Control Network Newsletter

Newsletter Archives

IP Routers Ease IT and OT Convergence

Plant engineers have long utilized operational technology (OT) networks to manage factory automation, based on proprietary technologies. With the advent of industrial Ethernet replacing fieldbus protocols on the plant floor, OT and information technology (IT) can now share a common network, creating valuable opportunities to combine resources and collaborate on goals for overall organizational success. Value is locked in OT production data and the desire to make this data available to management over the IT network is strong. However, network convergence also sets the stage for interactions - some might say showdowns - between IT and OT network personnel. How do you integrate the IP addresses of the OT network to conform to the IP address assignment policy of your IT department? The simple addition of a Skorpion EIPR/EIGR-E IP Router could be a quick and inexpensive solution.

For example, changing the IP addresses on individual components within a machining center just to comply with an IT department IP addressing scheme seems absurd but it can be avoided entirely if there was a means of translating IP addresses between those required addresses and those already assigned. There are two approaches that can be taken - network address translation (NAT) and port forwarding. Both can be handled by an EIPR/EIGR-E. The EIPR/EIGR-E IP Router has one WAN side port, and 4 LAN side ports making it convenient in connecting LAN side devices.

Using Network Address Translation (NAT)

In our example, we have the three machining cells using the same private subnet For each cell, we add a Skorpion router and provide it the LAN side address and then sequentially address the other devices within the machining cell giving us a total of 15 IP addresses that need translation. If the IT department can afford to give us 15 IP addresses in the required range, NAT can be used. The WAN port, which connects to the IT network, can be configured to map 15 WAN side addresses to 15 LAN side addresses used by the equipment as shown below. In this example the IT department gave us a base address of to begin our mapping. A simple one-to-one mapping does the trick.

EIPR-E IP Router

Port Forwarding

If the IT department is stingy in assigning us IP addresses, port forwarding can be used instead requiring only a single IP address assignment - the IP router's WAN side address. This time the mapping table translates ports to LAN side IP addresses and ports. For example, if it is necessary to reach the web page (port 80) on device an entry is made to translate an arbitrary 8081 on the WAN side to port 80 on the LAN side. If it is also necessary to reach the web page on a second device on the LAN side an 8082 port can be assigned. If only one of the devices - a PLC - required access to the protocol FTP (port 21) then an entry could be made to simple translate port 21 on the WAN side to the PLC IP address and port 21.

EIPR-E IP Router

Static versus Dynamic IP Addressing

One wrinkle the IT department can provide is the requirement for dynamic assignment of IP addresses instead of static addresses. Although the EIPR/EIGR-E provides DHCP client capability which means it will request an IP assignment from the IT department's router, dynamic assignments can complicate the situation. If NAT is used, it is important that the IP department does not include in its DHCP range those IP addresses that are used for translation. If port forwarding is used, dynamic addressing is not recommended because once the WAN address is changed through some reboot of the system, you could lose the WAN side assignment critical to port forwarding. The EIPR/EIGR-E saves time and reduces the potential for errors when reconfiguring the IP addresses in machines just to comply with IT department IP address assignment policy. Both routers are very easy to configure and install and provide a simple solution at a cost-effective price point.

View the white paper (PDF) For more information on the advantage of an IP router.


Previous Story Next Story