1 / 63

Advanced Ethernet Principals Using Westermo Equipment Westermo Data Communications UK Ltd

Advanced Ethernet Principals Using Westermo Equipment Westermo Data Communications UK Ltd Presenter: Graham Lee Esq. / Vincento “Coconut” Collis. Schedule for the day: Blahblahblah Blahblahblah Followed by: Cake. The WeOS (Westermo Operating System) concept.

louvain
Télécharger la présentation

Advanced Ethernet Principals Using Westermo Equipment Westermo Data Communications UK Ltd

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advanced Ethernet Principals Using Westermo Equipment Westermo Data Communications UK Ltd Presenter: Graham Lee Esq. / Vincento “Coconut” Collis

  2. Schedule for the day: Blahblahblah Blahblahblah Followed by: Cake

  3. The WeOS (Westermo Operating System) concept • WeOS was created in response to market demand • Westermo listened to customer demand’s for L2 Switching and L3 Routing • The management setup had to be easy to use by ICA and PLC engineers • Support for a CLI (Command Line Interface) • The new device had to support; • VLAN’s • Very Fast L2 ring redundancy • Legacy Serial protocol support • VPN’s • Dynamic Routing • Compatible with feature’s found in Enterprise IT equipment • Firewall • But the implementation had to be industrialised, Robust and future Proof!

  4. Interoperability MadeEasy Future Proofed Robust

  5. Interoperability Future Products Exsisting Lynx

  6. RedFox Industrial

  7. WeOS based devices • Family of Layer 3 Switches • High-Performance Ethernet Switch supports: • IGMP • VLAN • FRNT • QoS • Advanced Layer 3 Functions: • Routing • NAT & PAT • OSPF • Firewall • IPsec • Configurable Via: • HTTP, SSH, Telnet, Serial port www.westermo.co.uk

  8. Slot-based construction and port numbering Management port Mix of Ethernet and Fibre ports I/O and fault contact Configurable status LED’s I/O & Fault Contact Status LED’s Management port Slot 1 Management Slots 2 & 3 Additional ports

  9. Red Fox Industrial Configurable in three different ways: Web-screen configuration CLI configuration via SSH and Telnet Serial configuration via console port

  10. Recap on Basic Ethernet principals

  11. A Quick Recap…. The OSI (Open Standards Interconnect) model is a definition of how devices should communicate, each layer performs a defined task and is separate to the layers above and below. Data from higher levels is encapsulated by the lower layers Communication protocols, TCP, UDP IP Addresses, Routers Ethernet, Mac addresses, Switches, Bridges Cat5e Cable, Fibre Optic, DSL, Radio

  12. Preamble Destination MAC Address Source MAC Address Type Field Version IHL Type Of Service Total Length Identification Flags Fragment Offset TTL Protocol Header Checksum Source IP Address Destination IP Address IP Options Padding Src port Seq number Ack Number Data Offset Reserved Dst Port Flags Window Checksum Urgent Pointer Options Cyclic Redundancy Check An Ethernet packet An example packet PDU OSI Layer TCP IP Ethernet Data from upper layers Maximum frame size = 1542 bytes

  13. IP Addresses • 32 Bit Dotted Decimal Notation • 192.168.100.100 • Subnet mask segregates IP’s into groups • 255.255.255.0

  14. Types of IP traffic • TCP UDP Broadcast Multicast

  15. IGMP • Multicast reserved addresses • 224.0.0.0 to 239.255.255.255 Multicast subscribers Video Server Non- subscriber

  16. Subnets • 192.168.10.0 • 255.255.255.0 • 11000000.10101000.00001010.00000000 • 192.168.10.255 • 255.255.255.0 • 11000000.10101000.00001010.11111111

  17. IP Subnet Division .255 .0 .1 - .254

  18. IP Subnet Division .255 .0 .193 - 254 .1 - .62 .192 .63 .191 .64 .129 - .190 .65 - .126 .128 .127

  19. Virtual LAN (VLAN)IEEE 802.1Q

  20. Virtual LAN (VLAN) • What are VLAN’s? • Operate at Layer 2 • Break up broadcast domains • Create smaller, logical, network topologies • Create dedicated Virtual LANs for different services i.e. PLC & SCADA, CCTV, Corporate sever/Email access • Per-port Security levels • VLAN’s can be created in one of two ways: • Static – per port Supported in WeOS • Dynamic – MAC address allocation Not supported in WeOS

  21. A A B B A B What are VLANs for? • Grouping parts of a network based on department, function or service. Controlling the proliferation of broadcasts throughout a network Giving flexibility to network design Providing security throughout the network

  22. What are VLANs for? Providing security throughout the network • Default configuration • 1 Vlan • 1 Broadcast domain • Change the link port into a Vlan trunk port • 2 Vlans • 2 Broadcast domains Corporate network Industrial Network Entire network unused

  23. How would you use VLANs? • Automation network • Corporate network • Security network

  24. Preamble Destination MAC Address Source MAC Address Type Field 802.1Q Header Version IHL Type Of Service Total Length Identification Flags Fragment Offset TTL Protocol Header Checksum Source IP Address Destination IP Address IP Options Src port Seq number Ack Number Data Offset Reserved Dst Port Padding Flags Window Checksum Urgent Pointer Options Data from upper layers Cyclic Redundancy Check VLAN tagging + frame length • VLAN Tag information adds 4 bytes of data onto a layer 2 Ethernet frame making a maximum frame size of 1518 bytes. This information is required so that switches and routers know which VLAN this data belongs to. Ethernet at the Network layer can only process a maximum unit size (MTU) of 1500, so larger packets are segmented and then reassembled at the destination Some networking devices are unable to process frames larger than 1522 bytes (that being the size of a TCP/IP packet plus the Ethernet layer 2 encapsulation) . These devices require the tags to be removed before the frame is transmitted to them.

