Introduction to Networking

Robust Industrial Data Communications – Made Easy

 Overview
 Team Introduction
 Introduction to Westermo
 Industrial Networking Introduction and Considerations
 Physical Layers
 How does Ethernet Handle Data?
 Switching and Layer 2
 Routing and Layer 3
 Firewalls
 Tying it all together

2
 Introductions
Dakota Diehl Benjamin Campbell
Network Application Engineer Technical Support Engineer

[email protected] [email protected]
847.453.3899 847.453.3896

3
 Who is Westermo 2020
 Founded in 1975  Flexible production with state of the
 Order Value: 60 M USD art process control
 No. of employees: 250  Sales and support units in 12
 14% R&D countries, distributors in another 36
 Extensive IPR portfolio for key  Member of the Beijer Electronics
technologies Group

4
 Industrial Networking Introduction
 Operate on the “Edge”
 Likely interfaces with the core network
 Completely different considerations
 Environmental
 Noise
 Legacy Cabling
 Focuses on “LAN” type networking
 Many Physical Layers (Layer 1)
 MAC Addresses (Layer 2)
 IP Addresses (Layer 3)
 Firewalls (Layer 3 and 4)

5
 Industrial Networking Considerations
 Tough Physical Environment
 Noisy Electromagnetic Environments
 Many Different Physical Mediums
 Fiber
 Multi-mode
 Single-mode
 Copper
 Cat 5 and better
 “Legacy” Copper
 Legacy Devices
 Serial Devices
 ISDN
 Dial-up

6
 Tough Physical Environments
 Hot
 +70 c
 Cold
 -40 c
 Dusty
 No fans to pull in dirt
 Wet
 Environmental ratings as high as IP67
 Shock and Vibration
 “Core Networking” devices won’t cut it
 Requires devices designed to live in
these places

7
 Noisy Environments and Old Cables
 High levels of Electromagnetic Noise
 Extreme spikes
 High average noise (Noise Floor)
 Cables installed for legacy systems
 RS 232/422/485
 LonWorks
 New cables cost prohibitive
 Fiber or Cat 5,6,7 is rare
 Requires a “Media Conversion”

8
 Physical Mediums
 Fiber optic is the best choice
 Expensive to install
 Relatively rare in brown field
applications
 Cat 5,6,7
 Ethernet Compliant
 Legacy cabling
 Installed for legacy systems
 Non-Ethernet compliant
 Often not shielded
 Maybe twisted pair, maybe not (50/50)
 Coax

9
 More Physical Mediums
 Wireless (WiFi)
 Only option sometimes
 Can be affected by high noise floors
 Media Conversions (Legacy Cables)
 SHDSL  PLC
 Long distances (15 km)  Extreme environments
 High noise resilience  Cable sharing
 Limited Speed  Shorter Distances
 15.3 Mbit/s  300 m
 30.6 Mbit/s with bonding  Higher Speeds
 70 Mbit/s

10
OSI Model and Packetization

Robust Industrial Data Communications – Made Easy

 OSI Model Overview

• Stands for Open Systems Interconnection

Model.
• Consists of 7 layers that explains how data
interchange occurs.
• Layers are named based on what they
manage, with each layer working with a
different form of data.
• Each layer only interacts with the layers
immediately above and below it.

12
 Layers 1 and 2

• The Physical Layer refers to the physical medium through which data
communication occurs.
• Includes Copper, Fiber, even Air as a wireless medium.
• Focuses on the conversion of binary 1 and 0s (bits) into a signal.

• Outlines the method for node-to-node data transfer, a link over which
data is transferred.
• The layer establishes and terminates connections between two
physically connected devices.
• MAC Addresses are assigned at this layer, with any physical Network
Interface Card (NIC) receiving a standardized MAC address for all
communications.

13
 Layers 3 and 4

• The Network Layer provides the means to transfer packets from one
node to another, located in different networks.
• Assigns a logical address of nodes (IP Address).
• Path determination, or Routing is enforced. Many protocols were
created to cover many different network types.

