Examen Redes Industriales

7/27/2019 Examen Redes Industriales

1/63

1

Introduccin a Ethernet IndustrialIntroduccin a Ethernet Industrial

Algunos conceptos

Prof. Ing. Diego M. RomeroOctubre 2005


2/632

Introduccin a Ethernet Industrial 2

ContenidoContenidoRequerimientos de las redes Ethernet para

aplicaciones industriales

Switches Ethernet para aplicaciones de piso deplanta

Conectividad inalmbrica en mbitos industriales

Conversores Serie a Ethernet

Conversores de medio fsico

Referencias


3/63


4/634


Velocidad

de Respuesta

Volumen deVolumen de

InformacinInformacin

SensoresSensores //ActuadoresActuadores de Campode Campo

Autmatas,Consolas, VariadoresAutmatas,Consolas, Variadores

Autmatas Frontales,Autmatas Frontales,Supervisin ,Supervisin ,

Operacin y ControlOperacin y Control

Sistemas deSistemas deGestionGestion yy

Adminis tracinAdmin istracin

NIVEL 0

NIVEL 1

NIVEL 2

NIVEL 3

BusBusASiASi

Modbus + / FIPWAYModbus + / FIPWAY

Modbus /Modbus / UnitelwayUnitelway

Ethernet TCP/IPEthernet TCP/IP

Redes IndustrialesRedes Industriales -- Niveles de comunicacinNiveles de comunicacin


5/635


Confiabilidad, velocidad y seguridad deConfiabilidad, velocidad y seguridad deoperacinoperacin

Acceso determinstico al medio.

Mayor confiabilidad para las aplicaciones industriales,que la ofrecida por los productos habitualmente usadosen aplicaciones para oficina u hogar.

Ambientes industriales con condiciones desfavorables:Temperaturas extremas.

Operacin con diferentes tensiones de alimentacin, tanto en CCcomo en CA.

Ruido elctrico y transitorios.

Atmsferas agresivas y condiciones de uso extremas.

Recuperacin rpida ante fallas y seguridad, que ayudea una operacin continua (24 x 7) y segura en elambiente industrial.

Uso de fibra ptica.

As Ethernet moves from the office to the factory floor, it is important to keep in mind thatthe purpose of commercially available network equipment, such as an Ethernet switch, isfor connecting PCs, printer servers, and other devices that are designed to work in the

comfort of offices and climate-controlled corporate machine rooms. This means that if youpurchase Ethernet equipment that was originally designed for office applications, but thenuse the equipment in your demanding industrial environment, you run the risk of causingtremendous damage to your industrial system. Because each industrial device, such as aPLC, is networked, the device plays a very important role when it comes to the operationof the entire industrial system. This is unlike the average office application, in which thefailure of Ethernet equipment might merely mean that a few PCs cannot send e-mailmessages for a couple of minutes.

But in the industrial application, when an industrial device loses its connection to thenetwork, the result could be a huge financial loss.

When choosing Ethernet equipment to fulfill the requirements of industrial applications,and to ensure that your entire industrial system keeps running smoothly, you should keepthe following points in mind.


6/636


Conectividad y facilidad de usoConectividad y facilidad de uso

Fcil Instalacin y Mantenimiento: Montaje en racks, riel DIN y gabinetes industriales.

Reportes dinmicos de estado que informen sobre elfuncionamiento de equipos y dispositivos, que eviten fallas delsistema y prdidas de informacin.

Funciones de administracin incorporadas para facilitar elmanejo de las redes Ethernet industriales.

Administracin simple e integrada con sistemas existentes.

Equipos existentes sin conectividad a Ethernet.

Necesidad de asegurar los datos. Protocolos de Capa de Aplicacin.


7/637


Acceso determinsticoAcceso determinstico

Ethernet es, por su diseo original:No determinstica.

Topologa bus (fsica y/o lgica).

Half duplex.

El dispositivo de menor velocidad determina la detodo el bus.

Los dispositivos conectados al bus ven lascolisiones de toda la red.

As specified originally, Ethernet was half-duplex and existed on a bus topology, whichmeant that some type of collision detection and avoidancemechanism (the technicalterm for this is CSMA/CD, or Carrier Sense Multiple Access with Collision Detection)

needed to be built into the specification, resulting in a non-deterministicdatatransmission interface. It was certainly a far cry from the simpler and more familiar RS-232 interface, and is one reason that Ethernet was eschewed by the industrial controlcommunity in favor of any number of proprietary interfaces. Todays Ethernet, however, isfull duplex, exists on a star topology, and although CSMA/CD is still there, the increaseduse of 100 Mbps / 1 Gbps transmission and high-speed Ethernet switches to isolatedevices into separate collision domains has resulted in a more deterministic type ofEthernet.

Another factor that has discouraged the use of Ethernet in industrial settings is thatEthernet devices were originally developed with PCs in mind. That is, the devices were

expected to work well in the same type of environments that PCs are used, such as in thehome, in the office, or better yet in the climate controlled corporate machine room. Thismeans that as a rule, commercialEthernet equipment is not reliable enough to work inmore demanding industrial settings.


8/638


Acceso determinsticoAcceso determinsticoQu es CSMA/CD?Qu es CSMA/CD?

