For you networking geniuses: NAT with multiple machines

agarb

Member
A
Join Date
May 2006
Location
USA
Posts
309
This is for you networking geniuses out there.

We are building a series of identical machines. We are providing a managed switch for each machine and plan to use NAT to translate some private ip addresses to public. On the public side, each machine will be connected to an existing layer 3 switch provided by the customer. There will also be a computer running Wonderware historian and intouch with TopServer Ethernet driver communicating with each machine's PLC.

Network layout attached.

Yesterday I was reading A/B technote and found this statement regarding NAT limitations, “FactoryTalk® View Site Edition (SE) client/server communication may not operate correctly across a NAT boundary because it relies on protocols such as OPC and Domain Name System (DNS). Because of that, it is not recommended to have a distributed HMI network application with NAT between servers and clients. However, an HMI server on the outside network can access controller data from inside a NAT boundary and
service clients in the outside network.”

There was another limitation, "Microsoft® Distributed Component Object Model (DCOM), which is used in Open PlatformCommunication (OPC)"

I really don’t understand this and wonder if I’m going to have issues with my Wonderware and TopServer system? (TopServer is re-badged Kepware provided by my Wonderware distributor.)
 
Short Answer - It will probably be fine, Since your topserver will be on the computer running wonderware, OPC and DCOM won't be an issue there.
 
The bigger issue comes from trying to put a remote OPC server behind a NAT, the configuration gets more complicated.
 
So, We're talking OPC-DA here(OPC-UA will work fine across NAT).

DCOM does not like NAT because the IP is part of the packet exchange. With NAT, this gets more complicated to make work because you're doing address translation.(Microsoft won't support it for example https://support.microsoft.com/en-us...er-network-address-translation-based-firewall So if your Wonderware install was outside the NAT area, and your dcom server(topserver) was Inside the NAT, it is a real pita to make work.
Often it is easier to use a tunneler to sort that out. https://www.matrikonopc.com/products/opc-data-management/opc-tunneller.aspx for example.
 
I think I understand.

I believe you are saying that if the wonderware and topserver are on the same PC then it shouldn't be an issue.

The more I learn, the more ignorant I feel.
 
mk42 said:
Slightly off topic, but I believe FTP is another common protocol with this limitation.
Click to expand...

The other part of the problem is in a normal FTP session the server establishes the data connection to the client which is a problem from outside of NAT. With a passive (PSSV) FTP connection the client connects both the control and data sockets and there is no problem.

tl;dr use passive ftp mode from inside NAT.
 
you shouldn't use IP address 192.168.1.1 on a /24 subnet for a device that is not the gateway. By convention either the first or last IP address on a network is the gateway. There is nothing technically wrong with it the way it is though.
 
V0N_hydro said:
you shouldn't use IP address 192.168.1.1 on a /24 subnet for a device that is not the gateway. By convention either the first or last IP address on a network is the gateway. There is nothing technically wrong with it the way it is though.
Click to expand...

I will raise you and argue that one should not use 192.168.1.1/24 basically ever. Far too much consumer kit uses that range out of the box.
 
V0N_hydro said:
you shouldn't use IP address 192.168.1.1 on a /24 subnet for a device that is not the gateway. By convention either the first or last IP address on a network is the gateway. There is nothing technically wrong with it the way it is though.
Click to expand...

OK, I learned something else and will avoid it going fwd.
 

Similar Topics

Russ
Networking issues, and am curious about Produce/Consume versus MSG: (Allen Bradley PLCs)
I have a client who periodically experiences network communication issues. Sometimes when I VPN into the site, their SCADA systems will flash comm...
Replies
2
Views
158
Ken Roach
Ken Roach
M
IP networking and static IP address
guys: I have a problem with my IP configuration. my organization networking has 2 subnets. 10.0.0.25 and 10.1.0.25 both under 255.255.255.0 all...
Replies
2
Views
560
harryting
H
M
PLC Networking IP setting and subnetting
I have a question about IP addressing and Networking. I have a PLC with following IP address 10.1.0.120 this is an static PLC PLC is working like...
2
Replies
15
Views
1,934
widelto
widelto
H
feedback on Industrial Networking Solutions?
I swear I post this yesterday but can't find it. Don't see any notification about the post removal either. Maybe my memory is malfunctioning...
Replies
3
Views
2,536
jgreenewv
J
ceilingwalker
Networking multiple PLC's and an RC advice
Hello all. I have a system with 4 different machines, each has their own PLC. I also have a RC in this subnet also. I created a server PLC that...
Replies
0
Views
457
ceilingwalker
ceilingwalker
Back
Top Bottom