IoT Fundamentals Bootcamp
Gonzalo Salgueiro, Distinguished Engineer Jerome Henry, Principal Engineer David Hanes, Principal Engineer Robert Barton, Distinguished Architect TECIOT-2400 Cisco Webex Teams
Questions? Use Cisco Webex Teams to chat with the speaker after the session How 1 Find this session in the Cisco Events Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space
cs.co/ciscolivebot#TECIOT-2400
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Agenda
• What is IoT?
• IoT Network Architecture and Design
• Smart Objects: The “Things” in IoT
• Connecting Smart Objects
• IP as the IoT Network Layer
• Application Protocols for IoT
• Securing IoT
• Data and Analytics for IoT
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 What is IoT? Automation
IoT Big Data M2M Sensors
E-Health Tracking If You’re Confused About IoT, You Are Not Alone
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Genesis of IoT
Ubiquitous Internet of Things World Objects connect 2029 - Internet of Mobile even without you 2013 - 2029 Connectivity Device goes with you 2007 - 2015 You go to the device 2000 - 2007 Separation between Connecting: connected • People and • E-commerce • Processes unconnected • Social Media • Data is blurred • Email • Location-aware • Things • Web Browser applications • Search Intelligent Connections
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Are There That Many “Things”?
50 “Things” per person 50 40 Billion Rapid adoption rate of digital infrastructure Smart Objects 5 x faster than electricity & telephony 30
20
Billions of Devices of Billions Inflection Point 10 6.307 World Population 6.721 6.894 7.347 7.83 0 2003 2008 2010 2015 2020
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 Digitization: Connecting More Than “Things”
Things – Includes machines, devices, sensors, consumer products, vehicles, etc.
Systems – Includes business applications, ERP/CRM/PLM systems, analytics systems, data warehouses, and control systems
People – Includes workers and consumers, employees, partners and customers
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 IT / OT Convergence
IT Network (INFORMATION TECHNOLOGY
OT Network (OPERATIONAL TECHNOLOGY
Traditionally Separate Networks
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 Business Drivers of IoT
Smart Cities Increased Revenue Transportation Public Safety Operational Efficiency
Process Automation Oil & Energy / Gas Utilities Actionable Insights IOT DRIVERS Ecosystem
Productivity Gains Healthcare Mining Product Quality
SP/M2M . Manufacturing . Cost Reduction etc. TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 IoT Challenges
Imagine collecting data from 10 million electric meters
How do you secure millions of interconnected devices?
What do your things tell me about you?
Millions of smart objects, millions of sources and data points
Proprietary and targeted solutions
Can Operational Technologies use the same network as IT?
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 IoT Network Architecture & Design Building an Architecture
• An IoT Project should be just like any other project ⁃ You work on the requirements to develop a blueprint before buying the tools to start building
• However, IoT was not “designed”, it “happened”: ⁃ Multiple specialized / vertical solutions ⁃ Multiple requirements ⁃ Multiple sensor types ⁃ Multiple applications ⁃ Multiple languages ⁃ Multiple protocols
Requirements IoT
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 IoT Architecture Requirements & Challenges
Large Scale Millions of clients in a single network! IPv6 is the only way…
Security Sensors exposed to the world, data travels through public networks…
Constrained Devices Lossy networks, low bandwidth, small batteries…
Large Millions of sensors produce tons of data, all the time… Volume Legacy Non-IP, specialized devices, multiple vertical solutions… Support Need for What happens now may result in proactive action… Real Time
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 Why So Many Architectural Models?
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 oneM2M Common Services Framework
Applications Layer: Services Layer: Network Layer: • Smart Energy oneM2M includes a common services Applications talk to the APIs to • Asset tracking horizontal framework supporting Restful communicate with sensors • Fleet Management APIs
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 IoT World Forum (IoTWF) Reference Model
Levels 7 Collaboration & Processes (Involving People & Business Processes) Center
6 Application (Reporting, Analytics, Control)
5 Data Abstraction (Aggregation & Access)
4 Data Accumulation (Storage)
3 Fog Computing (Data Element Analysis & Transformation)
2 Connectivity (Communication & Processing Units)
Edge Physical Devices & Controllers 1 (The “Things” in IoT) Sensors, Devices, Machines,
IntelligentTECIOT -Edge2400 Nodes© 2020 Ciscoof all and/or types its affiliates. All rights reserved. Cisco Public 18 IoT World Forum (IoTWF) Reference Model
Physical Devices & Controllers 1 (The “Things” in IoT)
Sensors, Devices, Machines, Intelligent Edge Nodes of all types
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 IoT World Forum (IoTWF) Reference Model
2 Connectivity (Communication & Processing Units)
Level 2 Functions: • Communication between Level 1 devices • Reliable delivery of information across the network • Switching and routing • Translation between protocols • Network level security
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 IoT World Forum (IoTWF) Reference Model
Edge (Fog) Computing 3 (Data Element Analysis & Transformation)
Level 3 Functions: Data ready for • Evaluate and reformat processing at higher data for processing at levels higher levels • Filter data to reduce traffic for higher level processing • Assess data for alerting, notification, or other actions
Data Packets TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 21 IoT World Forum (IoTWF) Reference Model
Level 4 Functions: • Captures data and stores it so it is now usable by applications when necessary. • Converts event-based data to query-based processing.
