My Account  |  Shopping Cart  |  Locate a Partner |  How to Buy  |  International Sales
B&B Electronics Home Page
Products available from B&B Electronics
Custom / OEM
Technical Support available from B&B Electronics
Technical Library - B&B Electronics
Applications
Free Catalog B&B Electronics
 
 

Ethernet Managed Switches
Home > Tech Notes > Preventing Network Problems on the Plant Floor with VLANs

PDF VersionPreventing Network Problems on the Plant Floor with VLANs

The success of Ethernet technology came about because of its cost, effectiveness and simplicity compared with other network schemes. The lure of linking large numbers of systems was powerful.

All this connectivity came at a price. As networks grew, data collisions and delays increased. These delays slowed Ethernet’s progress with industrial control networks, where guaranteed response times are so important.

Then switch technology entered the scene. With unique pathways to each port, switches reduce collisions. Switch costs came down and they became widespread in non-industrial Ethernet networks. Then the development of industrial-hardened switches allowed these to be used more widely in industry.

Switches by themselves don’t limit traffic, but facilitate it. This traffic, if left uncontrolled, could lead to congested bandwidth and “clogged arteries.”

Virtual Local Area Networks or VLANs use managed switches to balance this expanded connectivity with useful boundaries on data traffic. VLANs make networks more reliable, and this reliability is what makes VLANs so useful in industrial settings.

Industrial VLANs

A VLAN is a single broadcast domain, not limited by physical location. VLANs create logical separation of control networks within a physical network, dividing physical interfaces into useful groups.

VLANs are created using parts of a switch, full switches or multiple switches linked together. An administrator assigns ports to each VLAN. Each VLAN then functions as an independent switch, broadcast domain and network. Each device on a VLAN has its own Media Access Control (MAC) address. MAC addresses are assigned by the manufacturer, and the VLAN uses these to tell where data goes.

Each VLAN is in effect a separate network. The only way to get data to a device on another VLAN is to send it outside the VLAN through a router – even if the receiving device is on a port on the same switch but on another VLAN.

Figure 1. Examples, Industrial VLAN Components

Benefits of Industrial VLANs

Isolation – VLANs isolate network traffic to accommodate differences in operational needs.

Simplicity – As networks grow, they can turn into difficult to manage monsters. By segmenting networks, VLANs make them easy to understand, change, and troubleshoot.

Speed and Performance – VLANs reduce delays, also called latency, by reducing the size of the collision domain. Broadcast traffic is reduced, since it doesn’t go past its own VLAN.

Scalability – A VLAN may be as small as a single port on one switch, or span any size organization.

Flexibility – Additions and changes are simple. Moving a user to a different VLAN is just a matter of reconfiguring the port. And different operating systems can coexist on a single network, as long as each is on its own VLAN.

Cost – Subdividing networks using VLANs saves money over buying separate physical networks.

Security – Securing data is a great reason for using VLANs. Also, as priorities change, they can be adapted to the situation. For example, an IT department’s security protocols may differ from the manufacturing department, where reliability is often more important than security. While they don’t guarantee security, data from one VLAN can’t accidentally leak to another, regardless of shared cables, networks, routers or switches.

Special Applications – VLANs may be required wherever bandwidth or operational concerns create conflicts with other areas.

Port Or Tag VLAN?

Port based VLANs are suitable for smaller settings. As the name implies, ports are assigned to VLANs, and all users on a single port are members of the same VLAN. This allows the separation of office computers from industrial electronic devices.

IEEE 802.1Q Tag VLANs are so called because a “tag” or header is added to data packets to identify which VLAN they belong to. The 802.1Q standard specifies how VLANs manage data flow across multiple switches.

Figure 2. IEEE 802.1Q Tag VLAN Header

VLAN Trunking – When more than one switch is involved, one port on each switch (a trunk port) communicates VLAN information to the other switches involved. The links between switches (trunk links) not only communicate where each link of a VLAN is located, they also transmit the actual data between switches, which is then delivered to the appropriate port and
device.

