Fundamentals of ether netip i iot network technology

1Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 2018 Rockwell Automation TechED™ Event #ROKTechEDPUBLIC
ETHERNET/IP
IIoT NETWORK
TECHNOLOGY
FUNDAMENTALS OF

PUBLICPUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 2018 Rockwell Automation TechED™ Event #ROKTechED
Fundamentals of EtherNet/IP Industrial IoT
Network Technology
Scalable, Reliable, Safe, Secure and Future-Ready Industrial IoT Architectures

Abstract
 This discussion will review the capabilities and features of EtherNet/IP, including an
overview of networking technology and terminology. Learn how the Common Industrial
Protocol (CIP™) uses the Open Systems Interconnection (OSI) 7-layer reference model
and enables the Industrial Internet of Things (IIoT).

 Download the Rockwell Automation Events App
 Select Rockwell Automation TechED and login
 Click on Session Surveys or Schedule in the main menu
 Select the session you are attending
 Click on the survey tab
 Complete the survey and submit
Share your Feedback
Please complete a session survey on the mobile app

 NT10 - Fundamentals of EtherNet/IP IIoT Network
Technology
 NT07 - Design Considerations for Reliable EtherNet/IP
Networking
 NT09 - Fundamentals of CIP™ (EtherNet/IP) Packet
Delivery Process
 NT05 - Building Converged Plantwide Ethernet
Architectures
 NT18 - Software-Defined Networking - Are you ready?
 NT20 - Stratix® Traffic Monitoring Capabilities
 NT04 - Build Your Network Skills on Designing Cell/Area
Zones with Hands-on IIPA eLearning
 NT06 - Deploy Resilient Network Architectures for The
Connected Enterprise
 NT12 - Identity and Mobility in Converged Plantwide
Ethernet (CPwE) Architectures
 NT13 - Improve Visibility and Diagnostics of Your Network
with FactoryTalk® Network Manager
 NT17 - Selecting the Right Stratix Switch for your
Application
 NT01 - Advanced Stratix Switch and EtherNet/IP Features
in Converged Plantwide Ethernet (CPwE) Architectures
 NT03 - Basic Stratix Switch and EtherNet/IP Features in
Converged Plantwide Ethernet (CPwE) Architectures
 SS02 - Bringing IT Security into the Plant Architecture
 SS05 - Deploy Secure Network Architectures for The
Connected Enterprise
Other CPwE Network Sessions
Converged Plantwide Ethernet (CPwE) Architectures

Agenda
Standard Industrial Network Technology
Industrial Internet of Things (IIoT )
OSI 7-Layer Reference Model
OSI Layers 1 - 7
Industrial Automation and Control System (IACS)
Network Architectures
Additional Material
Training Resources

Standard Industrial Network Technology
Industrial Internet of Things (IIoT)

 Open networks are in demand
 Broad availability of products, applications and vendor support for Industrial Automation
and Control System (IACS)
 Network standards for coexistence and interoperability of IACS endpoints
 Convergence of network technologies – Industrial Internet of Things (IIoT)
 Reduce the number of disparate networks in an IACS application and create seamless information sharing throughout
the plant-wide / site-wide architecture
 Use of common network design, deployment and troubleshooting tools across the plant-wide / site-wide architecture;
avoid special tools for each application
 Better asset utilization to support lean initiatives
 Common network infrastructure assets, while accounting for environmental requirements
 Reduced training, support, and inventory for different networking technologies
 Future-ready – help maximizing investments and minimizing risks
 Support new technologies and features without a network forklift upgrade
Industrial Networks Trends
Standard Industrial Network Technology - Industrial Internet of Things (IIoT)

Industrial Application Convergence
Controller
Drive Network
Safety Network
I/O Network
Plant/Site Network
Disparate Network Technology
Information
I/O, Motor
Control
Safety
Applications
Process
Power
Control
Multi-discipline Industrial Network Convergence – Industrial Internet of Things
High
Availability
Energy
Management
Security
Analytics
Safety I/O
Single Industrial
Network Technology
Camera
Controller
VFD
Drive
HMI
I/O
Plant/Site
Instrumentation
Industrial Internet of
Things (IIoT)

Single Industrial Network Technology - Smart Endpoints
Multi-discipline Industrial Network Convergence
Process ControlDiscrete ControlInformation TechnologyIntelligent Motor Control Convergence of Operational
Technology (OT) with Information
Technology (IT)
Industrial Internet
of Things (IIoT)

 ODVA
 Supported by global industry leaders such as Cisco Systems®,
Omron®, Schneider Electric®, Bosch Rexroth AG®,
Endress+Hauser and Rockwell Automation®
 Conformance & Performance Testing
 Standard
 IEEE 802.3 - standard Ethernet, Precision Time Protocol (IEEE-1588)
 IETF - Internet Engineering Task Force, standard Internet Protocol (IP)
 ODVA - Common Industrial Protocol (CIP™)
 IEC - International Electrotechnical Commission – IEC 61158
 IT Friendly and Future-Ready (Sustainable)
 Multi-discipline control and information platform
 Established - products, applications and vendors
EtherNet/IP: “IP” - Industrial Protocol
www.odva.org
What’s the difference?
 Ethernet IP
 EtherNet/IP

 ODVA
 Supported by global industry leaders such as Cisco Systems®,
Omron®, Schneider Electric®, Bosch Rexroth AG®,
Endress+Hauser and Rockwell Automation®
 Conformance & Performance Testing
 Standard
 IEEE 802.3 - standard Ethernet, Precision Time Protocol (IEEE-1588)
 IETF - Internet Engineering Task Force, standard Internet Protocol (IP)
 ODVA - Common Industrial Protocol (CIP™)
 IEC - International Electrotechnical Commission – IEC 61158
 IT Friendly and Future-Ready (Sustainable)
 Multi-discipline control and information platform
 Established - products, applications and vendors
EtherNet/IP: “IP” - Industrial Protocol
www.odva.org

 Global trade association
 Founded in 1995
 Promotes open, interoperable information and communication technologies in industrial
automation
 Committed to open standards
 >300 members from the world’s leading automation companies
 Manages network specifications
 Maintains development of EtherNet/IP & CIP™
 Ongoing active development and promotion of the standards
What is ODVA?
Single Industrial Network Technology – Industrial Internet of Things (IIoT)

Open Systems Interconnection

CIP - IEC 61158
Single Industrial Network Technology
5-Layer TCP/IP Model
Application
Presentation
Session
Transport
Network
Data Link
Physical
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Layer 2
Layer 1
Network Services to User App
Encryption/Other processing
Manage Multiple Applications
Reliable End-to-End Delivery Error Correction
Logical Addressing, Packet Delivery, Routing
Framing of Data, Error Checking
Signal type to transmit bits, pinouts, cable type
IETF TCP/UDP
IETF IP
IEEE 802.3/802.1/802.11
IEEE : TIA-1005
Routers
Switches
Cabling/RF
Layer NameLayer No. Function Examples
CIP - IEC 61158
IES
Open Systems
Interconnection
Industrial Internet
of Things (IIoT)

Routers
Switches
Cabling/RF
IES
CIP - IEC 61158
Application
Presentation
Session
Transport
Network
Data Link
Physical
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Layer 2
Layer 1
IETF TCP/UDP
IETF IP
IEEE 802.3/802.1/802.11
IEEE : TIA-1005
What makes EtherNet/IP
industrial?
Physical Layer
Hardening
Infrastructure Device
Hardening
Common Application
Layer Protocol
Open Systems
Interconnection

Coexistence Interoperability
Protocol Stack
IEEE : TIA-1005
CIP - IEC 61158
Modbus TCP
IEC 61850 –MMS
HTTP
RTP
Coexistence
Examples
IETF TCP/UDP
IETF IP
IEEE 802.3/802.1/802.11
Application
Presentation
Session
Transport
Network
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Layer NameLayer No.
Data Link
Physical
Layer 2
Layer 1

Protocol Stack – Encapsulation/Decapsulation
Application - CIP Layer 7 Application - CIP
Presentation - Null Layer 6 Presentation - Null
Session – Null Layer 5 Session - Null
Transport – TCP/UDP Layer 4 Transport – TCP/UDP
Network – IP Layer 3 Network - IP
Data Link - Ethernet Layer 2 Data Link - Ethernet
Physical - Ethernet Layer 1 Physical - Ethernet
Sender Receiver
DecapsulationEncapsulation

Encapsulation Decapsulation
Studio 5000 Logix Designer®
RSLinx® Classic
ControlLogix®
IEEE : TIA-1005
CIP - IEC 61158
Examples
IETF TCP/UDP
IETF IP
IEEE 802.3/802.1/802.11
Application
Presentation
Session
Transport
Network
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Layer NameLayer No.
Data Link
Physical
Layer 2
Layer 1

CIPTCP Header Segment
CIPTCPIP Header Packet
CIPTCPIPEnet Header Frame
Physical LayerEthernet Frame is sent out the PHY
Application
Presentation
Session
Transport
Network
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Layer NameLayer No.
Data Link
Physical
Layer 2
Layer 1
CIP™ PayloadEncaps
 The Ethernet message structure is a concatenation of protocols
 EtherNet/IP defines an Encapsulation protocol that sets up the TCP resources

Physical Layer Independent
Application
Presentation
Session
Transport
Network
Data Link
Physical
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Layer 2
Layer 1 Copper
CIP™
Physical Layer
Independent
Layer NameLayer No. Examples
IETF TCP/UDP
IETF IP
IEEE 802.3/802.1
Fiber

Wi-Fi
IEEE 802.11
Data Link Layer Independent
Data Link Layer
Independent
Standard IP provides Portability and seamless Routing
Application
Presentation
Session
Transport
Network
Data Link
Physical
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Layer 2
Layer 1
CIP™
IETF TCP/UDP
IETF IP
Copper / Fiber
IEEE 802.3/802.1

Non-standard Network Variants
Limits Portability and Routability,
may require additional assets
to forward information throughout
the plant-wide / site-wide architecture
Application
Presentation
Session
Transport
Network
Data Link
Physical
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Layer 2
Layer 1 IEEE : TIA-1005
CIP™
Vendor Specific
Vendor Specific
IEEE 802.3/802.1

Non-standard Network Variants
Non standard Ethernet,
will require additional assets
to connect into the plant-wide /
site-wide architecture
Application
Presentation
Session
Transport
Network
Data Link
Physical
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Layer 2
Layer 1 IEEE : TIA-1005
CIP™
Vendor Specific
Vendor Specific
Vendor Specific

CIP - Network Independent
Layer 7
Layer 4
Layer 3
Layer 2
Layer 1
Network
Independent
Device
Profiles

CIP - IEC 61158
Application
Presentation
Session
Transport
Network
Data Link
Physical
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Layer 2
Layer 1
IETF TCP/UDP
IETF IP
IEEE 802.3/802.1/802.11
IEEE : TIA-1005
Routers
Switches
Cabling/RF
Similar sounding terms, devices and services exist at multiple Layers (L1-L4, L7)
– e.g. Connections, QoS, Resiliency, Security
IES
Open Systems
Interconnection
Industrial Internet
of Things (IIoT)

Multiple Layers of Diverse Security Technology
FactoryTalk® SecurityApplication
Presentation
Session
Transport
Network
Data Link
Physical
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Layer 2
Layer 1
Signal type to transmit bits, pin-outs, cable type
TLS / DTLS
IPsec / ACLs
MACsec / Port Security
Blockouts / Lock-ins
Open Systems
Interconnection
Routers
Switches
Cabling/RF
IES
CIP Security
Industrial Internet
of Things (IIoT)
Holistic & Diverse Defense-in-Depth Industrial Security

OSI Layer 1- Physical Layer
OSI Layers 1 - 7

 Environment Classification - MICE
 More than cable
 Connectors
 Patch panels
 Cable management
 Noise mitigation
 Bonding, Shielding and Grounding
 Standard Physical Media
 Wired vs. Wireless
 Copper vs. Fiber
 UTP vs. STP
 Singlemode vs. Multimode
 SFP – LC vs. SC
 Standard Topology Choices
 Switch-Level, Device-Level and Hybrid
Design and Implement a Robust Physical Layer
Cable Selection
ENET-WP007
Industrial Ethernet Physical
Infrastructure Reference
Architecture Design Guide
ODVA Guide
Fiber Guide
ENET-TD003
30
1585 Media
3 - Copper Media
2 - Fiber Media
1 - Fiber Solutions

 M.I.C.E. provides a method of categorizing the
environmental classes for each plant Cell/Area Zone.
 The MICE environmental classification is a measure
of product robustness:
 Specified in ISO/IEC 24702
 Part of TIA-1005 and ANSI/TIA-568-C.0 standards
 This provides for determination of the level of
“hardening” required for the network media,
connectors, pathways, devices and enclosures.
 Examples of rating:
 1585 Industrial Ethernet Media : M3I3C3E3
 M12: M3I3C3E3
 RJ-45: M1I1C2E2
Environmental Focus – M.I.C.E.
Office IndustrialTIA 1005
Increased Environmental
Severity

Select best media for your needs
UTP vs. STP
Unshielded Twisted Pair (UTP) Shielded Twisted Pair (STP)
Costs less Excellent immunity from EMI and RFI noise
Installs faster Can locate cable close to source of noise
Smaller diameter, more flexible Well suited for more rigorous environments
CAT5e vs.
CAT6a
CAT5e CAT6a
Costs Less Higher signal to noise ration; performance
margins
Suitable for speeds of less than a Gbps Designed to deliver Gbps performance
Copper vs.
Fiber
Copper Fiber
Termination and installation is faster Cost of fiber transceivers is higher
Less fragile Use when excessive EMI noise is present
Distances of less than 100m Use when distance is a factor (over 100m)
Multi-mode
vs. Single-
mode Fiber
Multi-mode Single-mode
For distances of up to 550m @ 1Gbps and 2km @ 100
Mbps
Longer distances (up to 40km)
Lower cost transceivers, connectors and installation High bandwidth capabilities
Higher fiber cost, but lower total system cost Lower fiber cost, but higher total system cost

 Responsible for converting a frame, Layer 2 output, into signals to be transmitted over the physical
network (electrical, light, RF)
 It provides the hardware means of sending and receiving data on a carrier, including defining cables,
cards and physical aspects.
 LAN or WAN
 Physical data rates, maximum transmission distances,
physical connectors
 Ethernet examples:
 100Base-TX, 100Base-SX, 100Base-FX,
1000Base-SX, 1000Base-LX
 Layer 1 Protocols and Services
 Other PHY examples:
 RS-232, USB
 T1, E1, ISDN, DSL
 802.11, 802.15.4, Bluetooth
Physical Interface

Auto-Negotiation - Clause 28 of IEEE 802.3-2012
Pulses detect
Link speed
and integrity
(10/100/1000)
Negotiate
Full/Half
Duplex
Negotiate
optional
features (like
MDI - MDIX)

 Choice of auto-negotiation or manual settings for speed and duplex is often driven by
customer standards and policies
 Duplex mismatch is a common source of network performance issues
 Auto-negotiation failure on a 100 Mbps copper link defaults to half-duplex mode
 Auto-negotiation failure on a 1 Gbps copper link defaults to full-duplex mode
Auto-Negotiation - Clause 28 of IEEE 802.3-2012

 CPwE Reference Architectures Recommendations
 Be consistent
 Do not mix auto-negotiation and manual settings between ports on the same link
 Always verify speed and duplex using the tools you have
 Auto-negotiation of speed and duplex is recommended for:
 On ports between switches and EtherNet/IP devices
 Manual setting of speed and duplex is recommended for:
 On ports (copper link) between infrastructure devices such as switches and routers
 On ports between switches and servers
 Use fiber media and SFPs for all inter-switch links
Auto-Negotiation - Considerations

1756-EN2TR - Example
RSLinx® Classic
Module Configuration
EN2TR web page
Network Settings
Logix Designer
EN2TR Properties

 A repeater recreates the incoming signal and re-transmits it without noise or distortion
that may have effected the signal as it was transmitted down the cable.
 Repeaters were available on legacy Ethernet to increase the overall length of the
network and allow additional nodes to be added.
Infrastructure – Active Devices

Infrastructure – Active Devices - Media Converters
Fiber link
Fiber link
Use Caution!
Small Form-Factor
Pluggable (SFP)
IES
IES IES
IES

Topology - Linear
Layer 2 Access Link
Layer 2 Interswitch Link/802.1Q Trunk
Layer 3 Link
Layer 2 Industrial Ethernet Switch
Stratix® 2500, Stratix 5700, Stratix 5400, Stratix 8000
Multi-Layer Switch, Layer 2 and Layer 3
Stratix 8300, Stratix 5700, Stratix 5400, Stratix 5410
Layer 3 Services Router
Stratix 5900
Layer 2 Bridge – Wireless WGB
Linear
Device-Level
Linear
Switch-Level
IES
IFW Industrial Firewall
Stratix 5950
Copper Media
Fiber Media
Copper Media
Fiber (limited) Media

Network Architecture Icon Key
Layer 2 Access Link (EtherNet/IP Device Connectivity)
Layer 3 Link
Layer 2 Access Switch, Catalyst 2960
Multi-Layer Switch - Layer 2 and Layer 3,
Layer 3 Router, Stratix 5900
Autonomous Wireless Access Point (AP)
Layer 2 IES with NAT, Stratix 5700, Stratix 5400
Layer 2 IES with NAT and Connected Routing,
Stratix 5700, Stratix 5400
NAT
NAT - CR
Layer 3 Distribution Switch Stack,
Catalyst 3750-X, Catalyst 3850
Layer 3 Core Switch,
Catalyst 4500, 4500-X, 6500, 6800
Layer 3 Core Switch with Virtual Switching System (VSS)
Catalyst 4500-X, 6500, 6800
Firewall, Adaptive Security Appliance (ASA) 55xx
Wireless workgroup bridge (WGB)
Unified Wireless Lightweight Access Point (LWAP),
Catalyst 3602E LWAP
Unified Wireless LAN Controller (WLC), Cisco 5508 WLC
Unified Computing System (UCS), UCS-C series
Identity Services Engine (ISE) for Authentication,
ISE - PAN/PSN/MnT
Layer 2 Access, Industrial Ethernet Switch (IES),
Stratix® 2500, Stratix 5700, Stratix 5400, Stratix 8000IES IFW
Layer 3 Router with Zone-based Firewall, Stratix 5900
Industrial Firewall, Stratix 5950

Topology – Star and Redundant Star
Star Redundant Star
Copper Media
Fiber Media
Copper Media
Fiber Media

Topology - Ring
Ring
Device-Level
Ring
Switch-Level
Ring
Switch-Level
Copper Media - DLR
Fiber Media
Copper Media
Fiber Media
Copper Media
Fiber Media

OSI Layer 2 - Data Link
OSI Layers 1 - 7

 Standard Ethernet frames:
 Short frame - 64 bytes = 512 bits
 Long frame - 1518 bytes = 12144 bits
 MAC (802.3) lower sub-layer controls
how a device on the network gains
access to the data and permission to
transmit it.
 Ethernet Media Access: CSMA/CD
 Layer 2 Examples:
 LAN - 802.3, 802.5, 802.11
 WAN – HDLC, PPP, Frame Relay, ATM, ISDN,
EoMPLS (service providers)
 Layer 2 Protocols and Services
Examples:
 QoS – Quality of Service, VLAN – Virtual LAN, LLDP –
Link Layer Discovery Protocol
 Resiliency – RSTP/REP/DLR and Security – 802.1x
802.3/802.1 – Ethernet – local area network (LAN)
Data (Payload) FCSSADASFD Type/Len
Ethernet Frame
Pre

 All devices on Ethernet communicate using the Ethernet address for the device. This
address is sometimes referred to as the “hardware”, “burned-in (BIA)” or “media access
control address” (MAC stands for Media Access Controller).
 The hardware address is a unique (in the world) 6-byte (48 bits) address that is
embedded in the circuitry of every device that sits on an Ethernet network. First 3-
bytes identify a specific vendor.
 Every vendor of Ethernet products obtains their own unique address range -
organizationally unique identifier (OUI)
 Allen-Bradley® is 00:00:BC:XX:XX:XX and 00:1D:9C:XX:XX:XX
 Representations - 00:00:BC:03:52:A9, 00-00-BC-03-52-A9, 0000.BC03.52A9
Hardware Addressing
Note that each digit of the media access control address is a hex number (range 0-F)
http://www.techzoom.net/tools/check-mac.en
MAC Decoder

Hardware Addressing

 Flow - unidirectional stream of packets between a given source and destination
 Unicast
 A method by which a frame is sent to a single destination.
 Multicast
 A technique that allows copies of a single frame to be passed to a selected subset of possible destinations.
 Example: 01-00-0C-CC-CC-CC (Cisco Discovery Protocol – CDP)
 Broadcast
 A frame delivery system that delivers a given frame to all hosts on the LAN.
 FF:FF:FF:FF:FF:FF
 Examples – ARP, DHCP
LAN Transmission Methods
IESTraffic

 A bridge is a device that isolates traffic between segments by selectively forwarding
frames to their proper destination. It is transparent to the network and protocol
independent.
 Similar to the repeater, the bridge isn’t used much any more, but more advanced
devices which perform the bridging function are commonly used.
Bridging
Ethernet Ethernet
Ethernet Token Ring
Access
Point
Workgroup
bridge
Bridge
Bridge
Ethernet Ethernet
EtherNet/IP DeviceNet
Bridge
Layer 2
Layer 3 Layer 7

Collision Domains
Controller 1 Controller 3
Controller 2
Switch L2-1 Switch L2-2
Switch L3-1
L3 - 10.10.10.5
L2 - 0000:BC10:1005
L3 - 10.10.20.5
L2 - 0000:BC10:2005
L3 - 10.10.10.6
L2 - 001D:9C10:1006
L3 - 10.10.10.1
L2 - E490.6919.5B44
L3 - 10.10.20.1
L2 - E490.6919.5B41
L3 - 10.10.10.0/24
L2 - VLAN 10
L3 - 10.10.20.0/24
L2 - VLAN 20
Fa1/1
Fa1/2
Gi1/1 Gi1/1 Gi1/2 Fa1/1 Fa1/2
IES

