OT networks: they quietly connect thousands of devices — controllers, sensors, HVAC systems, lighting, access control, and more — to make facilities efficient, comfortable, and safe.
Yet behind the scenes, these networks face growing complexity. More devices. More data. More demand for uptime.
For those managing these systems, stability isn’t just a goal — it’s a necessity. A small misconfiguration can ripple across an entire network, causing sluggish communication or even full outages. And because OT networks are often installed, expanded, and maintained by different teams over many years, they’re especially prone to drift away from best practices.
At Optigo Networks, we’ve spent years helping teams with BACnet/IP network design, optimization, and troubleshooting across hundreds of deployments. We’ve seen what works — and what doesn’t — across hundreds of deployments. So, we asked our engineers to share their best lessons from the field: the small but crucial practices that keep systems running smoothly day after day.
Here’s our expert playbook of ten proven tips for building fast, stable, and secure OT networks.
1. Keep MS/TP chains short and clean
Don’t overload your MS/TP network. Connecting more than 25–30 devices in one chain creates long round-trips and timeouts.
And don’t forget your EOL resistor — it’s one of the simplest yet most overlooked stability fixes.
Why it matters:
Each device on an MS/TP chain adds a tiny bit of delay to every token pass. Beyond roughly 30-35 devices, message turnaround times start to stretch, and small physical problems (like flipped polarity) have an amplified impact.
Keeping your chain short and properly terminated helps maintain predictable timing — the foundation of a stable control network.
2. Set your Max_Master wisely
This tip goes hand in hand with #1. Default Max_Master settings of 127 are never appropriate. A value that’s too high wastes bandwidth polling for devices that don’t exist, while one that’s too low skips over active controllers. Set yours just two or three addresses above the final device in the chain — that buffer gives you room to add new devices later without having to revisit the setting right away.
Why it matters:
Tuning Max_Master helps your network stay efficient and responsive. When this value aligns with your actual device count, token passes are faster, communication is cleaner, and troubleshooting becomes far easier. It’s a small adjustment that can make a noticeable difference in how reliably your MS/TP network performs.
3. Watch for address gaps
Address housekeeping matters, too. Unlike IP-based networking, BACnet MS/TP lacks support for DHCP, so systems cannot set or alter their device addresses. Every “missing” address forces a controller to keep polling for devices that aren’t there, every 50 token cycles — slowing the entire network. Eliminating address gaps keeps token passes smooth and your MS/TP network running efficiently.
Why it matters:
Over time, as devices are replaced or moved, gaps inevitably appear in the addressing scheme. Each of those gaps creates a recurring pause in the token rotation. Cleaning them up is a simple administrative task that keeps message timing tight and prevents slowdowns that otherwise look like random communication lag.
4. Tune for performance, not noise
If your MS/TP network is running slow, the problem is almost always physical: flipped polarity, mismatched baud rates, missing terminators, or wiring issues. But don’t stop there. It could also be the larger network it’s connected to exerting pressure — excess broadcast traffic from a big IP network can easily choke an MS/TP subnet.
Always start by checking the physical layer before diving into software or logic.
Why it matters:
MS/TP doesn’t have the bandwidth or error recovery of Ethernet. Even small wiring faults can ripple through the chain. Physical verification — not just device diagnostics — solves the vast majority of “mystery” communication issues that appear to be software problems.
5. Design your BACnet/IP network for your scale
No two building networks are alike. What works for a small system can quickly fall apart in a larger one, especially as traffic grows and devices proliferate. Designing for scale means thinking ahead — not just for the network you have now, but for the one you’ll have a year from now.
As Optigo Networks Co-Founder and CTO Ping Yao puts it, “You have to regularly measure your system’s health — performance and integrity — or else you don’t know what’s happening until it’s too late and costly to fix.”
He recommends tailoring your design and monitoring approach to network size: “Have three plans: small, medium, and large. A 200-device flat network might only need a quarterly diagnostic, but a 2,000-device system in a dynamic environment needs split-horizon BBMDs, fine-tuned polling, and 24/7 continuous monitoring.”
Why it matters:
Network design that works for a small system doesn’t scale linearly. As systems grow, broadcast domains expand, traffic multiplies, and control loops cross boundaries. Planning for growth — not just today’s capacity — prevents major rework later and keeps downtime minimal as your building evolves.
6. Monitor and measure — always
Even the best network design won’t stay healthy without oversight. Continuous monitoring is what separates reactive maintenance from proactive control. It’s how you catch network noise, bottlenecks, or failing devices before they start to impact building performance.
John Attala, Optigo’s Head of Growth, also echoes that same principle in his tip. “You can’t manage what you don’t measure.” He adds, “Many clients only discover strange network behavior at odd hours — long after they’ve left the site.”
