (Spanning Tree Protocol) allowing for a direct connection with traditional data networks
IEEE 802.1w in Control Networks
282828© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Mb
ps
Producer-Consumer
Multicast Traffic
Unicast Traffic
No. of Control Devices
Mb
ps
Traditional Multicast
Unicast Traffic
Multicast Traffic
No. Multicast Users
Traditional vs. Producer-Consumer Multicast Models
292929© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
• A Layer 2 switch will flood multicast packets to all ports within the same VLAN by default
• An Intelligent switch will “Snoop” or intercept IGMP Joins and Leaves received on interfaces from hosts
• Traffic is forwarded only to those ports which have “Joined” the multicast group
• Traffic continues to be forwarded until the client issues a Leave Message at which time the switch will stop forwarding traffic on that port.
• When all nodes have “left” the particular group, the multicast router will prune off the traffic
IGMP Snooping and Intelligent Ethernet
303030© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
• Without IGMP Snooping hosts (I/O Devices) can be overwhelmed by traffic not addressed to them
• In a Consumer-Producer Model traffic grows exponentially with the number of hosts unless multicasts are constrained
• IGMP Snooping provides scalability for Consumer-Producer Data Models by limiting the amount of multicast traffic
• Performance benefits of the Consumer-Producer model are maintained (all consumers have equal access to data)
Mb
ps
Producer-Consumer
Multicast Traffic
Unicast Traffic
No. of Control Devices
Multicast with IGMP Snooping
IGMP Snooping Summary
313131© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Challenges of Implementing Ethernet
Ethernet Evolution
Intelligent Services in the Network
Agenda
Availability
QoS
Security
Summary
323232© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Data Collection
Mission-Critical (Control)
Back Office
Configuration (File Transfer)
• Classification
• Policing
• Congestion avoidance
What Is Quality of Service (QoS)?
QoS enables determinism in Industrial Ethernet deployments
333333© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Aggregation
Speed Mismatch
10 Mbps
1000 Mbps
• Points of substantial speed mismatch and points of aggregation
• If a buffer fills it is not possible to place new traffic into it DROPS!
• Increasing the size of the buffer can help avoid drops but introduces delay
Why QoS? Congestion,Control Operational Determinism
343434© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Control Control VideoVideo Data (Best-Effort)
Data (Best-Effort)
VoiceVoice
BandwidthBandwidth Low to ModerateLow to
ModerateModerate to High
Moderate to High
Moderate to High
Moderate to High
LowLow
Random Drop Sensitivity
Random Drop Sensitivity
HighHigh LowLow HighHigh ModerateModerate
Delay SensitivityDelay Sensitivity
HighHigh HighHigh LowLow Moderate to High
Moderate to High
Jitter SensitivityJitter Sensitivity HighHigh HighHigh LowLow HighHigh
Not All Traffic Is Created Equal
353535© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Application
Device Profiles
L2 Data Link
L1 Physical
IPV4 ToS L3 Network
L4 Transport
Physical Layer
EtherNetMAC/LLC
IP
TCP UDP
Message Routing, Connection Management
Data Management ServicesExplicit Messages, I/O Messages
Application Object Library
Semi-conductor
Valves Drives Robots Other
Fieldbus Specific
QoS Parameters
802.1Q/p CoS802.1Q/p CoS
Quality of Service and the OSI Model
363636© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
ClassificationPolicing/Metering
Marking
Queue/Schedule
Congestion Control
INGRESS ACTIONS EGRESS ACTIONS
Distinguish Traffic by examining L2-L4 labels and QoS fields.CoS changed depending on trust state at port.
Ensure conformanceto a specified rate
DSCP-CoS or CoS-DSCP mapping 4 queues/port with
Priority scheduling
• QoS classification based on Layer 2/3/4 attributes:
• Destination MAC Address• Ethertype• Source / Destination IP Address• TCP / UDP Source or Destination Port Number
Aggregate QoS Model for Industrial Ethernet
373737© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
An Example: EtherNet/IP Model
UDPUDP
ARPARP IP RARPRARP
ICMPICMPOSPFOSPF
TCP
FTP HTTPBOOTPDHCPSMTP SNMP
IGMPIGMPIGRPIGRP
IEEE 802.3 Ethernet
Application
Data LinkPhysical
Network
Transport UDPUDP
IP
TCP
CIP
ExplicitMessaging
Real-timeI/O Control
Priority on Control Traffic (UDP Port 2222) guarantees that there will not be delay or jitter affecting any control functions such as interlocking
Control traffic can be tagged at L2 or L3 depending on the existing network architecture
383838© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
• QoS enables low-latency of Control Traffic guaranteeing a deterministic behavior for critical control data
• L2-L4 packet inspection and tagging should be used to establish traffic priorities
• Buffer management is a key part of QoS
• As networks evolve to support more services QoS becomes even more critical
• QoS is an essential component for scalable deployments
QoS Benefits Industrial Network Deployment
393939© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Challenges of Implementing Ethernet
Ethernet Evolution
Intelligent Services in the Network
Agenda
Availability
QoS
Security
Summary
404040© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Security in IP Networks
• Any IP network that does not implement the appropriate security mechanism is susceptible to intrusion
• Intrusion by malicious entities can potentially bring down a network and capture key competitive information
• Large scale secure EtherNet/IP networks are successfully deployed today in numerous critical services (financial, medical, process control, etc.)
• Intelligent Ethernet Switches support security features that work at different layers to identify, prevent, and alert malicious or unauthorized activities on the data network
414141© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Intelligent Ethernet and Security
• Security FiltersInspection and classification of L2-L4 packets can insure that only the authorized MAC and IP addresses go through the switch. L4 port inspection can insure that only the authorized applications are running.
• Port SecurityProvides a means to ensure the appropriate user is on the network by limiting access based on MAC addresses
• 802.1x authenticationProtects network access by allowing RADIUS server to
authenticate user allowing/disallowing access to the network
424242© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
•MAC Address NotificationProvides an alert to a management station so that network
administrators know when and where users came on to the network and can take appropriate actions
•AAA control and central Management
•SNMPv3Provides network security by encrypting administrator traffic
during SNMP session to configure/troubleshoot switch
•Secure Shell (SSH)Encrypts administration traffic during Telnet sessions while
configuring or troubleshooting switches
Intelligent Ethernet and Security
434343© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Challenges of Implementing Ethernet
Ethernet Evolution
Intelligent Services in the Network
Agenda
Availability, QoS, and Security
Summary
444444© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID
Intelligent Ethernet Enables
• Reduced operational and capital expense by leveraging a single, common network infrastructure
• Connectivity and real-time decision making in a secure environment
• Network availability and reliability
While maintaining industrial grade networking and connectivity
454545© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID 454545© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID