1 / 57

Advanced Ethernet Principals Using Westermo Equipment Westermo Data Communications UK Ltd

Advanced Ethernet Principals Using Westermo Equipment Westermo Data Communications UK Ltd Presenter: Graham Lee Esq. / Vincento “Coconut” Collis. Schedule for the day: Blahblahblah Blahblahblah Followed by: Cake. The WeOS (Westermo Operating System) concept.

aron
Download Presentation

Advanced Ethernet Principals Using Westermo Equipment Westermo Data Communications UK Ltd

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advanced Ethernet Principals Using Westermo Equipment Westermo Data Communications UK Ltd Presenter: Graham Lee Esq. / Vincento “Coconut” Collis

  2. Schedule for the day: Blahblahblah Blahblahblah Followed by: Cake

  3. The WeOS (Westermo Operating System) concept • WeOS was created in response to market demand • Westermo listened to customer demand’s for L2 Switching and L3 Routing • The management setup had to be easy to use by ICA and PLC engineers • Support for a CLI (Command Line Interface) • The new device had to support; • VLAN’s • Very Fast L2 ring redundancy • Legacy Serial protocol support • VPN’s • Dynamic Routing • Compatible with feature’s found in Enterprise IT equipment • Firewall • But the implementation had to be industrialised, Robust and future Proof!

  4. Interoperability Future Proofed Made Easy Robust

  5. Interoperability Future Products Exsisting Lynx

  6. RedFox Industrial

  7. Robust Industrial Data Communications - Made Easy WeOS based devices Family of Layer 2 Switches & 3 Routers High-Performance Layer 2 Switch IGMP, VLAN, FRNT, QoS, RSTP, DHCP, etc Advanced Layer 3 routing Functions Routing, OSPF, RIP, Firewall, VPN, Link Aggregation, DMZ, VRRP Routing NAT & PAT OSPF Firewall IPsec www.westermo.co.uk

  8. Slot-based construction and port numbering Management port Mix of Ethernet and Fibre ports I/O and fault contact Configurable status LED’s I/O & Fault Contact Status LED’s Management port Slot 1 Management Slots 2 & 3 Additional ports

  9. Red Fox Industrial Configurable in three different ways: Web-screen configuration CLI configuration via SSH and Telnet Serial configuration via console port

  10. Recap on Basic Ethernet principals

  11. A Quick Recap…. The OSI (Open Standards Interconnect) model is a definition of how devices should communicate, each layer performs a defined task and is separate to the layers above and below. Data from higher levels is encapsulated by the lower layers Communication protocols, TCP, UDP IP Addresses, Routers Ethernet, Mac addresses, Switches, Bridges Cat5e Cable, Fibre Optic, DSL, Radio

  12. Preamble Destination MAC Address Source MAC Address Type Field Version IHL Type Of Service Total Length Identification Flags Fragment Offset TTL Protocol Header Checksum Source IP Address Destination IP Address IP Options Padding Src port Seq number Ack Number Data Offset Reserved Dst Port Flags Window Checksum Urgent Pointer Options Cyclic Redundancy Check An Ethernet packet An example packet PDU OSI Layer TCP IP Ethernet Data from upper layers Maximum frame size = 1542 bytes

  13. IP Addresses • 32 Bit Dotted Decimal Notation • 192.168.100.100 • Subnet mask segregates IP’s into groups • 255.255.255.0

  14. Types of IP traffic • TCP UDP Broadcast Multicast

  15. IGMP • Multicast reserved addresses • 224.0.0.0 to 239.255.255.255 Multicast subscribers Video Server Non- subscriber

  16. Subnets • 192.168.10.0 • 255.255.255.0 • 11000000.10101000.00001010.00000000 • 192.168.10.255 • 255.255.255.0 • 11000000.10101000.00001010.11111111

  17. .255 .0 .1 - .254

  18. .255 .0 .193 - 254 .1 - .62 .192 .63 .191 .64 .129 - .190 .65 - .126 .128 .127

  19. VLANS…..

  20. Virtual LAN (Vlan) • Operate at Layer 2 • Break up broadcast domains • Create smaller, logical, network topologies • Create dedicated Virtual LANs for different services i.e PLC & SCADA, CCTV, Corporate sever/Email access • Cyber Security • VLAN’s can be created in one of two ways: • Static – per port Supported in weOS • Dynamic – MAC address allocation Not supported in WeOS

