Intent-Based Industrial Networks

Friday, November 30, 2018 @ 04:11 PM gHale

By Dave Cronberger
Manufacturing networks today are massive and pass quite a bit of unutilized data. These networks also have a lot of equipment on them that, from time to time, is moved around where the plant floor is re-optimized to make people and machinery more efficient.

Plant floor re-optimization can save large amounts of money, while automating the movement of equipment, or at least the network supporting manufacturing, can save additional money.

This, however, can still create a number of challenges for the factory control engineering folks, as well as the industrial engineers that work out the flow of product through the manufacturing process.

Turn Fear into an Advantage
Security, Yes, Cameras Provide Other Value
Magnifying Visibility in OT Environment
Know Your Vendor before a Partnership

The current quantum manner of managing industrial networks will no longer scale in the way manufacturers need them to. Another issue here is having multiple networks running in parallel in these manufacturing plants. Here, it is important to consolidate these networks physically into a single network solution and distribute them at a domain level.

Another challenging factor is the increase in the amount of data points that will be collected from I/O devices in the manufacturing plant. This additional data will need to be analyzed in near real-time, while many of the more intricate parts of that data will need to be summarized and sent up into a data lake or similar repository in order to be examined differently and, perhaps more thoroughly.

Compute technology at the edge and in the data center can do a great deal of good on the factory floor with respect to all of the items that have been outlined:
• Plant movement
• Plant re-optimization
• Machine movement
• Information collection
• Analysis and reporting

The goal in mind here is to have the network appear to behave as though it were a giant USB hub. In this way, any piece of equipment can be:
• Located anywhere
• Uniquely identified
• Communicated with directly or as a group via multicast

At the same time, we need to be able to allow for separate domains on a common infrastructure. For example, we don’t necessarily want the administrative domain for the control’s environment in the manufacturing domain to be part of the overall enterprise information technology domain.

In-sync Orchestration
For all of these factors to come together, there needs to be an in-sync orchestration of all the network services and communication with each slice of the network as part of the overall system. We also need to virtualize the services in order to ensure we can control and migrate them from central locations.

Automation is a critical piece of making this orchestration happen, so each network element has to be supervised and managed by the higher-level administrator in order to ensure there are consistent conditions on the network for the machines. In other words, services have to be monitored and managed by the layer of orchestration in a consistent manner; a few of these items administrators must monitor include:
• Port configuration
• Access control lists
• Security parameters

Converting the backbone network as your step 1 also allows for the initial implementation of DNA, which positions for SDA (Software Defined Access). Being able to program a network around policy is a new paradigm and will take planning around converting policy to application.

Moving to Automation
Once the physical network is sorted out, there needs to be an evaluation of the logical topology and its attributes. It is here the benefits of automation begin to be realized – having software to define the network, particularly at the access layer, proving to be especially powerful and effective.

For the example pictured, the focus of SDA and principle automation is on the leaf/spine network backbone with limited support for extended node on certain industrial switches. In this case, the support for SDA in the backbone presumes the use of programable switches, while the support for SDA on industrial switches will grow over time starting with availability of programable industrial switches when released. The industrial segments that will exist in the manufacturing cells are presumed to be ring based, however, a ring topology is not required per se, but it serves as the most conservative approach in this context.

In this scenario, there are two access layers:
• First access layer is the leaf nodes on the backbone
• Second are the ring nodes on the cells on the plant floor

While DNA and SDA will be able to exist across the total network in the future, there will still likely be political boundaries that have to be taken into account or, if not political, then operational.

In these early days of automating industrial networks to make them intent-based, we must cross the line of abstraction between the physical and logical network. This must be done because of the changing demographics of the work force and the talent that will be leaving and not easily replaced.
Dave Cronberger is a solutions architect with the Cisco Industries Solutions Group (ISG).

Leave a Reply

You must be logged in to post a comment.