Trunking, when used regarding VLANs, refers to the combined connections and software that make switches and VLANs interconnect smoothly. GARP VLAN Registration Protocol (GVRP) is the standards based system used by many manufacturers. VLAN Trunking Protocol (VTP) is a proprietary system used when only Cisco switches are involved. Both accomplish the same thing.

Applications

User types, departments or operations may all be reasons to segment the network into VLANs. For example, a factory automation network has greatly differing needs from the building automation, office, IT or human resource network. Even within the industrial side of things, there may be no need for the operator interface, vision, motion or other systems to be on the same VLAN.

Here are some other advantages of segregation:

  • A VLAN can isolate office and other network traffic from the factory automation network, eliminating the chance that outside traffic can flood and interfere with time critical control communications.
  • Inventory control with Radio Frequency Identification (RFI) creates huge data streams. A VLAN limits this data to where it is needed. Video surveillance and other systems may also use lots of bandwidth and require a separate VLAN.
  • Security is often the top priority for the IT department, while reliability is for manufacturing. Since these concerns may conflict, it just makes sense to be on separate VLANs.
  • Functional differences may warrant separate VLANs, such as network management and monitoring.
  • Groups of users in three separate buildings can all be part of the same VLAN, and at the same time, be completely isolated from all unnecessary traffic. Taken further, VLANs can be securely scaled beyond a single location, over a Wide Area Network (WAN) link if necessary.

Figure 3. Extended VLAN, Connected Over WAN

Network Topology, Configuration and Hardware: Industrial VLAN Best Practices

Industrial VLANs use a wide variety of configurations and equipment. Part of the attraction of Ethernet VLANs is that legacy devices, wiring and topology can be used as part of a full system of VLANs.

Managed switches make it possible to create and manage VLANs, and the right industrial switch can save a lot of trouble. An industrial managed switch should have the right number and kind of ports, strength, dependability and ultra fast recovery for the real needs of the industrial settings*. The need for reliable ruggedness typically exceeds that of commercial installations. Data flow rates can be controlled to avoid problems. The fastest ports available on each switch should be used for network trunk links, as these carry the most traffic.

Switch and router placement makes a difference. Inefficiencies may arise if they aren’t located the shortest physical distance to the maximum number of nodes on the VLAN. Longer paths increase the likelihood of failures and
complicate problem diagnosis.

Unshielded twisted pair (UTP) cable is the most commonly used wiring. At many plants is this is already in place, often making a VLAN possible without running new cable. Fiber optic cable carries more data over greater distances, and is useful for network trunk links.

Management Software for industrial VLANs should be graphic oriented. In non-industrial settings it’s presumed that everyone dealing with the network went to IT school. But industrial automation is very visual, and plant personnel are often the first responders to VLAN issues. They’re much more used to dealing with colors and check boxes than a command line interface.

Packet Filtering – Tag VLAN headers may cause trouble on industrial networks. It’s OK to leave the tag data on packets going to tag-aware devices. But if all devices aren’t tag-aware, the switch must strip tags from packets before they go out to the VLAN. This is very important in dealing with the legacy equipment found in many industrial settings.

Redundancy is a key to reliable operation. Though industrial equipment typically withstands far more abuse than commercial, the nature of many industrial networks makes back-up systems necessary. A degree of redundancy is often the best way to ensure network stability. And in some situations full redundancy is both needed and available.

*Equipment capability - The best equipment is “tuned” to the needs of the specific industrial situation. An outstanding example of how to do this is B&B Electronics’ robust line of Elinx 500/600 Managed Industrial Switches.

Figure 4. Elinx Industrial Fully Managed Switches, with alarm outputs, dual power inputs, IP30 cases, DIN or panel mounts and gigabit options.

These switches are industrial hardened and have a graphic interface. Often it takes two switches to get the right combination of copper and fiber. This doesn’t need to happen. B&B Electronics’ Vlinx 500/600 switches feature virtually every fiber optic combination available. Additionally, Vlinx 600 series switches are equipped with Gigabit ports.

Home | Products | Partners | Tech Support | Tech Library | Press Room | About | Contact | Site Map | Privacy Policy
Questions or Comments? Copyright © 2012 B&B Electronics Mfg
We Are ISO 9001:2008 Certified. Read More