Switches are the most important component of the infrastructure in industrial networks. They are used to exchange data between controllers, programmable logic controllers (PLCs), historians and control systems further upstream. The proximity to production, where very special environmental conditions prevail, requires special switch models in terms of their resistance, dimensions and power supply. As a rule, mounting on a DIN rail in accordance with EN 60715 - the top-hat rail - is necessary. The smaller the switch, the better. This is because space is usually at a premium in the control cabinets of machines.

This requires efficient handling of waste heat and a higher permissible temperature range for this type, which must work reliably even without ventilation. Other installation variants expose the switches to the ambient air with all its harmful factors such as dust and moisture. The devices must therefore be able to be cooled without a fan. Resistance to moisture and protection against the ingress of objects is indicated by the IP protection class. Empty ports - and this applies to every connector and module format - must be sealed with a suitable protective cover.

The power supply

The majority of industrial switches are designed for a 24 or 48 V DC voltage supply. Manufacturers normally install additional filters and extended overvoltage protection for several kilovolts to protect against the supply voltages, which are often subject to high-frequency interference. Power-over-Ethernet is also required by many users today. The switches must provide a sufficient energy budget for this and support the common 802.3af/at standards. As a rule, the Ethernet ports are designed for standard RJ45 connectors or fiber optics via GBICs with LC format. The RJ45 variant is also available in special versions with splash protection or screw connection. Special formats such as the M12 connector (D-coding), which is approved for up to 100 Mbit/s, and M12 in X-coding, which can even transmit 10 Gbit/s, are even more robust and secure.

In the past, the amount of data transmitted in the automation sector was negligible, but today the situation is different: On the one hand, more intelligent elements are being installed that send larger amounts of data. On the other hand, the IP-based network is also suitable for other tasks. For example, video data from surveillance cameras can be transmitted, which is in demand in the context of smart cities and Industry 4.0. As a result, some manufacturers support Gigabit ports (1000 Mbit) in addition to Fast Ethernet (100 Mbit) and also higher speeds via GBICs. Aggregating switches in particular, which collect and forward data from several areas, should be able to be equipped with a fast uplink with a view to future-proofing.

The grid connection

Depending on the architecture, Ethernet connections are very important. To increase availability, some manufacturers have developed proprietary redundant coupling procedures between switches. Others rely on the mechanisms defined in the Ethernet standard, such as Spanning Tree Protocol (STP). If Spanning Tree already exists in the network, the technology is known and established on the one hand, and on the other hand there will also be in-house expertise for configuration and operation. Redundancy via proprietary standards, on the other hand, has the advantage of being very easy to configure, meaning that automation technicians can also use it to quickly set up fail-safe networks. The downside: this type of coupling can only be implemented with the switches and routers of one manufacturer - there is no cross-manufacturer compatibility!

The switches transport data packets from the various fieldbuses such as Modbus as a payload within Ethernet without any problems. However, if the fieldbus data is to be read or manipulated in the switch, the switch must offer it explicitly. For example, it can then read out the register contents of a Modbus frame and make them available in a separate sub-menu. Direct access allows users to carry out manipulations that are not time-critical in the switch without burdening another higher-level device such as a gateway.

Important Ethernet functions

Non-manageable layer 2 models are normally used directly at the point of use, which only serve as a simple infrastructure. One level higher, when data is aggregated, manipulated and further intervention options are required, Layer 3 switches with management functions should be used. Some advanced Ethernet-specific functions that can be used to optimize the network and data traffic are particularly important. These include trunking, i.e. the combination of several ports between switches to form a virtual, more powerful pipeline. In addition to the higher throughput, it also has the advantage of increased redundancy in the industrial environment. The most important implementation is the Link Aggregation Control Protocol (LACP) in accordance with the IEEE standard 802.3ad/802.1AX. Potential buyers should ensure that the switch, even if a proprietary solution is used, still supports LACP for the purpose of investment security.

Multicast functions such as the Internet Group Management Protocol (IGMP) are normally built into layer 3 switches as standard. They can be useful, especially when video data from IP cameras is transported via the switch. They are usually integrated into an overarching quality of service framework (QoS) with traffic shaping and bandwidth management. Even more important is comprehensive VLAN support that masters the current 802.1Q standard and is seamlessly integrated. VLANs are an effective and quickly implemented security measure in production networks to separate production and management data.

Administration and security

While a web interface accessible via HTTP is standard for management, console-based access is still important. Terminal emulations and Telnet should be offered, but should also be able to be switched off if they are not required. Even the serial connection via RS232 interface is still commonplace in the industrial environment. Encrypted connections via HTTPS and SSH are generally preferable. If there are DIP switches on the switch to set certain parameters manually, it should be possible to disable them via the management interface, just like USB ports or SD card slots. Dual firmware management is also useful to ensure that a functional firmware is always available.

Security is a key selection criterion for switches anyway due to their exposed role. A dedicated user administration with user name/password and assignment of rights is just as important as the option of integrating them into higher-level directory services via LDAP. User authentication via Radius and 802.1X should be offered as an option, together with MAC-based access control. Ultimately, switches in the production environment must always be an integral part of the joint IT security concept in consultation with the IT department.

Although industrially used switches perform the same tasks as switches in data centers, they sometimes have a significantly different requirements profile. However, the points of contact between automation and IT are now increasing, especially when it comes to security and joint device management. Anyone wishing to select industrial switches would do well to consult the IT department's strategic decisions in advance and bring them into line with their own requirements.

Author:
Michael Müller is Head of Product Management Central Europe at D-Link (Deutschland) GmbH.