4 Data Accumulation (Storage)
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 IoTWF Reference Model – Bridging IT and OT
Levels
7 Center IT Query Data at Non-real Based Rest Time 6
5 Event Data in Real 4 OT Based Motion Time
3
2 Edge Sensors, Devices, Machines, 1 Intelligent Edge Nodes of all types TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 23 IoT World Forum (IoTWF) Reference Model
Level 5 Functions: • Reconciles multiple data formats and assures consistent semantics from various sources. • Confirms that the data set is complete and consolidates data into one place or multiple data stores using virtualization.
5 Data Abstraction (Aggregation & Access)
4 Data Accumulation (Storage)
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 24 IoT World Forum (IoTWF) Reference Model
Level 6 Functions: • Interprets data using software applications. • Applications may monitor, control, and provide reports based on analyzing data.
6 Application (Reporting, Analytics, Control)
5 Data Abstraction (Aggregation & Access)
4 Data Accumulation (Storage)
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 25 IoT World Forum (IoTWF) Reference Model
Level 7 Functions: • Consumes and shares the application information. • Collaboration and communication of IoT information (often requires multi-step process).
7 Collaboration & Processes (Involving People & Business Processes) Center 6 Application (Reporting, Analytics, Control)
5 Data Abstraction (Aggregation & Access)
4 Data Accumulation (Storage)
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 26 Standard IT Computing & Analytics Architecture
Data Center / Cloud
Core Network
Endpoints
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 A New Approach is Needed for IoT
Traditional Approach A New Approach for IoT Take Data to the Processing Take Processing to the Data
IoT IoT Device Processing Device Processing Processing Processing
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 IT Compute Architecture – with IoT Requirements
Hundreds Data Center / Cloud Data Center / Cloud
Transactional response times
Thousands Core IPv6 Network Backhaul
Tens of Thousands Multi-service Edge Fog Layer
Sensing Millisecond / sub-second Correlation response times Control Millions Embedded Systems & Sensors Smart Objects Low power, low bandwidth
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 29 Data Reduction and Processing with Edge & Fog
Traditional Approach – Taking Data to the Processing
• Cloud • Big Data • Analytics • Applications Data Processing
IoT Approach – Taking Processing to the Data IoT Device Edge Node Fog Node Cloud Big Data Data Small Data
Processing Processing Processing
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 30 Simplified IoT Architecture
Fog computing - The systematic positioning Core IoT IoT Data Management of compute, storage, and networking resources as Functional Stack and Compute Stack close to the endpoints as possible – away from the cloud, but does not include Applications Cloud the endpoints. ~vs~ Communication Fog Mist/Edge computing – Network The systematic positioning
Security of compute, storage, and Things: Sensors Mist/Edge networking resources & Actuators directly to the endpoints – the Edge feeds data into the Fog layer.
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 Smart Objects: The “Things” in IoT Sensors
Humidity • Sensors…sense Sensor
• Measure physical quantities and Pressure convert that measurement reading Sensor Optical into a digital representation Sensor
• Any physical quantity that can be Chemical measured…can be measured by a Sensor sensor: ⁃ Viscosity ⁃ Magnetic field ⁃ Acoustic Photoelectric ⁃ Humidity ⁃ Altitude ⁃ Light Sensor ⁃ Pressure ⁃ Biosensor ⁃ Radiation Flow ⁃ pH ⁃ Force ⁃ Chemical / Gas Sensor ⁃ Position ⁃ Flow ⁃ Occupancy / Motion ⁃ Color ⁃ Temperature ⁃ Velocity / Acceleration Temperature Sensor
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 Sensor Form Factor
• Sensors can have any size, any shape, and be embedded in any object… Light sensor Camera Some of the Sensors in a Smartphone Barometer Pedometer Camera Proximity Proximity Sensor
Pedometer Magnetometer
Barometer Light Sensor AccelerometerGyroscope
Thermometer Fingerprint Gyroscope Fingerprint Sensor Microphone Microphone
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 Sensors and Actuators
• Actuators receive a signal or command, and trigger an action
Real World – Sensors Digital Representation – Physical Environment Electric Signal
Actuators
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 Characteristics of a Smart Object
Sensor That can measure physical data Smart Object Terminology (temperature, vibration, pollution …) Actuator (optional) • The following names usually refer to Capable of performing a task the same concept: (change traffic lights, rotate a mirror …) Communication Device ⁃ Smart Sensors ⁃ Smart Things Receive instructions , sends or routes data Self organising into networks ⁃ Smart Devices ⁃ Intelligent Nodes ⁃ IoT Devices ⁃ Intelligent Things ⁃ Intelligent Devices ⁃ Ubiquitous Things ⁃ Things ⁃ Intelligent Products Power Source • Mote - term used to refer a sensor Scavenger (Solar/Wind), battery, mains in a sensor network Tiny low cost computer Embedded into objects to make them smart Can be organised into networks
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 36 Smart Object Trends
Size is decreasing
Power need is decreasing
Processing power is increasing
Communication capabilities are increasing
Communication is increasingly being standardized
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 37 Sensor and Actuator Networks (SANETs)
