Ethernet was once considered only for white-collar office networking, but its working brothers - often referred to as industrial Ethernet - is quickly transferred to the industrial field. According to the report Research Automation and Consulting Group (ARC Advisory Group) and Ethernet is becoming the choice of technology for manufacturing control networks. ARC is expected in the next five years, there will be millions of industrial equipment based on Ethernet, the deployment in automation manufacturing applications of the company.

In the network standard that is widely understood today, Ethernet for industrial sectors can achieve a number of benefits including cost savings, improving the availability of information and applications across a broad range of multi-elastic support in the industrial field. Only the deployment of an Ethernet-based industrial networks is not enough, but also to maintain high performance and high security network, so to implement intelligent Ethernet services.

network intelligence network involves three key areas of optimization: reliability, certainty and security. An example of the intelligent network is Ethernet / IP, which is the leading industrial network open one, provides a number of industrial properties and support for TCP / IP / UDP standards, and has launched a series of services based on the industrial scene.

Reliability and Availability

Industrial Ethernet is reliable and available, determine continuous and sustained manufacturing. According to site maintenance experience, a lot of problems in network design and installation of wiring cables. To follow the principle of designing and installing the wiring, comprising: a power line and a signal line insulation slots having a frame pattern or range; wires also have to avoid high-power motor, inverter, contactors and fans like; shielded signal line using Ethernet UTP network; duplex communication method; a single multi-wire armored mode ground; network load within 35% of the control; hostile environment to use shielded cable; special environment for an IP67 waterproof connector, terminals, and / or other switches.

common best practices include:

1. According to the wiring design of industrial network standards.

2. Selection and use of good quality cables and connectors.

3. Write and save wiring project documents.

4. layout design verification.

The cable, connectors, terminators and encoder marker installation.

6. Grounding and potential shielding line.

7. Install the validation and acceptance test.

Also, if a network link failure occurs, you should be able to recover quickly. The standard supports two types of Ethernet network redundancy: Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RTSP). These protocols are designed to allow you to adjust the network topology by resetting the data path "from point A to point B" for each device connected to the Internet. On Ethernet, STP should be a default behavior, RSTP can be configured so that network recovery time can be reduced to the second level.

It is described above for IT networks or redundant Ethernet technology used in the office environment, but for industrial Ethernet, the recovery time of several seconds is far from meeting the requirements can not be used. Therefore, the recent launch of the IEC standard IEC 62439: high availability automation networks, which recommended six redundancy protocol, the time of these switching networks reach a thousandth of a second, or even a subtle level. Are they:

1. Media Redundancy Protocol (Media Redundancy Protocol (MRP), which is based on ring protocol topology retrieval.

2. Parallel Redundancy Protocol (Parallel Redundancy Protocol, PRP) is the redundancy protocol in the device, a terminal node is connected to the parallel operation of the two and the LAN with similar characteristics, when the transmission link or switch fails to achieve fast switching.

3. Inter-network Redundancy Protocol (CRR) is a predetermined network protocol based on a redundant copy of the implementation of the protocol on the endpoint node, and the switch based on network redundancy is relative.

4. Redundancy Protocol beacon (Beacon Redundancy Protocol, BRP) is a standard Ethernet network in ISO / IEC 8802-3, IEEE 802.1 and redundant infrastructure technology.

5. Distribution Redundancy Protocol (Distributed Redundancy Protocol, DRP) is to achieve high-availability standard technology automation network independent of China's intellectual property rights. DRP based on ISO / IEC 8802-3 and IEEE 802.1, to achieve communication link redundancy.

6. Circuit Redundancy Protocol (PVR).

O user must select the appropriate high-availability network according to the actual needs of the plant.

Deterministic and real-time

Ethernet / IP operation using the familiar "producer / consumer" model is called, in which the intelligent devices to send data stream to the network, so that any device you want to read this data can get it. To achieve this means of communication, Ethernet / IP uses the standard TCP / IP stack function "multicast" (also called multicast). By default, the default multicast data transmitted to each device on the network. In some automated configuration, the user needs to reduce the load on the network, or may require only the region data using multi-diffuser communication device.

Two types of intelligent switching capabilities to limit communication foundation: Virtual Local Area Network (VLAN) and Internet Group Management Protocol (IGMP). Multicast VLAN bound, can only transmit information to a specific network. Switch supports snooping IGMP does not need to transmit data to your device. Very easy to configure VLAN, IGMP listener needs to be enabled as standard behavior.

A common misconception is not deterministic Ethernet technology. You should make some clarifications. Use the full-duplex transmission switch has reached the certainty level for most applications, it is to meet the requirements, as well as half-duplex transmission using a hub can not provide any level of certainty, so it should be avoided if possible. Especially in the case of data transmission overhead, the network needs to ensure security how to configure it? This is the quality of service (QoS) issue to be solved.

QoS standard provides more data needs to "align." Queuing priority level can be predefined for different data types. For example, the highest queued level assigned to critical data (such as control information). This ensures that information is always a higher priority than other transport packages, to ensure real-time information control over the network, even in very crowded, they also maintain network performance. Other types of communication assigned a lower priority. For example, the next priority is assigned to the alarm, then the configuration, performance monitoring and health diagnostics.

The QoS parameters can be assigned many variables:

1. the priority of the packet, which is called the IEEE802.1p standard, which represents a 4-byte increase in the standard Ethernet frame, of which three bits can be used to set the priority level, the priority level four are: 1 & 2: Low, 0 & 3:, 4 & 5: High, 6 & 7: Management. Classifying the received data packet is completed by the packet priority priority classification function. When data communication is loaded, this feature prevents that the high priority data is low priority data interference. When an overflow of memory or transmission channel, the low priority data is discarded.