A robust monitoring solution gives you visibility into issues like misconfigured reads, writes, or COV thresholds before they cascade into full outages.
Why it matters:
Without real-time visibility, network degradation creeps up silently. Latency increases, retransmissions spike, and soon you’re fighting symptoms instead of causes. Continuous monitoring turns reactive firefighting into proactive maintenance — saving hours of troubleshooting and protecting uptime.
7. Check your COV thresholds
Misconfigured COVs are a silent killer of network performance. Settings are often treated as an afterthought — until they start flooding your network. A misconfigured threshold can turn one noisy data point into thousands of unnecessary messages per minute.
As Ping points out, “OptigoVN has caught hundreds of cases where the COV threshold was set to 1 on airflow measurements. These settings waste bandwidth, CPU cycles, and even storage if you’re trending those points.” Audit your COVs regularly, and tune thresholds to reflect meaningful changes — not constant microfluctuations.
Why it matters:
COVs (Change of Value messages) are meant to reduce unnecessary polling — but when thresholds are too sensitive, they do the opposite. Even minor sensor fluctuations can trigger floods of updates, eating into bandwidth and device processing power. Adjusting thresholds keeps data accurate and efficient.
8. Keep traffic below router capacity
Routers have limits, and exceeding them can actually increase total traffic. Optigo Networks’ VP of Product, Dave Cousins, advises, “Know the capacity of your routers and measure traffic often. As a router approaches its limit, performance degrades and it becomes a bottleneck. Keep average router traffic around 50% of capacity — that leaves room for growth and spikes.”
Watch for “router busy” messages and response time trends as early warnings of overload.
Why it matters:
As routers reach their limits, packet loss leads to retries, which adds even more traffic — creating a feedback loop of congestion. Staying well below capacity avoids this spiral and ensures predictable response times across all network segments.
9. Segment your device groups
As building networks grow, devices from different systems — HVAC, lighting, access control, and more — often end up sharing the same subnet. While this might seem convenient, it also means that problems in one area can ripple across the entire network. Segmentation helps contain those issues and keeps communication efficient.
Here’s what Corey Noakes, Optigo Network’s R&D Test Engineer, recommends: “When setting up an OT network of BACnet/IP devices, separate different device groups — HVAC, lighting, access control — or even different brands by VLAN ID. It prevents one VLAN’s issues, like loops or duplicate IPs, from affecting the others.” Smart segmentation minimizes collateral damage when things go wrong.
Why it matters:
Segmentation reduces broadcast domains and isolates faults, making both troubleshooting and performance tuning far simpler. When devices are grouped logically and separated by VLAN, a misconfigured loop or duplicated IP in one group won’t bring down the rest of the network. It’s one of the simplest, most effective ways to improve both reliability and resilience in large-scale OT environments.
10. Audit, document, and secure
Even the best-designed networks eventually drift. Devices get added, replaced, or reconfigured — often by different teams over many years. Without clear documentation and regular audits, it becomes nearly impossible to know exactly what’s on your network or how it’s behaving. And when something goes wrong, that lack of visibility turns a simple fix into hours of guesswork.
Pook offers a practical reminder: “The problem may not be where the blinking red light is. In other words, the visible symptom — a failed point, an unresponsive controller, or a slow connection — isn’t always the real cause. Hidden configuration changes or undocumented devices can be the true source of the issue.”
Keeping accurate, accessible records of your network layout, device inventory, and configurations ensures your team can diagnose issues quickly and confidently. And if any part of your OT network connects to the internet, installing a firewall isn’t optional — it’s essential.
Why it matters:
Most network downtime stems not from equipment failure, but from uncertainty. When documentation is outdated or incomplete, teams lose time chasing the wrong problems. Regular audits, thorough record-keeping, and strong perimeter security build a network that’s not just functional, but manageable.
The truth is, strong OT networks aren’t built from a single configuration setting or clever fix — they’re the result of consistent care, visibility, and informed design. Every one of these best practices, from MS/TP tuning to VLAN segmentation, comes back to the same principle: when you can see what’s happening on your network, you can manage it before it becomes a problem.
That’s exactly where OptigoVN makes the difference. Our platform gives you real-time insight into every layer of your OT network, so you can pinpoint issues, track performance, and optimize communication faster than any other solution. Whether you’re managing a single building or an entire portfolio, OptigoVN helps you stay ahead of outages, inefficiencies, and costly troubleshooting.
You don’t have to manage complex OT networks alone. Whether you’re starting a new BACnet/IP network design or trying to stabilize an existing one, OptigoVN gives you the visibility and data you need — from the controllers to the cloud.
