Professional Documents
Culture Documents
Ethernet Basics
More than 30 years ago - in the beginning of the 1970s - Bob Metcalfe from Xerox Palo Alto
Research Center (PARC) developed a mechanism of interconnecting a powerful Xerox
printer and several Computers via one communication media. For the new network he uses
techniques of simultaneous listening and mutual speaking on one channel as common in
radio communication. This principle called CSMA/CD (Carrier Sense Multiple
Access/Collision Detection), is the basic principle of Ethernet until this day. The name
Ethernet also results from the derivation out of the radio technology: In 19th century many
scientists believed that electromagnetic waves need a medium for propagation and this
medium was called "Ether". The first Ethernet Systems were able to connect more than 100
stations with an up to 1000 meter long cable and realize a data transfer rate of 3 MBit/sec.
Based on that research, the DIX group which was a consortium of companies DEC, Intel and
Xerox started in the late seventies with the improvement of the Ethernet for a data rate of 10
Mbit/sec. Within further development steps meanwhile date rates of 1000 MBit/sec for the
Gigabit Ethernet and 10.000 MBit/sec for the 10 Gigabit Ethernet are reached. In this
networks not only coaxial cables, but also twisted pair wire, fibre optic cables as well as
wireless transmission are used. Even faster Ethernet networks with transmission rates up to
100 Gigabit/sec or more are already planned. The IEEE (Institute of Electrical and
Electronics Engineers) based in New York has taken the responsibility of standardization and
coordination for the Ethernet technology family which makes it possible to release, based on
the working results of the DIX group the first Ethernet Standard IEEE 802.3 in 1983. Since
then, the Ethernet standard was consistently extended by the IEEE. The corresponding
standards are subject to a continuous development and enhancement by supplements.
Within the given table the most important Ethernet and wireless standards are listed. For the
latest Information, also on other IEEE standards please refer to www.ieee.org.
Nowadays, Ethernet is used in the most local networks in the office area (Local Area
Networks, LAN) and is also the backbone of the Internet. Beside this original application
area, in the last years Ethernet expands more and more in the area of industrial automation,
where primarily the problem of fast and deterministic communication had to be solved.
Figure 3: Ethernet-standards
Ethernet Technology
In the following an overview about the technical basics of Ethernet will be presented. Based
on the OSI (Open System Interconnection) reference model for communication Systems,
Ethernet technology and common Services and protocols used at Ethernet as well as their
classification within the layer structure of the OSI reference model will be introduced.
The OSI Reference Model schematically describes and standardizes the communication
between systems (devices, computers) in an open network architecture. Functions,
necessary for communication are subdivided into seven function layers. By this abstraction,
the complex communication process is simplified and subdivided into smaller logical units.
An important advantage of the realization of the communication in single layers is also the
possibility to exchange the technical implementation of a layer independently of other layers.
For instance, it is possible to exchange the transmission medium without any trouble. The
functionality remains without any changes in the other layers.
Layer 1 to 4, the so called lower layers, are network oriented. Layer 5 to 7 are application
oriented and are called upper layers. Each respective lower layer provides its services to the
layer above via well-defined interfaces.
Layer 1, the Physical Layer represents an insecure transfer across the physical medium,
where the data are transmitted bit by bit. The specification includes also the layout of pins,
voltages, and cable. Layer 2, the Datalink Layer describes an error detecting transmission of
the bits bundled in blocks between two directly connected devices. Also, the access right to
the transmission medium is handled here. Layer 3 provides the paths between sender and
receiver through one or several nets and is called Network Layer. Layer 4, the Transport
Layer is responsible for an error-free and sequence compatible transmission of data between
the end devices and is an abstraction of the underlying network technology and topology.
Layer 5, the Session Layer establishes and breaks down connections between devices and
observes them. Thus, this layer is not necessary for non-connected communication. In layer
6, the Presentation Layer data to be transmitted are converted in a common format (transfer
syntax) and changed at the receiver side into the syntax needed there. Layer 7 provides
Services for the participants in the network, e.g. the transmission of files or the access to a
Computer center. These Services or protocols are often interfaces to general services and
represent the Application Layer.
Before user data (Application Process) can be sent over the Ethernet medium, it has to be
passed down through the protocol stack from upper to lower layers eventually to be
embedded in frames of the particular lower layer (encapsulation). After a data packet is sent
over the lowest layer (physical medium), the data it contains passes upwards through all the
higher layers at the receiver device until it reaches the Application Layer and again, the
Application Process. The whole process requires a logical interaction within each layer to
complete the network connection, see Figure "Data Exchange in the OSI Reference Model".
The protocols of the Ethernet protocol suite are encapsulated into another. This means that
the entire protocol of one layer is placed into the data field of the protocol in the layer below.
Ethernet is a logical bus. All data packets will be received by all participants. But only those
will be processed where the destination address is equal to its own address or those which
are addressed to all or several at the same time (broad or multicasting). Regarding standard
IEEE 802.3, the bit by bit transmitted Ethernet frame has the depicted format.
Each data package will be transmitted bit-by-bit on the physical media. The bit stream is
started by a special preamble used to synchronize the sender with all receivers. The
preamble is succeeded by the destination address, the source address, and the type field.
This type field is used to distinguish between higher layer protocols. Following to this header
the user data are transmitted and the bit stream is finalized by the check sum field and an
inter message gap of "silence" on the physical media.
The addresses of sender and receiver, integrated in the bit stream of the message, are given
by the so-called MAC address which is specified in Layer 2.