CSMA/CD - Acceso Mltiple por

Deteccin de Portadora con Deteccinde Colisiones, Carrier Sense MultipleAccess with Collision Detection.

Es un mtodo de control de acceso almedio fsico (red) no determinstico.

Un dispositivo que quiere transmitir unmensaje escucha la red para detectarsi algn otro equipo est transmitiendo:

Si la red est limpia, el dispositivoinicia la transmisin.

El dispositivo escucha su propiomensaje para saber si ocurri unacolisin.

Si no se detecta una colisin, serealiza el proceso. Si se detecta lacolisin, entonces el dispositivoespera un tiempo aleatorio yreintenta.

Colisin

1 2

Ethernet is a shared media, so there are rules for sending packets of data to

avoid conflicts and protect data integrity. Nodes determine when the network isavailable for sending packets. It is possible that two nodes at different locationsattempt to send data at the same time. When both PCs are transferring a packetto the network at the same time, a collision will result.

Minimizing collisions is a crucial element in the design and operation of networks.Increased collisions are often the result of too many users on the network, whichresults in a lot of contention for network bandwidth. This can slow theperformance of the network from the user's point of view. Segmenting thenetwork, where a network is divided into different pieces joined together logicallywith a bridge or switch, is one way of reducing an overcrowded network.


9/639


ComunicacinComunicacin Half DuplexHalf Duplex

Half Duplex: La informacin puede transmitirse enambos sentidos, pero no simultneamente.

Una transmisin half duplexusa el mismo canal (fsico olgico) para la comunicacin.

Un walkie-talkie es un dispositivo half duplex ya quepuede hablar solamente una persona a la vez.

Origen Destino

Pregunta

Respuesta

Modbus Protocol Modbus protocol dictates that a sending station must get an

answer back from the destination station before the sending station can send asecond message to the same destination station. This is a half duplex likecommunication scheme.


10/6310


Comunicacin FullComunicacin Full DuplexDuplex

Full Duplex: la informacin puede transmitirse en ambossentidos, simultneamente.

Una transmisin full duplex utiliza diferentes canales(fsicos o lgicos) para la comunicacin.

El telfono es un ejemplo de dispositivo full duplex.

Origen Destino

Pregunta

Respuesta

Full duplex operation on a two-wire line requires the ability to separate a receive

signal from the reflection of the transmitted signal.Full duplex requires additional hardware at both the sending andreceiving end.


11/6311


Acceso determinsticoAcceso determinsticoSwitch EthernetSwitch Ethernet

La tecnologa de Switch supera esaslimitaciones:Crea dinmicamente redes entre sus puertos, de

acuerdo con una tabla interna.

Se crean dominios de colisiones, aislados entre si

Cada puerto opera a la mxima velocidad posible,aprovechando el ancho de banda disponible.

Cada dispositivo opera en modo Half DupleX o Full

Duplex, sin afectar a los dems. Logra un alto grado de determinismo en el enlace.

There are means available for working around the determinism problem introduced byCSMA/CD. The first is in the manner that data is transmitted between network devices.Ethernet was originally specified as half-duplex, which meant that a network device could

not simultaneously send and receive data. Modern Ethernet, however, is full-duplex,which allows an Ethernet card to begin sending data while still in the process of receivingdata (or the other way around). This situation is often characterized by saying that a full-duplex 10 Mbps Ethernet operates at an effective rate of 20 Mbps, since the transmissionspeed is 10 Mbps each way.

Another way to reduce the chance of data frame collisions is to minimize the number ofdevices that are connected to the same network. It should be obvious why this has adesirable effect. Fewer devices transmitting data translates into less of a chance thatmore than one device will attempt to transmit at the same time.

The third remedy to the determinism problem, and the one highlighted in the title of thissection, is to use an Ethernet switch to isolate a small number of devices into what is

called a collision domain.A switch is a specialized junction box that has multiple built-inEthernet ports and its own processor. Data frames received by the switch are initiallyforwarded to each of the switchs ports, but as the switch learns which MAC address isassociated with which port, it forwards data frames only to the port associated with theframes destination address. As an illustration, consider a network with 500 hosts allcontending for use of the same Ethernet. With this number of hosts, there is a goodchance that two of the hosts will begin to transmit simultaneously at least some of thetime. Suppose now that we use an Ethernet switch to isolate 10 of the network devicesinto their own collision domain.The effect this has is to greatly reduce the chance thatmessages originating from one of the 10 computers, or intended for one of the 10computers, will collide. In fact, by putting critical control devices on their own personalcollision domain, the chance of collisions is reduced to essentially zero.


12/6312


Acceso determinsticoAcceso determinstico -- SwitchSwitch EthernetEthernet

Operacin: Identifica la direccin de cada uno de los dispositivosconectados a sus puertos en tablas internas.

Utiliza un buffer para almacenar y reenviar lospaquetes de cada puerto, mediante un bus interno dealta velocidad.

Esa informacin permite establecer redes dinmicasentre cada uno de los puertos.

Trabaja a nivel de la capa 2 (Data Datalink) del

modelo OSI.Utiliza las direcciones de las tarjetas adaptadoras de

red (MAC address).


13/6313


Cundo usar un switch industrial?Cundo usar un switch industrial?

Aislar la red de planta de la red administrativa.Aislar dispositivos individuales (por su velocidad,

por operar en modo half duplex, etc).

