What is Ethernet’s role in industrial Internet?
Visibility and control of connected IIoT objects calls for high-performance, low-latency networks with remote management capabilities.
Today’s industrial networks, however, largely use specialized network protocols and have diverse installed bases. This makes modernization onto an all IP Ethernet infrastructure complex. Meeting challenges related to system reliability, determinism and security calls for using Ethernet switching solutions, programmable devices, high-precision timing, Power over Ethernet (PoE) and application-optimized software.
Industrial network security
Industrial network security is typically premised on fire-wall isolation from a corporate network and the Internet. It is a misconception to think an industrial network is protected because it is isolated from the Internet. Indications are isolating a network makes it less secure and harder to manage.
IIoT network security must be multi-layered to protect the data, management, and control planes, particularly for M2M communications. A typical approach relies on data encryption; traffic control; authentication, authorization and accounting (AAA); and data integrity.
As to networkwide encryption, MACsec (IEEE 802.1AE) and Keysec (now part of IEEE 802.1X) are the L2 encryption and key management protocols to secure Ethernet physical ports and VLANs. Further enhancing confidentiality, IEEE 802.1AEbn includes strong 256-bit encryption now required by certain government agencies.
While encryption alone is insufficient to secure a network, using strong 256-bit encryption like MACsec in networking equipment and end points is a means to authentication, data integrity and user confidentiality. Leveraging FPGAs with built-in security capabilities can be used to provide a root of trust in a system.
For deterministic performance and network reliability, the expectation is that specific functions occur within a precise timeframe. This is possible when each network element is time-aware and recognizes whether it delivered Ethernet packets "on time."
But this is only one part of the solution. A mechanism to synchronize and distribute precise "time" in Ethernet exists today using IEEE 1588v2; however, the latest Time Sensitive Networking (TSN) standards bring system developers a very time-oriented style of traffic scheduling.
Developed by the IEEE 802 group, TSN standards broaden Ethernet capabilities to make it a true industrial-grade, real-time communications protocol. Elements include clock synchronization, time-based message handling, frame preemption and seamless redundancy.
Besides usability and performance, for example, IEEE 802.1ASbt adds one-step time stamp support. Reduced packet numbers are needed to convey network timing information versus a two-step process in the prior generation standard.
The TSN features give Ethernet networks the real-time determinism and low latency needed, and should remove the last barrier preventing an IIoT network using Ethernet as its main backbone, allowing critical and noncritical control and data traffic converging onto a single network.
While Ethernet with TSN will finally be a plausible deterministic backbone for industrial networks, proprietary interfaces will remain in place. FPGAs/SoCs that have the capability to translate between Ethernet, IEEE 1588, TSN and specialized industrial protocols while keeping deterministic behavior will be critical.
The eventual migration of IIoT networks to IP/Ethernet is a given, but recognize two unique factors involved. Ethernet standards, components and systems for Local Area Networks (LANs) are not a natural fit for IIoT networks. IIoT network migration must support "nonstandard" protocols and make way for early stage innovations.
For networks comprised of heterogeneous legacy equipment, using multiple specialized network protocols, key elements include:
- Multi-protocol support of Ethernet and fieldbus interfaces for interoperability and scalability
- Optimized Ethernet switch software stacks for easy deployment and management
- Unified hardware and software for the real-time determinism and low latency required
- Port configuration and synchronization options while meeting IIoT environmental and operational requirements
- Power over Ethernet (PoE) options up to 95 W to safely power remote devices.
All this is possible with a pragmatic combination of hardware and software that combines low-power and secure FPGA solutions, Ethernet-switching silicon optimized for industrial, software stacks that provide manageability and monitoring, an ecosystem of security orchestration software, and ruggedized PoE solutions designed for industrial settings.
In conclusion, it is important to note that there will be no "one-size-fits-all" approach for IIoT systems.
Uday Mudoi is a vice president with Microsemi Corporation.
– See other articles from the supplement below.