Since each device designed for Ethernet could be installed in the same network with every
other device also from different manufacturers, the MAC address (also named MAC ID) has
to be unique world-wide. A48 bit value is used for that, usually given in a hexadecimal
spelling, e.g. 00-C0-3D-AA-09-23. It is divided into a manufacturer identification number (the
first three bytes) and a consecutive adapter serial number (the remaining last three bytes).
Also, within this layer the access to the physical transmission medium (Medium Access
Control, MAC) is specified with the access mechanism CSMA/CD (Carrier Sense Multiple
Access/ Collision Detection). Basically, each device connected to the network can use the
network for data transmission at any time - provided that the network is not in use. The latter
is checked before sending (CS, Carrier Sense). But it is also possible that several stations
detect a free network at the same time and start to send data (MA, Multiple Access) or
caused by run times of the signals, the transmission of a station will be detected by another
station willing to send after starting its own transmission (CD, Collision Detection). All
sending stations then break down their transmission and start a further attempt after a time
provided with a random factor. This procedure can repeat while the value of the generated
waiting period increases with every directly successive collision. So the effect occurs that an
already longer waiting device has a lower likelihood of access to the transmission medium
than devices which tried later to start a transmission.
Layer 3 implements Internet Protocol (IP) to manage routing of datagrams from one network
to another. Currently, IP Version 4 (IPv4) with an address range of 32 bit is used. These 4
bytes mark the network (Net ID) as well as the end device (Host ID).
Based on the 4 byte description of IP addresses, a class A network has a fixed first address
byte for the Net ID and 3 bytes for the Host ID, a class B network has fixed the two first
address bytes for the Net ID and 2 bytes for the Host ID, and a class C network has fixed the
three first address bytes for the Net ID and 1 byte for the Host ID.
Figure 7: IPv4-protocol structure
Some address spaces as addresses as well are reserved for special purposes. For example
the highest address in a net is reserved as the destination address indicating broadcast
messages. For example, in the class C network with the net ID 131.32.140 the IP address
131.32.140.255 is used for broadcast. For multicast messages the address space from
224.0.0.0 up to 239.255.255.255 is reserved (see also chapter 1.4).
With the ARP (Address Resolution Protocol) table the IP software resolves the Ethernet
address of a device out of the IP address. Each device manages its own dynamic ARP table.
If there is not yet an entry for a dedicated address, a Broadcast message is sent to the
network (ARP request). This message is directed to the Ethernet-Address FF-FF-FF-FF-FF-
FF. Messages to this address are read by all stations. The appropriate device recognizes its
own IP address and sends an ARP reply message which contains the searched Ethernet
address. Now the inquiring device can complete the ARP table and give the data together
with the Ethernet address of the destination device to the Ethernet protocol.
The ICMP (Internet Control Message Protocol) provides network control functionalities and is
used to transmit state, control and error information between single nodes of a network. For
that purpose an own packet format is used, which is embedded in the data part of an IP
package. ICMP messages make it possible to analyze sources of error, although the IP
transmission by nature is connectionless and therefore provides no guaranties for a
successful transmission. A well-known example for a ICMP functionality is the Packet
Internet Gopher (ping), which is realized by using the packages ICMP Echo Request and
ICMP Echo Reply.
IGMP (Internet Group Management Protocol) provides a message exchange service used
by networks nodes to exchange management information for multicast receiver groups. This
enables all devices of a physical network to know to which multicast group a special device
belongs to. Therefore Special IGMP query and report messages are exchanged by network
nodes enabling the nodes with routing functionality to detect and observe the nodes
belonging to a multicast group. Using the so-called IGMP snooping, network nodes can deal
with the information contained in IGMP messages to handle its own multicast message
routing lists by simply passive listening to IGMP query and report messages. This technology
is often used within industrial switch and router devices.
IPv6 is the new Internet protocol in Version 6 (1998) and replaces the so far used IPv4. IPv6
noticeable increases the address-range to 128 Bit. This comparatively means that on every
square millimeter of the earth-surface it is possible to address more than 665*1015 objects.
For this reason the possible number of addresses will be sufficient at a very long sight (in
contrast to IPv4). Furthermore the datagram-header was modified. It was simplified and
designed for modularity and flexibility by usage of optional extension headers. The possibility
of priority assignment was introduced too. A new flow label enables the mapping of packets
on data streams to increase the efficiency of packet processing. Thus routers can fast
process packages within a connection, without analyzing the complete header. A
considerable effort reduction of the router also results from the fact, that it has no longer to
take care of the fragmentation of packages. Similar to the IPSec-extensions of IPv4 new
security mechanisms were introduced in IPv6. In essence this means that the content of a
package can be encrypted against reading along and that an authentication of receiver,
sender and package content is possible on OSI layer 3.
The classification of networks was also changed. Beside a differentiation of validity ranges in
global addresses (corresponds to public addresses in IPv4), site-local addresses (IPv4:
private), link-local addresses and node-local addresses, within IPv6 the following types of
addresses are defined: Multicast, Anycast and Unicast. Unicast-addresses identify one
Single interface. They are designed for a routing-algorithm which decisions are based on the
longest possible matching of a given address. The structure of the address is only important
for the assignment, but not for the routing. Anycast addresses are a special subset of Unicast
addresses. They are used to send data to multiple interfaces, but only the interface which is
located closest to the sender will receive the package. A Multicast address can also
represent more than one interface, but in this case all interfaces will receive all data.
Broadcast addresses as provided by IPv4 are no longer available, hence all protocols which
use Broadcast so far are now implemented via Multicast.