Proveer un enlace de alta velocidad entrediferentes dominios de colisiones.

En combinacin con conversores de medio afibra ptica:

Proveer un enlace entre dominios de colisionesalejados entre si.

Brindar alta inmunidad al ruido e interferencias.

One way to think of Ethernet is as the great equalizer. In a very real sense, all devices(this could include PCs, servers, PLCs, sensors, actuators, etc.) that are connected to thesame Ethernet LAN are on an equal footing. This is because there is a carefully controlled

upper limit to the amount of data that can be sent across an Ethernet with eachtransmission, and access to an Ethernet is first come first served. Connecting factorycomputers and devices to a corporate LAN gives engineers ready access to the Internet,and allows the factory and business office to maintain contact via e-mail. It also givesbusiness office and MIS personnel the option to monitor factory floor network activity. Thedownside to all of this interconnectivity is that data transferred between control devices iseasily bogged down by all of the e-mails, MSN activity, and access to various web sites.An Industrial Ethernet Switch can be used to effectively isolate key control devices ontotheir own collision domain. Engineers can still access the devices from outside thecollision domain, but as we pointed out earlier, data transfer within the collision domain ismuch freer.

This type of application is similar to that described above, but in this case, only one deviceis connected to each port of the Ethernet switch, essentially isolating the device onto itsown collision domain. As a concrete example, control engineers could use one multiportEthernet switch to connect a PLC to sensor/actuator pairs. Except for the occasionalreconfiguration or diagnostic message sent from another part of the network, the switchessentially keeps the control activity completely isolated from the rest of the network.

Some Ethernet switches combine 10 Mbps Ethernet ports with higher speed 100 Mbpsports, with the higher speed ports used to cascade from one switch to another. Twoswitches of this type can be combined to provide a higher speed connection betweenseparate collision domains. These intra-switch connections are also full-duplex, so thatthe chance of frame collisions between the two switches is essentially zero.

Some Ethernet switches have both UTP Ethernet ports, which use electrical signals totransmit data, and optical cable ports, which use light pulses to transmit data. Light pulsesare immune to interference from lightning and high voltage manufacturing equipment, andin general can be transmitted over a longer distance. This type of Ethernet switch allowsto connect one part of a factory floor LAN to another, since the fiber optic cable can berun through areas of the factory that are subject to electromagnetic disturbances, or canbe used to go from building to building over distances of several kilometers.


14/6314


Switch

Switch

Switch

Switch

Switch

Switch

Switch

SwitchFiber Ring

Cundo usar un switch industrial?Cundo usar un switch industrial?


15/6315


Prioridad de Mensaje (IEEE 802.1p)Prioridad de Mensaje (IEEE 802.1p)

Permite dar prioridad a los datos

provenientes de determinadodispositivo con respecto a otrosconectados a la red, acelerando latransferencia.

Con esta funcionalidad se impide quelas tramas de alta prioridad se veaninterrumpidas por el trfico de los demenor prioridad.

El switch puede procesar y enviartodos los paquetes de mayor prioridadantes de hacerlo con los de menor

prioridad o alternar entre unos u otros.


16/6316


Prioridad de PuertoPrioridad de Puerto

Permite asignarle una prioridad a cada mensaje, basada en el

puerto de origen, sin tener en cuenta la asignada por los dispositivosconectados a ste.

Permite asignar prioridades a dispositivos que no soportan la normaIEEE 802.1p.

Se requiere configurar el switch para esta funcin: Los paquetes sin informacin de prioridad (VLAN o marca de prioridad)

se transmiten segn la prioridad asignada a cada puerto.

Es posible asignarle una prioridad diferente a cada puerto.


17/6317


Mayor confiabilidadMayor confiabilidad

Alimentacin redundante, en diferentestensiones de CC y CA.

Topologa en anillo para proveer caminosredundantes de resguardo para la conexin.

Diseados para soportar condiciones extremasde vibracin, aceleracin y choque.

Homologados por organismos reconocidosinternacionalmente (IEC, CE, FCC, UL, etc.).

Conectores aptos para condiciones extremas deuso.

The above list only gives the basic requirements for industrial applications. Whenconsidering industrial communications, reliability means more than just a strong casingand good endurance to extreme temperatures, but also involves more fault resilience

functionality. In the office, a 3-minute communication failure could be passed off as aminor inconvenience, whereas in an industrial setting, the same 3 minutes could cause atremendous loss in investment. With this in mind, the following self-recovery functions canprovide the essential functionality needed to keep the network running continuously.


18/6318


Mayor confiabilidadMayor confiabilidad

Componentes electrnicos de grado industrial,para incrementar el MTBF (tiempo medio entrefallas).

Rango de temperatura de operacin ampliado(40C a 75C).

Proteccin contra sobretensiones, hasta 3.000 V

Alimentacin de +10 a +30 VCC.

Gabinetes hermticos, que reducen el efecto de

sustancias nocivas que puedan daar suscomponentes.


19/6319


Recuperacin rpidaRecuperacin rpida

Watch-dog y auto-recuperacin para prevenirinterrupciones aleatorias del servicio.

Reconfiguracin dinmica de las tablas deenrutamiento para asegurar la comunicacin dedispositivos que puedan cambiar de ubicacinfsica, reduciendo el tiempo sin comunicacin.


