Designing EtherNet/IP: Machine/Skid Level

  • 562 views
Uploaded on

EtherNet/IP provides a single network technology for motion, …

EtherNet/IP provides a single network technology for motion,
safety, discrete, drives, and process applications. In this session
you will learn recommended machine level architectures with best
practices, and design considerations for typical machine control
system applications. A prior understanding of general Ethernet
concepts, or attendance of the Fundamentals of EtherNet/IP session
is recommended.

More in: Design , Business , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
562
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
42
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Rev 5058-CO900DDesigning EtherNet/IP Machine/Skid LevelNetworks
  • 2. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.EtherNet/IP provides a single network technology for motion, safety,discrete, drives, and process applications. In this session you will learnrecommended machine level architectures with best practices, and designconsiderations for typical machine control system applications. A priorunderstanding of general Ethernet concepts, or attendance of theFundamentals of EtherNet/IP session is recommended.2Session Description
  • 3. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Agenda33Selecting InfrastructureInformation Integration3Reference Architectures SolutionsBest Practices and Example ArchitecturesWhere to learn more
  • 4. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Machine level Network Considerations44Control Requirements• I/O and motion control how much how fastIntegration to upstream or downstream equipment• Line Controller• Safety interlockingIntegration of data• SQL or other servers for data collection and monitoring• Supply chain integrationRemote Access• Troubleshooting, monitoring, program changes
  • 5. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Agenda55Selecting Infrastructure5Reference Architectures Solutions
  • 6. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Advantages DisadvantagesManagedSwitchesUnmanagedSwitchesEmbeddedSwitches• Segmentation services (VLANs)• Diagnostic information• Security services• Prioritization services (QoS)• Multicast management services• Network resiliency• Loop prevention• Inexpensive• Simple to set up• More expensive• Requires some level of support andconfiguration to start up• No management capabilities• No security• No diagnostic information• Difficult to troubleshoot• No resiliency support• No loop prevention• Diagnostic information• Prioritization services (QoS)• Time Sync Services (1588 TransparentClock)• Network resiliency• Loop prevention• Limited management capabilities• May require minimal configurationSwitch Considerations
  • 7. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Topology Flexibility with EtherNet/IPEtherNet/IP is topology neutral for maximum flexibilityHYBRID – Obtain maximum flexibilityLINEAR - Simplify cable management STAR– Connect broad range of devicesRING – Maximum availability
  • 8. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Technology SegmentationControlLogix chassisStratix 8000 PowerFlex 755ArmorBlock I/OSERCOSEtherNet/IPDeviceNetPV+ EOIKinetix6000POINT I/OSafety System
  • 9. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.ArmorBlock I/OCIP Bridge SegmentationControlLogix chassisStratix 8000PowerFlex 755EtherNet/IPPV+ EOIKinetix6000POINT I/OSafety SystemEtherNet/IPSercos
  • 10. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Converged Network SegmentationControlLogix chassisPowerFlex 755ArmorBlock I/OEtherNet/IPPV+ EOIKinetix6000PV+ EOIPOINT I/OSafety SystemStratix 8300Remote User VLANControl VlanControl VLANSafety VLANControl VLANControl VLANVideo VLAN
  • 11. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Cell/Area Zone #3 Cell/Area Zone #4Cell/Area Zone #1 Cell/Area Zone #2IndustrialZoneDMZEnterprise Zone EnterpriseNetworkMobile UserLightweight AP(LWAP)AP as WorkgroupBridge (WGB)ERP, Email, Wide AreaNetwork (WAN)MODESTACKSPEEDDUPLXSTATMASTRRPSSYSTCatalyst 3750 SERIES1 2 3 4 5 6 7 8 9 10 11 121X2X11X12X13 14 15 16 17 18 19 20 21 22 23 2413X14X23X24X1 2 3 4MODESTACKSPEEDDUPLXSTATMASTRRPSSYSTCatalyst 3750 SERIES1 2 3 4 5 6 7 8 9 10 11 121X2X11X12X13 14 15 16 17 18 19 20 21 22 23 2413X14X23X24X1 2 3 4Converged Network Segmentation
  • 12. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Security Considerations Physical Access Security Disable unused switch ports Lock a port to only allow specific devices to beconnected Change passwords from default settings Access Control Lists and Firewall Features Limit access to secure areas of the network. Limit access to secure services on thenetwork Block remote access to secured devices VLANs Simplify security enforcement by creatingfunction groups Control Access by function, by user, bylocation, etc.
