I have been given an assignment to design an industrial Ethernet network and since I don't have any experience in doing so, I signed up on this forum to get your opinion and comments on my current design proposal.
Main requirement is to mitigate any single point of failure influence on overall network performance. The approved (from my
superiors) network topology is the double star topology (network A and B). Other requirements are:
- fibre optic links due to long distances and harsh environment;
- minimal latency;
- minimal or no at all convergence time;
The system consists of 15 subsystems, 6 of which are main and the focus of my concers. Main systems are based on S7-400H Siemens
PLCs, with two Communication Processors per each CPU (one for every network).
Heart of both networks is the core managed switch.
All of the subsystems are connected to network over dedicated unmanaged switches and media converters (copper to fibre).
Brains of the operation is PC based server (two of them for redundancy) which is managing the following actions:
- Application server (fetching the data from all subsystems, calculating the status of the system and outputting the set points,
communication with other servers on the other networks);
- OPC server (Data Access, Historical Data Access, Alarms and Events, serving HMIs...);
- Network Manager Server (SNMP manager, NTP).
The two servers shall be installed in hot redundancy (active mirror) configuration providing hardware and software redundancy.
When standby server detects failure it assumes the active role automatically without any user intervention. The servers must be
synchronized and they must ensure bumpless switchover by holding last data value active.
Communication with other networks is done via Demilitarized Zone with router and firewall.
There are two Human Machine Interfaces running on Siemens WinCC.
One simulation server that can fetch data from the OPC, other servers or manual input, run the simulations and output results.
PRP (Parallel Redundancy Protocol) is not a option due to the need for uniformity of protocols throughout the whole plant.
UTP will be used for communication between subsystems and the server.
Here are my concerns:
1. My idea is to have all of the critical data exchange to take place simultaneously on both networks. The receiving nodes, on the application layer, evaluate two received packets from two network interfaces, drop one and process the other. By implementing this design topology and data flow paths, in the case of failure of one network component, there are no convergence times associated because there is no reconfiguration of data paths (e.g. RSTP). Also, UDP packet loss is easily detected and coped with. Is this approach feasible?
2. Since core switches are not interconnected, I have basically two independent networks.
- 172.20.100.51 - network A, high-level system (100), HMI 1 (51).
Is this good IP addressing practice? Will I have difficulties with network configuration / routing?
3. Can I connect both core switches to one router?
4. Do you recommend using managed access switches? If yes, why?
5. In the future if I want to install IP cameras (50 pcs) should I make new dedicated network for that? With media server and other components? Or I should make network A capable of handling that traffic (1000 Mbps Ethernet), put managed access switches, implement QoS and VLANs?
In the attachment you'll find network topology schematics.
Thank you in advance! Looking forward to your replies and comments!
I guess I see what your trying to do... I suppose that will all work depending on your application. One concern I have, however, is that its probably more complicated than it would need to be. You could get two stackable switches for your core and link to single switches at the edge with etherchannels. I typically do this as channel group is always up even if one of the single links goes down. The issue with this would be that you have only a single edge switch then. I'm not sure how critical that would be but it would make you life a heck of a lot easier as you would only need a single IP network, you can still do two nics, etc. if you would like.
You could also agragate IP cameras onto this network but be sure to calculate and monitor where any throughput bottle necks will be. I would put these in a seperate VLAN and be sure to apply QOS of some type. PLC's, etc typically have less processing power and should be seeing as few broadcasts and other unrelated traffic as posible.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...