Managing VLANs and BBMDs

VLANs and BBMDs on the BACnet network
How to properly segment and isolate broadcasts on your BACnet network

VLANs and BBMDs seem at complete odds with each other. One’s meant to separate and segregate traffic. The other’s designed to broadcast messages across the network, without limit for which devices should get what messages.

BBMDs and VLANs do coexist on IP and MS/TP networks everywhere, and it’s important to know how to properly segregate traffic while making sure devices get the information they need.

Check out our webinar with Robert Lastinger from Distech Controls, for a live demo of VLANs and BBMDs on a BACnet MS/TP network, with key best practices you can apply to your networks today. Be sure to check out our previous sessions too!

The webinar dug into a lot of topics, including:

  • Digging into an MS/TP network without segregation | 1:16 – 27:41
  • Setting up VLANs on a network to limit traffic | 27:41 – 41:13
  • Managing VLANs on the MS/TP network | 41:13 


We focused this webinar on MS/TP networks, because we know so many BACnet networks out there are running on hard-wired connections. 

MS/TP covers networking layers 1 and 2, the physical and data links. It has its own physical wires and connectors, and the master devices pass tokens between them to determine which devices can initiate messages on the network. There’s no layer 3 (network/routing), so each network is isolated. BACnet is an application layer protocol that works on top of MS/TP. 

You can use a mix of both IP and MS/TP on your network. A BACnet MS/TP to BACnet IP router will simply take packets and translate them, removing MS/TP-specific messaging such as token-passing.

VLANs and BBMDs

In this diagram, while there are two VLANs in place, VLAN 103 isn’t actually separating anything. Almost all the devices on the network are on the same VLAN, and when messages are broadcast, every device will see those messages. There might not be a ton of devices on this network, but it can still create some really nasty traffic, as we saw in the demo at 23:19

The purpose of VLANs is to reduce the load on your network and isolate more security-sensitive services.

It’s a best practice to create VLANs around services and logical combinations, not devices that are geographically clustered. So, rather than grouping devices that are stationed in a room together, isolate your CCTV on one VLAN, doors on another VLAN, alarms on another VLAN, and so on. 

Don’t fuss if you only have a handful of devices on a VLAN. The point is to limit the devices on a VLAN to those that need to communicate with one another. 

To summarize best practices:

  • Create VLANs around services, not geography
    • Good service examples: HVAC, lighting, CCTV, doors, alarms, etc.
    • Good non-service examples: isolate tenants or secure locations
    • Bad examples: each floor or room gets a VLAN

BBMDs, on the other hand, are designed to broadcast traffic between unroutable locations in the network. They work by transforming the broadcast message into a unicast message to the destination BBMD, which then re-broadcasts on its subnet. 

That might be across layer 3 routers — such as from one building in a campus to another — as layer 3 routers will only distribute unicast traffic. It could also be across VLANs, if one service needs to talk to another. 

You should only have one BBMD per subnet, because more than that would overload the network. (Learn about the dangers of duplicate BBMDs.) You can also configure one BBMD to talk to various destinations. 


We often hear of people struggling with VLANs and BBMDs on their network, of finding the balance on how to segregate traffic without blocking important messages between relevant devices. Hopefully this webinar helps you better understand how to segment your network traffic, properly, with a mix of VLANs, subnets, BBMDs, and foreign devices. 

Robert left us with fantastic food for thought to end the webinar at 46:13:

“I can’t stress enough: don’t design your VLANs around your architecture, or around a specific number of devices. There’s other ways to deal with that. Even within the VLAN, you can have multiple subnets and segregate that way. 

“If you have a building with 600 VAVs, and all of the VAVs are doing one thing and they all need to talk the same way to the same stuff, you can have a VLAN with just VAVs, and have two subnets there — that’s fine. It’s more important that you use VLANs to segregate those logical groups of controllers, and then use subnetting and other tools to break it up further if you need to. […] 

“Once you’ve done those two steps, BBMDs and foreign devices are there to help you then get the communication across all of that where you need it. So you use them sparingly, and if you’ve designed the network well, on a big site, yeah you’re probably going to have a couple of BBMDs and maybe a few foreign devices. But that’s the idea. […] 

“BBMDs aren’t bad. They’re just bad when they’re used across a site quite a bit. And if you have a large site, and you’re starting to get a lot of BBMDs — like 10, or 20, or 30 — you’ve really got to rethink that because you’re going to have a hard time troubleshooting issues.”