• A network of sensors and actuators that can communicate and cooperate
• Smart homes are typical examples of SANETs
• SANETs can have wired or wireless Smart Objects, or both
• Wireless SANETs are known simply as Wireless Sensor Networks (WSNs)
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 38 The Case for Wireless Sensor / Actuator Networks
Cons Pros
Limited security 1 1 Greater deployment flexibility and ease
Limited transmission speeds and ranges 2 2 Scaling to more devices is simple
Environment has greater impact 3 3 Low implementation costs
4 Easy to maintain
5 Easy to introduce new sensors/actuators
6 Flexible design / dynamic topology
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 Wireless Sensor Networks (WSNs)
Low Memory Few tens of kilobytes ● Lossy Communications A WSN/WSAN is network of smart Embedded OS Low Power Wireless mesh predominantly (TinyOS, Contiki etc…) objects communicating purely through IEEE802.15.4. wireless technologies Also IEEE P1902.1 (Power Line Comms)
● Typical design constraints: Narrowband Typically sub-1Mbps ⁃ Limited Power ⁃ Limited Processing Power ⁃ Limited memory ⁃ Lossy Communication ⁃ Limited Transmission Speeds Power Consumption • Smart Objects with limited processing, is critical Energy efficiency is paramount memory, power, and so on, are often Battery powered devices must last years referred to as constrained nodes. Moderate CPU Power Minimise energy use
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 40 Wireless Sensor Networks (WSNs)
● Individual object limitations can be mitigated with “many objects that collaborate”
● Large WSNs permit the introduction of hierarchies, which offer several important advantages, such as: ⁃ Improved fault tolerance, reliability and availability ⁃ Capability to extend the life of the WSN ⁃ Increased accuracy ⁃ Data aggregation
Data Aggregation in WSNs
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 41 WSN Communication Protocol Selection
Access Characteristics Scalability • Long-Range vs. Short-Range • Number of endpoints • Mobile vs. Stationary • Volume of data per node • Licensed/Unlicensed Spectrum • Topology
WSN
Device Characteristics Traffic Characteristics
• Constrained / Non-Constrained • Lossiness • Power consumption • Latency • Security • Overhead & Payload
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 42 Connecting Smart Objects Wireless Sensor Network Characteristics
• Limited power • Changing network topology • Multihop routing and low range communications • Non uniform data distribution
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 44 WSN Protocol Selection Fundamentals
It is all interconnected…
• Lower frequencies longer wavelength
• Lower frequencies larger antennas
• Larger antennas longer range at same power
The band determines the expected range at a given power
• Increase power to increase range
• Increased power reduces battery lifetime, and limits multiple systems coexistence in given space
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 45 WSN Protocols – Common Range View
5G 4G • Choose protocol based on: LoRa 3G 2G • How much to transmit? Long Range • How often? Wi-Fi Wi-Fi WiFi-6 • How far? .b, .g,.n .ac .ax
• How is the environment?
• How many sensors in one cell? 802.15.4 1901.2 ZigBee g/e 802.15.4 PLC
BLE Medium Range
Bluetooth Short Range
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 46 The 802.15.4 Family 802.15.4
Among the IEEE protocols, 802.15.4 defines Low Rate WPANs 802.15.4 has many IoT-friendly features: • Based on low data rate communications • Scalable and self maintained • Enable low power and cost operation • Combines scheduled and contention-based schemes
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 48 IEEE 802.15.4 Wireless Standards
802.15.4c Sub-GHz PHY for WiFi IEEE 802.11 Wireless LAN China 802.11a/b/g/n (WLAN) 802.11ah (sub-GHz) 802.15.4e-2012 MAC Enhancement IEEE 802.15 Personal Area 802.15.1 Bluetooth Network (PAN) 802.15.4f 802.15.4 Low Rate WPAN PHY for RFID IEEE 802.16 Wireless (2003-2006-2011-2015) Broadband Access 802.15.4g-2012 amendment 802.15.6 Body Area Smart Utility Networks Networking IEEE 802.22 Wireless Regional Area Networks 802.15.7 Visible Light 15.4m Study Group Communications TV White Space amendment
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 49 802.15.4g and 802.15.e
• Several improvements for 802.15.4 over the years • 802.15.4g-2012 (integrated into 802.15.4-2015) • Focus is smart utility network communication: optimizes large, outdoor wireless mesh networks for Field Area Networks (FANs). New PHY definitions are introduced as well as some MAC modifications • 802.15.4.e-2012 (integrated into 802.15.4-2015) • Expands the MAC layer feature set to fix MAC reliability, unbounded latency, and multipath fading issues
802.15.4e-2012 802.15.4c Sub-GHz PHY for MAC Enhancement China 15.4m Study Group IEEE 802.15 Personal Area 802.15.4 Low Rate WPAN 802.15.4g-2012 amendment TV White Space amendment Network (PAN) (2003-2006-2011-2015) Smart Utility Networks 802.15.4f PHY for RFID
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 50 Wi-SUN Alliance
• Additional capabilities and options provided by 802.15.4g-2012 and 802.15.4e-2012 led to additional difficulty in achieving interoperability between devices and mixed vendors as requested by users. • To guarantee interoperability, Wi-SUN Alliance was formed • SUN = Smart Utility Networks. • Not a standards body, but instead industry alliance that defines communication profiles for Smart Utility and related networks • Similar in concept to WiFi Alliance or WiMAX Forum
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 52 FFD vs RFD
