vlans prevent network problems

8/7/2019 VLANs Prevent Network Problems

1/7

Preventing Network Problems on the Plant Floor with VLANs WP-29-REV0-4008-1/7 2008 by B&B Electronics.

International Headquarters: Ottawa, IL USA 815-433-5100 www.bb-elec.comEuropean Headquarters: Oranmore Co. Galway Ireland, +353 91 792444 www.bb-europe.com

B&B

ELECTRONICS

WHTEPR

Preventing Network Problems on the PlantFloor with VLANs

The success of Ethernet technology came about because of itscost, effectiveness and simplicity compared with other networkschemes. The lure of linking large numbers of systems waspowerful.

All this connectivity came at a price. As networks grew, datacollisions and delays increased. These delays slowed Ethernetsprogress with industrial control networks, where guaranteedresponse times are so important.

Then switch technology entered the scene. With uniquepathways to each port, switches reduce collisions. Switch costscame down and they became widespread in non-industrialEthernet networks. Then the development of industrial-hardened switches allowed these to be used more widely inindustry.

Switches by themselves dont limit traffic, but facilitate it. Thistraffic, if left uncontrolled, could lead to congested bandwidthand clogged arteries.

Virtual Local Area Networks or VLANs use managedswitches to balance this expanded connectivity with usefulboundaries on data traffic. VLANs make networks more reliable,and this reliability is what makes VLANs so useful in industrialsettings.

Industrial VLANs

A VLAN is a single broadcast domain, not limited by physicallocation. VLANs create logical separation of control networkswithin a physical network, dividing physical interfaces into usefulgroups.

VLANs are created using parts of a switch, full switches ormultiple switches linked together. An administrator assigns portsto each VLAN. Each VLAN then functions as an independentswitch, broadcast domain and network. Each device on a VLANhas its own Media Access Control (MAC) address. MAC

Reliability, speed and

security are just a few of

the benefits of industrial

VLANs.


2/7



B&B

ELECTRONICS

WHTEPR

addresses are assigned by the manufacturer, and the VLANuses these to tell where data goes.

Each VLAN is in effect a separate network. The only way to getdata to a device on another VLAN is to send it outside the VLANthrough a router even if the receiving device is on a port onthe same switch but on another VLAN.

Figure 1. Examples, Industrial VLAN Components

Tag VLAN is the

technology that makes

even the largest VLANs

secure, flexible and

powerful.


3/7



B&B

ELECTRONICS

WHTEPR

Benefits of industrial VLANs

Isolation VLANs isolate network traffic to accommodatedifferences in operational needs.

SimplicityAs networks grow, they can turn into difficult tomanage monsters. By segmenting networks, VLANs make themeasy to understand, change, and troubleshoot.

Speed and Performance VLANs reduce delays, also calledlatency, by reducing the size of the collision domain. Broadcasttraffic is reduced, since it doesnt go past its own VLAN.

Scalability A VLAN may be as small as a single port on oneswitch, or span any size organization.

Flexibility Additions and changes are simple. Moving a userto a different VLAN is just a matter of reconfiguring the port. Anddifferent operating systems can coexist on a single network, aslong as each is on its own VLAN.

Cost Subdividing networks using VLANs saves money overbuying separate physical networks.

SecuritySecuring data is a great reason for using VLANs.

Also, as priorities change, they can be adapted to the situation.For example, an IT departments security protocols may differfrom the manufacturing department, where reliability is oftenmore important than security. While they dont guaranteesecurity, data from one VLAN cant accidentally leak to another,regardless of shared cables, networks, routers or switches.

Special ApplicationsVLANs may be required whereverbandwidth or operational concerns create conflicts with otherareas.


4/7



B&B

ELECTRONICS

WHTEPR

Port Or Tag VLAN?

Port based VLANs are suitable for smaller settings. As thename implies, ports are assigned to VLANs, and all users on asingle port are members of the same VLAN. This allows theseparation of office computers from industrial electronic devices.

IEEE 802.1Q Tag VLANs are so called because a tag orheader is added to data packets to identify which VLAN theybelong to. The 802.1Q standard specifies how VLANs managedata flow across multiple switches.

Figure 2. IEEE 802.1Q Tag VLAN Header

VLAN Trunking When more than one switch is involved, oneport on each switch (a trunk port) communicates VLANinformation to the other switches involved. The links betweenswitches (trunk links) not only communicate where each link of aVLAN is located, they also transmit the actual data betweenswitches, which is then delivered to the appropriate port anddevice.

Trunking, when used regarding VLANs, refers to the combinedconnections and software that make switches and VLANsinterconnect smoothly. GARP VLAN Registration Protocol(GVRP) is the standards based system used by manymanufacturers. VLAN Trunking Protocol (VTP) is a proprietarysystem used when only Cisco switches are involved. Bothaccomplish the same thing.