The Neighbour Discovery Protocol (NDP) is newly introduced with IPv6 and replaces several
protocols of IPv4 (ARP, ICMP Router Discovery, ICMP Redirect). It realizes among other
things the following functions:
In principle, IPv6 provides the possibility for a stateless auto-configuration or (as already in
IPv4) the auto-configuration via DHCP.
Within this layer TCP and UDP protocol are implemented. TCP (Transmission Control
Protocol) is a connection based protocol designed for ping-pong style error-free transport of
data with large packet size.
1. As first step the device initiating the TCP connection (sometimes named client) will send a
SYN message to the intended communication partner (sometimes names Server) indicating
the intention to establish a TCP connection and naming the port number of the server the
client will be connected to and the initial sequence number (INS) of the communication.
2. The server will respond to this first message by an own SYN message containing its own
ISN
3. Additionally the server will send an acknowledgement message containing the ISN of the
client incremented by one.
4. The client will then acknowledge on the SYN message of the server by its own message
containing the ISN of the server incremented by one.
After this three-way handshake process both, server and client, will exchange messages in a
controlled way with message and acknowledgement to each message to verify the stability of
the opened TCP connection. The termination of the connection is also made by three-way
handshake sending and acknowledging finalize (FIN) messages.
The ports integrated in the messages serve as interfaces to applications. Special ports for
several applications (e.g. Port 23 for telnet) are reserved, if not then the ports to be used are
coordinated during establishing of the connection. The combination of an IP address of a
device and the port number of an application running on this device is called a Socket. Thus,
a socket represents a world-wide unique terminal end point of a communication.
Also UDP (User Datagram Protocol) realizes Layer 4 corresponding to the OSI reference
model, but in comparison with TCP, UDP is a one way protocol. This means that the sender
does not receive any feedback about the correctness and loss of transmitted data.
Transmission via UDP is faster and the protocol size is smaller than TCP, but errors will not
be fixed. An error control must be provided by the application which is addressed via ports
like in TCP. UDP is used if it is more important to receive the current data of a process for
instance, than every single packet in their completeness. Thus, UDP is especially suitable for
fast and cyclic data transfer.
The simple use of a common data transfer medium does not automatically mean that all the
connected devices are able to communicate among each other. Often, this is compared with
telephony: It is possible to phone all over the world, to establish a connection is no problem,
but to understand each other the communicating partners have to speak a common
language. Applied to the OSI reference model, that means that an uniform and open
communication up to the application layer is needed.
In the office world a wide range of application protocols, known as IT standards, are
available, e.g. FTP, HTTP, etc. On the other hand, in the field of industrial communication
which will be penetrated more and more by Ethernet technology, different protocols and
specifications incompatible to each other are in use. Ethernet based solutions for automation
will be provided by e.g. the ODVA with EtherNet/IP, the Modbus-IDA Group with
Modbus/TCP & RTPS, and the PNO (Profibus Nutzer/User Organisation) with PROFINET et
al. ).
The different protocols named within this sub-chapter are integrated within different layers of
the OSI reference model. This is depicted in figure 12.
The following table presents an overview about several important protocols which are used
within Ethernet based technology and often referenced within publications.
During the nineties of the last Century, together with PC technology Ethernet technology (as
well as the TCP/IP protocol suite) has entered the office area. Leading companies of the IT
branch like Microsoft, Apple, Epson, Siemens, and others have used the new established
IEEE 802.3 standard to develop an unique and vendor independent communication path
between PC systems and its peripheral devices as, for example, printers, scanners, digital
cameras, or fax devices. Despite of new emerging technologies like USB and Bluetooth,
Ethernet and TCP/IP based communication has been established as de-facto standard within
office communication systems. Within the commercial area as well as the private consumer
area Ethernet based communication is accepted all-embracingly.
Today, Ethernet based communication becomes increasingly important on the factory floor.
Manufacturers, vendors, and end users of automation devices are aiming at the application
of economical and technical benefits of Ethernet based communication systems as the
higher data rate compared to the conventional fieldbus systems or the reduced costs of
network cards resulting from economy of scale effects.
But the simple application of Ethernet based office communication on factory floor is
impossible. Here, the application of Ethernet based communication Systems is more than
just plugging some plugs within the matching outlet and switching on the devices. The main
reason for that circumstance are the different requirements on devices and active and
passive components within an Office and a factory communication System.
Figure 14: Dirt and humidity - only the main visible problems of industrial communication
Systems
The amount, the temporal conditions of occurrence, and the complexity of data which has to
be exchanged using the communication system,
The timing properties the communication system has to guarantee with respect to
determinism and communication speed,
The stability, safety, and security the communication system has to guarantee, and finally
The necessary resistance of the communication systems against environmental influences
like mechanical, thermal, or electro-magnetically impacts.
Within all the mentioned areas industrial communication systems have to fulfil higher re-
quirements than office communication Systems. Moreover to these requirements the new
Ethernet based communication systems have to be more user-friendly within the areas of
design, implementation, application, and maintenance. This is depicted in the adjacent
graphic.
Figure 15: Additional requirements to Ethernet based industrial communication systems
The mentioned 5 aspects of higher requirements will now be analyzed in more detail.
Within the office area communication systems usually will connect individual PCs with each
other, PCs with server systems, PCs with network printers, PCs with network Scanners, PCs
with other network connected peripheral devices, and PCs with the Internet. An example of
such a communication system is depicted in the following graphic.