• Transport layer covers how to transfer data from source to host while
maintaining the Quality of Service (QoS).
• Reliability is maintained through flow control and error checking.
• Acknowledges failures in sent data and resend lost packets to ensure
communications are not lost.
• Firewalls exist between layers 3 and 4.
14
 Layers 5 through 7

• The top 3 layers are referred to as the “Application Layers”.

• Application is the highest layer in the OSI model, and the layer closest
to the end user. This layer interacts directly with the software
applications.
• The Presentation layer works between the Application and Session
layers to translate between data the application uses, to data that can
span the network.
• The Session Layer manages connections between computers. This layer
establishes and terminates connections between applications.

15
 Packetization

DATA DATA

DATA DATA

DATA DATA

SEGMENT SEGMENT

PACKET PACKET

FRAME FRAME

BITS

16
 DATA

APPLICATION
HEADER DATA

APPLICATION
HEADER DATA

APPLICATION
HEADER DATA

TCP
HEADER APPLICATION DATA

IP TCP
HEADER HEADER APPLICATION DATA

ETHERNET IP TCP ETHERNET

HEADER HEADER HEADER APPLICATION DATA FOOTER

01110111 01100101 01110011 01110100 01100101 01110010 01101101 01101111

17
Layer 2 Switching Concepts

Robust Industrial Data Communications – Made Easy

 Introduction to Network Switching
 In network communications, traffic between nodes can result in collisions of packets,
rendering information useless.
 Hubs expand these collision domains, adding more chances of mangled packets.
 Switches segment the collision domain between the node and the switch by directing
traffic to only go to the intended recipient rather than over broadcast.
 All data is sent through “Frames”, which list the Source and Destination MAC Address.
Switches learn the MAC Addresses of the connected nodes.
 VLANs can be implemented to add security and further segment a network in Layer 2
Switching.
 Protocols such as Spanning Tree Protocol and FRNT add redundancy to switched
networks while avoiding broadcast storms.

19
 Hub vs Switch
B

A
C
• With a Hub, all traffic is broadcasted (sent to all
connected nodes) regardless of destination.
D
20
 Hub vs Switch
B

A
C
• The Switch only sends traffic to the intended recipient
based on information in the Frame.
D
21
 Switching and Frames
 In a Layer 2 Environment, all data is sent in the form of Frames.
 Frames are a type of data transmission unit containing a single network packet.

Destination Source
VLAN Tag Type Data FCS
Address Address

• Destination Address: The physical address of where the frame is going.

• Source Address: The physical address of where the frame came from.
• VLAN Tag: Information that specifies what VLAN the frame belongs to.
• Type: Specifies the protocol type of network, typically Ethernet.
• Data: The payload including all the data and information requested.
• FCS: Frame Check Sequence, or error checking.

22
 MAC Addresses
 Media Access Control Address is a unique identifier assigned to every Network
Interface Controller.
 Also known as a “Physical Address” or “Ethernet Hardware Address"
 6 pairs of hexadecimal values or Octets, separated by “ : ”
 Made up of 2 parts: OUI and NIC Specific
 OUI (Organizationally Unique Identifier) is first 3 octets of MAC Address
 Denotes a manufacturer of NIC or node
 NIC Specific are remaining 3 octets that are a unique number given to each device.

EC:B1:D7:9A:E9:D2

OUI NIC Specific

23
 MAC Address Table
 Switches automatically build tables assigning MAC addresses to ports.
 When a frame is received it holds the Source MAC address.
 The switch then assigns the port the frame came through to that MAC address.
 Also uses the VLAN Tag portion of the frame to assign the VLAN the port belongs to.

VLAN MAC Address Port

1 00:07:91:21:23:8C Fa0/1

1 00:12:9E:5C:EE:D7 Fa0/2

10 00:1D:9D:5D:37:55 Fa0/3

10 00:20:2E:3B:24:76 Fa0/4

24
 VLANs
 VLAN, or Virtual LAN, or Virtual Local Area Network segments a single broadcast
domain.
 Several physical devices can all share the same network while being separated by
VLAN software controls.
 “Pipes inside a pipe”
 Adds security, performance, and can organize a complex network.
 Frames are tagged with a VLAN ID to define what VLAN they belong to.
 VLANs can be configured to apply to either a physical port on the switch (Static VLAN)
or to all traffic coming from a specific MAC address (Dynamic VLAN).