Applications

User types, departments or operations may all be reasons tosegment the network into VLANs. For example, a factoryautomation network has greatly differing needs from the buildingautomation, office, IT or human resource network. Even withinthe industrial side of things, there may be no need for the

WAN technology, when

used as part of an

industrial VLAN, makes is

possible for an individual

VLAN to be built on a

scale that covers the entire

planet.


5/7



B&B

ELECTRONICS

WHTEPR

operator interface, vision, motion or other systems to be on thesame VLAN.

Here are some other advantages of segregation:

A VLAN can isolate office and other network traffic fromthe factory automation network, eliminating the chancethat outside traffic can flood and interfere with time criticalcontrol communications.

Inventory control with Radio Frequency Identification(RFI) creates huge data streams. A VLAN limits this datato where it is needed. Video surveillance and othersystems may also use lots of bandwidth and require aseparate VLAN.

Security is often the top priority for the IT department,while reliability is for manufacturing. Since theseconcerns may conflict, it just makes sense to be onseparate VLANs.

Functional differences may warrant separate VLANs,such as network management and monitoring.

Groups of users in three separate buildings can all bepart of the same VLAN, and at the same time, becompletely isolated from all unnecessary traffic. Takenfurther, VLANs can be securely scaled beyond a singlelocation, over a Wide Area Network (WAN) link ifnecessary.

Figure 3. Extended VLAN, Connected Over WAN

Industrial VLANs need

more reliable designs,

equipment and software

than is typical of

commercial settings.


6/7



B&B

ELECTRONICS

WHTEPR

Network Topology, Configuration and Hardware: IndustrialVLAN Best Practices

Industrial VLANs use a wide variety of configurations andequipment. Part of the attraction of Ethernet VLANs is thatlegacy devices, wiring and topology can be used as part of afull system of VLANs.

Managed switches make it possible to create and manageVLANs, and the right industrial switch can save a lot of trouble.An industrial managed switch should have the right number andkind of ports, strength, dependability and ultra fast recovery forthe real needs of the industrial settings*. The need for reliableruggedness typically exceeds that of commercial installations.Data flow rates can be controlled to avoid problems. The fastestports available on each switch should be used for network trunklinks, as these carry the most traffic.

Switch and router placement makes a difference.Inefficiencies may arise if they arent located the shortestphysical distance to the maximum number of nodes on theVLAN. Longer paths increase the likelihood of failures andcomplicate problem diagnosis.

Unshielded twisted pair (UTP) cable is the most commonlyused wiring. At many plants is this is already in place, oftenmaking a VLAN possible without running new cable. Fiber optic

cable carries more data over greater distances, and is useful fornetwork trunk links.

Management Software for industrial VLANs should be graphicoriented. In non-industrial settings its presumed that everyonedealing with the network went to IT school. But industrialautomation is very visual, and plant personnel are often the firstresponders to VLAN issues. Theyre much more used to dealingwith colors and check boxes than a command line interface.

Packet Filtering Tag VLAN headers may cause trouble onindustrial networks. Its OK to leave the tag data on packetsgoing to tag-aware devices. But if all devices arent tag-aware,the switch must strip tags from packets before they go out to theVLAN. This is very important in dealing with the legacyequipment found in many industrial settings.


7/7



B&B

ELECTRONICS

WHTEPR

Redundancy is a key to reliable operation. Though industrialequipment typically withstands far more abuse than commercial,the nature of many industrial networks makes back-up systems

necessary. A degree of redundancy is often the best way to

ensure network stability. And in some situations full

redundancy is both needed and available.

*Equipment capability - The best equipment is tuned to theneeds of the specific industrial situation. An outstandingexample of how to do this is B&B Electronics robust line of Elinx500/600 Managed Industrial Switches.

Figure 4. Elinx Industrial Fully Managed Switches, with alarm outputs, dual

power inputs, IP30 cases, DIN or panel mounts and gigabit options.

These switches are industrial hardened and have a graphic

interface. Often it takes two switches to get the rightcombination of copper and fiber. This doesnt need to happen.B&B Electronics Vlinx 500/600 switches feature virtually everyfiber optic combination available. Additionally, Vlinx 600 seriesswitches are equipped with Gigabit ports.

B&B Electronics offers a comprehensive line of industrialnetwork, data communications and automation equipment. Seeour full offering today at www.bb-elec.com.

B&B Electronics started in 1981 manufacturing a single product, an RS-232

tester. Since then B&B Electronics has had continuous growth in industrial

communications and automation. For a library of technical information and

one of industrys most popular industrial electronics and communications

catalo s, find us at www.bb-elec.com

The best industrial

networking equipment is

tuned to the

requirements of the

specific VLAN.

Finding and configuring

the right switches used to

be hard.

vlans prevent network problems

Documents