20/6320


Spanning TreeIEEE 802.1 D

Spanning treeSpanning tree vs. Soluciones Propietariasvs. Soluciones Propietarias

Pueden usarseswitches de varias

marcas distintas. Se aplica si el tiempo de

reconfiguracin no es importante. Hay caminos mltiples entre

dispositivos.

Rapid Spanning Tree

Pueden usarseswitches de varias

marcas distintas. Se aplica si el tiempo de

reconfiguracin es importante perono crtico.

Hay caminos mltiples entredispositivos.

Soluciones Propietarias

Slo pueden usarse switchesde un

nico fabricante. Se aplica si el tiempo de

reconfiguracin es crtico. Hay un camino activo y otro

alternativo en el anillo.

> 30 seg. > 1 seg.

< 0,5 seg.

Spanning Tree

Term for a protocol that is used in ETHERNET networks for path determination. It isspecified as Standard IEEE 802.1 D. The spanning tree algorithm prevents the circulation

of data packets in a LAN with several possible paths by switching-off individualconnections or Ports. In addition it determines the optimum path if there are severalalternatives. If a path fails due to the fault or interruption, an alternative connection issearched for using the spanning tree protocol. The reconfiguration of a network of thistype may take 30 - 90 seconds.Spanning-Tree Protocol (STP) prevents loops from being formed when switches orbridges are interconnected via multiple paths. Spanning-Tree Protocol implements the802.1D IEEE algorithm by exchanging BPDU messages with other switches to detectloops, and then removes the loop by shutting down selected bridge interfaces. Thisalgorithm guarantees that there is one and only one active path between two networkdevices.

Custom Solutions

Term for a Redundancy process based on the construction of ring-shaped networkstructures. In rings of these types, networkcomponents that supports custom solutions are connected to each other over theirbackbone or ring ports. A redundancy manager carries out monitoring of the ring andprevents circulating telegrams.

Redundancy manager

Term for a switch or hub in a custom solution, that monitors the ring and in case of aninterruption in the ring structure, activates the connection that has been switched-off up tothat point. After the interruption has been removed, the redundancy manager againswitches this connection off. The ring is thereby physically switched-off, but from the point

of view of communication, it is interrupted.


21/6321


Reportes dinmicosReportes dinmicos

Envo de mensajes (p.e. usando e-mail) aldetectar condiciones de excepcin, tales comodesconexin de dispositivos o saturacin detrfico.

Seales discretas de salida para sealizarcondiciones de falla en campo.

Since industrial Ethernet devices are often located at the endpoints of a system, suchdevices cannot always know what's happening elsewhere on the network. This meansthat industrial Ethernet equipment that connects these devices must take responsibility for

providing system maintainers with real-time alarm messages. Even when controlengineers are out of the control room for an extended period of time, they can still beinformed of the status of devices almost instantaneously when exceptions occur.

The traditional way of determining device status is to poll devices periodically, but this isnot real-time enough, and is not very efficient as well. Warning messages must beactively triggered by events. In consideration of these requirements, industrial networkequipment must have features such this.


22/6322


Funciones de administracinFunciones de administracin

Verificacin de la integridad de la red por mediodel comando "ping.

Anlisis remoto de datos para determinar elcomportamiento local de la red desde unaubicacin remota.

Configuracin de puertos espejo para unamejor supervisin en lnea de datos.

Asignacin de nmeros IP a los dispositivos

conectados (DHCP server).Reemplazo de dispositivos daados.

Troubleshooting a network that is experiencing problems can be a real nightmare formaintenance personnel. Quick recovery from network problems is particularly importantfor industrial applications, since when communication is interrupted, production lines

could be halted while waiting for the communication problems to be fixed. The firstproblem is how maintenance personnel can quickly and effectively find which networksegment needs to be fixed. Being able to send "ping" commands that originate from keyEthernet equipment gives network maintainers an essential tool for diagnosing suchproblems.

The remote data scope utility allows users to easily monitor specific network behaviorfrom a remote networked PC. This utility operates in a manner similar to a regular DataScope, by allowing users to set a trigger condition, capture port data, and monitor signalstatus with time stamp. The difference, however, is that instead of monitoring equipmentlocated right next to the Data Scope, users can monitor activity from a remote location,thus giving one maintenance person the ability to monitor many different devices

dispersed over a wide area.Setting up IP addresses is one of the biggest headaches faced by maintenance personnelassigned the task of connecting industrial Ethernet-enabled devices to a network. UnlikePCs, most industrial devices are essentially a "black box," and do not come with a directhuman interface. Once the network topology changes or maintenance personnel change,the bothersome process has to be repeated. Making use of Ethernet equipment that canautomatically set up your devices IP addresses can help reduce the effort.

Sometimes a network is just too large, making it difficult to achieve the expectedcommunications behavior. And since Industrial communications applications use more ofa command-response style than the file-transfer style used in office networkenvironments, when first setting up an industrial Ethernet network, control engineers mayneed to use a second port to monitor the actual activity betweentheir devices andcomputer host. This "mirroring port" helps to ensure that the system behaves asexpected.