25
 VLANs

26
 Layer 2 Redundancy
 When learning MAC Addresses, a switch broadcasts all traffic for the first time.
 These broadcasts can propagate and flood the network in a “Broadcast Storm” when
a loop is made between multiple switches.
 Protocols exist such as Spanning Tree Protocol (STP) and Fast Reconfiguration of
Network Topology (FRNT) that automatically disable a link to prevent Broadcast
Storms and only enable it when another link is detected to go down.
 In networks without these protocols configured, it’s very important to avoid looping
the network.

27
 Broadcast Storms

28
 Broadcast Storms

29
 Broadcast Storms

30
 Broadcast Storms

31
 Broadcast Storms

32
 FRNT

33
 FRNT

34
 Layer 3
Westermo North America

Robust Industrial Data Communications – Made Easy

 Overview
 IP Addressing, Subnets and Ports
 Basics of Routing
 Firewalls
 Tying it all together
 Address Resolution Protocol (ARP)

36
 IP Addressing
 IP Addresses
 Not burned into the hardware
 Divided into 4 octets
 Required for any IP routing functions
 IPv4 still most common in industrial
 IPv6 becoming more common in core
networks
 Private vs. Public Addresses
 192.168.0.0 – 192.168.255.255
 172.16.0.0 – 172.31.255.255
 10.0.0.0/8 – 10.255.255.255

37
 Subnetting
 Defined by a Subnet Mask
 32 bit number like an IP Address
 Used to logically divide IP Networks
 Segregates a physical network into
smaller logical subnetworks
 A “filter” of sorts
 Helps a device determine if the host it
wishes to reach is in the same network
 Controls how many hosts can be on a
network
 Requires a router to communicate
across subnets

38
 Ports
 The “room number” at the hotel
 Paired with an IP Address
 192.168.1.1:80
 Many network applications running on
the same computer
 Each application would be “bound” to
a port
 Web Server : 80
 SSH : 22
 FTP : 21

39
 Routing Basics
 Allows communications between subnets or VLANs

 Device 1 wants to talk to Device 2

 Device 1 will calculate that Device 2’s IP address is outside of its subnet.
 Device 1, who’s default gateway is the router, sends the packet to the router.
 The router will realize that Device 2 lives on VLAN2 and will route the packet to
Device 2 on that subnet.
 If the communications are 2 way, the exact same thing happens in reverse from
Device 2.

Device 1 Device 2
192.168.0.100 VLAN1 VLAN2 10.2.1.50
255.255.255.0 255.0.0.0
VLAN1: 192.168.0.1
VLAN2: 10.0.0.1
40
 Firewalls
 Controls what data can enter or leave
a network
 Work on a “deny by default” policy
 Only traffic that is explicitly allowed is
passed thru the firewall
 Different kinds
 Port Based
 Port 80 is allowed in
 Host Based
 10.0.1.2 is allowed
 10.0.0.0/24 is allowed
 Deep Packet Inspection
 Looks at the data in a packet
 Requires a lot of “horsepower”
41
 Generally standalone appliance
 Address Resolution Protocol
 The glue that ties Layer 2 to 3
 “Links” a MAC Address to an IP
 Switches, Routers, Computers all rely on this. Any network device.
 Expire after some time. Different from operating system to operating system.
 Cleared after reboot.

When a device wants to send a message to a device that it’s never talked to, it will only have
it’s IP address. The device will send a layer 2 message to all devices asking, “who as IP
Address aaa.bbb.ccc.ddd”. If a device has that IP it will respond saying “IP Address
aaa.bbb.ccc.ddd is at MAC Address eee.fff.ggg.hhh”.

42
 Next Webinar in February! Cyber Secure focus, coming on 2/27.
See Westermo’s Website under News and Events for more details.

43
 Robust Industrial Data
Communications – Made Easy

44