• Full function device (FFD) • Any topology • Network coordinator capable • Talks to any other device
• Reduced function device (RFD) • Limited to star topology • Cannot become a network coordinator • Talks only to a network coordinator • Very simple implementation
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 54 Flexible Topology
Network coordinator
Master/slave
Star Point to point Tree Partial mesh Full Function Device (FFD) Reduced Function Device (RFD) Communications Flow
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 55 802.15.4 Uses ISM, Easy in 2.4 GHz, less in sub 1GHz Australia 915-928MHz • Allocated Frequency bands USA Canada • Licensed/unlicensed (ISM) S.A. Israel Chile • Transmit power Korea 4 W ** 2 W * Colombo 917-923.5MHz 4 W * • Time transmitting Mexico Argentina Uruguay Malaysia Europe Venezuela 2 W ** India 902-928MHz 4 W * Japan (2012) Hong-Kong 915-930MHz Iran Brazil China UAE 902-907.5, 915-928 4 W* 2 W ** MHz China 0.5 / 0.02 W * 2 W ** 4 W * 2 W ** licensed/unlicensed
Hong-Kong 920-924 MHz Thailand 2 W * Singapore 0.5 W ** Singapore 2 W **
840 850 860 870 880 890 900 910 920 930 940 950 MHz
* e.i.r.p. ** e.r.p. E.U CEPT new frequency bands discussion (870- 876MHz and 915-921MHz) 56 Source: CEPT - DKE 731.09r1 JSC TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 802.15.4-2006 PHY Layer Bands
• Multiple rates and (ISM) bands from 169 MHz to 2.4 GHz
Channels 1-10 868MHz/ Channel 0 2 MHz 915MHz PHY 868.3 MHz 902 MHz 928 MHz 2.4 GHz PHY Channels 11-26 5 MHz
2.4 GHz 2.4835 GHz
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 57 802.15.4 vs Others
• IEEE 802.15.4 PHY and MAC layers are the foundations for several networking protocol stacks. • Make use of 802.15.4 at the physical and link layer levels but the upper layers are different • E.g. 6LowPAN
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 60 802.15.4 vs Others
• IEEE 802.15.4 PHY and MAC layers are the foundations for several networking protocol stacks. • Make use of 802.15.4 at the physical and link layer levels but the upper layers are different • E.g. ISA100.11a, WirelessHART
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 61 802.15.4 vs ZigBee and Thread
• ZigBee and Thread leverage IEEE 802.15.4 MAC and PHY • Both are driven by industry-level alliances that push the protocol development forward and certify products out in the market. • Thread leverages IPv6 natively, and leaves application level open (not included in specification)
Application Application
UDP App framework Security IP Routing Security Network 6LoWPAN
IEEE 802.15.4 MAC IEEE 802.15.4 PHY
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 62 ZigBee Network Applications
monitors TV VCR sensors DVD/CD automation INDUSTRIAL & CONSUMER Remote control COMMERCIAL ELECTRONICS control ZigBee monitors LOW DATA-RATE mouse diagnostics RADIO DEVICES keyboard sensors PERSONAL PC & HEALTH CARE PERIPHERALS joystick
security consoles HVAC portables TOYS & HOME lighting educational GAMES AUTOMATION closures
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 63 Multi-Service Field Area Network Cisco IoT Field Network Director
Certificate Intrusion NMS SIEM Authority Prevention Dist. Planning IWC FLISR SCADA MDM CIS Historian
Directory Access Services Control
EVSE Mgmt. DER Distribution Management System AMI Head-End HER Secure Network Infrastructure Data Center, Enterprise Apps Ethernet, WiMAX, Wi-Fi CGR2010 2G/3G/LTE Substation IR800 Distribution WiFi Automation WANTier CGR1000 LoRaWAN IR800 + IXM IR800 Work Force Resilient Mesh (RF and PLC) IR829 Automation SCADA Protection Neighborhood Area Network
and Control Network NAN NAN Tier
Gas/Water Meters
AMI Metering/ Transformer Distribution Faulted Circuit EV Charging Direct Load Outdoor Distributed HAN Gateway Monitoring Automation Indicator Infrastructure Control Lighting Energy Resources Cisco Resilient Mesh IR500 Endpoints TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 65 Wi-Fi, BT and BLE Bluetooth… for Home IoT
• PAN range – up to 10 meters / 30 feet • Bluetooth is an easy solution for wearables • Short sessions, low power, low density • Bluetooth 4.2 added BLE features • Connection-less broadcasts • Bluetooth 5 contains multiple features for home IoT • 10 to 30 meters with BT 4.2 • 40 to 120 meters with BT 5.0 • 2 Mbps with BT 5.0 (1 Mbps with BT 4.0) • Target is “Home IoT Wi-Fi market”
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 67 Bluetooth vs. BLE
Listening
Listening Standard Bluetooth BLE
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 68 Bluetooth vs. BLE
• With Bluetooth, the master connects to the slave and maintains the connection (energy greedy, but allows for things like VoIP)
• With BLE, the master detects the slave announce, and (if interested) connects, retrieves data, and closes the connection (few milliseconds, energy efficient, but no real-time support: built for small data chunks exchanges)
I can send the user pulse
Connect What is the pulse value? Pulse = 93 Hey! Your pulse is 93 ACK Disconnect ☺
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 69 BLE Channels and Power • BLE is built to be Wi-Fi friendly • Announce messages are sent on non-Wi-Fi channels • If you just read the announces, no impact on Wi-Fi. If you connect to exchange more, Wi-Fi is impacted (40 x 2 MHz channels instead of 80 x 1 MHz channels with standard Bluetooth) Feature Standard BLE Bluetooth Max range < 100m < 100 m (theoretical) Data rate 1 – 3 Mbps 1 Mbps Throughput 0.7 – 2.1 Mbps 0.27 Mbps Time to send 100 ms 6 ms data Power 1 W as 0.01 to 0.5 consumption reference W Peak current <30 mA < 15 mA consumption
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 70 What about Wi-Fi?
