Network storm on LAN

orense

Member
O
Join Date
Apr 2006
Location
Norway
Posts
196
Hi,

I have a network where several Siemens CPUs and switches are connected, and technically there is a loop in the network, meaning that I have a ring, without the ring being managed by any FRNT function activated (to manage the ring). However, I tried to put in a one-way Ethernet device, manufacture by Phoenix Contact. Schematics attached. This device should allow for my UDP data to flow in one direction only.

Shouldn't this physically avoid any network storm, if this is inserted in a part of the ring? If data can only go in one direction, a network storm will not occur, or am I wrong on this?

One-way ethernet.png
 
What in gods name is that ??
Newer heard about a one-way Ethernet device. Do you have a link to the Phoenix device ?

If there is a ring, you can still have packets travelling around even if it is only one way around.

And I am pretty certain that Profinet is exchanging data in both directions, even if functionally 'data is being sent one way only'.

What is the idea of all this ? Why create a ring with having devices that are setup to handle the ring ?
 
Thanks for the reply,

The thought is to send UDP data broadcasted only in one direction. And it is on Industrial Ethernet, not Profinet.
This has been working fine, until we introduced another network of another system into the old network. When components in the new network got connected, there seem to be loops present. The only thing which would prevent the loops 100% closed, would be these adapters which has one installed in both parts of the loop, so the data should not be able to access the component which closes the loop. However it does not seem like it is working.

And I was wrong about Phoenix, it is actually an in-house product manufacture by one of our sister companies.

Attached is a schematic of the network. There is a switch in the LCC cabinet which connected those UDP connections. Also, the one-way adapters I mentioned are those that are inside the red rectangle

Network.png
 
JesperMP said:
What in gods name is that ??
Newer heard about a one-way Ethernet device. Do you have a link to the Phoenix device ?
Click to expand...

I can't seem to find the specific device, but such things are called data diodes. usually used to support one-way data between separate networks, not on the same network.

JesperMP said:
And I am pretty certain that Profinet is exchanging data in both directions, even if functionally 'data is being sent one way only'.
Click to expand...

Agreed. This would break most protocols, not just Profinet.
 
JesperMP said:
What in gods name is that ??
Newer heard about a one-way Ethernet device. Do you have a link to the Phoenix device ?
Click to expand...
I have heard about (but never used these) in the context of network security -- it allows (for example) data to be transmitted from a secure network to an insecure one without providing any possible access in the other direction.

As JordanCClark states, this is commonly known as a data diode, and OP's scenario is in no way its intended use.
 
orense said:
The thought is to send UDP data broadcasted only in one direction. And it is on Industrial Ethernet, not Profinet.
Click to expand...
I see that for UDP you dont actually need data going back to the sender.

orense said:
This has been working fine, until we introduced another network of another system into the old network. When components in the new network got connected, there seem to be loops present. The only thing which would prevent the loops 100% closed, would be these adapters which has one installed in both parts of the loop, so the data should not be able to access the component which closes the loop. However it does not seem like it is working.
Click to expand...
The diagram cannot be correct.
I would investigate and establish a 100% correct topology diagram.

Are you sure that the loop is not something else, like a duplicate IP ?
 
I know that my suggestion is not according to your strategy, but it could be simple solution. As you already have network, you can add Modbus TCP/IP functionality, and make use of same registers in PLCs. After that you need one Modbus Broadcast message to send data to all devices, by using address 0, and slaves will not respond.
 
For the record, a network ring is only a ring when it is managed; otherwise it's a loop.


From your diagram, is the "One Way Ethernet Device" effectively just a wierdly wired Ethernet cable? I'm pretty sure it doesn't work like that; if they devices are set to autonegotiate then they will figure out that they need to run at half duplex and they'll take turns sending data over the single pair and data will go both ways. If they are both configured for 100mb full duplex, then MAYBE the scheme would work?


Either way, if the above is true, it is totally abusing Ethernet, and you shouldn't be surprised if weird stuff results.
 
The majority or network switch made these days include spanning tree protocol, STP or RSTP (rapid), which prevent network broadcast storms, so you really should look at your switches specs to check that.
 
plvlce said:
I have heard about (but never used these) in the context of network security -- it allows (for example) data to be transmitted from a secure network to an insecure one without providing any possible access in the other direction.

As JordanCClark states, this is commonly known as a data diode, and OP's scenario is in no way its intended use.
Click to expand...

Yes. Firewall rules. in my home network i have a secure network, a home automation network, guest net. The secure network can reach into and communicate with things in the home automation network as long as secure devices start it. THe home automation network cannot talk to anything in the secure network first, only respond. Guest net can look into nothing.
 
As other said, do it right and get managed switch. Just about all managed switch have STP turn on by default and will prevent a loop.
 

Similar Topics

H
Network storm between 2 switches
At one of the sites, the local techs swapped out two older network switches to two new switches made by N-Tron (524TX-A). After the update they...
Replies
6
Views
2,364
rdrast
rdrast
mad4x4
Scalance Ring NEtwork
We are having an issue with some servers, with "Teamed NICs" is we plug one cable leg of the team into one switch and the other to another...
Replies
0
Views
49
mad4x4
mad4x4
Rsflipflop256
Setting up a modbus network on a DL262 Directlogic PLC with Siemens LMV 3 Burner controllers as slaves, eight of them, with OCI 412.10 Interface
Good morning fellow sea captains and wizards, I am being asked to do the above and obtain 4 values from each slave, I know about the MRX and MWX...
2
Replies
27
Views
561
Rsflipflop256
Rsflipflop256
P
RSLinx Classic Network Dropout
Hi, I am working on a project, where I face a issue with respected to Network Dropout. The PLC is connected to a 16 port unmanaged switch, where...
Replies
7
Views
179
TheWaterboy
TheWaterboy
C
Adding PanelView Plus 7 to the network
Hi Everyone, Currently we have three plants running with Controllogix PLCs (L72, L73, L74). In each of these plants we have 2 FTView SE...
Replies
0
Views
52
celso3093
C
Back
Top Bottom