23/6323


DHCP ServerDHCP Server


24/6324


Switch con Soporte

DHCP Opcin 82

1. Pedido DHCP

Difusin (Broadcast)2. Opcin 82 agrega ID de puerto,

ID de switch e ID de VLAN

Unicast

3. Servidor DHCP con Opcin 82

usa estos parmetros para proveer

la direccin IP

4. Respuesta DHCP, basada

en estos parmetros

5. El switch reenva la respuesta

DHCP al cliente

Opcin 82 DHCPOpcin 82 DHCP DHCP ServerDHCP Server


25/6325


Configuracin FDR / TFTPConfiguracin FDR / TFTP

La configuracin puede almacenarse en un servidorcentral, corriendo los servicios FDR TFTP.

La transferencia de la configuracin se realiza a partir dela definicin del nombre de archivo configurado en elswitch: El nombre de archivo en el servidor FDR lo define el usuario o se

basa en el Role name.

En el switch se deber configurar (Telnet serie/Ethernet WEB)el nombre de archivo a utilizar.


26/6326


Funciones de administracinFunciones de administracin

Soporte SNMP para simplificar el anlisis y laadministracin de la red.

Administracin por medio de OPC Server parauna integracin total con los sistemasHMI/SCADA.

SNMP (Simple Network Management Protocol) is the most popular network analysisprotocol used with today's network technology. In fact, it includes many types of well-defined parameters that are available to help you analyze network problems. For

example, if too many packets are being broadcast over the network, causing networktraffic to build up, it could be due to a device with a bad link, or because of interruptionscaused by someone who connects to your network without permission. SNMP gives youthe ability to obtain this type of information anytime, and from virtually anywhere.

The OPC specification is a non-proprietary technical specification that defines a set ofstandard interfaces based on Microsoft's DCOM technology. The application of the OPCstandard interface makes possible interoperability between automation/controlapplications, field systems/devices, and business/office applications. Traditionally, eachsoftware or application developer was required to write a custominterface, orserver/driver, to exchange data with hardware field devices. OPC eliminates this

requirement by defining a common, highperformance interface that permits this work to be done once, and then easily reused byHMI, SCADA, Control, and custom applications.


27/6327


Fcil instalacin y mantenimientoFcil instalacin y mantenimiento

Montaje en riel DIN, panel o racknormalizado. LEDs indicadores para verificar el

funcionamiento.

Conectores para servicio pesado.

Soluciones OEM.


28/6328


Equipos existentesEquipos existentesBridge Serie a EthernetBridge Serie a Ethernet

RSRS--232/422/485232/422/485

Ethernet


29/6329 2

Bridge SerieBridge Serie EthernetEthernetMemoria CompartidaMemoria Compartida

Se basan en una zona de memoria compartida donde sealmacenan los datos de planta.

El intercambio de datos es realizado por medio de lalectura/escritura de esos valores.

El lado serie se configura para interrogar los dispositivos.


30/6330 2

Bridge SerieBridge Serie EthernetEthernetMemoria CompartidaMemoria Compartida

Ventajas: La respuesta del lado Ethernet es rpida (los datos se leen de la

memoria compartida y no son afectados por el retardo derespuesta de los dispositivos serie).

El tiempo de respuesta no se ve afectado por fallas en losdispositivos serie.

Pueden usarse diferentes protocolos a cada lado del bridge.

Desventajas: No permite utilizar comandos de programacin.

Acceso limitado a los tipos de datos definidos en la memoriacompartida.

Puede dar una idea errnea del desempeo del sistema.


31/6331 2

Bridge SerieBridge Serie EthernetEthernetConversin de ProtocoloConversin de Protocolo

Opera recibiendo una interrogacin de una red y laconvierte a otra compatible con la segunda.

La conversin de las consultas la define el diseador(tipo consulta A = tipo consulta B).


32/6332 2

Bridge SerieBridge Serie EthernetEthernetConversin de ProtocoloConversin de Protocolo

Ventajas: Permite utilizar diferentes protocolos a cada uno de los lados del

bridge.

Desventajas: No permiten el pasaje de comandos de programacin, ya que

son diferentes para cada uno de los protocolos.

Acceso limitado a aquellos tipos de datos comunes a ambasredes.

Acceso limitado a aquellos consultas definidas por el diseadordel bridge.

Menor velocidad de respuesta del lado Ethernet dado que loscomandos deben pasar al lado serie, procesados por losdispositivos y respondidos antes de devolverlos a su origen.


33/6333 2

Bridge SerieBridge Serie EthernetEthernetPass ThroughPass Through

El bridge recibe una comando desde una de las redes yreenva el mismo comando a la otra.

No se requiere realizar conversin alguna ya que elprotocolo de aplicacin es el mismo para ambasredes.


34/6334 2

Bridge SerieBridge Serie EthernetEthernetPass ThroughPass Through

Ventajas: Permite le uso de cualquier cdigo de funcin del protocolo de

aplicacin, incluyendo la programacin y la actualizacin defirmware.

Desventajas: Menor tiempo de respuesta del lado Ethernet ya que los

comandos deben ser pasados al lado serie y respondidos antesde ser devueltos al origen.

Los tiempos de respuesta del lado Ethernet son afectados por lafalla de dispositivos del lado serie.


35/6335 2

Bridge SerieBridge Serie EthernetEthernetConexin Serie VirtualConexin Serie Virtual

El protocolo serie es encapsulado en tramas Ethernet,transmitido al bridge y nuevamente convertido a suformato original en ste.

