You asked, we answered. Welcome to the first episode of our Q&A video series with Ping! We’re thrilled with the response to our call for BACnet and OT network questions! Our Co-Founder and CTO, Ping-Pook Yao, tackled some excellent questions in our first Q&A video, and we wanted to share the key insights in this quick blog summary.
Have more BACnet questions? Keep them coming! We love diving deep into these technical topics that help make OT networks more reliable and efficient. Send us a message on LinkedIn, Reddit, or Bluesky, or email us at marketing@optigo.net .
Can’t watch right now? Here’s a quick rundown of what Ping runs through:
Q1. What is Foreign Device Registration?
Think of foreign device registration as a “dial-in” capability for your BACnet network. Instead of setting up permanent connections, BMS software can register with a BBMD (BACnet Broadcast Management Device) to create temporary or long-term connections to a site.
The BBMD acts as a gatekeeper, accepting the foreign device registration and then forwarding traffic from that device into the local network. This approach is especially useful for BMS software that needs to connect to multiple sites simultaneously.
Q2. IT Routers vs. Switches: What’s the Difference?
This is a fundamental networking concept that often causes confusion:
Switches connect multiple devices together on the same network. They work with MAC addresses and don’t understand IP subnets – think of them as multi-lane highways allowing traffic to flow between devices.
Routers connect different subnets together. They work with IP addresses and are essential when you need to connect your local network to the outside world (which can be considered a different subnet).
If you only have one network subnet, you might get away with just a switch. But as soon as you need to connect multiple subnets, you’ll need a router.
Q3. Network Segregation: Why Divide Your Network?
Network segregation (also called network isolation, or separation) is about dividing your network into distinct areas. There are several compelling reasons to do this:
- Security: You might want to separate traffic going to your air handling units from traffic going to your lighting control systems.
- Manageability: Large networks with tens of thousands of devices become unwieldy and noisy. Segregating into smaller sections helps contain network noise and makes management more focused.
Q4. VLANs: Virtual Network Islands
The “V” in VLAN stands for virtual, and that’s exactly what they create – virtual islands of network traffic. Using software, you can take one physical switch and create multiple isolated networks. Traffic in one VLAN cannot be seen by or travel to another VLAN.
For example, you could configure one switch so that certain ports are on VLAN A, others on VLAN B, and the rest on VLAN C – effectively creating three separate virtual switches from one piece of equipment.
Q5. BACnet Terminology Shortcuts
If you’ve heard terms like “BVLC,” “D-Net,” “S-Net,” “S-Addr,” or “D-Addr” – these are just shorthand that experienced BACnet professionals use. “D-Net” refers to “destination network,” “S-Net” to “source network,” and so on. These are fields within BACnet packets that help route traffic to the correct BACnet network.
Q6. When Do You Need BBMDs and Routers?
Here’s a simple rule: If you have only one subnet, you don’t need a router or BBMD. As soon as you have multiple subnets with BACnet traffic that needs to cross between them, you’ll need both.
In today’s connected world, most systems span multiple subnets – especially when cloud connectivity is involved. The cloud essentially represents a different subnet from your local controller network.
Transcript
What is Foreign Device Registration?
Foreign device registration is a fancy way to allow a device to quote unquote “dial” into a site. BMS software wants to connect into a site? Instead of setting up a permanent connection, you use a foreign device registration into a BBMD. BBMD is the one that would accept the connection from a foreign device. And the BBMD would then know, “Okay, now that this device is registered to me, I will forward traffic from that device into my site.” In short, it’s a way for a device, a software device, to dial into a site to create a temporary or long-term connection. And the most common use is in BMS software to be able to connect to multiple sites at once.
What’s the difference between a router and a switch? Which should I use?
Let’s be clear, we’re talking about an IT router and an IT switch. A BACnet router is very, very different than an IT router. A switch connects multiple devices to each other. It ignores IP addresses. It doesn’t know about the concept of IP subnets. And it really just acts as a conduit onto a highway with lots of lanes. Whereas a router will connect from subnet to subnet. So if your system only has one network, one subnet, you technically don’t need a router unless you want to connect that device to the outside world because you can think of the outside world as a different subnet than your private network. Then you need a router to route between one subnet and another subnet. Switches act only on MAC addresses. They don’t know about IP addresses, and a router only cares about IP addresses. So they work in conjunction. In small networks, you might be able to get away with just a switch, but as soon as you have to connect multiple subnets, for whatever reason, then you definitely need a router.
What’s network segregation? I hear a lot about it, but what does that mean for my BAS network?
Network segregation, or network isolation or network separation, is just a way to say that I want to divide up my network into different buckets or categories. There are many different reasons for segregating networks. One reason could be security. I want to segregate the traffic that’s going to my AHU, my air handling unit, from the traffic going to lighting control systems. Network segregation is also used to create manageable-sized networks. For example, if you create one big network with tens of thousands of devices, it becomes very unmanageable. There’s a lot of noise on the network. By segregating the network into smaller buckets and smaller sections, you’re able to somewhat contain the noise and allow management to be a little more focused.
How do VLANs work on an OT network? That’s something from IT land?
The “V” in VLAN stands for virtual. That means that you’re able to leverage software to create isolated networks. It truly is creating virtual islands where the traffic in one island would never be seen and cannot go to another island. So you take one switch and say these ports are on VLAN A, these ports are on VLAN B, and then the other ports are VLAN C. So you’re using one set of equipment, but you’re creating the equivalent of three different switches in this example.
What is a “D-net”? Is it different from a subnet?
Okay. Yeah. Great question. This is where we get into the different nomenclatures and shortcuts that we use in the BACnet world! Sometimes you hear someone talk about a “BVLC” or “D-Net” or “S-Net” or “S-Addr” or “D-Addr.” It’s just because a few of us have been working in the world of BACnet so long that we’re short-forming “destination network” into D-Net, S-net from “source network.” These are different fields, part of a BACnet packet. More particularly, part of a network protocol of the BACnet standard. But it’s a way to say this packet is going to this BACnet network.
Do I only need a router or BBMD if I have subnets?
If you only have one subnet, you don’t need a router, nor do you need a BBMD. As soon as you have more than one subnet, you need both. If you’re on multiple subnets, you’ll have BACnet traffic that you’ll want to crossover, and you’ll want to be able to discover a device from one subnet to another subnet. Practically today, there’s very few systems with only one subnet, especially when you consider that most systems are now connected to the cloud. The cloud can be considered a different subnet than the subnet that’s hosting your controllers. In that case, though, you only need a router because you probably don’t want to discover devices from the cloud into your private network and vice versa.