The communication based interaction among two communication partners within such an
office network is mainly based on the client-server paradigm. The initiator of the interaction
acts as client by requesting a special service within the Server to get Special data (for
example in the case of a download activity from a data Server), to start a special activity
within the Server based on transmitted data (for example printing out a document), or to
generate a special state within the server (for example to store data within a data base by a
data base access). The affected data will mainly be transmitted using the usual Internet
protocols like FTP, HTTP, SNMP, DHCP, and others or, alternatively, by using a dedicated
socket connection between two running applications on the client and the server side
knowing in advance the content of the transmitted data. The data size of the transmitted data
usually ranges from a couple of kilobyte up to some hundreds of megabyte.
At the factory floor the devices integrated within a communication system are more different.
Additionally to the PC based devices which can be usually found within an office network
also special devices for factory control like Programmable Logical Controllers (PLC), CNC
control systems, sensors as for example rotary encoders and pressure encoders, actuators
as for example drives and robot control systems, field-l/O systems as fieldbus couplers, or
human-machine-interfaces as panel PCs are integrated to mention only a few of the wide
ranging set of possibilities. Additionally the network can be connected to the Internet to
enable a web based access to control devices for maintenance reasons.
Also the set of used Ethernet based communication protocols is larger than in the office field.
As indicated in the chapter before the set of Internet protocols like FTP, HTTP, SNMP,
DHCP, and others is enlarged by automation related protocols like EtherNet/IP, Modbus
TCP, Ethernet Powerlink, SERCOS III, EtherCat, and ProfiNet. These communication
protocols are dedicated to fulfil the special requirements of the individual interactions of
automation devices. Hence, they enable a departure from the client-server paradigm to
enable the data transmission between more than two communication partners as it is the
case within the publish-subscribe and the producer-consumer paradigm. The size of the data
transmitted between devices ranges from a couple of bytes as usually in the case of a
communication between PLC and field-l/O up to some hundred megabytes for the case of a
communication between a CNC control System and its programming device.
It can be seen from the general description of the communication partners within the office
and the factory networks that the timing constraints of the communication systems at both
fields differ significantly. The duration of communication interactions and the necessary level
of synchronicity is much higher at the factory floor than in the office. Within the office it is not
relevant whether a pdf file is transmitted within 2 or 4 seconds from the PC to a printer or
whether the display of a web page takes 1 or 5 seconds. Also a variation of the
communication speed is only of limited relevance. In any case the necessary activities can
be made properly and no dangerous or fault situation will occur.
In contrast to that, at the factory floor it is of major importance how fast sensor signals will
reach a controller and how fast the resulting control commands will be transmitted to the
actuators. Here, a throughput time from application to application of a few milliseconds or
even a few microseconds can be necessary to avoid dangerous situations which will occur if,
for example, a linear motion system will move over its final position or a too high tension of a
paper web will not be recognized within a printing machine.
Additionally, the communication system has to ensure that the jitter of data transmission
durations is small. To provide that characteristics, an Ethernet based communication System
for the factory floor has to be as fast and deterministic as possible and, especially, faster and
by some magnitudes more deterministic than in the office world.
Another important difference between Ethernet based office communication systems and
Ethernet based communication systems at factory floor are the different requirements on
system stability. Faults within an office network may result in destroyed data files and
sometimes destroyed network connections. Such faults are a nuisance for the employees
within the effected office since this will require time for the recovery of the data files and and
reinstallation or a restart of communication links and active network components. But within a
factory network a communication system fault will result in much stronger problems and may
generate hazardous situations for employees and machinery as well as the environment. A
smaller problem that will result from a communication system fault is a breakdown of the
production system for a certain amount of time. The main problems are the possible
damages of machinery, transportation systems, and work pieces which will result from a
delay or a loss of safety critical information. Here, costs of some million Euro are possible.
Figure 17: Example of a factory network
To cope with this problem of stability Ethernet based factory communication systems have to
contain safety mechanism of structural and technological nature. Communication faults
resulting from mechanical, thermal, or electro-magnetically influences have to be avoided or
managed by the use of appropriate wiring technologies and topologies like shielded cable or
a redundant cabling. Communication faults resulting from the technical properties and the
used technologies within Ethernet based communication systems like the application of
CSMA/CD technology for communication media access enforce the consideration of
appropriate combinations of structural conditions and suitable devices like the combination of
Full-Duplex communication and switches as well as the limitation of the communication
system load to 10 percent of the maximum possible system load.
Additionally to the problem of stability also the security problem has to be taken care of by
using an appropriate infrastructure and topology of the communication system. By
connecting Ethernet based communication systems to the Internet all devices are
theoretically accessible from the outside of the factory. Thereby, the floodgates are open for
hackers as well as white-collar criminality. Hence, necessary security technologies and
mechanisms like firewalls and access permissions have to be considered within each
Ethernet based factory communication system. This has to be realized in conformance with
the aims of the factory communication system and, hence, should not influence the real-time
properties of the communication.
The dimension of the safety and security problems will rise with the integration of new
technologies within the Ethernet networks providing new benefits and drawbacks. For
example the wireless Ethernet technology will improve the flexibility of networks with respect
to integrated devices but in addition it can enable a easy access from outside if it is not used
in a secure way. Another example is the fibre optic cabling. This cable type will reduce the
influence of electromagnetic radiation to a minimum but it requires more skills within the
installation phase.
Last but not least user friendliness has to be mentioned. In the case of the final application of
a factory communication system it cannot be assumed that each worker implementing, using,
or maintaining the communication system has a comprehensive knowledge about the
technical foundations and specialties of Ethernet based communication, the TCP/IP protocol,
and the other used higher level protocols from the Internet side or the factory side. For
example the internal details of the address distribution within the DHCP protocol, the
structure of the list identity request within the Ethernet/IP protocol, or the parameterization of
a special firewall will be outside of the assumable knowledge on the factory floor. Therefore,
the design, implementation, and application has to be supported by easily useable tools and
a sufficient user guidance.