  • 13. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved. 13Infrastructure PerformanceBandwidth10ms RPI1 at 4ms RPI3 at 10ms RPI4ms updatesTotal 8,100 PPS (Less than 10% of bandwidth on a single link)
  • 14. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved. 14Infrastructure PerformanceJitter10ms RPI1 at 4ms RPI3 at 10ms RPI4ms updates
  • 15. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.CIP Sync – System of Clocks150000 0000 0000HIPROM GPSOB16ISOB16ISL63L63CNB/ECNB/EEN2TEN2THP-GPSHP-GPSCopyMSSGMSMS
  • 16. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Agenda16Copyright © 2009 Rockwell Automation, Inc. All rights reserved. 16Information Integration16Reference Architectures Solutions
  • 17. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Physical vs. Logical segmentation17• Isolated networks - two NICs forphysical network segmentation• Converged networks - logicalsegmentation• Benefits– Clear network ownership demarcation line• Challenges– Limited visibility to control network devicesfor asset management– Limited future-ready capability• Benefits– Plantwide information sharing for datacollection and asset management– Future-ready• Challenges– Blurred network ownership demarcation line– IP address managementControl NetworkInformation NetworkControlandInformationNetwork
  • 18. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Network Address TranslationMachine 1 NAT10.104.x.x :192.168.1.xMachine 2 NAT10.104.x.x :192.168.1.x192.168.1.104 192.168.1.10410.104.100.23192.168.1.100Within a Machine Between Machine and Line NetworkSend messageto Machine 2CMX10.104.2.100192.168.1.100
  • 19. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Connectivity to Plant Dual NIC vs. NAT19CompactLogix L4PowerFlex4/40 ACDrivePV+ or PV+CompactPlant10.10.10.10192.168.1.2 CompactLogix 5370 L3PowerFlex4/40 ACDrivePV+ or PV+CompactPlant10.10.10.10  192.168.1.2Dual NICPros:• IP Addresses private to machine• IT manage external IP address• Program does not change when IT address changesCons:• 2 Communications interfaces in controller• Web diagnostics not available outside machine• Many network services will not pass through thisgateway (SNMP, DNS, DHCP, etc.)• Knowledge of route path at the application levelNATPros:• IP Addresses private to machine• 1 Communications interface in controller• Web diagnostics available outside machineCons:• Additional cost for NAT device or switch• Some additional complexity and management
  • 20. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Connectivity to Plant IP Routing vs. NAT20PowerFlex4/40 ACDrivePV+ or PV+CompactPlant VLAN10.10.10.10CompactLogix 5370 L3PowerFlex4/40 ACDrivePV+ or PV+CompactPlant10.10.10.10  192.168.1.2IP RoutingPros:• No machine level switch configuration needed if themachine is a single VLAN• Removes “single point of failure” for NAT device• Designed to allow network services (SNMP, VPN,DNS, DHCP)Cons:• IP addressing must be unique at the machine levelNATPros:• IP Addresses private to machine (not visible outside ofmachine network)• Web diagnostics available outside machineCons:• Additional cost for NAT device or switch• Some additional complexity and managementMachineVLAN
  • 21. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Strengths and Weaknesses NAT vsLayer 3 routingCriterion NAT router IP-routingFor pre-commissioning atequipment manufacturereasily possible (+) Equipment manufacturerrequires a plannedaddress list (-)Duplication of equipment easily possible (+) IP addressing in programsmay differ (-)Avoid address collisionwith other users of privateaddresseseasily possible (+) Centralized managementof the entire addressspace needed (-)Additional maintenanceeffort for the required 1:1NAT address mappings(private ↔ public)required (-) not required (+)Failure probability NAT router is a "singlepoint of failure" (-)Low because of redundantrouter/layer 3 switch (+)Availabilty of networkservices (ie. DHCP, DNS,Remote access)difficult (-) easily possible (+)DesignandInstallOperateandMaintain
  • 22. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Remote Access Approaches22Inside-Out• RemoteDesktop• ConferenceTechnologyOutside-In• VPN• Dial-UpModems