• WLAN range – 100 meters / 300 feet • Pros: • High throughput if needed • “Large” number of clients if needed • Any home has Wi-Fi • Cons: • Sessions required • Keepalives needed • Not optimal for battery-powered devices • IoT prefers simple modulation to complex and high throughput • 802.11ax (Wi-Fi 6) may change the landscape
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 71 802.11ax for Battery-Powered IoT
• ✔ TWT and Long Sleep time allowed •
STA1 Wake time All Wake AP beacon trigger beacon time Frame Sleep Sleep Frame Frame STA1
Sleep Frame STA2
• With Target Wake Time (TWT), AP can let STAs sleep for long durations (battery saved), set per STA or group of STAs • By using the same scaling factor as 802.11ah, 11ax allows STAs to sleep up to 5 years
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 72 802.11ax Features for IOT
Single STA packet time
Subcarriers 3. Dual Sub-Carrier Modulation 1.OFDMA, (DCM) 2. 2MHz RU, 375 kbps Frequency
6. 20 MHz-only stations 4. Target Wake Time (TWT)
5. Long Sleep allowed (up to 5 7. Longer preamble, years) 8. Longer Guard Intervals
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 73 802.11ah / Halow
Edge TX x RX Rate Mbps (Range) 11ac/n 5 GHz 6.5 3x2 Available, but low 20 MHz BW (27m) adoption 11ac/n @5 40 MHz BW 11n/b GHz 6.5 (other solutions exist for 2.4 GHz 3x2 27m range (54m) 20 MHz BW the same use cases, 11n/b @ 2.4 11 ah @ 900 MHz 6.5 Mbps 11ah with active ecosystem) GHz 88m range 900 MHz 5.9 edge 2x2 54m range 8 MHz BW (88m) 5.8 Mbps edge (US Only) 6.5 Mbps Smartphones, edge Tablets, Laptops can be used in Garages, Backyards, and Streets
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 74 Example: Mining Challenges • Scale • Gigantic sites • Always-changing terrain • Gigantic machines • No Cellular coverage
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 75 Autonomous Vehicles in Mining Operations
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 76 Example: Autonomous Vehicles in Mining Operations
MDF Central Control Field Office Fiber with IDF
RAP RAP
Field Office with IDF
MAP MAP MAP
Wi-Fi Mesh MAP
MAP MAP
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 77 Long Range, NB- IoT and LoRaWAN LTE for IoT – Narrow Band IoT
NB- NB-LTE OFDMA
“Clean EC- NB-IoT Slate” GSM (CAT M1) C-IoT
C-UNB N-GSM
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 79 Unlicensed vs. Licensed Spectrum Battle
Vs.
Or more like… Vs.
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 80 Battery Life – A Key Focus Area
• Focus on Low Power and Low Cost
• LTE, CAT-M and NB-IoT have done a good job at addressing top line low power messaging, but battery life near noise floor is not as good
• 3GPP battery life model assumes a 5Wh battery (>>$1)
Source: GSMA CLP.15
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 81 LPWANs An Emerging Wireless Infrastructure
Designed for Low Power Consumption, Low Data Rate, and Long Distance IoT Use Case • Fill the gap between local wireless and cellular Applicable Use Case wireless technologies • End-device with battery life lasting 10+ years • Optimized for small and intermittent data burst • Over-the-air distance over 15+ km • Outdoor coverage and sufficient indoor penetration Low cost module at sub-$5 • Technology branches from utilized spectrum • Licensed band - 3GPP NB-IOT on LTE – Public Mobile SP • Unlicensed band - LoRaWAN and SigFox on ISM radio – SP and Enterprises and Open Communities
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 82 Introducing Semtech LoRa (Long Range)
• Semtech is a leading supplier of high-quality analog and mixed-signal semiconductor products, and owner of LoRa chipset / modulation technology
• LoRa modulation scheme is owned by Semtech. Based on spread spectrum modulation techniques and a variation of Chirp Spread Spread spectrum (CSS) along with FEC
• LoRa Protocol supports 125 KHz and 500KHz channels
• The link budget, typically given in decibels (dB), is the primary factor in determining the range in a given environment
• 19.5 dBm demodulation below noise floor
• Low data rates between 0.3 Kbps and 22 Kbps
• Dynamically trades data rate against range and density of sensors
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 83 The LoRa Protocol Stack
LoRa Alliance Specifications
Semtech modulation
LoRa Alliance Regional Profiles
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 84 LoRaWAN End-to-End Architecture
Roaming (LoRaWAN™ 1.1)
RF Backhaul API
LoRaWAN™ LoRaWAN™ IP App Data IP Transport App Data Radio PHY MAC Tunnel
LoRaWAN™ Devices Gateway Network Servers Application Servers Certification program by Semtech HW MAC decaps, Security Platform for ASP LoRa Alliance reference design Network/Radio management e.g., Parking, Air quality, Version 2.0 Message scheduling, ZTD, etc… Meter reading
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 85 LoRaWAN for Europe (EU868 Region)
• Currently fixed channel plan with • Up to 16 channels at 125 KHz • At least 3 channels at 250 KHz are implemented on all devices • Data rates for 125 KHz channels are SF0 to SF7 • 250 to 11000 bps • Maximum EIRP 16 dBm (400 mW)
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 86 SIGFOX
Commodity (& open to all)
Present in 37 countries, challenges in some theatres (e.g. Americas) where 900 MHz spectrum is challenged
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 88 Industrial Gas Example
• Pressure monitoring LoRa network • Gas level monitoring • Tank & cylinders locations
Monitor, track & optimise the delivery of industrial gas cylinders on industrial sites (oxygen, cryogenics, argon, etc.)
