Technical Track www.odva.org

User Perspective:

Single hop inter-VLAN routing – a capability that EtherNet/IP I/O can take advantage of – a feature that suppliers of advanced, managed, industrial Ethernet switches should consider implementing. Gary Workman

Principal Engineer – General Motors Gary.C.Workman@GM.com

Technical Track 2014 Industry Conference & 16th Annual Meeting page 2 © 2014 ODVA, Inc. All rights reserved. www.odva.org

Outline

GM’s Current EtherNet/IP Network Architecture EtherNet/IP Network Size Discussion

Switching vs. Routing EtherNet/IP I/O Traffic Single Hop Inter-VLAN Routing Proposal Description Advantages / Limitations Alternatives

I/O Device Communication Needs GM’s EtherNet/IP I/O Network Architecture Summary / Acknowledgements

Technical Track 2014 Industry Conference & 16th Annual Meeting page 3 © 2014 ODVA, Inc. All rights reserved. www.odva.org

GM’s Current EtherNet/IP Network Architecture

10.0.0.11 10.0.0.21

10.0.0.202 10.0.0.201

10.0.0.200

10.0.0.1

System Switch

Processor Switch

10.0.0.12 10.0.0.22

Processor Switch

Plant Backbone Network Layer 3 Switch / Router

10.0.0.20 10.0.0.10

Technical Track 2014 Industry Conference & 16th Annual Meeting page 4 © 2014 ODVA, Inc. All rights reserved. www.odva.org

How Large Can a Logical EtherNet/IP Network Be ?

One limit to the logical size of an Ethernet network is the ability of devices on that network to tolerate extraneous broadcast Ethernet traffic.

Operational problems occurred on early installations of

EtherNet/IP networks with 300+ nodes due to ARP broadcast traffic. Two situations caused device failures:

1) A broadcast EtherNet/IP “Who’s there?” message from a newly activated diagnostic computer.

2) An IT asset inventory application running on a high performance server searching for in use IP addresses.

GM now limits EtherNet/IP networks to a maximum of 254

devices. Every device in a GM EtherNet/IP network now has a subnet mask of 255.255.255.0

Technical Track 2014 Industry Conference & 16th Annual Meeting page 5 © 2014 ODVA, Inc. All rights reserved. www.odva.org

Communicating EtherNet/IP Implicit Message Traffic Between PLCs on Different EtherNet/IP Networks

Option 1: Make one PLC be a member of two EtherNet/IP networks

Technical Track 2014 Industry Conference & 16th Annual Meeting page 6 © 2014 ODVA, Inc. All rights reserved. www.odva.org

Communicating EtherNet/IP Implicit Message Traffic Between PLCs on Different EtherNet/IP Networks

Option 2: Route unicast EtherNet/IP traffic across the IT plant network.

Technical Track 2014 Industry Conference & 16th Annual Meeting page 7 © 2014 ODVA, Inc. All rights reserved. www.odva.org

Communicating EtherNet/IP Implicit Message Traffic Between PLCs on Different EtherNet/IP Networks

Option 2: Route unicast EtherNet/IP traffic across the IT plant network.

Technical Track 2014 Industry Conference & 16th Annual Meeting page 8 © 2014 ODVA, Inc. All rights reserved. www.odva.org

Commercial Grade Router / Layer 3 Switch

Industrial Ethernet Switch

Ethernet Capable I/O Block

Ethernet Capable I/O Block

Programmable Logic Controller

Switched Communication

Routed Communication

10.0.0.10 10.0.0.11

192.168.1.11

Switching vs. Routing EtherNet/IP I/O Traffic

Note the device IP addresses

Technical Track 2014 Industry Conference & 16th Annual Meeting page 9 © 2014 ODVA, Inc. All rights reserved. www.odva.org

Switched EtherNet/IP I/O Communication

Switched Communication

10.0.0.10 10.0.0.11

I/O BLOCK MAC ADDR PLC MAC ADDR … 10.0.0.10 10.0.0.11 … User Data

Encapsulated IP Packet

Ethernet Frame

Communicating devices belong to the same logical Ethernet network

Technical Track 2014 Industry Conference & 16th Annual Meeting page 10 © 2014 ODVA, Inc. All rights reserved. www.odva.org

Routed EtherNet/IP I/O Communication

Routed Communication 10.0.0.10

Router MAC ADDR PLC MAC ADDR … 10.0.0.10 192.168.1.11 … User Data

I/O Block MAC ADDR Router MAC ADDR … 10.0.0.10 192.168.1.11 … User Data

192.168.1.11 Ethernet frame sent:

Ethernet frame received:

10.0.0.1 / 192.168.1.1

Communicating devices belong to different logical Ethernet networks

Technical Track 2014 Industry Conference & 16th Annual Meeting page 11 © 2014 ODVA, Inc. All rights reserved. www.odva.org

Routed Communication 10.0.0.10

I/O Block MAC ADDR Switch MAC ADDR … 10.0.0.10 192.168.1.11 … User Data

192.168.1.11 Ethernet frame sent:

Ethernet frame received:

Inter-VLAN

Switch MAC ADDR PLC MAC ADDR … 10.0.0.10 192.168.1.11 … User Data

Routed EtherNet/IP I/O Communication

Switch with single hop inter-VLAN routing feature

10.0.0.201 / 192.168.1.1

Technical Track 2014 Industry Conference & 16th Annual Meeting page 12 © 2014 ODVA, Inc. All rights reserved. www.odva.org

Single hop inter-VLAN routing capable switches

10.0.0.10 255.255.255.0

10.0.0.201

10.0.0.11 10.0.0.20 255.255.255.0

10.0.0.202

192.168.1.11 255.255.255.0

192.168.1.1

192.168.1.11 255.255.255.0

192.168.1.1

10.0.0.21

10.0.0.201

192.168.1.1

10.0.0.202

192.168.1.1

10.0.0.1

10.0.0.200

End devices take advantage of the single hop inter-VLAN routing feature by having their default gateway addresses point to a virtual router interface configured on the switch.

