• Subscribe
  • Products
  • Factory
  • Process
    1. Factory
    2. Communication

    Segment Your Factory Floor Network to Improve Operations

    May 1, 2024
    Though it’s possible to use front-office IT switches on the factory floor, an industrial router or switch with network address translation capability is often the preferred solution.
    Photo 13902 © Kornwa | Dreamstime.com
    6627d1927f21f8001eb43b9e Dreamstime L 13902

    When discussing an industrial enterprise, Industry 4.0 is always mentioned and often overused. Despite this, nearly everyone agrees it is critical to get the right data in a sustainable fashion from edge devices to individuals who can use the data to make better business decisions. 

    However, there is the risk is that too much data collection, without proper foresight, can rapidly overwhelm a plant Ethernet network or a multiple location secure network if poorly designed.

    The value of data collection and supporting networks 

    Real-time downtime analysis from one location—a dashboard, or even a well-designed mobile application—can instantly show where resources are needed to increase productivity. Long-term study of this data can indicate maintenance trends, staffing shortfalls or process bottlenecks.

    Gathering data isn’t just about the traditional cycle time reporting issues. Predictive maintenance information, such as monitoring the vibration on motors, has been proven to reduce costly downtime.

    That’s why managing network traffic is more important than ever. Over the years, the number of devices on the factory floor has exploded. Often, networks were introduced into the infrastructure as an afterthought without regard to problems that would manifest in the future. 

    Currently, many large networks have bottlenecks due to throughput issues and the continued existence of unmanaged switches. Multicast protocols, often initially meant for a small cell, can inundate and overwhelm a network without the proper managed switches in place.

    The IT world (information technology) and the OT world (operations technology) are coming together rapidly. Both sides have the same goals but often go about the integration process in different ways. One area where IT and OT always agree is that a well-balanced and segmented network is critical.

    This can sometimes be achieved via a top-down design with the use of front-office IT switches used on the factory floor as long as environmental factors, such as radio frequency interference, electromagnetic fields, heat and vibration are considered.

    But how can a manufacturer handle the connection of specialized machinery from suppliers with their own local networking configuration in such a top-down network environment? For warranty purposes, commissioning and long-term troubleshooting, it is advantageous to keep the original IP address scheme issued by the OEM of your plant’s equipment. That’s why an industrial router or switch with network address translation (NAT) capability is often the preferred solution.

    Problems will occur if multiple machines with the same IP address allocation pattern were simultaneously plugged into a plant network. Source: Motion Ai
    Problems will occur if multiple machines with the same IP address allocation pattern were simultaneously plugged into a plant network. Source: Motion Ai

    The multiple machine cell case 

    Consider a case where an OEM has delivered 20 machines consisting of a PLC, HMI and a VFD to a manufacturer over the years. Because these devices were manufactured as individual machines, the OEM used the same IP address allocation pattern: 192.168.1.1 for the PLC, 192.168.1.2 for the HMI, etc.

    If all machines in this example were simultaneously plugged in to the plant network, IP address conflicts would happen. Some of the problems are documentation headaches, the sudden introduction of multicast protocols into the greater network and extra unexpected reprogramming of individual assets.

    Employing a switch or router with NAT capabilities means that a factory floor automation engineer can design a cross-reference table, which gives a one-to-one correspondence from an internal address to an external plantwide address. That way, nothing needs to change on the edge while maintaining security and uniqueness at the plant network level.

    Add security with firewall rules 

    Another frequent advantage to the use of an industrial switch or router with NAT is that firewall capabilities can be added for even more security. For example, if a computer running SCADA software on the plant network needs to talk to the PLC only, rules can be made to restrict all other communications except for requests from the SCADA computer. 

    Routers and switches with NAT (and port forwarding) are only one method by which networks can be segmented and made more secure. Many organizations have implemented VLANs (virtual local area networks) to segregate traffic. Make sure that you consult professionals on both the IT side and the OT side about working solutions to improve your network operation and enhance security as your enterprise grows.

    John Kan is connectivity products manager with Motion Ai, a provider of automation products and motion control solutions across the United States. 

    John Kan
    John Kan

    Continued Reading

    Sponsored Recommendations

    Why Go Beyond Traditional HMI/SCADA

    Traditional HMI/SCADAs are being reinvented with today's growing dependence on mobile technology. Discover how AVEVA is implementing this software into your everyday devices to...

    4 Reasons to move to a subscription model for your HMI/SCADA

    Software-as-a-service (SaaS) gives you the technical and financial ability to respond to the changing market and provides efficient control across your entire enterprise—not just...

    Is your HMI stuck in the stone age?

    What happens when you adopt modern HMI solutions? Learn more about the future of operations control with these six modern HMI must-haves to help you turbocharge operator efficiency...