The Internet of Things (IoT) has brought millions of commercial buildings into the networked era. There’s never been more connected devices in our buildings than there are today, and those numbers keep climbing. The rise of IoT also marks a convergence of sorts between systems that have traditionally been siloed: IT and OT networking. Ultimately IoT, IT, and OT systems all work on the same basic principle: the exchange of data and control, which depends on a functional network to make that communication possible.
The responsibility of maintaining these networks has also evolved. Today, it’s not uncommon to see facility managers and systems integrators coordinate with IT teams and managed service providers. For IT managers, this might mean redefining the scope and definition of a healthy network to one that extends beyond the “traditional IT” scope of IP switches, VLANs, and routers to include unique devices like MS/TP controllers, BBMDs, and BACnet gateways.
So if you’re an IT pro new to working with BACnet, we’ve put together this guide filled with things to consider when monitoring, managing, and maintaining BACnet network health.
As a bonus, we’ve also created this checklist to help you with preventative maintenance! Download a printable PDF here!
The Optigo Networks BACnet Network Health Checklist
Function
- All physical connections are solid and free of damage
- Connections are in a topology free of cross-connections or loops
Configurations
- Documentation of the current configuration of network devices (as-builts) exists in a centrally accessible location
- Documentation is reviewed regularly to ensure it’s always up to date
- Device configurations are free of duplicate addresses
- Devices are configured to avoid unnecessary broadcast traffic
Capacity
- Diagnostic tests for tell-tale capacity issues are run regularly
- The network is free from dropped packets or excessive packet travel times
- Review device configurations to ensure IP devices are not unnecessarily transmitting across subnets
Safety
- Are all BACnet segments behind your security perimeter (e.g. firewalls)?
- Do you have an up-to-date inventory of BACnet devices in use?
- Are your configuration files routinely backed up?
- Have you audited packet capture files to ensure no sensitive data is included (if necessary)?
- Are there failover plans (if necessary)?
In smart buildings, a healthy building automation and control (BACnet) network is the goal. We all know a functioning network with minimum downtime is table stakes, but what exactly defines a “healthy network” for BACnet? It’s a range of aspects you’re likely familiar with in IT networks, like traffic bottlenecks, to less considered indicators like loose wires and address conflicts.
Functionality
The physical makeup of a BACnet network is much less forgiving than a TCP/IP one. Though you might see a BACnet network routinely connected to your larger IP networks, it’s easy to overlook that older devices, like controllers and sensors, are in use doing the actual control of building devices. For example, a basic MS/TP protocol network consists of a single, two-wire, half-duplex system daisy chained between devices to a router. It’s essentially one continuous cable, carrying power and small bursts of data, connected to each device.
We explained in more detail in our article detailing some of the most common MS/TP issues, that wiring is often to blame. Seeing BACnet devices drop offline sporadically? Losing packets randomly? Chances are there’s an incorrectly terminated device somewhere along the line.
The topology of a BACnet network can also lead to issues. When you have a lot of BACnet devices, it’s good practice to create smaller segments with a dedicated set of devices to help deal with BACnet’s low capacity for traffic (not to mention, that longer lines of devices lead to longer round-trips for data).
This means a lot of devices, like routers, gateways, and BBMDs, are used to enable communications across those network segments. It can be easy, for example, to assign duplicate BBMDs to the same subnet, doubling or tripling the amount of broadcast traffic in an already stressed network.
This is the first step in ensuring BACnet network health: ensuring proper physical connections and routing between devices.
Configuration
Device configuration within a BACnet system is still largely a manual process. Addressing – individual MAC addresses, device instance numbers, and even network addresses themselves – still need to be manually configured and updated to ensure devices communicate across the network whenever something changes. It’s still common for an MS/TP network to get stalled looking for devices on the network that are no longer there because no one told it to stop looking!
