Router / connecting to the Enterprise - discussion

harryting

Lifetime Supporting Member
H
Join Date
May 2002
Location
Puget Sound
Posts
2,595
Yup, that whole IOT 4.0 thing. Do you folks use a security gateway or router?

In plants where there are isolated islanded networks that you may want to connect up and also connect to corporate network (via their firewall, of course). What do people here use?

I been studying up on Cisco lately and static routing isn't hard to set up but new Cisco router are not cheap. I see ubiquiti have this "Edge Router" but the reviews are quite mixed. There are also devices marketed as industrial security gateway with fuzzy description on exactly what they do so I'm looking for some real world experience with any of those.
 
I have a Ubiquiti edge router x at home, and it works great, does everything I need. A traditional router could work, but most industrial automation systems are set up with different expectations than traditional networks.


For industrial networks/OT you'll usually need much more NAT than usual IT stuff, because machines often repeat IP addresses, or use overlapping subnets. For just internet connectivity that's no big deal, but when communication needs to be able to reach in, thats where things become important. I'm sure IT type devices CAN do it, but your network probably won't be what the device designers were expecting.



In my view, it typically makes more sense to have a local router (pointing to IT infrastructure) at the machine owned by Controls, instead of connecting up to a router owned by IT SOMEWHERE and hoping for the best.



Industrial security devices often come with 1) expectation of 24V power, which is convenient for cabinets 2) input and output terminals to do things like signal faults and activate external connections 3) easy to use interfaces, with often with useful presets for industrial protocols 4) often pair with a prebuilt VPN solution. I've used the S615 from Siemens often, but there are a ton out there.



There are also gateways with some kind of cloud/iiot functionality built in (MQTT, OPC UA, AWS/Azure/Mindsphere/whatever). Sometimes these also have the traditional security functionality built in, sometimes they are more of a data diode type device. Never needed to set any of these up myself.
 
Appreciate the feedback. You listed out more reasons why there should be a routing device on the industrial side of the fence that's not under IT control. Just wondering if anyone had experience with various brands. The Edge Router is cheap enough that I might just get one to play with.
 
We use some of the edge routers, stratix 5700s as L2 w/ vlanning, and some of the actual cisco routers.

The edge routers are quite powerful, but understand that they kind of sit in the middle of the space. Very much designed for business applications and not industrial environments(tho they do survive there).
 
harryting said:
The Edge Router is cheap enough that I might just get one to play with.
Click to expand...


Go for it, they do a lot. There probably isn't anything missing from a feature perspective as compared to an industrial gateway, except environmental ratings.
 
Just my 2 cents but every vendor does things a little differently. If you want to learn Cisco then I would geta Cisco device.

The basics of routing protocols and networking are not new concepts and they don't change that much so I would buy some old Cisco kit to use in the home lab for learning purposes.

You can find some very powerful hardware that is dirt cheap on ebay. Example below.

https://www.ebay.com/sch/i.html?_from=R40&_trksid=p2380057.m570.l1313&_nkw=cisco+router&_sacat=0
 
I watched 6 Ubiquiti edgerouter video in a row. Seems straight forward. I like the assortment of features like basic firewall, NAT, and the web configuration. It makes sense for what I have in mind which is a central gateway for connecting various islanded network for a plant site to corporate. I don't' plan to put I/O traffic on it, just historical and monitoring data on it.

As for Cisco, I'll keep learning them and I can get hold of bunch of old ones from IT.
 
I think for the most part the conversion to ethernet from other networks has made the integration of the local network easier. Then the use of NAT switch and NAT tables to map those ethernet ips to the plant network is usually the route to go since your not touching your standard OEM machine but providing a bridge between local and plant networks.
 

Similar Topics

D
Connecting to PanelView through a router
Hi All, I'm trying to download to a panelview through a cellular router. It works for the compactlogix using the ethernet devices driver in rslinx...
Replies
5
Views
2,167
noname123
N
P
Connecting WebNavigator Clients through Router
Hello. I have a WinCC WebNavigator Server on PC with IP 192.168.1.149 and 20 WebNavigator clients (administration) in 172.20.2.x subnet. I also...
Replies
0
Views
1,620
Piroman
P
A
Remote vpn router setup
I am trying to use setup a remote vpn router for external OEM connection. The thing I cannot wrap my head around is the gateway. We use the...
Replies
3
Views
275
lfe
L
T
How to connect Mitsubishi Ethernet modules to my router
Hi everybody! I have 2 Mitsubishi Q series PLCs that have built-in IP addresses of 192.168.3.xx and both of them have Ethernet modules...
Replies
9
Views
850
parky
P
T
IT question regarding wireless access to PLC device using a typical wireless router..
I know this can be done, but I can't get the router config right. My goal is to physically connect(using an ethernet cable) a device(PLC, RTU...
Replies
9
Views
1,016
I_Automation
I_Automation
Back
Top Bottom