Industrial Ethernet requires specialty knowledge and practices, unlike Ethernet for home and office. If you are installing or operating an industrial Ethernet network, here are your need-to-know essentials about cabling, signal quality, ground loops, switches, and traffic.
Industrial versus Enterprise Ethernet – Office and home Ethernet – is known as Enterprise Ethernet. Industrial Ethernet is a new breed, requiring specialty knowledge and practices.
BASIC DIFFERENCES BETWEEN INDUSTRIAL AND ENTERPRISE ETHERNET
- Industrial Equipment uses less power
- Usually half of what an Enterprise Switch requires per port
- Noise & Space
- Industrial Ethernet is fan-less, or convection cooled
- Enterprise Ethernet uses fans
- Fans equal more noise
- Fans Use more electricity
- Manufacturing Standards
- Industrial Ethernet uses temperature hardened chip sets
- Higher Temperature Standard
- Longer Product Life
- High Quality designs and engineering
- Higher standards of Security
- Industrial Ethernet uses temperature hardened chip sets
- Enterprise Ethernet uses standard low-grade chip sets
- Much lower Temperature Standard
- Shorter Product Life
- Low Quality designs and engineering – fits in a pizza box
- Lower standards of Security
- Enterprise Ethernet uses standard low-grade chip sets
Question – Does your switch manufacturer offer a 5 Year Warranty?
Question – Does your switch manufacturer offer a Secure Chassis?
If you are installing or operating an industrial Ethernet network, here are some essentials you need to know about cabling, signal quality, ground loops, switches, and traffic.
CABLING IS BASIS
As in all networks, your industrial Ethernet network is only as good as its cabling. Unlike an office or home environment, industrial applications are often electrically noisy places. In addition to high electromagnetic interference (EMI), these environments are subject as a class to temperature ranges, dust, humidity, and a host of other factors not normally found in a home or office.
So, what is the right choice of cable? In your office, commercially rated cable like Category 5 is good for up to 10 MB, and Category 5e is good for up to 100 MB. The ANSI/TIA-1005 standard states that Category 6 or better cabling should be used for hosts or devices that are exposed to an industrial environment. Category 6 cable is good for up to 1 GB at 100 meters and 10 GB at 55 meters. Category 6e cable can do up to 10 GB at 100 meters.
Compared to Category 5 and 5e cables, Category 6 cable is generally less susceptible to cross talk and external EMI noise. Cable manufacturers make industrial Ethernet cable that is also less susceptible to physical deterioration in the harsher industrial environments. When installing Category 6 cable, make sure that the RJ45 ends and jacks are also rated for Category 6, or you will be defeating the purpose of your Category 6 cable. For the best results, wherever possible use premade patch cables for short runs, with factory installed connectors. For long runs you will need to install jacks. Use the best cable possible if your network supports video. (Cat 5E or better)
CABLES, SHIELDING, BONDING & GROUND LOOPS
To shield or not to shield, that is the question. The answer is sometimes yes, but if you do, you better do it properly. Improperly installed shielded cable can create more problems than it solves.
Shielded Ethernet cable may perform better in high EMI environments if run outside of conduit. The key to the use of a shielded cable is in proper grounding (aka Bonding) . One ground reference is essential. Multiple ground connections can cause what is referred to as ground loops, where the difference in voltage potential at the ground connections can induce noise on the cable.
A ground loop can wreak havoc on your network. To get this right, use a grounded RJ45 connector on only one end of the cable. On the other end use a nonconductive RJ45 connector to eliminate the possibility of ground loops.
If your Ethernet cable must cross power lines, always have it do so at right angles. Separate parallel Ethernet and power cables by at least 8 to 12 in., with more distance for higher voltages and longer parallel runs. If the Ethernet cable is in a metal pathway or conduit, each section of the pathway or conduit must be bonded to the adjacent section such that it has electrical continuity along its entire path. Engineer your pathways to avoid EMI problems.
Route Ethernet cables away from equipment that generates EMI. This includes things like motors, motor control equipment, lighting, and power conductors. Within panels, separate Ethernet cables from conductors by at least 2 in. When routing away from EMI sources within a panel, follow the recommended bend radius for the cable you are installing.
ETHERNET HUBS AND SWITCHES
If you are looking for problems on an industrial Ethernet network, hubs would be your first choice. Never, ever use a hub in an industrial Ethernet environment. Hubs are nothing more than multiport repeaters. You should have eliminated the use of hubs years ago.