Broadcast Domains
Controller 1 Controller 3
Controller 2
Switch L2-1 Switch L2-2
Switch L3-1
L3 - 10.10.10.5
L2 - 0000:BC10:1005
L3 - 10.10.20.5
L2 - 0000:BC10:2005
L3 - 10.10.10.6
L2 - 001D:9C10:1006
L3 - 10.10.10.1
L2 - E490.6919.5B44
L3 - 10.10.20.1
L2 - E490.6919.5B41
L3 - 10.10.10.0/24
L2 - VLAN 10
L3 - 10.10.20.0/24
L2 - VLAN 20
Fa1/1
Fa1/2
Gi1/1 Gi1/1 Gi1/2 Fa1/1 Fa1/2
IES

IES
IES
 Layer 2 Switch - Multi-port Bridge
 Examples - Stratix® 2500, Stratix 5700, Stratix 5400 and Stratix 8000
 All ports are in the same broadcast domain
 Forwards frames based on the destination
media access control address and a MAC table
 CAM (MAC) Table – content addressable memory
 Learns a device’s location by examining source address
 Sends out all ports when destination address is broadcast, multicast, or unknown address
 Forwards and filters when destination is located on different interface
 Managed switches provide Layer 2 features, such as segmentation
(VLAN tag), security, QoS, resiliency, etc.
Layer 2 Switching
1
6
8
LAN
Controller
HMI
Drive I/O

Switching – Embedded Switch Technology
2-port Embedded Switch
Port 1 Port 2
Linear Device-level Topology
Ring Device-level Topology

 Note that the ControlLogix® and CompactLogix™ L4x / 5380 / 5480 platforms can
support multiple network interface cards (NICs) to segment network traffic. However, the
CompactLogix 5370 platform is not capable of this method of network segmentation.
The two ports of the CompactLogix 5370 Programmable Automation Controller (PAC)
are part of an embedded switch, not a dual NIC.
Switching – Embedded Switch Technology
ENxTR ENxT’s
= ≠
PHY PHY
= ≠
CompactLogix 5370 ControlLogix ControlLogix

Industrial Ethernet Switch Type Selection
Advantages Disadvantages
Managed
Switches
Unmanaged
Switches
ODVA
Embedded
Switch
Technology
 Loop prevention and resiliency
 Security services
 Management services (Multicast, DHCP per port and DLR)
 Diagnostic information
 Segmentation services (VLANs)
 Prioritization services (QoS)
 Inexpensive
 Simple to set up
 More expensive
 Requires some level of support and
configuration to start up
 No loop prevention or resiliency
 No security services
 No diagnostic information
 No segmentation or prioritization services
 Difficult to troubleshoot, no management services
 Cable simplification with reduced cost
 Ring loop prevention and resiliency
 Prioritization services (QoS)
 Time Sync Services (IEEE 1588 PTP Transparent Clock)
 Diagnostic information
 Limited management capabilities
 May require minimal configuration

1756 - EN2TR - Example
EN2TR web page
Media access control
address
EN2TR web page
Ethernet Statistics
RSLinx® Classic
EN2TR Diagnostics
Ethernet Statistics

 MAC addressing - 00:00:BC:XX:XX:XX and 00:1D:9C:XX:XX:XX
 Transmission types: unicast, multicast and broadcast
 EtherType
 Common – e.g. IPv4, ARP
 ODVA embedded switch beacon for DLR - EtherType - 0x08E1
 Layer 2 services example
 QoS – CoS
EtherNet/IP is Standard Ethernet
Data (Payload) FCSSADASFD Type/Len
Ethernet Frame
Pre

OSI Layer 3 - Network
OSI Layers 1 - 7

 This layer provides switching and routing
technologies, creating logical paths, known as
virtual circuits, for transmitting data from node to
node.
 Routing and forwarding are functions of this Layer, as
well as addressing, and internetworking.
 Routed protocol vs. Routing Protocol vs. Router
Redundancy
 Logical Addressing:
 IP address (host, network)
 Subnet Mask
 Default Gateway
 Layer 3 Protocol Examples:
 ICMP – Internet Control Message Protocol
 IPsec – Internet Protocol Security
 IGMP – Internet Group Management Protocol
 Layer 3 Services Examples:
 QoS – Quality of Service, Resiliency, Security
Internet Protocol (IP) Packet
ID Offset TTL Proto HCS IP SA IP DA DataLen
Version
/Len
ToS
Byte IPv4 Packet

 IPv4
 32 binary (0-1) digits, 32 bits, four 8-bit fields (octets),
dotted-decimal notation (DDN)
 4,294,467,295 possible addressable nodes (232)
 Example:
 192.168.1.1
 IPv6
 32 hex (0-F) digits, 128 bits, eight 16-bit hexadecimal fields
separated by colons (:)
 3.4*1038 possible addressable nodes (2128)
 340,282,366,920,938,463,463,374,607,431,768,211,456
 5*1028 addresses per person (6.5 billion people)
 Example:
 2001:0DB8:7654:3210:FEDC:BA98:7654:3210
IPv4 versus IPv6

340,282,366,920,938,463,374,607,432,768,211,456
(IPv6 Address Space - 340 Undecillion)
Versus
4,294,967,296
(IPv4 Address Space - 4 Billion)
So How Big Is The IPv6 Address Space?
 Lot’s of talk about how big, it’s BIG, do NOT worry about waste
 Each /64 prefix contains 18 Quintillion host address’s (18,446,744,073,709,551,616)
 Theoretical vs. Practical deployment, still not an issue
Antares
15th Brightest
star in the sky
Our Sun

IPv6
340,282,366,920,938,463,463,374,607,431,768,211,456
340 Undecillion 1036
282 Decillion 1033
366 Nonillion 1030
920 Octillion 1027
938 Septillion 1024
463 Sextillion 1021
463 Quintillion 1018
374 Quadrillion 1015
607 Trillion 1012
431 Billion 109
768 Million 106
211 Thousand 103
456 100

Internet Protocol Version 4 (IPv4)
 Unicast
 A method by which a packet is sent to a single
destination.
 Multicast
 A technique that allows copies of a single packet to be
passed to a selected subset of possible destinations
 224.0.0.0 - 239.255.255.255
 EtherNet/IP IP Multicast Address Range:
 239.192.0.0 - 239.195.255.255
 Broadcast
 A packet delivery system that delivers a given packet to
all hosts on the LAN.
 255.255.255.255
Internet Protocol Version 6 (IPv6)
 Unicast
 Global - routable across the internet
 Link Local - non routable
 Unique Local - routable within administrative domain
 Multicast
 Solicited Node
 Anycast
LAN Transmission Methods - IPv4 vs. IPv6
2000:NNNN:NNNN:SSSS::HHHH:HHHH:HHHH:HHHH
3FFF:NNNN:NNNN:SSSS::HHHH:HHHH:HHHH:HHHH
FE80:0000:0000:0000::HHHH:HHHH:HHHH:HHHH

IPv4 versus IPv6 Header Comparison
Fragment
Offset
Flags
Total Length
Type of
Service
IHL
PaddingOptions
Destination Address
Source Address
Header ChecksumProtocolTime to Live
Identification
Version
IPv4 Header (20-60)
Next
Header
Hop Limit
Flow Label
Traffic
Class
Destination Address
Source Address
Payload Length
Version
IPv6 Header (40)
 Length is constant in IPv6
 Fragmentation occurs in (EH)
 Option’s occur in (EH)
 UDP must have valid Checksum, unlike v4.
 Upper layer checksums use the Pseudo Header format: SRC/DST Addr + Next Header