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 89 LoRaWAN Use Cases for Utilities
1 Remote Metering 2 Fault Monitoring 2 Asset Tracking
Utility management server Retrieving fault messages from Utility requirements: locate the power lines are equipped with cable reels and diesel groups an intelligent electronic device based on their GPS (IED) coordinates LPWA networks can be used Base stations are rolled out on as the main technology 2G/3G selected utility poles. IEDs are equipped with pulse sensors ThingPark Wireless Network Powerline Concentrator Gas Power Power meters meters meters
Water meters
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 90 Facility Management Workplace Analytics
• Real-time workplace analytics based on low-power sensors allow central facility managers to optimize resource allocation and LoRaWAN dispatching Network • Office facilities are instrumented with presence, temperature, CO2 and door sensors CO2 Sensor • Workplace usage analytics are fed into a central WorkPlace Temperature Management Software from which Sensor optimized automated work orders Humidity are created for internal and Sensor external technicians Door Sensor © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 91 IP and the IoT Network Layer Why IP for IoT?
Open and Standards-Based
Ubiquitous
Scalable
Stable and Resilient
Versatile
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 93 IT and OT Are Converging Towards IP
Sensing
Ventilation Cloud Lighting Management BACnet and Analytics
Coax Experiences PBX
1995 2005 Late 2000s 2010 2015
Data IP Telephony IP Cameras Building Management IP Building Systems Using Systems on Network Low-Voltage PoE low-voltage PoE OpEx
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 94 Uniting the Heterogeneous Nature of IoT
• IoT devices and smart objects can connect IEEE using a myriad of 802.15.4 protocols that do not Homeplug RFID directly “talk” to one another • IPv6 has become the common thread that IPv6 IEEE allows for the ? Wi-Sun interoperability of IoT 802.11 devices using different connectivity (link layer) protocols Cellular 3G/4G/LTE Bluetooth © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 95 Cisco Head Cisco Digital Ceiling Case Quarters Building, Study Toronto, Canada ▪ 4 Floors Challenge ▪ 1400 LED / IoT Lights • Build an innovative, energy-efficient workspace ▪ 2200 HVAC endpoints Digital Transformation ▪ Distributed Deployment • PoE-powered lighting with Cisco switches Model • Sensor-based access to workspaces • Analytics with fixture-level visibility Why IPv6? • Scale of lights to wired ports is ~6:1 • Address exhaustion of IPv4 is limitation to deployment
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public PoE LED Lights and Noise Cancellation
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 97 EMERA Smart Lighting Example
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 99 Smart Lighting Usage and Occupancy
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 100 IoT Use of Open Standards
Metering Web Services, SOAP, SCADA DNS, IPfix/Netflow, SSH Application IEC 61968 CIM, RestFul, HTTPS/CoAP, IEC 61850, 60870 RADIUS, AAA, SNMP,… ANSI C12.22, Layer MQTT DNP3/IP, Modbus/TCP,… (RFC 6272 IP in Smart Grid) DLMS/COSEM,… Transport UDP/TCP Security (DTLS/TLS) Layer Network IPv6/IPv4 Addressing, Routing, Multicast, Layer IPv6 RPL QoS, Security
Mgmt 802.1x / EAP-TLS & IEEE 802.11i based Access Control IPv6 over PPP IP or Ethernet LLC 6LoWPAN (RFC 6282) IPv6 over Ethernet (RFC 2464) Data (RFC 5072) Convergence SubL. Link M IEEE 802.15.4e MAC enhancements IEEE 802.11 IEEE 802.3 2G, 3G, LTE IEEE 802.16 Layer A IEEE 1901.2a Wi-Fi Ethernet Cellular WiMAX C IEEE 802.15.4 802.15.4 frame format IEEE 802.15.4 IEEE 1901.2a Physical IEEE 802.11 IEEE 802.3 2G, 3G, LTE IEEE 802.16 2.4GHz, 915, 868MHz NB-PLC Wi-Fi Ethernet Cellular WiMAX Layer DSSS, FSK, OFDM OFDM
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 101 6LoWPAN Overview
• IPv6 over Low Power Wireless Personal Area Networks (6LoWPAN) defines the transmission of IPv6 over IEEE 802.15.4 (RFC 4944) • IEEE 802.15.4 has an MTU of only 127 bytes!
