Discover Siemens IWLAN
Industrial Ethernet Book Issue 101 / 18
Request Further Info   Print this Page   Send to a Friend  

Using an IP router to resolve IT vs. OT conflicts

Network Address Translation (NAT) and Port Forwarding can both be handled by an IP router, as a way of translating IP addresses between those required by the IT and those already assigned on a machine. IP routers can save time and reduce errors when reconfiguring IP addresses for machines.

IF A PLANT ENGINEER NEEDED TO TEST a machining center a decade ago, it would be a straight-forward task of assigning private IPs to each machine. However, in today′s competitive global economy, manufacturers depend on a robust information technology (IT) infrastructure. A plant′s manufacturing infrastructure is now closely connected to the IT infrastructure and the plant engineer often must follow the policies of the IT department. Using an IP router can resolve network conflicts between the IT department and the operations technology (OT).


Network address translation example.

For example, a plant engineer is tasked with installing three identical machining centers (cells) using the latest in network automation technology. Within each cell, the drives, operator interface and programmable controller have been assigned the same sequential private IP address series because that is how the machine builder builds and tests his machining centers.

These working and tested machine cells with preset IP addresses must conform to the IP address assignment policy of the IT department. The simple addition of an IP router is a quick and inexpensive solution to what can be a difficult problem.

Changing the IP addresses on individual components within a machining center in order to comply with an IT department IP addressing scheme is an unnecessary complication that can be avoided if there is a means of translating IP addresses between those required by the IT and those already assigned on the machine. There are two approaches: Network Address Translation (NAT) and Port Forwarding. Both can be handled by an IP router.

Using Network Address Translation

In our example shown in the illustration above, we have the three machining cells using the same private subnet 192.168.92.0. For each cell, we add Contemporary Controls′ EIPR-E IP router and provide it the LAN side address 192.168.92.100, matching the subnet on the machine cell, and then sequentially address the other devices in the machining cell for a total of 5 IP addresses that need translation. If the IT department can afford to give us 15 IP addresses for all machine cells in the required range, NAT can be used. The EIPR-E IP router has one WAN side port, and 4 LAN side ports making it convenient for connecting LAN side devices. The WAN port, which connects to the IT network, can be configured to map 5 WAN side addresses to 5 LAN side addresses used by the equipment as shown below for the first machine cell. In the example, the IT department gave us a base address of 10.0.10.100 to begin our mapping. A simple one-to-one mapping does the trick.

The EIPR-E router in the second machine cell maps the address range 10.0.10.105 to 10.0.10.109 and the one in Machine Cell C maps the address range 10.0.10.110 to 10.0.10.114.

Port forwarding

If the IT department is stingy in assigning IP addresses, port forwarding can be used instead requiring only a single IP address assignment - the IP router′s WAN side address. This time the mapping table translates ports to LAN side IP addresses and ports. For example, if it is necessary to reach the web page (port 80) on device 192.168.92.101 an entry is made to translate an arbitrary port 8081 on the WAN side to port 80 on the LAN side. If it is also necessary to reach the web page on a second device on the LAN side another entry with port 8082 can be assigned. If only one of the devices - a PLC - required access to the protocol FTP (port 21) then an entry could be made to simply translate port 21 on the WAN side to the PLC IP address and port 21.

For protocols that use a contiguous range of network ports, the EIPR-E also provides Port Range Forwarding where the start and end ports can be mapped to the LAN IP device instead of individual port forwarding mapping.

Static vs. dynamic IP addressing

Some IT departments require the dynamic assignment of IP addresses instead of static addresses. Although the EIPR-E provides DHCP client capability, which means it will request an IP assignment from the IT department′s router, dynamic assignments can complicate the situation. If NAT is used, it is important that the IP department does not include in its DHCP range those IP addresses that are used for translation. If port forwarding is used, dynamic addressing is not recommended because once the WAN address is changed through some reboot of the system, you could lose the WAN side assignment critical to port forwarding.

IP routers save time and reduce the potential for errors when reconfiguring the IP addresses in machines or the application software just to comply with IT department IP address assignment policy. IP routers allow the use of the same configuration that the machine builder tested his machine with and its reuse across multiple cells, providing for a quick integration with the IT network.

Harpartap Parmar is a Product Manager at Contemporary Controls.


Source: Industrial Ethernet Book Issue 101 / 18
Request Further Info    Print this Page    Send to a Friend  

Back

Sponsors:
Discover Cisco IoT
SPS IPC DRIVES 2017

Get Social with us:


© 2010-2017 Published by IEB Media GbR · Last Update: 14.12.2017 · 39 User online · Legal Disclaimer · Contact Us