Fixed or assigned from a
pool?
What type of server? If
assigning from a pool
Unique Network Identity
Resolves host names to IP
addresses on the network
“User-Friendly” Name to
identify a node on the network

Option Description Advantages Disadvantages
Static
Hardware
Devices hard coded with an IP
address
Simple to commission and
replace
In large environments, can be burdensome to
maintain
Limited ranged of IP addresses and subnet
Not all devices support
Static via BOOTP
Configuration
Server assigns devices IP
addresses
Precursor to DHCP
Supported by every device
Requires technician to configure IP address/MAC
address when a device is replaced
Adds complexity and point of failure
DHCP
Server assigns IP addresses from a
pool (NOT RECOMMENDED for
industrial devices)
Efficient use of IP address range
Can reduce administration work
load
More complex to implement and adds a point of failure
Devices get different IP addresses when they restart
DHCP Option 82
Server assigns consistent IP
addresses from a pool (NOT
RECOMMENDED)
Can reduce administration work
load
More complex to implement and adds a point of failure
Mixed environments may not work
DHCP port-based and
DLR-based allocation
Automatically assign IP address per
physical switch port
Eases commissioning and
maintenance in large
environments
Requires some maintenance and upkeep, on a per
switch basis
IP Addressing Schema - Considerations

 Layer 3 switches/routers use the network portion of IP addresses to
identify where networks are - switch/route packets by network address.
 Examples - Stratix® 8300, Stratix 5700, Stratix 5400, Stratix 5410.
 A routing table is kept that tells the Layer 3 device which port
a message should be transmitted out in order to get the
message to the proper network.
 If the particular network is not directly attached to
that Layer 3 device, it will forward, based on the
routing table, the message to the next Layer 3
switch or router in the path for further routing.
 EtherNet/IP - Time-to-live (TTL)
 Multicast =1, Unicast = 64
IP Forwarding – Layer 3 Switching
Default Gateway
10.10.10.1
10.17.10.1
VLAN 17
Subnet 10.17.10.0/24
Controller 1
VLAN 10
Subnet 10.10.10.0/24
Controller 2
10.17.10.56
10.10.10.56
10.17.10.0
10.10.10.0
1
2
Network
Routing Table
Port

Source Destination
10.17.10.56 10.10.10.56
001d.9c00.8308 e490.6919.5b44
Source Destination
10.17.10.56 10.10.10.56
e490.6919.5b41 0000.bc5a.d056
Source Destination
10.17.10.56 10.10.10.56
001d.9c00.8308 unknown
Single Hop Routing
VLAN 17
Subnet 10.17.10.0
VLAN 10
Subnet 10.10.10.0
10.17.10.56
001d.9c00.8308
10.10.10.56
0000.bc5a.d056
Stratix®
Default Gateway
e490.6919.5b44 e490.6919.5b41
Packet

 Switch/route packets by Network Address
 Stratix® 5900 Services Router
 Extend network distance
 LAN, MAN, WAN
 Connect different LANs
 Broadcast control
 Multicast control, EtherNet/IP multicast not routable - TTL=1
 Layer 3 features such as security, QoS, resiliency, etc.
 Make sure IT understands required protocols
 Is there a need to route to other subnets?
 Multicast traffic?
 Security or segmentation?
IP Forwarding - Routing
WAN
10.17.10.56
10.10.10.56
Default Gateway
10.10.10.1
10.17.10.1
VLAN 17
Subnet 10.17.10.0/24
VLAN 10
Subnet 10.10.10.0/24

 Routed protocols - Internet Protocol (IP)
 Routing Types
 Connected, Static, Default and Dynamic
 Stratix® 5700 (Connected & Static Routing)
 Stratix 8300, Stratix 5900, Stratix 5400 and Stratix 5410 (Connected, Static & Dynamic Routing)
 Dynamic Routing Protocols
 Routers talking to routers
 Maintaining optimal network topology/path to subnets, and forwarding packets along those paths
 Examples:
 OSPF – Open Shortest Path First, IETF Standard (Link-State Routing)
 EIGRP – Enhanced Interior Gateway Routing Protocol, Cisco innovation (Distance Vector Routing)

 Router Redundancy Protocols
 Fault tolerance for default gateways
 Examples:
 VRRP – Virtual Router Redundancy Protocol, IETF Standards
 HSRP – Hot standby Router Protocol , Cisco innovation
 GLBP – Gateway Load Balancing Protocol , Cisco innovation
Catalyst 3850 Switch
Stack
HSRP
Active
HSRP
Standby
Stratix®

EN2TR web page
ARP Table
EN2TR web page
IP Statistics
Logix Designer
EN2TR Properties
Port Diagnostics

 Standard IPv4
 Transmission types: unicast, multicast and “ip directed-broadcast”
 Routing
 Connected, Static and Dynamic
 TTL
 Unicast - 64
 Multicast - 1
 Layer 3 service example
 QoS – ToS - DSCP
EtherNet/IP is Standard Internet Protocol (IP)
ID Offset TTL Proto HCS IP SA IP DA DataLen
Version
/Len
ToS
Byte IPv4 Packet

OSI Layer 4 - Transport
OSI Layers 1 - 7

Segment – TCP and UDP
 This layer provides transparent transfer of data between end systems, or devices and is
responsible for end-to-end error recovery and flow control.
 User Datagram Protocol - UDP
 Provides applications with access to the
network layer without the overhead of
reliability mechanisms
 Operates as a connectionless protocol
 Simplex mode operation
 Provides limited error checking
 Provides best-effort delivery
 Provides no data recovery features
 Transmission Control Protocol – TCP
 Access to the network layer for applications
 Connection-oriented protocol
 Full-duplex mode operation
 Reliable delivery – acknowledgement of receipt
 Session multiplexing
 Error checking, data recovery features
 Segmentation, sequencing of data packets
 Flow control flags – SYN, FIN, ACK, RST, PSH

 User Datagram Protocol - UDP
 Connectionless/best effort
 Does not use acknowledgements
 IP - Unicast and Multicast
 CIP™
 Class 1 (Implicit) I/O and producer-consumer connections
 Port 2222
 Transmission Control Protocol - TCP
 Connection-oriented, end-to-end reliable transmission
 Uses acknowledgements (ACK) to help ensure reliable delivery
 IP - Unicast
 CIP
 Class 3 (Explicit) messaging such as Operator Interface
 Port 44818
UDP Header
TCP Header

 Well-know ports – assigned by IANA http://www.iana.org/assignments/port-numbers
Application Port Type Value Description
FTP-Data TCP 20 File Transfer Protocol (data port)
FTP TCP 21 File Transfer Protocol (control port)
SSH TCP 22 Secure Shell
Telnet TCP 23 RFC 854 Telnet
SMTP TCP 25 Simple Mail Transport Protocol
HTTP TCP 80 Hyper Text Transfer Protocol
HTTPS TCP 443 HTTP over SSL
DNS TCP/UDP 53 Domain Name System
TFTP UDP 69 Trivial File Transfer Protocol
SNMP UDP 161 Simple Network Management Protocol

Communications
Module
TCP connections CIP Connections
1756-ENBT 64 128
1756-EN2T 128 256
1756-EN2TR 128 256
1756-EN3TR 128 256
1756-EN2F 128 256
ENET-UM001G-EN-P EtherNet/IP Modules in Logix 5000™ Control
Systems…provides connection and packet rate specs for modules
ControlLogix® Module connection support (partial list)

EN2TR web page
Diagnostic Overview
EN2TR web page
TCP Connection
EN2TR web page
UDP Statistics