Removing the use of hubs leaves the choice between managed and unmanaged switches. While managed switches are generally preferable, they are also more expensive than unmanaged switches. Look at how a switch operates and compare the managed and unmanaged varieties.
Every device on your network has a unique identifier, referred to as a media access control (MAC) address. (See device label) This is the key to the much more discriminating behavior of a switch compared to a hub. When a switch first powers up, it initially behaves like a hub broadcasting all traffic everywhere. As devices pass information between ports on a switch, it watches this traffic and figures out which MAC address is associated with which port. It places this information in a MAC address table. This is the mechanism the switch uses to figure out the MAC address of a device connected to a particular port; it will watch for information intended for that MAC address and transmit such information only to the port associated with that address located within the data packet.
An industrial Ethernet network carries three types of traffic. Unicast traffic routes from one point to another point. Multicast traffic routes from one point to many points. Broadcast traffic routes from one point to all points.
Once a switch has built its MAC address table, managed and unmanaged switches treat unicast and broadcast traffic identically. Generally, you should keep broadcast traffic under 100 broadcasts per second, at a bandwidth of 100 Mb. Broadcasting is an integral part of any network. Examples of items that may initiate broadcasts are devices like print servers, announcing themselves periodically to the network. It is important to control broadcasts in any network.
Note: When purchasing a Manage switch – buy only vendor switches that display the MAC table. It makes troubleshooting problems much easier.
IGMP SNOOPING: MULTICAST
One of the primary differences between managed and unmanaged switches is how they treat multicast traffic. Multicast traffic typically comes from smart devices on plant floor process networks, in a connection-oriented producer-/consumer-based technology. In this context a connection is simply a relationship between two or more nodes across a network.
A switch will, by default, flood multicast traffic to all the ports in a broadcast domain (or the VLAN equivalent). Multicast can cause unnecessary load on host devices by requiring them to process packets they have not solicited. When purposefully exploited, this can form the basis of a denial-of-service attack. IGMP snooping is designed to prevent hosts on a local network from receiving traffic for a multicast group they have not explicitly joined. It provides switches with a mechanism to prune multicast traffic from links that do not contain a multicast listener (an IGMP client).
Essentially, IGMP snooping is a layer 2 optimization for the layer 3 IGMP. IGMP snooping takes place internally on switches and is not a protocol feature.
IGMP snooping allows a switch to only forward multicast traffic to the links that have solicited them. Snooping is therefore especially useful for bandwidth-intensive IP multicast applications such as IPTV.
EtherNet/IP (an Ethernet industrial protocol managed by ODVA) is an application layer communication protocol that uses this technology. This protocol, used by many automation vendors, is based on ODVA’s Common Industrial Protocol (CIP). Industrial products you might find in a multicast group include flowmeters, variable-speed drives, and scales. Each of these items produces process data and consumes configuration data.
A device needs to be a member of a multicast group to receive group data. All members of the group receive data. You do not need to be a member of a group to send data to the group. The main problem with multicast traffic in a producer/consumer model is that traffic grows exponentially with the number of hosts. This is where the managed switch comes in.
A managed switch can turn on Internet Group Management Protocol (IGMP) Snooping. Here is how it works. When enabled, IGMP Snooping sends out broadcast traffic to determine the members of any multicast groups. Using this information, combined with the MAC address table, allows a managed switch to route multicast traffic only to those ports associated with members of a multicast group. An unmanaged switch treats multicast data the same as broadcast data and sends it everywhere.
If your network has multicast traffic, a managed switch is an absolute must, and worth the extra price you will pay for it.
MIRRORED PORTS, TROUBLESHOOTING
There are other reasons to consider a managed switch. This class of switches usually provides error logs, control of individual port speeds, duplex settings, and the ability to mirror ports. These extra capabilities allow more precise control of network behavior and can be an invaluable aide in troubleshooting issues that will certainly occur on the network at some point.
Speaking of troubleshooting, when network performance issues occur, the first suspect often is the switch. While physical failures can and do happen with any piece of equipment, the switch rarely is the core of most network performance problems. Switches tend to be the lowest latency points in a system, typically operating 10 to 50 times faster than all other network components.
While there is excellent software to help troubleshoot network performance issues, most of it can only see broadcast and multicast traffic. That is fair enough, because many performance issues are caused by unrestrained multicast traffic or excessive broadcast traffic. If you need to examine unicast traffic for any reason, port mirroring is the only way to do so.