Existen diferentes modos de funcionamiento: Por sockets TCP UDP, donde el bridge se comporta como un

servidor o un cliente. Puede ser usado para conectar un host(normalmente una PC) con un dispositivo serie o dos bridgesentre si.

Redirector de puerto serie, cuando el bridge es visto desde elhost (normalmente una PC), como un puerto serie virtual.


36/6336


Bridge SerieBridge Serie EthernetEthernetConexin Serie VirtualConexin Serie Virtual

RS-232/422/485

Ethernet


37/6337 2

Conexin Serie VirtualConexin Serie Virtual

Ventajas: Permite la conexin de dispositivos serie entre si aprovechando

la infraestructura Ethernet existente.

Desventajas: Requiere el desarrollo de aplicaciones especficas en el host (por

sockets) o la instalacin de un controlador de dispositivo(redirector).

Soluciones propietarias de cada fabricante.


38/6338


Seguridad de PuertoSeguridad de Puerto

Por esta funcionalidad cada uno de los puertos del switch puede protegerse paraimpedir accesos no autorizados.

Quin puede acceder a cada puerto? Todos Sin restricciones de acceso

Ciertos Usuarios Slo las direcciones fsicas (MAC addresses) configuradas

Qu sucede cuando hay un intento de acceso no autorizado? Sin respuesta No hay respuesta

Trap Se enva un mensaje por medio de un trap (protocolo SNMP)

Deshabilitar Puerto Se enva un mensaje por medio de un trap y se deshabilita elpuerto

La configuracin de seguridad para cada puerto se hace por medio de laadministracin basada en WEB.

LAN


39/6339


Seguridad de PuertoSeguridad de Puerto

Por esta funcionalidad cada uno de los puertos del switch puede protegerse paraimpedir accesos no autorizados.

Quin puede acceder a cada puerto? Todos Sin restricciones de acceso

Ciertos Usuarios Slo las direcciones fsicas (MAC addresses) configuradas

Qu sucede cuando hay un intento de acceso no autorizado? Sin respuesta No hay respuesta

Trap Se enva un mensaje por medio de un trap (protocolo SNMP)

Deshabilitar Puerto Se enva un mensaje por medio de un trap y se deshabilita elpuerto

La configuracin de seguridad para cada puerto se hace por medio de laadministracin basada en WEB.


40/6341


SNMP Versin 3SNMP Versin 3

Prestaciones de Seguridad disponibles enSNMP Versin 3:Contraseas encriptadas.

Claves de encriptacin basadas en algoritmosrobustos, lo que dificulta los ataques de fuerzabruta.

Puede encriptarse la informacin de administracinque viaja en la red.


41/6342


Redes Locales VirtualesRedes Locales VirtualesVLAN (IEEE 802.1Q)VLAN (IEEE 802.1Q)

Permite dividir una nica red local fsica en dos o ms redes lgicas.

Se asla el trfico de cada una de las redes virtuales.

VLAN basada en los puertos del switch.

Los paquetes sin informacin VLAN (tag) son asignados al puertocorrespondiente.

Marcado / Desmarcado (Tagging / Untagging):

Las marcas se usan para permitir que varias VLAN compartan el mismomedio fsico.

Los paquetes son marcados antes de ser enviados y son reconocidos ydireccionadas a la VLAN respectiva segn la marca.

La configuracin es independiente, la misma direccin MAC puedeasignarse a varias VLAN diferentes.

Seguridad, se usa un agente de administracin separado.

VLANs:

VLANs are based on logical (instead of physical) links and are flexible elements in thenetwork design. The biggest advantage of VLANs is the possibility of forming user groupsbased on the participant function and not on their physical location or medium.

Since broad/multicast data packets are transmitted exclusively within a virtual LAN, theremaining data network is unaffected.

The VLAN function is defined in the IEEE 802.1Q standard.

Key words often used in association with VLANs are:

Ingress Rule:

The ingress rules stipulate how incoming data is to be handled by the switch.

Egress Rule:

The egress rules stipulate how outgoing data is to be handled by the switch.VLAN identifier:

The assignment to a VLAN is effected via a VLAN ID. Every VLAN exist-ing in a networkis identified by an ID. This ID must be unique, i.e. every ID may only be assigned once inthe network.

Port VLAN identifier (PVID):

The Administration assigns a VLAN ID for every Puerto. It is known, there-fore, as thePuerto VLAN ID. The switch adds a tag to every data packet received with no tag. Thistag contains a valid VLAN ID. When a data packet is received with a priority tag theswitch adds the Port VLAN ID.


42/6343


VLAN Y

VLAN Y

VLAN Y

VLAN GVLAN G

VLAN G

VLAN B

VLAN G VLAN B

Redes Locales VirtualesRedes Locales VirtualesVLAN (IEEE 802.1Q)VLAN (IEEE 802.1Q)


43/6344


Protocolos de Capa de AplicacinProtocolos de Capa de AplicacinPuertos yPuertos y SocketsSockets

Los protoocolos TCP y UDP multiplexanlasconexiones mltiples a un solo host usando

una direccin IP y diferentes nmeros depuertos.

