The Internet layer explained

Optigo Networks Intro to networking webinar with Distech Controls
Your guide to DHCP, IP addressing, subnets, and more

The worlds of IT and Operational Technology (OT) are merging more and more these days as the Internet of Things grows in prominence. This collaboration between IT and OT is great, but there are still gaps in understanding that keep these worlds from fully working together.

To help, we teamed up with Distech Controls to create a webinar series on networking, for OT professionals. Be sure to check out our Introduction to Networking and our session on Network Access as well!

In this edition about the Internet layer, we dug into DHCP, IP addressing, subnets, and more. Watch our webinar recording on “the Internet layer,” and read the recap below. You can also download the PDF handout of our presentation to refer back to later.

The webinar dug into a lot of topics, including:

Internet Layer

The Internet layer (from 2:04 to 10:20) is responsible for placing data that needs to be transmitted into data packets known as IP datagrams. These will contain the source and destination addresses for the data within.

This layer is also responsible for routing the IP datagrams. The main protocols included at the Internet layer are Internet Protocol (IP), Internet Control Message Protocol (ICMP), Address Resolution Protocol (ARP), Reverse Address Resolution Protocol (RARP), and Internet Group Management Protocol (IGMP).

You will commonly hear IPV4 and IPV6 mentioned in relation to this layer. For the purposes of this training, though, we focused on IPV4.

Network diagram

Static IP

Static IP (also known as fixed IP address – view from 10:20 to 13:20) is a manually configured IP address for a device. The IP address is referred to as static because it does not change without user input. When setting up a controller, you will manually assign an IP address that corresponds to the IP range chosen for the job or assigned by the IT department. Each device on the network must have a unique IP address and each device will have to be manually assigned.

The major disadvantage that static IP addresses have over dynamic addresses is that you have to configure the devices manually. Typically this is done on a per-device basis.

DHCP

Dynamic Host Configuration Protocol (DHCP – from 13:20 to 26:08) is a client/server protocol that automatically provides an IP host with its IP address and other related configuration information, like the subnet mask and default gateway.

DHCP provides an automated way to distribute and update IP addresses and other configuration information on a network. Typically, a DHCP server will respond to requests from clients with an address that resides in the DHCP scope. Along with IP addresses, DHCP servers can provide other information concerning the network if they are configured to do so.

A DHCP scope is a valid range of IP addresses that are available for assignment or lease to client computers on a particular subnet. In a DHCP server, a scope is configured to determine the address pool of IPs that the server can provide to DHCP clients.

When an address has a dynamic lease, the DHCP server can manage the address by allocating it to a client, extending the lease time, detecting when it is no longer in use, and reclaiming it.

Conversely, a DHCP reservation is a permanent IP address assignment. It is a specific IP address within a DHCP scope that is permanently reserved for leased use to a specific DHCP client.

Lease reservations are preferred over dynamic leases in controls networks. Knowing the IP address of a controller can be critical to sending and receiving data to other devices in the same network. Ensuring that the IP address doesn’t change will make the system easier to configure and manage. To make use of lease reservations, you will need to know the MAC address for the controller. You will need to provide this to whoever is managing the DHCP server so they can ensure each controller gets the IP address it’s supposed to have.

IP Routing

IP routing (from 26:08 to 43:45) refers to the way that data is routed through a network, from source to destination. These routes are based on a routing table, and routers do not pass broadcast packets. Here’s an example of IP routing in a network:

IP routing on a network

 

Gateway

Typically, in a TCP/IP network, nodes such as servers, workstations, and network devices each have a defined default route setting, (pointing to the default gateway), defining where to send packets for IP addresses for which they can determine no specific route. The gateway (from 43:45 to 44:09) is by definition a router.

Subnet

A subnet (sub network – view from 44:09 to 58:26) is a logical subdivision of an IP network. The practice of dividing a network into two or more networks is called “subnetting.” A subnet is basically a smaller network within a larger one. We can subdivide a larger network to create a smaller network for our controllers and devices on a job, and we can control how much the network sees our broadcast traffic.

Using two subnets that are very close to each other in appearance can show just how important this is. The subnet 255.255.255.0 and 255.255.254.0 look very similar. The only difference between the two is in the third octet, where one is 255 and the other is 254. Even though this would appear to be a small difference, it’s not small at all when it comes to broadcast traffic. The subnet 255.255.255.0 can broadcast to a total of 256 hosts. The subnet 255.255.254.0 can broadcast to a total of 512 hosts. Choosing the correct subnet for a controls network with IP based controllers is critical to the speed, reliability, and stability of the network.

Fully understanding subnetting can take time and a lot of reading. Until you have the time to review and understand the concepts, it’s best to remember a couple simple rules.

First, think small. If you only have 10 IP-based controllers for a job, you would want a subnet of 255.255.255.224, which can broadcast to a total of 32 hosts. If you have a customer who gives you the subnet 255.255.0.0 for all your controllers, you should ask them to check with their IT department to ensure that it needs to be this big. A subnet of 255.255.0.0 can broadcast to 65,536 hosts, which is far more than you would want for your average controls network.

Second, use a subnet calculator. They are widely available on the Internet, and there are a large number of apps available for mobile devices. This will help to avoid mistakes and make planning your next job much easier.

