4

I have an automation controller that has built in 10/100 networking and uses TCP or UDP for communication with its operator interface, monitoring, data logging and programming. I had a lot of problems with the controller becoming unresponsive to any of its IP services (telnet, ftp, monitoring, HMI, etc.). I found out from the manufacturer that a busy network with PC's, printers and servers will overwhelm the simple TCP/IP stack of the controllers RTOS which causes the IP thread to hang (the CPU is only 62MHz). The controller keeps its critical threads running so its not dangerous to the machines function but without the IP interface, the operator interface is non functional and the machine cant be controlled.

I was told a managed switch would solve the problem as they only direct the packets to their intended destination instead all over the place. But I also see smart switches which advertise similar functionality at a lower cost.

So my question is can a smart switch cut down the network noise as well? I was looking at the specs on Netgear fully managed layer 2 switches as well as smart switches. From what I see, the fully managed switches have larger buffer memory. I have always liked Netgear and I can pickup a GS108T at my local Staples. Or should I opt for a real fully managed layer 2 switch?

What is a good brand of switch these days? I want to be sure that if the switch dies, I call someone to get one delivered next day.

And as a side note: the building network is connected through two 24 port dumb switches. I was told the entire building network should be upgraded to Layer 2 switches as well. Is it worth it?

user9517
  • 114,104
  • 20
  • 206
  • 289
Thaddeus
  • 41
  • 1
  • Yes, if you're using hubs right now every time any device that is connected to it sends a packet, it gets repeated out of every other port on the hub. A switch will build a table of where each device is located. This cuts down on broadcast traffic, and it also allows your network to run in full duplex mode (devices can send and receive at the same time). If you have some network experience (which, please take no offense, it sounds like you have a bit to learn yet), your best bet would be to set up a router and separate everything into appropriate VLAN's. – Matthew Oct 14 '11 at 20:31
  • Also, pretty much any switch will be managed (short of the cheapest of the cheap you'd pick up at the store). Get a real switch if you're running industrial equipment, HP and Cisco switches can be picked up fairly inexpensively and they work well. – Matthew Oct 14 '11 at 20:34

2 Answers2

6

If the devices are somehow to traffic caused by a busy network, then I think the switch feature you probably most need is support for VLANs. Put all the controllers on a completely separate VLAN and with the proper configuration they will not see traffic from anything on a different VLAN.

If you have a good core router, that supports VLAN trunking they you probably don't really need a very advanced switch, just support for VLANs, and VLAN trunking. If you don't have a router that can do VLANs, then you may need at least one layer 3 switch to do the routing and filtering of traffic between the networks.

There are a large number of switches that should work, I tend to prefer HP these days, since they seem to be relatively inexpensive, and easy to use. But I am sure many other vendors offer similar options.

Take a look at this question for more details on the common switch features that you should be looking for when making a buying decision.

Community
  • 1
Zoredache
  • 128,755
  • 40
  • 271
  • 413
  • Agreed 100%. Just to add, if there is no router currently on site, a L3 switch might be an option to save some cost. – Matthew Oct 14 '11 at 20:36
  • 1
    You don't even necessarily need routing if your control PC (operator interface) can do VLAN trunking to be on both VLANs. Or if the operator interface only needs to be on the control VLAN. – derobert Oct 14 '11 at 20:42
  • 1
    A switch will probably solve your problem (at least if you're really using hubs), but a *managed* switch and proper network segmentation like Zoredache described above is really what you want. You should keep your Industrial Control Network separate from your Office network (separate from your Guest network, separate from your VoIP network). SCADA systems are infamous for bugs like the one you're running into, as well as really LOUSY security in general... – voretaq7 Oct 14 '11 at 20:43
  • @derobert This is an option too but I'm a big fan of total segmentation (Worst-Case Scenario: control workstation catches a virus and starts screaming out of both interfaces, crappy IP stack on controllers gets scared and hides in a corner until the yelling stops) – voretaq7 Oct 14 '11 at 20:51
2

From the way the question is posted I'm worried the answers given have not given a high enough overview to allow you to understand what they're recommending.

An Ethernet Hub broadcasts all traffic it receives on one port onto every other port. This means one computer communicating burdens the whole network. Summary: All traffic will be sent to all end points.

A Switch checks each packet and only forwards the packet to the port (or segment) on which the destination is located. This means that all other ports are free to simultaneously send/receive data and massively improves network speed. These are cheap now so no-one should ever use a hub. Summary: Most traffic will be sent directly to the destination, broadcasts and MAC discovery means some traffic will be sent to all end points

A Smart Switch is a switch with a web interface and a few Managed Switch features thrown in. This may include VLANS, basic QoS, Port Trunking and perhaps Spanning Tree. These are a cost effective way to get some Enterprise features into a small/medium business. Summary: Unless you set up VLANs this will behave exactly the same as a Switch.

A Managed Switch will usually have a full array of enterprise features inc Security, Port Mirroring, VLAN, IGMP snooping etc. Can get expensive quickly. Summary: Unless you set up VLANs, this will behave exactly the same as a Switch.

VLANs are a way of creating virtual LANs over common infrastructure. This way you can virtually segment the networks while running on the same physical hardware. Smart and Managed switches will have VLAN functions.

A Layer 2 switch (Unmanaged, Smart and some Managed Switches) process packets based on the MAC address. This means VLANs are the only way of fully segmenting some machines from receiving broadcasts from the other network. Summary: You set VLAN IDs on Devices or in the Switch on Ports and you define (virtually) which devices are (Virtually) connected to each other.

A Layer 3 switch (some Smart and some Managed Switches - price goes up steeply here!) can switch based on IP address, and act like a router. I've never used one but I assume this means you can segment networks using IP Subnets and Routing rules to prevent subnet traffic from reaching unintended machines. Summary: You contain most broadcast packets to individual subnets that won't be on-forwarded to non-relevant subnets.

Otherwise the simplest solution suggested above is physical separation, which is often easier than advanced configuration if you have enough cabling already to support it. Just install a separate switch for the network that's going to be separated.

Dom
  • 731
  • 1
  • 8
  • 19
  • Dom, I think you answered my question. All of our switches are unmanaged and I was told Layer 2 managed switches were more intelligent, had more memory and would solve the problem of what they described as "network noise". I did buy a Netgear GS108T to experiment with and the problem still persists. I am going to segregate the network but it leaves me with trying to figure out how to connect the controller network to the building network as these devices are going to log data that multiple people need to access. – Thaddeus Oct 17 '11 at 17:10
  • Do it through a router (can be software) so only computers with specific knowledge of an IP address on the other network can access it. – Dom Nov 05 '11 at 03:05