2. port priority, real-time industrial Ethernet, using a technique called industrial manageable Ethernet switches, provided by the port, the priority level can be set switch ports, after loading priority information to the switch, does not require special terminal device software can handle this priority function. Without packet priority information (priority or no VLAN tag), port priority can be transmitted. The priority can be set separately for each port, the package: 0 = low priority, high priority = 7.

Figure 1: Four bytes attached to the IEEE 802.1p standard

Using the segment, the multi-layer network model can improve network performance in real-time, for example, in the unit / region, designed as a plurality of smaller local area networks and virtual LANs (VLANs) to better manage network, deterministic communication.

Recommended best practices are as follows:

1. Improve real-time performance through message priority (IEEE802.1p), port priority, VLAN tag (IEEE802.1q), and traffic control in Quality of Service (QoS).

2. Use a managed switch. Use Gigabit Ethernet interfaces on the backbone / uplink to reduce latency and signal disturbances.

3 Use IP multicast, multicast delivery, reduce point-to-point transmission, and control load traffic.

4 Small, multi-layer network design ensures data transmission is assured.

Security and integrity

Whether the transfer of device data to industrial field device ensures safety and integrity is especially important in functionally safe systems. With the deep understanding of the functional safety system, we know that to ensure the SIL system level

the same SIL level must be guaranteed in all aspects of the system loop, eg the sensor, controller and actuator must select the same SIL level. To ensure the system's security level, otherwise the SIL will appear on the system board.

Similarly, with the expansion of the physical size of the system and the distribution of the control system, it became unavoidable to use the network connection function security component, thus increasing the network function security problem, otherwise the network will become a functional safety system board. To this end, the IEC defines a Fieldbus or functional safety net in IEC 61784-3: Industrial Communication Network - Profile 3, the eight existing buses or networks are as follows:

1. FF-SIS: based on the first type of communication profile (CP1) FF Fieldbus Foundation;

2. CIP security: CIP public industry agreement based on the second type of communication profile (CP2);

3. PROFIsafe: based on the third type of communication profile (CP3) PROFIBUS, PROFINET;

4. INTERBUS safety: Based on INTERBUS sixth type of communication profile (CP6);

5. CC-Link Safety: based on the eighth type of communication profile (CP8) CC-Link;

6. POWERLINK Ethernet security: based on the thirteenth type of Ethernet POWERLINK communication profile (CP13);

7. EPASafety: based on the fourteenth type of EPA communication profile (CP14);

8. SafetyNet: Based on the 18th type of communication profile (CP18) SafetyNet.

Security features here field or network bus, the network does not involve the use of special equipment and a network cable is connected, but the increase in the original data transmission network diagnosis, if it is found data error, or receive and send data Inconsistent, it is necessary to reuse the alarm in a timely manner to ensure the accuracy of the data. For example, in the CIP Safety agreement, five methods are used to diagnose nine common errors, as shown in the following table:

Table 1: Five types of detection methods can detect 9 types of communication errors

In addition, when referring to the safety (security) of Industrial Ethernet, there are usually two issues of concern. The first question at the factory level, some private firewall and virtual network (VPN) deployment, to protect the entire plant against the threats from outside. The second problem is that in the actual production line, in the embodiment in which the network is protected from insertion independently of the plant data for the data produced in the past.

For example, a production line only needs to transfer control and configuration data - a large Internet file should not be downloaded through the production network. If an employee accidentally connects a laptop to the wrong network port, the laptop will not be able to transfer data to the production network.

These problems can be solved by using a smart service called Access Control Service. Access Control Lists (ACLs) restrict access based on predefined parameters based on the same QoS variables. A protected network does not block any data with authorized ports, devices, networks, or applications.

The information flow between the different industrial control network system to be classified transfer, interfere with each other, so that the field of control information ensures that other data is not inserted, ensure the security control operation.

Access of external computers to industrial control systems requires the provision of security services. The company's industrial control system network is relatively closed. But sometimes the need to access the network through a remote computer or partners, so as to increase the firewall, to build a virtual private network is a basic solution to the problem.

The best practices for recommending isolation layers are:

1. The way to the manufacturing area is unique;

2. No communication passes directly through the DMZ (Isolation Area);

3. There is no general protocol in the logical firewall;

4. Establish functional partitions in the DMZ to access data and services in segments (for example, partner area);

5. There is no control communication in the DMZ (or a very small amount, not exceeding the DMZ specification);

6. Limit the external connection of the DMZ;

7. Identify appropriate application trust and security domains and maintain security policies, such as firewalls.

Figure 2: Layers and insulation of industrial networks of industrial companies

A robust and intelligent network builds a strong industrial system. The network has the flexibility to handle any IP-based technology. For example, IEEE 802.11 wireless applications will eventually merge into the same infrastructure.

Looking to the future

A solid and intelligent network is superior

to a standard industrial Ethernet system. The network infrastructure can incorporate a variety of technologies based on the TCP / IP standard. 802.11 wireless Ethernet standard a / b / g applications can now be integrated into the same network architecture. Voice over IP (VoIP) networks can also be easily deployed on this network. In the end, the coaxial cable video network in the original factory can also be upgraded to this fully IP video mode.

Figure 3: Business Reference Network provided in IEC 62443

All such networks (production, wireless, sound, and video) must be logically separated and protected: data for these applications should not be mixed. As they deploy the same network hardware and software technology, the overall costs of installation and operation are greatly reduced, making the company extremely competitive.

Ethernet is an exciting technology that benefits the industry. It is important to deploy an intelligent Ethernet network that supports an integrated architecture that addresses the reliability, determinism, and security issues that need to be addressed in the industry. When all applications within a company run on a scalable, high-performance Ethernet platform, the invested money is quickly recovered.

-