Technical Track 2014 Industry Conference & 16th Annual Meeting page 13 © 2014 ODVA, Inc. All rights reserved. www.odva.org

10.0.0.11 10.0.0.21

10.0.0.201 10.0.0.202

10.0.0.1 192.168.2.201

192.168.2.202

10.0.0.200

10.0.0.10 255.255.255.0

10.0.0.201

10.0.0.20 255.255.255.0

10.0.0.202

192.168.2.11 255.255.255.0 192.168.2.201

192.168.2.21 255.255.255.0 192.168.2.202

Combining single hop inter-VLAN Routing with trunking VLAN traffic between switches

Note the virtual router interface IP addresses and the end device default gateway addresses

Technical Track 2014 Industry Conference & 16th Annual Meeting page 14 © 2014 ODVA, Inc. All rights reserved. www.odva.org

10.0.0.201 192.168.1.1 10.0.0.202 192.168.1.1

10.0.0.1 192.168.2.201 192.168.2.202

10.0.0.10 255.255.255.0

10.0.0.201

192.168.1.11 255.255.255.0

192.168.1.1

192.168.1.11 255.255.255.0 192.168.1.1

10.0.0.20 255.255.255.0

10.0.0.202

192.168.2.11 255.255.255.0 192.168.2.201

192.168.2.21 255.255.255.0 192.168.2.202

10.0.0.200

Note the virtual router interface IP addresses and the end device default gateway addresses.

Combining single hop inter-VLAN Routing with trunking VLAN traffic between switches

Technical Track 2014 Industry Conference & 16th Annual Meeting page 15 © 2014 ODVA, Inc. All rights reserved. www.odva.org

Advantages / Limitations of Single hop inter-VLAN routing

Advantages: 1) Limited, local routing capability; 2) Multiple restricted access, privately addressed

networks can be built; 3) SNMP traffic statistics supporting private networks

are available for remote monitoring and management. Limitations: 1) Only unicast traffic can be routed; 2) Traffic is only routed for end devices that are aware

that a switch supports this service.

Technical Track 2014 Industry Conference & 16th Annual Meeting page 16 © 2014 ODVA, Inc. All rights reserved. www.odva.org

Alternatives to Single hop inter-VLAN routing

1) Implement a true layer 3 switch (more expensive and more complex solution, significant IT concerns, every device requires a unique IP address)

2) Deploy truly isolated Ethernet I/O networks (Controllers must support multiple Ethernet interfaces, Isolated I/O networks are difficult to troubleshoot)

3) Expand the size of allowable networks (every device on an existing network needs to be reconfigured, ensure every device on a large network can tolerate worst case background broadcast traffic conditions)

4) Install Network Address Translation (NAT) Gateways (cascaded NAT gateways can become difficult to manage)

5) Procure a controller Ethernet Interface card that simultaneously supports multiple IP addresses.

Technical Track 2014 Industry Conference & 16th Annual Meeting page 17 © 2014 ODVA, Inc. All rights reserved. www.odva.org

I/O Device Communication Needs

What is the value in assigning a globally unique IP address to an I/O device?

There are extremely few devices that need to or would benefit from communicating with a random Ethernet capable I/O device.

There are numerous reasons for isolating and/or securing an I/O device so that it is only able to communicate with a few other devices.

What devices need to communicate with a typical I/O device? Conversely, which devices does a typical I/O device have a legitimate and productive reason to communicate with?

A controller. A configuration device, a network monitoring device, a

troubleshooting tool. A time server, a name server, an address server.

If there is a need to communicate with a distantly remote device, it will likely take place through a security server.

Technical Track 2014 Industry Conference & 16th Annual Meeting page 18 © 2014 ODVA, Inc. All rights reserved. www.odva.org

System Switch

Processor Switch Processor Switch

Plant Backbone Network Layer 3 Switch / Router

GM’s Current EtherNet/IP Network Architecture with multiple DeviceNet I/O networks

Technical Track 2014 Industry Conference & 16th Annual Meeting page 19 © 2014 ODVA, Inc. All rights reserved. www.odva.org

GM’s Proposed EtherNet/IP Network Architecture with multiple (linear DLR) EtherNet/IP I/O networks

System Switch

Single hop Inter-VLAN routing capable Processor Switch

Plant Backbone Network Layer 3 Switch / Router

Single hop Inter-VLAN routing capable Processor Switch

Technical Track 2014 Industry Conference & 16th Annual Meeting page 20 © 2014 ODVA, Inc. All rights reserved. www.odva.org

Summary

Ethernet I/O increases the manufacturing need for IP addresses by an order of magnitude or more.

EtherNet/IP (unicast) real-time traffic can be easily and reliably routed.

Single hop inter-VLAN routing is a capability that EtherNet/IP I/O can take advantage of. It is a feature that suppliers of advanced, managed, industrial Ethernet switches should consider implementing.

Technical Track 2014 Industry Conference & 16th Annual Meeting page 21 © 2014 ODVA, Inc. All rights reserved. www.odva.org

Acknowledgements

I would like to gratefully acknowledge the help and assistance of numerous individuals from Cisco, Hirschmann, and Rockwell Automation in conducting the experiments and participating in the discussions that resulted in this presentation and the accompanying paper.

I would also like to thank ODVA for allowing me to share my findings, observations, and opinions with you.

Technical Track 2014 Industry Conference & 16th Annual Meeting page 22 © 2014 ODVA, Inc. All rights reserved. www.odva.org

Questions?