Summing up the consideration made the main differences between office communication
and factory floor communication systems can be found within the fields of environmental
influences on the communication system, communication speed and predictability,
transmitted user data, system protection and stability, fault consequences, and user
knowledge. These facts are aggregated in the following figure.
Figure 18: Dirt and humidity - only the main visible problems of industrial communication
Systems
As mentioned within the last chapter Ethernet based communication systems can follow
different structures. This is valid for physical structures of the topology as well as for logical
structures of the communication connections. Here different terms like ring and star topology,
unicast and multicast, or publish-subscribe and producer-consumer principals can be found.
Within the following subchapter the different emerging terms will be described within the
context of an industrial Ethernet based communication.
Physical topologies
Starting with 10BaseT technology twisted two-wire lines named twisted pairs have become a
quasi-standard for wiring of Ethernet based communication systems. Now optical fibres are
coming up partially replacing the twisted pair wiring especially in the backbone. But both
twisted pair and fibre optic wiring technology demand the same physical topology. In both
cases in general one communication link (i.e. one cable) will connect two communication
partners by using one (logical) network card within each partner which is physically
connected to the communication link. This is depicted within the graphic beneath.
Within this basic topology it is not relevant whether the communication partners are control
devices or other end devices or whether they are active components of the communication
System like switches and hubs. The structure of connecting two devices with one linking
cable is the same.
Figure 22: Basic physical topology of an Ethernet communication system since 10BaseT
Based on this basic topology two principal physical network topologies can be defined. The
first one is the line or ring topology. (A ring has to be considered as closed line from the
physical point of view.) For this topology it has to be assumed, that each communication
partner is equipped with at least two network cards. Then, the communication partners will
be connected in a row by connecting the devices one by one. A set of data will be
transmitted within this structure following the line of devices from the sender device to the
receiver device of the message containing the data.
The second basic physical topology is the star topology. It requires additional active
components like switches and hubs. These active components can be considered as a set of
network cards, which are internally connected by a certain logic. Each device will be
connected by a cable with the hub/switch and will communicate using this device as
transmitter. A data set arriving at one of the network cards will be forwarded using one or a
set of the other network cards. Thereby switches are distinguished from hubs by their filter
functionality which is not given in a hub. A hub will forward an incoming message at all
network cards which are different from the receiver network card independent of the
destination of the message. Within a switch the destination of a message will be determined.
Dependent on the destination of the message (a broadcast or multicast message has more
than one destination) only the network cards will be used for forwarding the message having
at least one destination behind.
Naturally, both basic topologies can be combined to reach more complex topologies. Usually
topologies consisting of interlinked stars, interlinked rings, or combinations of both are
applied.
Figure 24: Physical star topology
Within the office world the interlinked star topology based on the ISO/IEC 11801 and EN
50173 standards is the most used topology. At the factory floor the most used topology is a
hierarchically organized interlinking of different rings.
A special version of the combination of both basic topologies is the so called Daisy Chain
topology. This topology receives growing interest in factory automation since it enables the
reduction of wiring efforts by avoiding active components. The Daisy Chain topology is
theoretically a topology consisting of tripod stars interlinked in a chain. But in practice the
necessary active components are integrated within the devices. Thereby a virtual line or ring
topology is generated.
Logical topologies
The logical topology of an Ethernet based communication system is to the greatest possible
extend independent of the physical topology. Mostly, the logical topology is considered as
bus topology. This implies that each communication partner is able to send a message to
each other communication partner but all other partners can observe this communication.
This fundamental fact gets a limitation by the application of switches. Since switches will
forward messages only to a subset of outgoing network cards all communication partners
residing behind the not used cards are excluded from the special communication.
The concept of broadcast, multicast, and unicast messages has been established in order to
distinguish between messages which can be observed by all communication partners and
messages reserved only for some or one communication partner for the application of a
completely switched network.
Broadcast messages are transmitted to each communication partner. They are characterized
by a special IP address at an IP level depending on the network and the subnet mask
definition. A device with the local network IP address 192.168.10.26 and the subnet mask
255.255.255.0 will reach all devices within the IP address range 192.168.10.1 -
192.168.10.254 by sending a message to the multicast IP address 192.168.10.255. At
Ethernet level this multicast address is equal to the MAC address ff:ff:ff:ff:ff:ff. Using
broadcast messages will enable the application of a logical topology.
The use of unicast messages as the opposite will enable the application of a logical topology
where each communication partner is directly and exclusively connected with all other
communication partners. A device with the local network IP address 192.168.10.26 and the
subnet mask 255.255.255.0 will reach the device with the IP address 192.168.10.83 by
sending a message to its address. All other devices will not receive this message since the
switches will route the message only to the receiver. The upcoming logical topology is a
complete graph topology having directed arcs between each possible communication
partner.
Multicast messages are a something like in-between of broadcast and unicast messages. A
Multicast message will be received by a set of receivers belonging to a multicast group. A
multicast group is characterized by its multicast IP address. This address is within the
address range 224.0.0.0 - 239.255.255.255. But some of these addresses are reserved for
special purposes or services. For the routing of the multicast messages within one group all
devices with routing functionality will span a routing tree over the network. To join this tree
and to thereby get all multicast messages of one multicast group a device has to send a
Special IGMP (Internet Group Management Protocol) message into the network. Clearly a
device can belong to zero, one, or more multicast groups. At Ethernet level the mapping of IP
multicast addresses to MAC addresses is not unique. This is due to the smaller address
space available for multicast at Ethernet level. For example the IP address 224.128.64.32
and 224.0.64.32 will both be mapped to the MAC address 01:00:5e:00:40:20. Hence, the IP
level implementations of the devices have to implement a filtering functionality. But anyway,
the application of multicast messages will enable a logical topology based on a wood of trees
within the network.