Network Address Translation (NAT)

The Network Address Translation (NAT – view from 58:26 to 1:04:08) converts all private IP address as one public IP address, and uses port mapping to provide uniqueness

Why should you use NAT? Well, first off, there’s a limited number of public IP addresses. Despite the huge number of IP addresses available (approximately 4.3 billion!) the Internet is running out of routable IP Addresses. Billions of IoT devices are coming online, and that number is growing very fast. Operational Technology in particular is contributing heavily to this increase

NAT also adds a layer of security. IP Addresses in the private network are not directly routable or visible, so hackers would need to scan/probe ports to find NATed devices. That scanning is easily detectable.

Network Address Translation

Domain Name Service (DNS) and Hosting

The Domain Name Service (DNS – view from 1:04:08 to 1:06:57) is the Internet's system for converting alphabetic names into numeric IP addresses. For example, when a Web address (URxL) is typed into a browser, DNS servers return the IP address of the Web server associated with that name.

Just a few notable DNS servers:

  • Google (8.8.8.8)

  • Quad9 (9.9.9.9)

  • OpenDNS (208.67.222.222)

Firewall and VPN

Firewalls (from 1:06:57 to 1:11:01) are a well-known tool for permitting or blocking network traffic based on rules. For example, you might set a firewall that says “Only port 47808 may exit.” It’s a great practice for safeguarding your assets.

A Virtual Private Network (VPN) is a way to extend your network over a secure, encrypted tunnel. You can give remote trusted devices using a local IP address

Recent Blog Posts

Have a troublesome network and a pcap file, but don’t know where to start with Visual BACnet? 

Trying to keep up with rampant device issues, constant network changes, or vendors pointing fingers instead of solving problems?

Interview between Monica McMahen, Marketing Director, and Pook-Ping Yao, CEO of Optigo Networks.

The worlds of IT and Operational Technology (OT) are merging more and more these days as the Internet of Things grows in prominence.

We recently hosted a webinar on BACnet Secure Connect (BACnet/SC) with special guests Bernhard Isler from Siemens and David Fisher from PolarSoft, two main figures behind BACnet/SC.

Recent Projects

Data center expansion with OTI and Optigo Connect

DATA CENTER EXPANSION

Stack Infrastructure is a portfolio of hyperscale computing data centers. OTI completed work on Phases I and II, and returned for the Phase III build-out of a 4-megawatt data hall and brand new central plant. The Optigo Connect network put in place in Phases I and II was expanded on this project. The team achieved quick roll-out of a large, multi-service redundant network using the Optigo OneView management interface. Going forward, the facility management team can use OneView to remotely monitor equipment, manage power usage, and meet up-time goals.

Optigo Connect MR Soluciones The Landmark

THE LANDMARK

The Landmark is a sophisticated mixed-use high-rise in Mexico. The owners wanted to integrate all OT systems in the skyscraper, while maintaining separate networks for each application. The Landmark is the fourth joint project between Optigo Networks and MR Soluciones. Together, these companies provide robust services to meet any challenge.

Australian Bureau of Statistics at 45 Benjamin Way with Delta Building Automation

45 BENJAMIN WAY

Delta Building Automation (Australia) had a big job renovating the Headquarters for the Australian Bureau of Statistics (ABS) at 45 Benjamin Way. The building owner wanted to improve the building’s energy use and increase their National Australian Built Environment Rating System (NABERS) score to more than 4.5 stars, out of a possible total of six. Securing the network both internally and externally was a big priority, as well.

Penn State University Optigo Networks Visual BACnet

PENN STATE UNIVERSITY

When Tom Walker looked at Penn State University’s Navy Yard network, he saw huge issues. The system was busy and loud, to the point where the overrun network was bringing down the entire building. Because this was happening on the MS/TP network, pinpointing the problem would mean boots on the ground to segment and test the chain, piece by piece.

Penn State University Optigo Networks Visual BACnet

PENN STATE UNIVERSITY

When Tom Walker first started working at Penn State University four years ago, there were a lot of network issues. Buildings were dropping offline. Broadcast traffic was pushing 90,000 packets per hour. Walker was on the phone almost every single night because devices were down or had to be reset.

 

Torre Manacar Mexico City Optigo Connect

TORRE MANACAR

When MR Soluciones began work on Torre Manacar, they knew they needed a flexible and scalable network infrastructure to support a wide array of integrated systems. Optigo Networks was a natural fit for the massive project, designing a robust network at a competitive cost.

short

SHORT PUMP TOWN CENTER

Short Pump Town Center, an upscale retail center, underwent a complete renovation in 2014. The flexibility of Optigo Networks’ solution meant the retail center’s unknown final design was not a barrier to placing IP surveillance equipment in the field.

BOULEVARD MALL

BOULEVARD MALL

Optigo Networks connected New York-based Boulevard Mall’s security surveillance devices in December 2015, using a Passive Daisy Chain topology.

Visual BACnet tech support team

TECH SUPPORT TEAM

One tech support team at a manufacturer purchased an account with Visual BACnet in April 2017, for technical problems around the world.

Aster Conservatory Green Optigo Connect

ASTER CONSERVATORY GREEN

The Aster Conservatory Green is a community comprising 352 residences across 24 low-rise buildings. The buildings use advanced surveillance and access control technology, including 40 HD video cameras and 60 FOB-access-tele-entry points for access control.