So, are there times when it is OK to use an unmanaged switch? Yes, provided there is no multicast traffic on the network. On small, simple networks with a few devices, many people will still use unmanaged switches. Sometimes they take half-steps and combine the two, having a few remote devices on an unmanaged switch, which then feeds into a managed switch.
As a general practice for networks of more than a few nodes, go with a managed switch. You will have better network control, security, and management.
ANALYZERS AND MONITORS
Once the network is assembled, you will need a way to maintain and monitor it. It is so easy to create unintended cross-connections that expose a plant floor process network to unintended broadcast traffic, sometimes just a matter of connecting port “A” on switch 1 to port “B” on switch 2. While Joe from finance may be quite happy that he can directly transfer production data from the control system into his spreadsheet, doing so may allow Sheila’s new application in accounting to broadcast traffic that is slowing your plant floor graphic terminals to a crawl.
There are a couple of types of software that you can use to help manage things when eventual trouble occurs. To take a low-level look at a port, DYMEC recommends Wireshark. It is a popular and free open source packet analyzer that runs on most common platforms. There are a host of other similar products, open source and commercial, with various features sets and benefits commonly available for packet analysis. As a class, they provide packet level data captures giving visibility into the nature of the traffic on a network node.
Sometimes a broad view of your network is required. Hosts of network traffic monitoring products are available from places such as HP Network Management (formerly known as HP OpenView), SolarWinds (recommended by DYMEC), Network Vision, and many more suppliers. Each gives an excellent view of network traffic overall. With products of this sort, it is possible to quickly see which devices might be generating excessive traffic or broadcast storms, which are requesting large files, which nodes might be having connection problems, or which are becoming sluggish in response. They also help identify and document all the devices on a network.
An industrial network can be a wonderful thing. If done correctly, it can facilitate the flow of information between the plant floor and the sales floor. It is part of your core infrastructure backbone that makes so many of your organization’s efficiency and information technology (IT) initiatives possible. Following the essentials outlined here will position an industrial network for peak performance for years to come.
WHAT TO LOOK FOR IN AN INDUSTRIAL ETHERNET SWITCH?
- Security: Look for a switch built around security
- Linux or Secure Linux Platform
- DYMEC is built upon Secure Linux
- Consider using ARM Network Switches
- IEC62443 Compliant
- DYMEC is IEC62443 Compliant
- Is NSA Endpoint Secure
- DYMEC is both Endpoint Secure and Secure Chassis
- Can shut down all ports including the Console Port & Reset Button
- Ability to shut down and control all switch services – including:
- Temperature Hardened: Look for a switch built for harsh environments
- -40°C ~ +85°C
- -40°F ~ +185°F
- Wide Electrical Capability: Look for a switch built for many environments
- DC Voltage – Support for 12 Volts, 24 Volts and 48 Volts
- AC Voltage – Support for 80 ~ 264 Volts AC
- Supports both 50 & 60 Hz
- Surge Protected Power inputs
- Dual Power Inputs or Dual Power Supply
- Surge Protection: Look for a switch built for industrial environments
- Surge Protected Ports
- Surge Protected Power inputs
- Power over Ethernet (PoE): Look for a switch built to Standards
- IEEE802.3 af – 15 Watt PoE
- IEEE802.3 at – 30 Watt PoE
- IEEE802.3 bt – 60 Watt PoE
- IEEE802.3 bt – 95 Watt PoE
- Wattage delivered at 100 Meters using 48~57 Volts DC
- NSA Service Control for Access Protocol Management
- Reset Button Control to Secure Chassis
- Console Port Turn Off for Secure Network & Chassis
- Fiber Port Diagnostics
- Copper Port Diagnostics
- Secure File Transfer Protocol (SFTP)
- Access Control Lists (ACL)
- Access Control – IEEE802.1x / RADIUS / TACACS+ / SSL / SSH
- Alarm Relay
- Network Redundancy – STP / RSTP, MSTP
- Fiber Ring Technology: G.8032 ERPSv2 Self-Healing & Non-Stop Fiber Rings
- MAC Table
- Storm Control
- USB Port
- SNMP v1/v2/v3
- Event Warning & Notification
- Port Mirroring
- DHCP Server
- DHCP Relay (Option 82)
- IEEE802.1Q VLAN Support
- VLAN Q-in-Q
- IGMP SNOOPING / MLD
- NTP (Network Time Protocol)
- QoS (Quality of Service)
- PoE Control (IEEE802.3az)
- ModBus / TCP
Visit our web site: www.DYMEC.com