Conflicts caused by configuration errors, like duplication of addresses, can be a common issue. For example, sending a request for a temperature reading to what you think is a thermostat, and receiving data about outside air pressure from a misconfigured sensor as well as your thermostat, can cause all kinds of issues.
Configuration can also play a role in controlling the amount of traffic on your BACnet network. With older BACnet systems, there’s a premium on capacity, so attention needs to be paid to cutting down every bit of unnecessary traffic. Does every BBMD need to forward traffic to all other BBMDs? Does every subnet need to send and receive discovery messages to and from each other?
Reviewing and maintaining clear, up-to-date documentation of network configurations is probably something you’re already doing as part of your IT maintenance, and it’s also a crucial step in maintaining BACnet network health and eliminating device conflicts and excessive traffic on your BACnet systems. Include them too.
Capacity
Network capacity is often at a premium on BACnet networks. That means managing capacity becomes a much more regular part of your preventive maintenance than you’re likely used to. It needs to become a much more important consideration when it comes to future network changes as well – as future IT network expansion can often have bleed-back on your connected OT networks.
Individual components, particularly MS/TP devices, have very limited resources to process data compared to many IT components, and it’s fairly easy for them to become overwhelmed. Ask yourself, how taxed are the individual BACnet components now, and could they handle additional devices or traffic? Overload can lead to a cascade of issues for BACnet systems. This also relates to configuration, in your network’s ability to handle additional load from an IP device or subnet crossing a BACnet system.
It can also include device programming as well. A device set to make too many read requests too often, for example, or make constant global discovery requests on networks with thousands of devices, can flood the systems with traffic.
Running checks at regular intervals to ensure that the amount of traffic flowing through the BACnet segments of your network isn’t overloading the system, and making program tweaks are a key part of healthy upkeep.
Security
Ensuring a secure BACnet network is no different from any other system and no less important. It’s not uncommon for people to overlook building devices like sensors, thermostats, or switches as possible attack vectors. But as IT pros know, if it’s on the network and open to the Internet, it’s an open door to malicious actors. Either through human error, or security gaps, BACnet networks can be subject to breaches like any other networked system.
This should also include security around your data itself. If your organization has strict policies around data handling and legal compliance, you need to be sure that any packet captures comply as well. Make sure your PCAP files are properly filtered to contain only the BACnet data if your policy requires it.
This is an area where we think our IT partners already have the expertise, so our best practice is a reminder: BACnet networks that connect to larger networks should be subject to the same security posture you apply to the entire network.
Ensuring BACnet Health with OptigoVN
As IT pros, you know: you can’t fix what you can’t find.
That is why OptigoVN was specifically designed with 28 out-of-the-box diagnostics to provide complete observability into your BACnet systems. With options including scheduled packet capture upload or 24/7 monitoring, your BACnet network now gets the same deep level of insights and fast time-to-resolution you expect from IT network monitoring and management solutions:
- Pinpoint tell-tale signs that physical issues, like unavailable or unresponsive devices, might be to blame for network problems, saving you hours of network bifurcation and testing or climbing ladders to eliminate possible devices.
- Instantly identifies addressing conflicts at many levels (device, routing, network) and offers several tests of traffic issues that may offer opportunities to tune.
- OptigoVN can help diagnose potential hardware failure and overload capacity symptoms, like MS/TP token time, slow responses, and dropped packets.
Planning for the Future
The final component of a healthy network is its ability to be healthy in the future. Meaning, we need to think about the ongoing health of the BACnet system both short and long-term. That starts with the same migration IP networks have undertaken: from a break/fix model to one of proactive maintenance. Incorporating regular testing and monitoring of your BACnet network will ensure the health of your system, not only now, but provide you with the basis for future planning and expansion.
Ready to see how OptigoVN can give your BACnet systems the same level of visibility you’ve come to expect from advanced IT monitoring apps? Learn more about OptigoVN, schedule a stress-free demo, or try it yourself for free today.