Many manufacturing facilities are executing asset digitization projects to incorporate Industrial Internet of Things (IIoT) connectivity between devices. In many instances, plant-wide and machine-to-machine communication using an Ethernet-based protocol is the norm.
Machines are utilizing Ethernet for internal communication between components as well. With more and more manufacturers depending on internet- connected machinery, the plant engineer now needs to follow the policies of the IT department in addition to usual operational technology (OT) requirements. Using an IP router can resolve network conflicts between the IT department and OT, allowing machines to be more easily integrated into an IIoT environment.
Modern machines are comprised of various complex subsystems that communicate via the Internet Protocol (IP)—the backbone of the Internet. The machine builder pre-defines each subsystem IP address and the range of addresses devoted to each machine. This addressing convention may conflict with the customer’s addressing policies, which increases the installation time and introduces unnecessary complications. An IP router can quickly and effectively integrate these machines to the customer’s existing IP infrastructure, benefiting both customer and machine builder alike.
The various IP components of the machine are assigned IP addresses and the application controlling these various subsystems is programmed to communicate to these subsystem devices using their IP addresses. A machine builder then ships this tested machine to his customer, but the IP addresses used at the customer’s site are probably different than what was tested at the machine builder’s factory. Changing the IP addresses on the machine and modifying the control program to communicate with revised IP addresses to comply with the customer’s IP address requirements adds significant time to the commissioning process and hinders the ability to bring the machine on-line quickly.
The use of an IP router allows the machine’s IP addresses to remain unchanged. The IP router consists of two networks, one internal network called LAN and one external network called WAN. The machine is connected to the internal network and the external network is connected to the plant which can be easily changed to comply with the plant’s IP requirements. The various machine subsystems are presented as one device to the plant network but can be easily accessed individually by using various features of the IP router like port forwarding, port range forwarding and NAT (network address translation).
For example, consider a machine builder tasked with the installation and network configuration of automated guided vehicles (AGVs). The project requires a method that simplifies the Ethernet network within the AGV system and allows technicians to have dependable external access to the devices without IP address conflicts.
In this case, the AGV system consists of a programmable logic controller (PLC), a human machine interface (HMI), and a barcode reader that form an internal network with a built-in 4-port switch connected to the LAN side of a ContemporaryControls EIGR IP router. Using the port forwarding feature of the IP router, the different IP ports from the external WAN IP address are mapped to different internal LAN devices in the AGV. This setup is then easily uploaded to multiple routers for use in different AGVs allowing for the same configuration across all the devices. The time is takes to test the AGV while it is being built at the factory is reduced, and installation at the site is simplified by requiring just the WAN IP address to be configured either via static IP or DHCP. No other IP settings for the devices or the applications need to be modified at the install site.
Using this set-up, there is direct access to the PLC through the IP router, allowing the customer to easily monitor and program the PLC. The HMI and the bar code reader can also be accessed through the router. The multicast traffic is kept within the AGV network and doesn’t impact the customer’s IT network. The IP router’s built-in firewall prevents direct unauthorized access to the LAN side devices from the WAN side, making the AGV system a secure and effective addition to the IIoT facility.