The worlds of IT and Operational Technology (OT) are merging more and more these days as the Internet of Things grows in prominence. This collaboration between IT and OT is great, but there are still gaps in understanding that keep these worlds from fully working together.
To help, we teamed up with Distech Controls to create a webinar series on networking for OT professionals. In this edition about Network Access, we dug into network connectivity, communications, VLANs, and topologies. Check out our webinar recording on Network Access, and read the recap below! You can also download the PDF handout of our presentation to refer back to later.
The webinar dug into a lot of topics, including:
Network Connectivity (from 0:46 to 16:24)
Network Communications (from 16:25 to 26:55)
Topologies (from 33:07 to 52:34)
We did talk a bit about the network access layer, Ethernet, Wi-Fi, hot spots and clients, and managed and unmanaged switches in this webinar. We covered it in much more depth in our Introduction to Networking session, though, so definitely give that a watch if you’re looking for a comprehensive explanation.
The main thing to understand from the network connectivity section is how different elements might be used to connect your network. This diagram outlines a simple network example. Here, you can trace the network management system, through the router or core switch, to an aggregation switch and network controller, edge switches, and various end devices. This diagram will be useful to refer back to as you learn more about topologies and VLANs!
There are a few different forms of network communication, including unicast and broadcast messaging.
In computer networking, broadcasting refers to transmitting a packet that will be received by every device on the network. Broadcasting is different from unicast addressing, in which a device sends a message to one other device, identified by a unique IP address.
On BACnet networks, we can use unicast to mimic broadcast messaging, through a BACnet Broadcast Management Device (BBMD). You can broadcast within subnetworks, but not across the entire system of subnetworks. That would be far too hectic on a large system. Instead, messages sent to a BBMD will convert broadcasts into unicasts, which can be sent directly to switches in other subnetworks. From there, the switch can broadcast the message to the rest of the subnetwork. We actually have an entire blog post on BBMDs, if you’d like to learn more.
Virtual Local Area Networks (VLANs) are a great way to segment and isolate services on your network. If you have a variety of device types scattered across a series of different switches, you can separate those services using VLANs to assign and restrict communication access. You might do this for security purposes, if there are multiple services connected to the same switch.
In this case, for example, the lighting, CCTV, and access are all on their own VLANs. Although lighting and CCTV might be on the same switch, the devices on VLAN-10 are not accessible from VLAN-20 or VLAN-30.
It can also be useful to understand the difference between Access and Trunk. VLAN Access ports connect to devices, while VLAN Trunk ports connect multiple VLANs. This diagram helps illustrate that distinction.
You can configure and manage your VLANs through a graphical user interface (GUI), or through a command-line interface (CLI) if you’re comfortable with it.
Finally, we covered different network topologies. There are many different topologies that you could consider for your network, including daisy-chain, ring, as well as home run or star. Note that the same building can use one topology to connect the switches and a different topology to connect the devices. You don’t need just one design to connect everything in your building, because there are pros and cons to each design.
Daisy-chaining is a solution that is low on cost. You don’t need big switches, and your distance from the switch isn’t too limited. Unfortunately, network performance is often low, it’s difficult to troubleshoot, port security is an issue, and there is no redundancy.
A ring topology does have redundancy. However, you’re limited in how many devices you can use, it requires more ports on a switch, and you’re limited on distance. It’s also more expensive to “close the ring” in your design.
Note that it’s often preferable to have many small daisy-chains, rather than having one long chain in a ring topology.
One large ring connecting many devices.
Those same devices connected in a series of short daisy chains, instead.
Star and home run topologies come with a lot of benefits. You can enjoy port security, easier troubleshooting, higher network performance, and a simple installation process. While this solution does come with a higher price tag, more ports, and limited distance, it’s still our recommended solution.
While you’re selecting a design topology, you might want to consider your need for redundancy. Redundancy is essentially a “back-up” system, so that you’re prepared for the unexpected. If a switch goes down, for example, aggregation switch redundancy means that you won’t suffer downtime.
Spanning Tree Protocol (STP) is another way to ensure your network stays online. It’s used for breaking communication loops and recovering from failures.
On an STP-enabled system, if there is a loop between two Ethernet ports, one port will pass traffic (in Active mode) and the other port will block traffic (in Standby mode). As soon as the loop breaks, the blocking port will begin passing traffic so that all of the devices in the ring will maintain Ethernet connectivity. This might get activated if a device in the loop is disconnected or malfunctions, for example.
We hope you enjoyed this webinar! Be sure to check out our deep dives on Internet, Transport and Application, and Designing a Network with Distech Controls’ ECLYPSE and Optigo Connect next.