 Standard IETF TCP and UDP
 Standard IETF TCP and UDP Port Usage
 UDP Port 2222 – CIP Class 1 (Implicit) I/O and producer-consumer connections
 TCP Port 44818 – CIP Class 3 (Explicit) messaging such as Operator Interface
EtherNet/IP is Standard TCP and UDP
UDP Header
TCP Header

OSI Layer 7 - Application
OSI Layers 1 - 7

Common Industrial Protocol (CIP)
Bonjour?
Hi.
I’m great.
Hello.
How are you?Guten tag?
PLANT/SITE
MACHINE/SKID
• Standard IEEE 802.3/802.1 Ethernet
• Standard IETF TCP/IP Protocol Suite
• Common Network Services
• Common Industrial Protocol

 Complete suite of services for Industrial IoT
including:
 Control and Information
 Network device and endpoint management
 Safety
 Energy
 Synchronization and Motion
 Security
 Object-based approach to designing control
devices in a consistent, interoperable way
Common Industrial Protocol (CIP™)

• CIP™ uses object modeling to describe
devices
• Device Profiles define the communication
view of a device
• Electronic Data Sheets (EDS)
CIP™ – Object Modeling

CIP™ – Object Modeling - Example
Object (Class): Discrete Input
Instances
Attributes
Value:
Status:
Off_On Delay
On_Off Delay
Channel 0 Channel 7
1
0
20
15
0
1
20
15
• • • • • • • • •
I/O Device

 Register
 Discrete Input Point
 Discrete Output Point
 Analog Input Point
 Analog Output Point
 Presence Sensing
 Parameter
 Parameter Group
 Position Sensor
 Position Controller Supervisor
 Block Sequencer
 Command Block
 Motor Data
 Control Supervisor
 AC/DC Drive
 Acknowledge Handler
 Overload
 Soft Starter
 Safety Supervisor
 Safety Validator
 Safety Discrete Output Point
 Safety Discrete Output Group
 Safety Discrete Input Point
 Safety Discrete Input Group
CIP™ Application Specific Objects (partial list)

 AC Drive
 Communications Adapter
 Contactor
 DC Drive
 DC Power Generator
 Fluid Flow Controller
 General Purpose Discrete I/O
 Generic Device
 Human Machine Interface
 Inductive Proximity Switch
 Limit Switch
 Mass Flow Controller
 Motor Overload
 Motor Starter
 Photoelectric Sensor
 Pneumatic Valve
 Position Controller
 Process Control Valve
 Residual Gas Analyzer
 RF Power Generator
 Resolver
 Safety Discrete I/O Device
 Softstart Motor Starter
 Vacuum Pressure Gauge
CIP™ Device Profiles (partial list)

 Connection Objects model the communication characteristics of a particular application
to application(s) relationship
 In EtherNet/IP these are actually several objects
CIP™ Objects
Connection
Device #2Device #1
“Connection
Objects”
“Connection
Objects”
Application
Object
Application
Object
Sensor
Actuator Controller
Class 1 (Implicit)
Class 3 (Explicit)

 CIP™ Extension
 High-integrity Safety Services and Messages for CIP
 Data redundancy - data sent twice (actual & inverted)
 Safety CRC redundancy – actual & inverted
 End-to-end Safety CRCs - individual CRCs for data (actual & inverted) and
overall message
 Every packet is time stamped
 IEC 61508 – SIL3
 Safety devices to go to a known safe state in the event of
network failure
 Provides fail-safe communication between nodes such as:
 Safety input/output devices
 Safety interlock switches
 Safety light curtains
 Safety network controllers
CIP™ Safety

CIP™ Safety
Safety I/O
Safety I/O
Safety I/O
Instrumentation
I/O
Safety Controller
Safety Controller
Controller
Camera
HMI
VFD
Stratix®
FactoryTalk®
Server

 Defines time synchronization services and
object for CIP Networks
 Allows distributed control components to share a common notion of time
 Implements IEEE-1588 precision clock synchronization protocol
 Referred to as precision time protocol (PTP)
 Provides +/- 100 ns synchronization (hardware-assisted clock)
 Provides +/- 100 µs synchronization (software clock)
 Time Synchronized Applications such as:
 Input time stamping
 Alarms and Events
 Sequence of Events (SOE), First fault detection
 Time scheduled outputs
 Coordinated Motion
CIP™ Sync
FTP HTTP OPC SNMP
IP
IEEE 802.3 Ethernet
OSPF ICMP IGMP
RARPARP
UDP
CIP
TCP
Layer 1-2
Layer 3
Layers 5-7
Layer 4
Synchronized
Clock Value
Optional
Hardware
Assist
1588

 Motion Control Approach
 Traditional
 Network Scheduling (time-slot)
 Integrated Motion on EtherNet/IP
 Pre-determined Execution Plan for position path, which is
based on a common understanding of time between the motion
controller and drives… where to be and at what time
 Network services
 Time synchronization via CIP Sync
 Data prioritization via L2/L3 Quality of Service (QoS)
 Common interface
 Device profiles support wide range of drive types
 Supports position, control, velocity, torque + feedback only
control
Integrated Motion on the EtherNet/IP

• CIP™ Extension
• Controller and Drive Profiles
• Motion Axis Object
Integrated Motion on the EtherNet/IP
Safety I/O
Safety I/O
Controller
Safety Controller
I/O
Camera Servo drive
Instrumentation
VFD
HMI
Controller

 Part of a holistic defense-in-depth security
approach
 Endpoint Hardening
 Connections between Trusted Endpoints
 Reject data that has been altered (integrity)
 Reject messages sent by untrusted people or untrusted
devices (authenticity)
 Reject messages that request actions that are not
allowed (authorization)
 Confidentiality through Data Encryption
CIP Security

EN2TR web page
Diagnostic Overview
EN2TR web page
Diagnostic Overview
RSLinx® Classic - EDS
RSLinx® Classic
EN2TR Diagnostics
Connection Manager

Industrial Automation and Control System
(IACS) Network Architectures

 Isolated Network with Single Controller (ODVA)
 Examples
 Isolated LANs
 Equipment Builder Solution
(Machine or Process Skid)
Representative Plant-wide IACS Deployments
Industrial Automation and Control System (IACS) Network Architectures
Star
Linear
HMI
I/O I/O
VFD
Drive
HMI
I/O
I/O
Instrumentation
VFD
DriveHMI
I/O
I/O
VFD
Drive
VFD
Drive
Instrumentation
VFD
Drive
Ring
Controller
Servo
Drive
Controller
Controller
Servo
Drive

 Isolated Network with Multiple Controllers (ODVA)
 Examples
 Connected LANs
 Integrated Equipment Builder Solutions
 Single Cell/Area Zone, Multiple
Machines/Lines or Skids/Areas
Stratix®
Star
Ring
Linear
VFD
Drive
I/O I/O
VFD
Drive
HMI I/O
I/O
Instrumentation
Controller
VFD
DriveHMI
I/O
I/O
Servo
Drive
VFD
Drive
VFD
Drive
Controller
Controller
Servo
Drive

 Connected and Integrated Control System (ODVA)
 Example - Integrated Equipment Builder Solutions or End User Plant-wide / Site-wide Network
 Single Cell/Area Zone, Multiple Machines/Lines, Multiple Skids/Areas
 Connected LANs
VFD
Drive
HMI
Stratix®
DLR
Class 1 & 3
Camera
Safety
Controller
Servo
Drive
I/OSafety I/O
Camera
Controller
VFD
Drive
HMI
HMI
I/O
Controller
I/O
Controller
I/O
Industrial Zone
Levels 0-3
VLAN 17
Subnet 10.17.10.0/24
VLAN 10
Subnet 10.10.10.0/24
VLAN 16
Subnet 10.16.10.0/24
Convergence-Ready
Active
Gateway
Backup
Gateway