Puertos: Cada computadora es dividida en65.535 puertos:

Los paquetes que ingresan conocen ladireccin (IP) y el puerto para los cualesestn destinados.

El puerto de destino forma parte del campode los protocolos TCP y UDP.

Los puertos estn numerados y son como unacasilla de correo::

Un correo para una persona especfica sloes llevado a una sola casilla.

SMTP (Simple Mail Transfer Protocol) va al

puerto 50. HTTP va al puerto 80.

Modbus TCP tiene reservado el puerto 502.

Sockets: es la combinacin de una direccinIP y un nmero de puerto; www.xxx.yyy.zzz:nn.

Puertos

80

HTTPHTTP

502

SMTPSMTP

50

Modbus/TCPModbus/TCP

Dispositivo de RedIP = www.xxx.yyy.zzz

A port is analogous to a pigeon hole mail box, where only the mail for any one

person is delivered to a hole. With ports, data of a specific type of service isaddressed to specific ports, for example Telnet data is directed to port 23, SimpleMail Transfer Protocol (SMTP) is directed to port 25, HTTP to port 80 andModbus TCP to port 502. A TCP stream is defined by the source and destinationIP address and port number, this is for connections between hosts. Internal to thehost, this combination of numbers is assigned a unique number called a socketand it is the socket that any applications wishing to communicate with other hoststalk to.

When a stream is first initiated, the initiator determines a free port to use as wellas which port to talk to on the remote host, for example in an FTP session, theinitiator may choose port 1025 to listen on and port 21 to talk to on the remotehost (which is the default port for FTP). The listening port is generally determined

by the operating system - the user applications have no control over this. Whenthe remote host is sending a packet to the initiator, the same port numbers will beused but their positions in the header will change (source / destination).


44/6345


Protocolos de Capa de AplicacinProtocolos de Capa de Aplicacin


45/6346


Protocolos de Capa de AplicacinProtocolos de Capa de Aplicacin

Diferentes buses de campo (fieldbus) utilizan Ethernetcomo medio fsico y para enlace (control de acceso).

Estos protocolos representan la implementacin a nivelde aplicacin (capa 7)

Algunas de stos son: Modbus/TCP

EthWay

OLE for Process Control Data Exchange (OPC DX)

PROFINet

Interface for Distributed Automation (IDA) EtherNet/IP

Foundation Fieldbus HSE


46/6347


Conectividad inalmbricaConectividad inalmbrica


47/6348


El espectro y las velocidadesEl espectro y las velocidades

TAKING IT TO THE STREETS: A GUIDE TO WIDE AREA WIRELESS FOR THE NON-TECHNICAL

BUSINESS PROF ESSIONAL. Intermec Technologies Corp.2002


48/6349


BRYAN CHRISTIE ; IEEE Spectrum March 2004

El espectro y las velocidadesEl espectro y las velocidades


49/6350


Spread SpectrumSpread Spectrum en imgenes en imgenes

BRYAN CHRISTIE ; IEEE Spectrum March 2004


50/6351


Normas IEEE 802.11 ~Normas IEEE 802.11 ~WiWi--FiFi

IEEE:

The Institute of Electrical and Electronics Engineers. Asociacin profesional sin fines de lucro, de alcance mundial,

involucrada en tecnologas relacionadas con la computacin, lastelecomunicaciones, las ingenieras elctrica, electrnica ybiomdica.

Importante organismo normalizador.

Comit de Normas 802: Se forma en Febrero de 1980

Tiene por misin elaborar el cuerpo de normas relativo a la

conectividad en red de computadoras y otros dispositivosdigitales.

El subcomit 802.11 se ocupa de la conectividad inalmbrica,por medio de ondas electromagnticas, acotada a redes locales.


51/6352


Conectividad inalmbricaConectividad inalmbricaNormas IEEE 802.11 ~Normas IEEE 802.11 ~WiWi--FiFi

Hace uso de la tecnologaspread spectrum para las

comunicaciones Se comparte un medio comn,

creando dominios decolisiones

Permite la conexin en red dedispositivos porttiles(notebooks, PDAs, Tablet PCs,telfonos VoIP, etc.)

Facilita la instalacin de nuevasredes en edificios que nocuentan con la infraestructuraadecuada.

Permite el acceso a Internet enlugares pblicos (hotspots enaeropuertos, cyber cafs,restaurantes, bibliotecas,hoteles, universidades, etc.)


52/6353


Y la seguridad?Y la seguridad?

La norma 802.11 define el Wired Equivalent

Privacy(WEP):Encriptacin propia de las normas IEEE 802.11.Basada en algoritmo RC4, con clave simtrica y

esttica (de 40 128 bits).

La clave se ingresa manualmente en ClientesInalmbricos y Access Points.

Debilidades:No asegura la privacidad.

No bloquea el acceso no autorizado a la red de la cual elAccess Pointforma parte.

No impide que un cliente inalmbrico legtimo se conecte aun Access Pointno autorizado (Rouge Access Point).

Se ve comprometida ante la prdida de algn dispositivo conla clave configurada.


53/6354


Mejorando la seguridadMejorando la seguridad

Usar esquemas de seguridad a Nivel de Capa 2 (MACaddress) o de Capa 3 (IP Security).

Implementar Redes Privadas Virtuales (VPN) conRemote Authentication Dial-In User Service (RADIUS): Autenticacin basada por Usuario (ID + Contrasea). Administracin centralizada de credenciales.