  25. WeOS VLAN Concept • WeOS VLANs are built up of two elements; • Interface’s • Parameters pertaining to the VLAN configuration • Assigned Ports • The ports assigned to each VLAN

  26. WeOS VLAN Concept

  27. WeOS VLAN Concept

  28. WeOS VLAN Concept

  29. WeOS VLAN Concept

  30. WeOS VLAN Concept

  31. WeOS VLAN Concept

  32. X X Inter-VLAN routing Switches cannot route between VLANs For packets to traverse different VLANs, they must be processed by a layer 3 device such as a Router or layer 3 switch

  33. Using WeOS to configure VLANS • Practical • Introduce setup of Vlans using WeOS • Possible setup Vlan using CLI

  34. Quality of Service (QoS) Many types of traffic will travel across a network Some of it critical , like PLC comms , or video traffic Also corporate network traffic such as e-mail, web browsing etc.

  35. Quality of Service (QoS) Many types of traffic will travel across a network Quality of Service is a broad term applied to any technique used to allow different types of IP traffic to be treated in different ways when traversing network devices Some of it critical , like PLC comms , or video traffic Also corporate network traffic such as e-mail, web browsing etc. WeOS devices use the Priority Code Point (PCP) field within the 802.1Q (VLAN) header to enforce Quality of Service

  36. Quality of Service (QoS) The Priority Code Point header allows eight different classes of service to be selected. Depending on the class selected problems can be avoided such as; • Jitter • Delay • Dropped Packets • Out of Order Delivery • QoS Is Required for Some Applications to work correctly • VoIP • Video Streaming • Absolutely Critical Data

  37. Quality of Service (QoS)

  38. Quality of Service (QoS)

  39. Routing and Redundancy Reliable networks require Redundancy This can mean: Redundant pathways Redundant Hardware This is typically achieved by using: Redundancy Protocols Routing Protocols FRNT V0 OSPF Spanning Tree Protocol RIP BGP Virtual Router Redundancy Protocol Static Routing Rapid Spanning Tree Protocol

  40. Routing and Redundancy Whats the difference? Redundancy Protocols Routing Protocols Determine best path for ALL traffic Decide best path for traffic on per-packet basis Discount alternative paths of communication until a fault situation occurs Always uses the best path to the destination Lower Protocol overhead Higher protocol and CPU requirements

  41. FRNT V0 • Proprietary Westermo Redundancy Protocol • Controls topology failover • Fast (<20ms reconfiguration time)

  42. X X X X FRNT Member FRNT Member Focal Point Member devices communicate with focal point to determine topology Focal point detects a ring is created, so it shuts down one of its interfaces which links the ring Switches continue to communicate to report status of topology If a cable fault is detected, the focal point opens its blocked interface to allow full connectivity again

  43. STP & RSTP • Redundancy protocol which allows a switch level (layer 2) mesh topology • Network convergance times of 30 secs and 3 secs • Uses lowest bridge ID or lowest MAC address to determine Root bridge

  44. X X X X X X Principal of root bridge Bridge ID: 8649 Bridge ID: 6039 Internet Bridge ID: 7432 Bridge ID: 4036 Bridge ID: 6696 Bridge ID: 9972 Bridge ID: 4189 Bridge ID: 5827

  45. VRRP • Allows redundant entry/exit points to a network • Does so via a “virtual” gateway IP address which two devices control the responses to • Not to be confused with load-balancing

  46. X X Router ID: 210 Router ID: 50 Use multicast traffic to manage response to the virtual MAC address 00-00-5E-00-01-XX 00-00-5E-00-01-XX Router with the highest VRRP ID Is the ”Master” router If the master router encounters a fault the backup router will take over

  47. Practical Time!! • Setup FRNT ring. • Use testing tools (ping, traceroute) to verify configuration • Inspect port mirroring and wireshark

  48. Routing • Routing occurs at layer 3 • All devices which operate at layer 3 (and above) have a routing table

  49. Understanding a Routing table Next hop Network Metric Network next hop Metric 172.16.0.0 directly connected 0 10.0.0.0 directly connected 0 192.168.0.0 directly connected 0 192.168.10.0 192.168.0.2 1 54.19.0.0 192.168.0.2 110 0.0.0.0 172.16.0.100 0 Routing tables read sequentially from top to bottom 0.0.0.0 172.16.0.100 0 Destination address How to get there How far away it is A routing table (sometimes called a Routing Information Base or RIB) has three main parts: When a device needs to send data, it will read down through the table to find where to send it. If no exact match is found, the default gateway will be used These titles basically mean: Notes: You can tell a lot from a routing table. For instance, from this example we know that this router has three different networks configured directly on it, and it knows how to get to a further two more via a router which exists on the 192.168.0.0 network. From the metrics on the two distant networks we can tell what routing protocol is used to advertise them.

More Related