Soft
Starter
Instrumentation
Controller
Drive
Distribution
Switches
I/O I/O I/O
Industrial Zone
Levels 0-3
(Plant-wide Network)
Machine Equipment
Controller Controller Controller
HMI HMI HMI
I/O I/O
HMI
Drive
Core
Switches
Skid
Industrial
Demilitarized Zone
(IDMZ)
Level 3
Site Operations
(Control Room)
Active
Gateway Backup
Gateway
HSRP Stratix 5410
(Standby)
Stratix 5410
(Active)
Stratix® 5700s
Stratix 5700 Stratix 5700 Stratix 5700
Cell/Area Zone - Levels 0-2
Redundant Star Topology – Flex Links
Switch Ring Topology - Device Level Ring (DLR) Protocol
Redundant Star Topology – Flex Links
Device Ring Topology - Device Level Ring (DLR) Protocol
DriveDrive
I/O
Drive DriveDriveDrive

Industrial IoT
Operational Technology
Industrial IT
Internet of Things
Information Technology
Physical or Virtualized Servers
• FactoryTalk® Application Servers and
Services Platform
• Network & Security Services – DNS,
AD, DHCP, Identity Services (AAA)
• Storage Array
Remote
Access
Server
• Patch Management
• AV Server, TLS Proxy
• Application Mirror, Reverse Proxy
• Remote Desktop Gateway Server
Distribution
Switch Stack
Cell/Area Zone - Levels 0–2
Redundant Star Topology - Flex Links Resiliency
Unified Wireless LAN
(Lines, Machines, Skids, Equipment)
Linear/Bus/Star Topology
Autonomous Wireless LAN
Industrial
Demilitarized Zone
(IDMZ)
Enterprise Zone
Levels 4-5
Industrial Zone
Levels 0–3
Core
Switches
Phone
Controller
Camera
Ring Topology - Device Level Ring (DLR) Protocol
Unified Wireless LAN
Plant Firewalls
• Active/Standby
• Inter-zone traffic segmentation
• ACLs, IPS and IDS
• VPN Services
• Portal and Remote Desktop Services proxy
Instrumentation
Level 3 - Site Operations
(Control Room)
HMI
Active
AP
SSID
5 GHz
WGB
Controller
WGB
LWAP
SSID
5 GHz
WGB
LWAP
Controller
LWAP
SSID
2.4 GHz
Standby
Wireless
LAN Controller
(WLC)
Cell/Area Zone
Levels 0–2
Cell/Area Zone
Levels 0–2
Drive
Distribution
Switch Stack
Wide Area Network (WAN)
Data Center - Virtualized Servers
• ERP - Business Systems
• Email, Web Services
• Security Services - Active Directory (AD),
Identity Services (AAA), TLS Proxy
• Network Services – DNS, DHCP
• Call Manager
Enterprise
Identity Services
Identity Services
External DMZ/
Firewall
Access
Switches
Access
Switches
IFW
IFW
Drive I/O Drive I/O
I/O I/O I/O
Internet
Cloud
Cloud
Cloud
Thin Client
Thin Client
Drive
Safety
Controller
Safety
I/O
Robot
Servo
Drive

 Broad geographic area
 WAN or WWAN Examples:
 Point-to-Point Link – PSTN Leased Lines – T1, E1
 Circuit Switching - ISDN
 Packet Switching - Frame Relay, Broadband DSL, Broadband Cable
 Higher Latency
 Use case examples – HMI and Data Collection
Site-to-Site VPN Connection
WAN
PSTN
Remote Site Plant Site

Site-to-Site VPN Connection
Enterprise-wide
Business Systems Enterprise Zone
Levels 4-5
Data Center
• FactoryTalk® Application Servers & Services Platform
• Network Services – e.g. DNS, AD, DHCP, AAA
• Remote Access Server (RAS)
• Storage Array
IDMZ - Level 3.5
Plant-wide / Site-wide
Operation Systems
Site-to-Site
Connection
Remote Site #1
Skid / Machine
Local
Skid / Machine #1
Industrial Zone
Levels 0 – 3
Level 3 - Site Operations
(Control Room)
Ring Topology – DLR Protocol
Local
Skid / Machine #2

 Single industrial network technology for:
 Multi-discipline Network Convergence - Discrete, Continuous Process, Batch, Motor, Safety, Motion, Power, Time
Synchronization, Supervisory Information, Asset Configuration/Diagnostics
 Established
 Risk reduction – broad availability of products, applications and vendor support
 ODVA: Cisco Systems, Endress+Hauser, Rockwell Automation® are principal members
 Supported – Conformance testing, defined QoS priority values for EtherNet/IP devices
 Standard – IEEE 802.3 Ethernet and IETF TCP/IP Protocol Suite
 Enables convergence of OT and IT – common toolsets (assets for design, deployment and troubleshooting) and
skills/training (human assets)
 Topology and media independence – flexibility and choice
 Device-level and switch-level topologies; copper - fiber - wireless
 Portability and routability – seamless plant-wide / site-wide information sharing
 No data mapping – simplifies design, speeds deployment and reduces risk
EtherNet/IP Advantage Summary

Additional Material

Additional Material
Network Architecture Icon Key
Layer 2 Access Link (EtherNet/IP Device Connectivity)
Layer 3 Link
Layer 2 Access Switch, Catalyst 2960
Multi-Layer Switch - Layer 2 and Layer 3,
Layer 3 Router, Stratix 5900
Autonomous Wireless Access Point (AP)
Layer 2 IES with NAT, Stratix 5700, Stratix 5400
Layer 2 IES with NAT and Connected Routing,
Stratix 5700, Stratix 5400
NAT
NAT - CR
Layer 3 Distribution Switch Stack,
Catalyst 3750-X, Catalyst 3850
Layer 3 Core Switch,
Catalyst 4500, 4500-X, 6500, 6800
Layer 3 Core Switch with Virtual Switching System (VSS)
Catalyst 4500-X, 6500, 6800
Firewall, Adaptive Security Appliance (ASA) 55xx
Wireless workgroup bridge (WGB)
Unified Wireless Lightweight Access Point (LWAP),
Catalyst 3602E LWAP
Unified Wireless LAN Controller (WLC), Cisco 5508 WLC
Unified Computing System (UCS), UCS-C series
Identity Services Engine (ISE) for Authentication,
ISE - PAN/PSN/MnT
Layer 2 Access, Industrial Ethernet Switch (IES),
Stratix® 2500, Stratix 5700, Stratix 5400, Stratix 8000IES IFW
Layer 3 Router with Zone-based Firewall, Stratix 5900
Industrial Firewall, Stratix 5950

 CPwE website
 Overview Documents
 Alliance Profile
 Top 10 Recommendations for
Plant-wide EtherNet/IP
Deployments
 Design Considerations for
Securing Industrial
Automation and Control
System Networks
Additional Material
CPwE Architectures - Cisco and Rockwell Automation®