  21. What are Vlans for? • Grouping parts of a network based on department, function or service. Controlling the proliferation of broadcasts throughout a network Providing security throughout the network Gives flexibility to network design

  22. Preamble Destination MAC Address Source MAC Address Type Field 802.1Q Header Version IHL Type Of Service Total Length Identification Flags Fragment Offset TTL Protocol Header Checksum Source IP Address Destination IP Address IP Options Src port Seq number Ack Number Data Offset Reserved Dst Port Padding Flags Window Checksum Urgent Pointer Options Cyclic Redundancy Check Vlan tagging + frame length Some networking devices are unable to process frames larger than 1538 bytes. These devices require the tags to be removed before the frame is transmitted to them. • Vlan Tag information adds 4 bytes of data onto an Ethernet frame making a maximum frame size of 1542 bytes Ethernet at the Network layer can only process a maximum unit size (MTU) of 1500, so larger packets are segmented and then reassembled at the destination Data from upper layers

  23. Entire network unused Corporate network Industrial Network • Change the link port into a Vlan trunk port • 2 Vlans • 2 Broadcast domains • Default configuration • 1 Vlan • 1 Broadcast domain

  24. WeOS VLAN Concept • WeOS VLANS are built up of two elements; • Interface’s • Parameters pertaining to the VLAN configuration • Assigned Ports • The ports assigned to each VLAN

  25. VLAN Interface Properties Mac Address assigned to the VLAN interface Enable / Disable VLAN Enable / Disable VLAN Assign an IP address to the VLAN Interface Static or DHCP Address mode

  26. VLAN Properties Static IP

  27. CLI Command list

  28. X Inter-VLAN routing X Switches cannot route between VLANs For packets to traverse different VLANs, they must be processed by a router

  29. Using WeOS to configure VLANS • Practical • Introduce setup of Vlans using WeOS • Possible setup Vlan using CLI

  30. Quality of Service (QoS) • Guarantees Bandwidth • Reduces: • Jitter • Delay • Dropped Packets • Out of Order Delivery • Is Required for Some Applications • VoIP • Video Streaming • Absolutely Critical Data

  31. QoS works by assigning types of traffis with DSCP tags (Differentiated Service Code Points) which determine the exact level of service to be treated with. Westermo Switches link the QoS priority tags with the VLAN tags. This means that you cannot tag different types of traffic, but rather groups of hosts (which makes more sense in a control network)

  32. Quality of Service (QoS) • When to implement QoS • When you are using an application which requires it: • VoIP • Video Streaming • Absolutely Critical Data • When there is contention for bandwidth • However, increasing bandwidth is always a better solution to increase network performance

  33. Redundancy and Fault Tolerance in networks

  34. FRNT V0 • Proprietary Westermo Redundancy Protocol • Controls topology failover • Fast (<20ms reconfiguration time)

  35. X X X X FRNT Member FRNT Member Focal Point Member devices communicate with focal point to determine topology Focal point detects a ring is created, so it shuts down one of its interfaces which links the ring Switches continue to communicate to report status of topology If a cable fault is detected, the focal point opens its blocked interface to allow full connectivity again

  36. STP & RSTP • Redundancy protocol which allows a switch level (layer 2) mesh topology • Network convergance times of 30 secs and 3 secs • Uses lowest MAC address or lowest bridge ID to determine Root bridge

  37. X X X X X X Principal of root bridge Bridge ID: 8649 Bridge ID: 6039 Internet Bridge ID: 7432 Bridge ID: 4036 Bridge ID: 6696 Bridge ID: 9972 Bridge ID: 4189 Bridge ID: 5827

  38. VRRP • Allows redundant entry/exit points to a network • Does so via a “virtual” gateway IP address which two devices control the responses to • Not to be confused with load-balancing

  39. X X Router ID: 210 Router ID: 50 Use multicast traffic to manage response to the virtual MAC address 00-00-5E-00-01-XX 00-00-5E-00-01-XX Router with the highest VRRP ID Is the ”Master” router If the master router encounters a fault the backup router will take over