The Client-Server structure is mainly applied in the case of a data exchange between only
two communication partners. In this case no other communication partner also requires the
exchanged data. Usually the client, i.e. the communication partner requiring data which can
be provided by the other partner (the server), starts the interaction by sending an appropriate
request message to the server. It aims at forcing the server to do a special activity which
contains the processing of transmitted data, the preparation and reply of data, or both. If the
server receives the request message of the client it makes the requested action and sends a
reply message containing the (maybe) requested data. After one request and one response
message interaction is finished. The Client-Server structure is usually implemented by
unicast messages. A prominent, but not the only one, example for this structure is the
MODBUS/TCP protocol.
Figure 26: Message diagram of a Client-Server structure
The Client-Server structure provides an efficient interaction structure for explicit data
exchange between exactly two communication partners like two control devices (maybe
PLCs). In the case of sensor data, which maybe have to be exchanged between a rotary
encoder and a PLC in a cyclic way, this structure is not efficient. Within each cycle this
structure requires a request which is in fact not necessary. If more than one control device
requires the sensor data of the rotary encoder the problem will enlarge. Here each interested
partner has to send a request and will get a response. Thereby, the communication system
load will increase significantly.
To avoid these problems two interaction structures have been designed reducing the request
messages to a minimal number of messages and enabling the application of one response
message to all interested partners. Clearly, these structures are characterized by the move
from unicast to multicast messages applied for the response messages as well as the
aggregation of communication partners requiring the same sets of data within groups. These
interaction structures are the Publish-Subscribe structure and the Producer-Consumer
structure.
Within the Producer-Consumer structure the data sets are also transmitted via multicast
messages. In contrast to the Publish-Subscribe structure, within the Producer-Consumer
structure the groups of communication partners which are interested in the same data sets
are not maintained by a communication partner.
To enable the grouping of communication partners each set of data is labelled by a special
communication identifier. The first consumer of a data set is sending a request to the
producer of data. Together, both, the producer and the first consumer, will negotiate a
multicast address as well as a communication identifier for the messages containing the data
set of interest. The producer will now start to send the data set to the defined multicast
address. If another consumer is interested in the same data set it will request the multicast
address and communication identifier from the producer or another consumer and can then
start to filter out the messages with the data set of interest from the set of transmitted
multicast messages.
As mentioned before, the join and leave process for a multicast and hereby a producer-
consumer-group is managed by IGMP messages. A prominent, but not the only one,
example for this type of producer-consumer structure implementation is the EtherNetIP
protocol.
Both, the Producer-Consumer and Publish-Subscribe structure will reduce the load of an
Ethernet based communication system. But, they also require additional capabilities of the
devices integrated in the communication system with respect to the transmission and
reception of multicast and broadcast messages which is not given in any device.
With the growing networking of production and office networks, network security represents
one of the most important issues when using Ethernet in an industrial environment. Data are
provided corporation-wide, different branches are connected using the Internet as a cheap
wide area network which are connected to a virtual corporate network. Thus, this chapter
gives an introduction into the basic steps of planning network security for Industrial Ethernet.
Nomen est omen - Terms and definitions
The first step to the challenge of network security forms the definition of basic terms to
determine what security means. This is not dedicated to solid definitions, rather it shows
the five basic terms of security criteria that a network should offer:
Integrity: Transmitted data will not be modified on the transmission path, are
complete, and reach the target in the same order as transmitted by the sender. For
example, the data of an FTP file transfer are not exchanged by a third person during
the transmission.
Non-repudiability: It can be verified at any time who has initiated a connection and
who has transmitted which data at which point in time. In practice, this means e.g.
that the data of log files are explicit and fraud resistant. This is especially useful for
remote maintenance scenarios where manufacturers access their components in an
existing facility, e.g. for updating the software. In case of the failure of the facility
caused by this maintenance activities the manufacturer can be held responsible,
based on the fraud resistant log files.
Availability: The network and connected devices can send and process data at any
time within a given time frame. Availability forms a very intractable point regarding
network security of automation systems. As a result of the restricted resources of
embedded devices the access to these devices can be prevented by overloading the
network (denial of service).
Based on these criteria the so called protection goals one can define against which the
network has to be protected:
Protection against unauthorised information gain (loss of confidentiality)
Protection against unauthorised modification of Information (loss of integrity)
Protection against unauthorised interference of functionality (loss of availability)
Industrial communication systems must be able to satisfy very strict demands, since a
misdemeanor of a communication system can lead to a malfunction of the complete System
and by this to high economical loss in form of production downtimes or even mechanical
collisions and destructions up to personal injuries.
An important requirement that many industrial applications demand is real time capability. At
first it will be clarified what real time capability comprehends and which different real time
capabilities can be classified in general. If a system is able to react under all operating
conditions to all events correctly and within the expected time constraints, then it is real time
capable. Accordingly, if a communication system meets all time requirements for data
exchange of the components of a certain application, it is - related to this application - real
time capable. Determinism is a word that is very closely linked to real time capability.
Determinism describes the exact predictability of a system's time behavior. If it is possible to
exactly predict the temporal behaviour of a system in all of its states, then the system is
strictly deterministic.