Recent Blog Posts

Visual BACnet’s Advanced Reports are a fantastic addition to your service offerings, and a great way to keep your network updates on track. 

You can use them to:

We are proud to share that we’re the exclusive building networks solutions partner for Alerton’s Strategic Partner Program.

One of the biggest barriers we’ve found in this industry is a lack of accessible educational resources. For people who are new to the business of BAS, it’s a real challenge trying to string together information.

There are goblins and ghouls that go bump in the night; and then there are BAS misconfigurations that give you a fright! For the last few Halloweens, we’ve collected some of your spookiest network horror stories. Read on for stories of:

What’s the problem with a “one-size fits all” solution? It usually fits nothing. 

Recent Projects

Data center expansion with OTI and Optigo Connect

DATA CENTER EXPANSION

Stack Infrastructure is a portfolio of hyperscale computing data centers. OTI completed work on Phases I and II, and returned for the Phase III build-out of a 4-megawatt data hall and brand new central plant. The Optigo Connect network put in place in Phases I and II was expanded on this project. The team achieved quick roll-out of a large, multi-service redundant network using the Optigo OneView management interface. Going forward, the facility management team can use OneView to remotely monitor equipment, manage power usage, and meet up-time goals.

Optigo Connect MR Soluciones The Landmark

THE LANDMARK

The Landmark is a sophisticated mixed-use high-rise in Mexico. The owners wanted to integrate all OT systems in the skyscraper, while maintaining separate networks for each application. The Landmark is the fourth joint project between Optigo Networks and MR Soluciones. Together, these companies provide robust services to meet any challenge.

Australian Bureau of Statistics at 45 Benjamin Way with Delta Building Automation

45 BENJAMIN WAY

Delta Building Automation (Australia) had a big job renovating the Headquarters for the Australian Bureau of Statistics (ABS) at 45 Benjamin Way. The building owner wanted to improve the building’s energy use and increase their National Australian Built Environment Rating System (NABERS) score to more than 4.5 stars, out of a possible total of six. Securing the network both internally and externally was a big priority, as well.

Penn State University Optigo Networks Visual BACnet

PENN STATE UNIVERSITY

When Tom Walker looked at Penn State University’s Navy Yard network, he saw huge issues. The system was busy and loud, to the point where the overrun network was bringing down the entire building. Because this was happening on the MS/TP network, pinpointing the problem would mean boots on the ground to segment and test the chain, piece by piece.

Penn State University Optigo Networks Visual BACnet

PENN STATE UNIVERSITY

When Tom Walker first started working at Penn State University four years ago, there were a lot of network issues. Buildings were dropping offline. Broadcast traffic was pushing 90,000 packets per hour. Walker was on the phone almost every single night because devices were down or had to be reset.

 

Torre Manacar Mexico City Optigo Connect

TORRE MANACAR

When MR Soluciones began work on Torre Manacar, they knew they needed a flexible and scalable network infrastructure to support a wide array of integrated systems. Optigo Networks was a natural fit for the massive project, designing a robust network at a competitive cost.

short

SHORT PUMP TOWN CENTER

Short Pump Town Center, an upscale retail center, underwent a complete renovation in 2014. The flexibility of Optigo Networks’ solution meant the retail center’s unknown final design was not a barrier to placing IP surveillance equipment in the field.

BOULEVARD MALL

BOULEVARD MALL

Optigo Networks connected New York-based Boulevard Mall’s security surveillance devices in December 2015, using a Passive Daisy Chain topology.

Visual BACnet tech support team

TECH SUPPORT TEAM

One tech support team at a manufacturer purchased an account with Visual BACnet in April 2017, for technical problems around the world.

Aster Conservatory Green Optigo Connect

ASTER CONSERVATORY GREEN

The Aster Conservatory Green is a community comprising 352 residences across 24 low-rise buildings. The buildings use advanced surveillance and access control technology, including 40 HD video cameras and 60 FOB-access-tele-entry points for access control.