• Optional headers defined for 6LoWPAN include Mesh Addressing, Fragmentation, and Header Compression
802.15.4 Mesh Addressing Fragmentation IPv6 Header Header Header Header Compression IPv6 Payload
Allows for Layer 2 Fragments IPv6 packets Shrinks IPv6 and routing (mesh-under) to fit into 127 byte UDP headers within a single IP subnet 802.15.4 frames TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 102 6LoWPAN IPv6 Adaptation Layer and Fragmentation
Transport Layer TCP/UDP IPv6 Network Layer IPv6 (MTU=1280 Bytes) 6LoWPAN Adaptation Layer Data Link CGR Layer 802.15.4
Physical Layer Wired/Wireless 802.15.4 Mesh (MTU=127 Bytes)
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 103 6LoWPAN Header Compression
• More than doubles the payload & increases efficiency from 41% to 84% 127 Byte IEEE 802.15.4 Frame 1B 40B 8B 53B 802.15.4 UDP IPv6 Header Payload FCS Header Header
6LoWPAN Header 6LoWPAN Without Header Compression
127 Byte IEEE 802.15.4 Frame 2B 4B 108B 802.15.4 UDP Payload FCS Header Header
6LoWPAN Header with 6LoWPAN With IPv6 and UDP Header Compression Compressed IPv6 Header
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 104 Evolution of 6LoWPAN to 6Lo
• 6LoWPAN was designed specifically to enable IPv6 over 802.15.4
• The IETF 6Lo Working Group (WG) is chartered to define IPv6 over various IoT links types
IoT Link Type or Technology IETF Standard or Draft Bluetooth Low Energy (BLE) RFC 7668: IPv6 over BLUETOOTH® Low Energy Digital Enhanced Cordless RFC 8105: Transmission of IPv6 Packets over Digital Enhanced Cordless Telecommunications (DECT) Ultra Telecommunications (DECT) Ultra Low Energy (ULE) Low Energy (ULE) Power Line Communication (PLC) draft-ietf-6lo-plc-01: Transmission of IPv6 Packets over PLC Networks Near Field Communication (NFC) draft-ietf-6lo-nfc: Transmission of IPv6 Packets over Near Field Communication (standard pending) BACnet RFC 8163: Transmission of IPv6 over Master-Slave/Token-Passing (MS/TP) Networks 802.15.4e TSCH (6tisch WG) RFC 8480: 6TiSCH Operation Sublayer (6top) Protocol (6P)
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 105 Time Sensitive Networking (TSN)
• Comprised of around 12 IEEE 802 standards, TSN brings determinism and an enhanced quality of service to Ethernet • Allows for different traffic types to mix on same physical network and still be deterministic
TSN Core Elements Synchronization Scheduling Configuration
Time sync of multiple nodes Ensures deterministic arrival Configuration of all network and switches over Ethernet of packets and no conflicts elements is standardized
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 106 Example: Honeywell OneWireless ISA100.11a with Wi-Fi Deployment Wireless Control Loop Business/Process Control Network Sensor Actuator ISA100.11 Wireless Switch Device Manager Cisco Wireless Controller
PLC
Cisco 1552S Access Points
ISA100.11a Field Devices
Mobile Station 802.11 Wireless Mesh Backhaul ISA100.11a 802.11 Wireless Client
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 107 Extending TSN Capabilities with the IW6300 IoT Expansion Module
IT management Control System center
Catalyst IW6300
Catalyst Catalyst IW6300 IW6300
IoT Module IoT Module IoT Module
Wi-Fi Catalyst Personnel asset Mesh IW6300 location detection
WirelesHart/ ISA100 Sensor
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 108 The Future: 6TiSCH (IPv6 Time Slotted Channel Hopping)
• TSCH offers centralized scheduling and is optimized for Time-Sensitive flows, such as Upper Layers (RPL, CoAP, etc.) control loops L4 Transport TCP/UDP/ICMP • 802.15.4e defines a time slot structure L3 Network IPv6
• 6TiSCH defines the scheduling L2 Adaptation Layer IETF 6LoWPAN and forwarding algorithms (see L2 Adaptation Layer IETF 6TiSCH (6top) RFC 7554, 8180, and 8480) L2 Data Link IEEE 802.15.4 MAC (TSCH) • IETF DetNet WG is looking at TSN and its application and L1 Physical IEEE 802.15.4 PHY architecture
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 109 Route Over Versus Mesh Under
Route Over Mesh Under L3 Forwarding Decision L2 Forwarding Decision Each node is an IP router Each LoWPAN is a single IP network
IP Network
IP Network IP Network Upper Layers Upper Layers IPv6 IPv6 IP Network 6LowPAN 6LowPAN 802.15.4 MAC 802.15.4 MAC 802.15.4 PHY 802.15.4 PHY 802.15.4 Mesh 802.15.4 Mesh TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 110 Routing over Low Power Lossy Networks (RoLL):