On principle real time demands can be distinguished into two categories. The first category
merely requires a maximum time (deadline) until an action has to be executed and
completed. This is the requirement for timeliness. The second one requires a certain
specified time or time grid at which an action or coordinated actions has/have to be
completed - in the latter case it is also a fault, when the action is completed earlier, this is the
requirement for synchronisation. The deviation that can be tolerated is called jitter. Formally -
and by this more in general, time-constraints can be presented by the use of time/utility
functions.
Time/utility functions express the utility of executing and completing a certain action as a
function of the point of time when the action is executed and completed. The utility values
express the relative importance of an action.
According to Douglas Jensen's Time/Utility Function Model of real time the first category
timeliness implies that the utility of completing an action is fully given (value 1) from time zero
until the deadline. The other category synchronisation implies, that the utility of executing an
action is only given within a small window of time around an allocated execution time
(deadline). The time window is determined by the acceptable jitter of the deadline.
For performing the first category (the requirement for timeliness) standard Ethernet can be
an appropriate protocol for a broad range of applications. Regarding the second category,
the requirement of synchronisation can generally not be guaranteed with standard Ethernet.
This is due to the fact that a not acceptable jitter in the transmission duration can be caused
by non-predictable delays in packet buffer queues.
From Fieldbus Systems to Ethernet-based Real Time Communication
In distributed automation a precise coordination of different actuators' motion-sequences is
realized by time based synchronization mechanisms. In former times this communication
between actuators, sensors and controls was fulfilled by specialized fieldbus systems. With
these, the execution of actions is completely bound to the arrival of data at the executing
device; this means, the time pattern of communication strictly determines the time pattern of
execution. That is the reason why the time pattern of communication was realized in an
absolutely deterministic, that means predictable, manner.
Against the background of Ethernet's vertical integration - even on lowest field level -
principally there exist two possibilities to react: firstly, it is possible to make the temporal
behaviour of Ethernet TCP/IP based systems exactly predictable - otherwise it is not possible
to couple the "concept of time" of the overall system to the characteristics of the bus system
(as known from conventional fieldbus systems). Secondly, it could be necessary to design
totally new solutions to organize the precise temporal cooperation of cycles in control
processes.
For the realization of variant one for some Ethernet based control concepts, existing
synchronization concepts of the fieldbus area, e.g. the time slot mechanism of Powerlink,
PROFInet IRT or SERCOS-III, were transferred. At EtherCAT an addressing and data
exchange between all participants of the network is performed via a shift register which is
running directly through all participating devices. This approach, to transfer mechanisms and
concepts for synchronous fieldbus communication to Ethernet normally results in one of the
following facts:
Ethernet TCP/IP is not or only very limitedly used according to the original Ethernet
Standard
Only Ethernet as such (as layer 2 protocol) as fast transmission medium is used.
Another possibility to enhance the temporal precision and synchrony of Ethernet based
control devices - under simultaneous perpetuation of Ethernet's Standard conformity - offers
the synchronization of de-centralized clocks. This enables the accomplishment of
synchronous, distributed control without a synchronous organization of the respective
communication; that means a de-coupling of the time pattern of an application's execution
from the time pattern of its communication. This circumstance is depicted in the following
figure by means of a time/utility diagram.
Figure 38: De-Coupling of Communication and Execution
The variations in delay at event driven data communication which are typical for Ethernet
TCP/IP technology, are thus tolerable even for the solutions of synchronous, highly precise
control jobs. This has to be seen as new in automation technology since conventional real
time behavior bases on absolute determinism all over the complete chain of data processing
including communication. A corresponding kind of synchronization algorithms, which can
provide a synchronization precision far smaller than one microsecond, was developed by the
IEEE 1588 working group.
The further structure of this chapter is subdivided in considerations for the (standard
conform) fulfillment of industrial timeliness requirements and furthermore in considerations
for the (not inherent) fulfillment of industrial synchronization requirements, whereas
especially the IEEE 1588 synchronization algorithm will be addressed. The consideration of
timeliness requirements includes the discussion of main steps in the development of
Ethernet on its way from classical Ethernet of the office world to an industrial approved
communication system.
Network Aspects
Ethernet was originally based on CSMA/CD (Carrier Sense Multiple Access / Collision
Detection). An end device wishing to send data checks the transmission medium. If the
network is not being used by another device, it starts to transmit. As illustrated in the figure
below it is possible that several end devices detect the network to be free and simultaneously
start sending data.
This collision will be detected by the devices, and all of them will stop transmitting.
Switching
Modern networks based on Ethernet are mostly built using only switching (star distributor)
technology. In contrast to CSMA/CD there is no shared medium, in which end devices must
compete for access. Instead each end device is assigned a full duplex connection to the
switch. As a result there is no contention for access to the transmission medium and each
node of the network can send data independent from the activities of other nodes.
It is impossible for collisions to occur. Incoming data can be immediately switched to its
destination. For example, device A can send data to B, while C simultaneously sends data to
D, and D concurrently sends data to A.
Complications arise, if device A sends data to B and at the same time C also sends data to
B. In this Situation the data will be buffered by the switch and transmitted in sequence. This
is how queues develop, incurring delays. If in a real-life situation the amount of data to be
transmitted is clearly defined and the number of end devices is known, subject to the
transmission speed of the network, the maximum delay can be determined. Admittedly the
jitter between minimum and maximum delay time is often not negligible.
Prioritization according to IEEE 802.1p/Q
An important enhancement that Ethernet offered a couple of years is a layer-2-prioritisation
mechanism, standardized by the 802.1p/Q working group. An additional field, known as tag,
is added to the Ethernet frame. The tag contains Information about the priority of the data.