Uso de algoritmos de encriptacin con claves dinmicas(por sesin).

Mecanismos de autenticacin mutua de dispositivos(impide que un cliente inalmbrico sea engaado por unAccess Point no autorizado).

Uso de algoritmos de encriptacin a Nivel de Aplicacin(Capa 7).


54/6355


Diferentes funcionesDiferentes funciones

RouterAccess Point

Bridge Inalmbrico

Repetidor

Tarjetas adaptadoras (PCI PCMCIA)

Equipos Built for Wireless (p.e. IntelCentrino )


55/63


56/6357


Algunas aplicacionesAlgunas aplicaciones

Logstica Sistema de despacho de vehculos

Aplicaciones en transporte

Control de inventario y recoleccin de datos enpiso de planta

Servicios hospitalarios y de salud

Puntos de Ventas y de Informacin mviles(POS/POI)

Interfases de operacin (HMI) porttiles

Telefona mvil usando Voice on IP (VoIP)


57/6358


Conversores de medio fsicoConversores de medio fsico


58/6359


Cable de FibraCable de Fibra OpticaOptica

Consiste de tres partes : Ncleo (vidrio o plstico).

Cobertura (Cladding). Vaina de Proteccin.

Ncleo - Provee un canal para elhaz de luz.

Cobertura - Tubo de vidrio querefleja cualquier rayo de luz hacia elncleo.

Vainade Proteccin - Proteje alncleo y a la cobertura.

La fibra ptica es inmune a lainterferencia y permite mayores

extensiones de segmento (2 kmconmultimodo 20 kmconmonomodo).

A menudo usado como backbone.

Fiber optic cable is considered the default choice for connections involving high

speed [large bandwidth requirements like video, large database systems], longdistances and interconnecting networks. It costs more than either twisted pair orcoax, and requires special connectors and jointing methods.

The features of fiber-optic cable systems are theyre expensive, used forbackbones [linking LANs together] or FDDI rings (100 Mbps), high capacity [100Mbps], immune to electromagnetic interference, low loss, difficult to join,connectors are expensive, the cover long distances.

Fiber optic is often used to overcome distance limitations. It can be used to jointwo hubs together, which normally could not be connected due to distancelimitations. In this instance, a UTP to Fiber transceiver [often referred to as a

FOT] is necessary.


59/6360


Tipos de FibrasTipos de Fibras OpticasOpticas

Mono Modo (Single Mode) -tiene un ncleo mucho mspequeo el cual permite queslo un haz de luz se propaguea travs del ncleo.

Multimodo (Momo Mode) -tiene un ncleo mucho msgrande que la fibra MonoModo, permitiendo que cientosde rayos de luz se propaguena travs del ncleo

simultneamente.

The differences among fibers is their core sizes (the light-carrying region

of the fiber). MultiMode cable is made of multiple strands of glass fibersand has a much larger core than Single Mode fiber. MultiMode cableshave a combined diameter in the 50-100 um range. (where um is amicron and one micron is 1/250th the width of a human hair). Each fiberin a MultiMode cable is capable of carrying a different signal independentfrom those on the other fibers in the cable bundle. These larger coresizes generally have greater bandwidth and are easier to couple andinterconnect. It allows hundreds of rays to light to propagate through thefiber simultaneously. MultiMode fiber today is used primarily in premiseapplications, where transmission distances are less than two kilometers.

Single Mode fiber is a single strand of glass that has a much smallercore that allows only one mode of light to propagate through the core.Single Mode fiber has a higher bandwidth than MultiMode and for thisreason it is the ideal transmission medium for many applications. Thestandard Single Mode fiber core is approximately 8-10 um in diameter.Because of its greater information-carrying capacity, Single Mode fiber istypically used for longer distances and higher-bandwidth applications.

While is might appear thatMultiMode fibers have higher informationcarrying capacity, this is not the case. Single Mode fibers retain theintegrity of each light pulse over longer distances which allows moreinformation to be transmitted. This is why MultiMode fibers are used forshorter distances.


60/6361


Cable de FibraCable de Fibra OpticaOptica: Mono y: Mono y MultimodoMultimodo

La fibra Mono modo tiene mejor desempeo, cubre mayoresdistancias y es una tecnologa ms cara que la fibra multimodo.

La fibra Multi modo est limitada a longitudes de uno o doskilometros, dependiendo de la aplicacin.


61/6362


ResumiendoResumiendo


62/6363


ReferenciasReferencias

http://www.ieee.org/ http://standards.ieee.org/wireless/index.html

http://www.aadeca.org/ http://www.iec.ch/ http://www.modbus.org http://www.modbus-ida.org/ http://www.opcfoundation.org/ http://www.fieldbus.org/ http://www.profibus.com/ http://www.ethernet-ip.org/ http://www.iaona.org/ http://ethernet.industrial-networking.com/ http://www.tropsoft.com/strongenc/des.htm http://www.weca.net/ http://www.bitpipe.com http://www.plcopen.org http://www.automation.com http://www.plcs.net http://www.automatas.org/ http://www.ccontrols.com/


63/63


Muchas gracias...!

[email protected]

Examen Redes Industriales

Documents

Transcript of Examen Redes Industriales