Additional Material
CPwE Architectures - Cisco and Rockwell Automation®
Topic Design Guide Whitepaper
Design Considerations for Securing IACS Networks N/A ENET-WP031A-EN-P
Converged Plantwide Ethernet – Baseline Document ENET-TD001E-EN-P N/A
Deploying 802.11 Wireless LAN Technology within a CPwE Architecture ENET-TD006A-EN-P ENET-WP034A-EN-P
Deploying Identity and Mobility Services within a CPwE Architecture ENET-TD008B-EN-P ENET-WP037C-EN-P
Securely Traversing IACS Data Across the Industrial Demilitarized Zone (IDMZ) ENET-TD009B-EN-P ENET-WP038B-EN-P
Deploying Network Address Translation within a CPwE Architecture ENET-TD007A-EN-P ENET-WP036A-EN-P
Migrating Legacy IACS Networks to a CPwE Architecture ENET-TD011A-EN-P ENET-WP040A-EN-P
Deploying A Resilient Converged Plantwide Ethernet Architecture ENET-TD010B-EN-P ENET-WP039D-EN-P
Site-to-site VPN to a CPwE Architecture ENET-TD012A-EN-P N/A
Deploying Industrial Firewalls within a CPwE Architecture ENET-TD002A-EN-P ENET-WP011B-EN-P
Deploying Device Level Ring within a CPwE Architecture ENET-TD015A-EN-P ENET-WP016C-EN-P
OEM Networking within a CPwE Architecture ENET-TD018A-EN-P ENET-WP018A-EN-P
Cloud Connectivity to a Converged Plantwide Ethernet Architecture ENET-TD017A-EN-P ENET-WP019B-EN-P
Deploying Industrial Data Center within a CPwE Architecture ENET-TD014A-EN-P ENET-WP013A-EN-P
Scalable Time Distribution within a Converged Plantwide Ethernet Architecture ENET-TD016A-EN-P ENET-WP017A-EN-P
Network Security within a Converged Plantwide Ethernet Architecture ENET-TD019A-EN-P ENET-WP023A-EN-P

 Ethernet Design Considerations
Reference Manual
 ENET-RM002C-EN-P
 EtherNet/IP Overview, Ethernet
Infrastructure Components, EtherNet/IP
Protocol, Predict System Performance
 EtherNet/IP IntelliCENTER®
Reference Manual (MCC-RM001)
 The OEM Guide to Networking
 ENET-RM001A-EN-P
 This guide is intended to help OEMs
understand relevant technologies, networking
capabilities and other considerations that
could impact them as they develop
EtherNet/IP solutions for the machines, skids
or equipment they build
 Segmentation Methods Within the
Cell/Area Zone ENET-AT004B-EN-E
Additional Material
Rockwell Automation® Reference Documents

 Integrated Architecture Builder (IAB)
 Updates and additions to better-reflect
CPwE structure, hierarchy and best
practices
 Improved Switch Wizard for distribution (e.g.
Stratix® 5410) and access (e.g. Stratix 5700)
 Easier to create a large EtherNet/IP network
with many topologies
 CIP traffic is measured per segment, not just
controller scanner and adapter centric
 EtherNet/IP Capacity Tool
 System Configuration Drawings
 Updates and additions to better reflect
CPwE recent enhancements
Additional Material
Rockwell Automation® Tools

Additional Material
Rockwell Automation® Industrial Security Website

 Website:
 http://www.odva.org/
 EtherNet/IP
 https://www.odva.org/Technology-
Standards/EtherNet-IP/OverviewSecuring
EtherNet/IP™ Networks
 EtherNet/IP Network Infrastructure
Guide
 https://www.odva.org/Portals/0/Library/Pu
blications_Numbered/PUB00035R0_Infras
tructure_Guide.pdf
 Common Industrial Protocol (CIP™)
Standards/Common-Industrial-Protocol-
CIP/Overview
 The Family of CIP Networks
 https://www.odva.org/Portals/0/Library/Publica
tions_Numbered/PUB00123R1_Common-
Industrial_Protocol_and_Family_of_CIP_Netw
orks.pdf
 CIP Security
Standards/Common-Industrial-Protocol-
CIP/CIP-Security
Additional Material
ODVA

Training Resources

 A ‘go-to’ resource for training and educational information on
standard Internet Protocol (IP), security, wireless and other
emerging technologies for industrial applications.
 Led by Cisco, Panduit, and Rockwell Automation®
 Receive monthly e-newsletters with
articles and videos on the latest trends.
 Scenario-based training on topics such as: logical topologies,
protocols, switching, routing, wireless and physical cabling.
Training Resources
Education - Industrial IoT / Industrial IT (Bridging OT-IT)
Network Design eLearning course available at promotional price for TechEd Attendees!
Earn PDHs by signing up today at www.industrial–ip.org with code “EVENTS2018”

Four eLearning courses cover key aspects of implementing networked, industrial control
systems. 20-30 minute interactive, scenario-based courses cover automation controls and
physical infrastructure considerations.
Training Resources

 Courses 1 and 2: Designing for the Cell/Area Zone
 Design secure, robust, future-ready networks for cells, machines, skids and other functional units by
implementing reference architectures and standard IP.
 Course 3: Designing for the Industrial Zone
 Learn design principles on line integration, high-availability networks and wireless architectures to
optimize plant networks.
 Course 4: IT/OT Integration
 Understand how to effectively converge a smart manufacturing facility with IT and OT stakeholders.
Training Resources
EtherNet/IP Topologies Security Wireless

 Cisco Industrial Networking Specialist
Training and Certification
– Classroom training
• Managing Industrial Networks with Cisco
Networking Technologies (IMINS)
– Exam: 200-401 IMINS
– CPwE Design Considerations
and Best Practices
 CCNA Industrial Training and
Certification
– Classroom training
• Managing Industrial Networks for
Manufacturing with Cisco Technologies
(IMINS2)
– Exam: 200-601 IMINS2
– CPwE Design Considerations
and Best Practices
Training Resources
Training and Certification – Industrial IoT / Industrial IT (Bridging OT-IT)

Training Resources
Training and Certification – Industrial IoT / Industrial IT (Bridging OT-IT)
Industrial Networking Specialist
Module 1
Industrial Networking Solutions and
Products
Module 2
Industrial Network Documentation and
Deployment Considerations
Module 3
Installing Industrial Network Switches,
Routers, and Cabling
Module 4 Deploying Industrial Ethernet Devices
Module 5
Maintaining Industrial Ethernet
Networks
Module 6
Troubleshooting Industrial Ethernet
Networks
CCNA Industrial
Module 1
Industrial Networking Concepts and
Components
Module 2 General Troubleshooting Issues
Module 3 EtherNet/IP
Module 4 Troubleshooting EtherNet/IP
Module 5 PROFINET
Module 6 Configuring PROFINET
Module 7 Troubleshooting PROFINET
Module 8 Exploring Security Concerns
Module 9 802.11 Industrial Ethernet Wireless Networking

Training Resources
Cisco Training & Certifications
Cisco
Certification
Track

 Download the Rockwell Automation Events App
 Select Rockwell Automation TechED and login
 Click on Session Surveys or Schedule in the main menu
 Select the session you are attending
 Click on the survey tab
 Complete the survey and submit
Share your Feedback
Please complete a session survey on the mobile app

www.rockwellautomation.com
PUBLICPUBLIC Copyright © 2018 Rockwell Automation, Inc. All Rights Reserved. 2018 Rockwell Automation TechED™ Event #ROKTechED
#ROKTechED
Fundamentals of EtherNet/IP Industrial IoT
Network Technology
Scalable, Reliable, Safe, Secure and Future-Ready Industrial IoT Architectures

Fundamentals of ether netip i iot network technology

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Fundamentals of ether netip i iot network technology

Similar to Fundamentals of ether netip i iot network technology (20)

More from IntelligentManufacturingInstitute

More from IntelligentManufacturingInstitute (17)

Recently uploaded

Recently uploaded (20)

Fundamentals of ether netip i iot network technology