  40. Practical Time!! • Setup FRNT ring. • Use testing tools (ping, traceroute) to verify configuration • Inspect port mirroring and wireshark

  41. Routing • Routing occurs at layer 3 • All layer three devices have a routing table

  42. Understanding a Routing table Next hop Network Metric Network next hop Metric 172.16.0.0 directly connected 0 10.0.0.0 directly connected 0 192.168.0.0 directly connected 0 192.168.10.0 192.168.0.2 1 54.19.0.0 192.168.0.2 110 0.0.0.0 172.16.0.100 0 Routing tables read sequentially from top to bottom 0.0.0.0 172.16.0.100 0 Destination address How to get there How far away it is A routing table (sometimes called a Routing Information Base or RIB) has three main parts: When a device needs to send data, it will read down through the table to find where to send it. If no exact match is found, the default gateway will be used These titles basically mean: Notes: You can tell a lot from a routing table. For instance, from this example we know that this router has three different networks configured directly on it, and it knows how to get to a further two more via a router which exists on the 192.168.0.0 network. From the metrics on the two distant networks we can tell what routing protocol is used to advertise them.

  43. Static routing • Manually configured • Used in smaller networks • Becomes a headache when employed in larger networks • Not tolerant of topology changes

  44. Default routing • “Gateway of last resort” • Defines how to get to a network that is not explicitly defined • Always the last route in the routing table • Cannot have multiple default routes

  45. Dynamic routing OSPF Link-State protocol Elects a “designated” router to manage topology updates Updates topology based on keepalive “hello” packets Floods routing updates upon topology change Fast convergence time Calculates the shortest path to destination • RIP V1 • Distance-Vector protocol • Uses timed updates • Floods routing table every 30 secs • Slow convergence time • High overhead • Simple to configure • Uses “hop count” to determine best path NB: Other routing protocols exist, but are not implemented in WeOS (YET!!)

  46. How RIP works 172.16.0.0/16 192.168.0.1/30 192.168.10.0/24 A B 54.19.0.0/16 192.168.0.2/24 10.0.0.0/8 RIP is a nice and simple routing protocol, it advertises its entire routing table every 30 seconds out of all interfaces, although convergence time is slow, it is easy to configure Network next hop learned from 172.16.0.0 directly connected directly connected 10.0.0.0 directly connected directly connected 192.168.0.0 directly connected directly connected 192.168.10.0 192.168.0.2 192.168.0.2 54.19.0.0 192.168.0.2 192.168.0.2 Network next hop learned from 192.168.10.0 directly connected directly connected 54.19.0.0 directly connected directly connected 192.168.0.0 directly connected directly connected 172.16.0.0 192.168.0.1 192.168.0.1 10.0.0.0 192.168.0.1 192.168.0.1 Network next hop learned from 172.16.0.0 directly connected directly connected 10.0.0.0 directly connected directly connected 192.168.0.0 directly connected directly connected Network next hop learned from 192.168.10.0 directly connected directly connected 54.19.0.0 directly connected directly connected 192.168.0.0 directly connected directly connected

  47. OSPF Area 0 Area 1 E A B F C D OSPF can define Areas within an Autonomous Network (AS), this keeps routing tables smaller by limiting the total routes that each router needs to be aware of and speeds up network convergence OSPF sends out “hello” packets out of all configured interfaces. Routers build a “neighbourship” table so they are aware of others running OSPF. When routers become aware of each other via the “Hello” packets, they and they are within the same area, they will attempt to negotiate an “adjacency”. Once this is done, they will exchange routing information Routers A and E are “Area Boarder Routers” These routers are part of both areas, and will advertise “summary routes” to areas beyond their own.

  48. OSPF Area 0 Area 1 E A B F C D From here onwards, when a topology change occurs, affected routers will alert the DR of the change and the DR will then broadcast this change to all routers within the area – greatly cutting down of the packets being sent. When a network segment has not fully converged, there can be a lot of packets passing between routers as they attempt to determine the topology. To combat this, the two routers with the highest configured IP addresses will become the Designated Router (DR) and the Backup Designated Router (BDR). As OSPF alerts works upon change of state, this can generate a lot of extra traffic when a link goes down – exactly when additional traffic is not desired!

More Related