  • 23. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Secure Remote AccessFrom Cisco and Rockwell Automation23Levels 0–2Cell/Area ZonesDemilitarized Zone (DMZ)Demilitarized Zone (DMZ)Enterprise ZoneLevels 4 and 5Manufacturing ZoneSite ManufacturingOperations and ControlLevel 3InternetEnterprise ZoneLevels 4 and 5EnterpriseWANEnterpriseData CenterGbps Link FailoverDetectionFirewall(Active)Firewall(Standby)Patch ManagementTerminal ServicesApplication MirrorAV ServerCiscoASA 5500Remote Access Server• RSLogix 5000• FactoryTalk View StudioCatalyst6500/4500Remote Engineeror PartnerEnterpriseConnectedEngineerEnterprise EdgeFirewallHTTPSCisco VPN ClientRemote DesktopProtocol (RDP)Catalyst 3750StackWiseSwitch StackEtherNet/IPIPSECVPNSSLVPNFactoryTalk Application Servers• View• Historian• AssetCentre• Transaction ManagerFactoryTalk ServicesPlatform• Directory• Security/AuditData ServersSecure remote access foremployees and trustedpartners such as machinebuilders and systemintegrators• Meeting the security requirementsof IT while enabling manufacturers toleverage shared, distributed companyresources and trusted partners• Management of assets - monitor,configure and audit• Simplify change management,version control, regulatorycompliance and software licensemanagement• Simplify remote clienthealth management
  • 24. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Agenda242424Best Practices and Example Architectures
  • 25. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Machine with motion and safetyCopyright © 2010 Rockwell Automation, Inc. All rights reserved. 25VisionKinetix 6500Servo DrivesPanelView PlusHMIGuardLogixControllerEtherNet/IPEthernet SwitchI/OEtherNet/IPPowerFlexDrives
  • 26. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved. 26Process Skid applicationHMI / SCADA SystemCompactLogixPowerFlex40 VFD’sPoint I/OPanelviewPlusCE836EPressureTransmitters837ETemperatureTransmitters839E FlowTransmitters873PUltrasonicLevelSensors840E LevelSensorDiscrete (On / Off) Sensors836PressureSensor837TemperatureSensorORPlant NetworkConnectivity
  • 27. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Machine level best practices summary27Best practices for machine level design:• Verify Physical Layer devices• Verify Speed and Duplex settings ondevices (should be running at100/Full Duplex)• Use Gigabit ports whenever possiblefor trunks and uplinks betweenswitches• Apply port security to protect openports on the switch• Apply password to the switches toprevent unauthorized changes• Limit the size of broadcast domainwith segmentation
  • 28. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Agenda282828Reference Architectures SolutionsWhere to learn more
  • 29. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Additional MaterialRockwell Automation29 Networks Website: http://www.ab.com/networks/ EtherNet/IP Website: http://www.ab.com/networks/ethernet/ Publications: ENET-UM001-EN-P EtherNet/IP Network Configuration ENET-AP005-EN-P Embedded Switch application guide ENET-RM002-EN-P EtherNet/IP Design Considerations Network and Security Services Website: http://www.rockwellautomation.com/services/networks/ http://www.rockwellautomation.com/services/security/ ODVA Website http://www.odva.org
  • 30. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Additional MaterialCisco and Rockwell Automation Alliance30 Website http://www.ab.com/networks/architectures.html Design Guides CPwE DIG 2.0 Education Series Whitepapers Securing Manufacturing Computer andController Assets Production Software within ManufacturingReference Architectures Achieving Secure Remote Access to Plant FloorApplications and Data
  • 31. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Additional MaterialCisco and Rockwell Automation Alliance31 Education Series Webcasts The Trend - Network Technology and Cultural Convergence What every IT professional should know about Plant Floor Networking What every Plant Floor Controls Engineer should know about working with IT Industrial Ethernet: Introduction to Resiliency Fundamentals of Secure Remote Accessfor Plant Floor Applications and Data Securing Architectures and Applicationsfor Network Convergence Available Online http://www.ab.com/networks/architectures.html
  • 32. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Rev 5058-CO900DQuestions?
  • 33. Copyright © 2013 Rockwell Automation, Inc. All Rights Reserved.Rev 5058-CO900DThank you for participating!Please remember to tidy up your work area for the next session.We want your feedback! Please complete the session survey!