Switches used within an automation network should support this function. But not all
products do support the full range of priority levels and do only distinguish between 2 or 4
priority levels. Each transmission port of a switch that supports IEEE802.1p/Q has a separate
queue for each supported priority level. Data packets of a higher priority queue are always
transmitted before those in a lower priority queue.
With each stepup in the transmission speed, the transmission time for a single packet is
reduced by factor ten. On a 10 Mbit/s network it takes about 1.2 ms to transmit the maximum
Ethernet frame size of 1522 bytes. Using Fast Ethernet this time is only about 120 s, with
Gigabit Ethernet only 12 s and with 10 Gigabit Ethernet only 1.2 s.
The terminal devices that require real time behaviour should be linked over as few switches
as possible. Inevitably, the more switches between two terminal devices, the higher the
"worst case" throughput and queue time. With backbones or other instances where there are
no factors limiting real time performance, the individual segments are commonly connected
in a ring structure.
In addition, the interface between a real time segment and the rest of the network must be
precisely controlled. Since the data traffic from the general network can adopt any load
profile, it must be monitored and restricted when entering a real time segment. To prevent
the real time segment from being overloaded, the amount of data traffic entering this
segment must be limited. An effective way to achieve this is to configure the inter-segment
link to 10 Mbit/s, while all devices on the real time segment communicate at 100 Mbit/s.
Further segmentation, as well as access control, can be accomplished by the use of routers
and firewalls.
TCP or UDP
TCP (Transmission Control Protocol), a layer 4 protocol of the Ethernet TCP,UDP/IP protocol
suite, is a connection based protocol. It establishes a virtual connection at the beginning of
the communication process, and closes down the connection when the communication
process has finished. As a result loss of data can be detected and the lost data can be
automatically retransmitted. TCP also ensures that the transmitted data remains in the
correct sequence.
In contrast to this, UDP (User Datagram Protocol) is connection-less. The data packets sent
are absolutely independent of each other. For real time applications UDP is normally used as
the layer 4 protocol, since re-transmission and real-time capability are contradictory
demands. UDP is easier to tolerate in industrial automation as it would lead in case of a
single transmission failure with a complete loss of data to a refresh with current data with the
next transmission. On the opposite, TCP would repeat the transmission with the outdated
data until it was successful.
In most cases data transmission bottlenecks are not caused by the network infrastructure,
but by the protocol stacks, which are generally a component of the applied real time
operating system. Investigations of typical real-time operating systems showed that stacks,
as used today, have relatively high throughput times.
Meanwhile there are operating system and network stack providers who have improved their
products concerning network time behaviour.
If protocol stacks are realized in hardware, the network protocol software is completely
removed from the CPU. It is handled in a separate chip, which is located between the CPU
and Ethernet chips. In this way the throughput of layer 3 and 4 is clearly improved compared
with any software implementation, and becomes absolutely independent from all other
operations.
From the network perspective, further improvement will be achieved if terminal devices
communicate using Gigabit Ethernet. Even if today the price of Gigabit Ethernet confines its
use to backbones or possibly large server systems, the progress in semiconductor
technology will dramatically reduce the costs within the next few years. This shows clearly,
how automation benefits automatically today and in future from the international further
development of Ethernet as an open communication standard. In addition, features as
prioritization, (data) rate limiting, and rate shaping (smoothing of the load profile), will find
wider acceptance and spreading.
In the architecture presented on the left side both the exchange of non-time critical data and
the real time data exchange are carried out over the standard TCP/UDP/IP stack. The
architecture in the middle and the right hand architecture realize a bypassing of the
TCP/UDP/IP stack for the real time data exchange. Whereas the realization of the real time
data exchange can be distinguished between soft- and hardware implementations.
The time until user data can be really processed in the application or physically converted,
also depends additionally on the respective organizational structure (e.g. the object model) of
the single automation protocol. Further influencing factors that depend on the respective
automation protocol are e.g. the used physical and logical network topology, the multicast
and broadcast ability - as a possibility to send the same datagram at the same time to
several receivers - or the kind of data exchange: message oriented or summation frame
method as well as the underlying hierarchical system.
As already mentioned previously, by using distributed real time clocks a decoupling of the
execution time grid of the application and the communication time grid can be achieved.
Because of the apparent importance of the IEEE 1588 standard it will be considered in the
following more extensively. This importance of the IEEE 1588 comes due to its simplicity and
scalability, the achievable accuracy as well as the specific development for automation tasks
and - the standard typical - free availability. Synchronization protocols from the IT world as
NTP rsp. SNTP cannot fulfil the special requirements of automation. Many providers of
control systems also with different target groups already implement the technology specified
in this standard into their systems and products. Products, even if based on proprietary
implementations, do already exist as e.g. JetSync from Jetter Company. Powerlink (from
EPSG) and EtherCAT (from ETG) will be extended with IEEE 1588, too. ODVA has
integrated the protocol into EtherNet/ IP under the names CIP Sync and CIP Motion. With
implementations conform to the standard, also systems of different manufacturers can be
synchronized among each other without problems.
The standard IEEE1588 specifies a protocol for a precise clock synchronization for
networked measurement and control systems. This open protocol is shortly named PTP
(Precision Time Protocol), it suits very well for the implementation in Ethernet TCP/IP and
enables the realization of highly precise synchronization tasks up to the sub microsecond
range and provides at the same time the demanded vertical transparency by the standard
use of Ethernet TCP/UDP/ IP Stacks. The achievable accuracy mainly depends on the kind
of implementation. Typical requirements of automation as high precision, least administration
efforts, and optimization for stable components in a secure environment in connection with a
minimal use of resources (processor, network) are fulfilled.