• Existing IP routing protocols are poorly suited for IoT • lossy connections and will lose state too easily RPL • Only consider link cost, not node type or other constraints • Lack of routing flexibility when different objective functions are required ICMP
• RFC 6550 defines RPL: IPv6 Routing Protocol for Low-Power and IPv6 Lossy Networks IETF 6LoWPAN • RPL is a Distance Vector routing protocol used in route over scenarios IETF 6TiSCH (optional)
IEEE 802.15.4 MAC
IEEE 802.15.4 PHY
RPL Protocol Stack
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 111 RPL Definitions DODAG 0 Root • A Directed Acyclic Graph (DAG) flows in a single direction without encountering the same node again DAG 1 1 • A Destination Oriented DAG (DODAG) is the same as a DAG except that it flows to a root • Rank defines a node’s position with respect to 2 other nodes and the root (value of 0) 2 • Rank increases in the Down direction and 2 increases in the Up direction
• Rank is computed from the Objective Function (OF) defined for the DODAG 3
3 4
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 112 RPL Tree DODAG Structure The Rank is a rough approximation of how “close” a node is to the Root and serves to avoid routing loops Dag Information Object IP (DIO) messages Infrastructure RPL Rank 0 (Root advertise upward routes of DODAG Tree) downward from root Cisco CGR Down Border Router RPL Rank 1
RPL Rank 2 DAG Advertisement Object (DAO) messages advertise 802.15.4 Wireless Mesh RPL Rank 3 routes to parents Up
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 113 Example: Cisco CGR 1000 RPL Tree
CGR1000_JAD1843000D#show wpan 4/1 rpl tree ------WPAN RPL TREE FIGURE [4] ------
[2620:175:F00:100::1] (4/12) Rank 0 (CGR Router) \--- 2620:175:F00:100:5C71:CA79:791D:A52 \--- 2620:175:F00:100:787B:876E:8B52:2692 (4) \--- 2620:175:F00:100:4496:CCDD:DF26:907A \--- 2620:175:F00:100:5841:99F5:A721:33F Rank 1 \--- 2620:175:F00:100:58B8:CC09:85A2:529E \--- 2620:175:F00:100:FC6C:F5F2:5E2C:BC88 \--- 2620:175:F00:100:95A7:E3B8:E818:B349 \--- 2620:175:F00:100:C11B:F90E:C1F1:9C7 (4) Rank 2 \--- 2620:175:F00:100:25FC:C9D3:682C:3418 \--- 2620:175:F00:100:4D80:B8F2:4A1F:67C4 \--- 2620:175:F00:100:D06C:6C65:E465:97 \--- 2620:175:F00:100:E4E0:EE1F:BBD3:4A56
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 114 RPL Objective Functions Cisco CGR Border Router
• An Objective Function (OF) defines how ETX Value metrics are used to select routes and establish a node’s Rank. 1 1 • Metrics include: • Expected Transmission (ETX) – how 2.5 reliable the link is • Hop Count • Latency • Node Energy (Avoid nodes with low power) 3 1.5
Battery-Powered Node
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 115 Example: Routing with ETX Objective Function
The goal is to choose the path Cisco CGR with the lowest ETX value Border Router 0 (DODAG Root) ETX Value 퐸푇푋 푅푎푛푘=푛
Left: 2 1 1 Path 퐸푇푋 = Middle: 3 Right: 2.5 3
1 1.5
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 116 Example: Final RPL Topology
The goal is to choose the path Cisco CGR with the lowest ETX value Border Router 0 (DODAG Root) ETX Value 퐸푇푋 푅푎푛푘=푛
Left: 2 1 1 Path 퐸푇푋 = Middle: 3 Right: 2.5 3
1 1.5 The left path has the lowest ETX!
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 117 Example of Multiple DAGs in Single Physical Mesh
IP WAN
CGR ETX Value (Primary Path)
1 2 1 ETX Value (Backup Path)
1 2 Starting Node 1 1 2 Battery Powered Node 1 1 1 2 1 2 1.5 1.5 1
DAG Where OF = Minimum ETX
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 118 Example of Multiple DAGs in Single Physical Mesh
IP WAN IP WAN
CGR CGR 1 2 1
1 2 1 1 2
1 1 1 2 1 2 1.5 1.5 1
DAG Where OF = Minimum ETX DAG Where OF = Energy Conservation
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 119 Case Study: BC Hydro Smart Meter Project
Yukon Territory • Serving 5 million people in an area the size of California, Oregon, and Washington State combined
• Over 2 million residential and commercial meters in service running on an infrastructure built on IPv6, 802.15.4, and RPL Pacific Ocean Alberta, Canada
U.S.A. TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 120 Cisco’s Multi-Service Field Area Network Cisco IoT Field Network Director
Certificate Intrusion NMS SIEM Authority Prevention Dist. Planning IWC FLISR SCADA MDM CIS Historian
Directory Access Services Control
EVSE Mgmt. DER Distribution Management System AMI Head-End HER Secure Network Infrastructure Data Center, Enterprise Apps Ethernet, WiMAX, Wi-Fi CGR2010 2G/3G/LTE Substation IR800 Distribution WiFi Automation WANTier CGR1000 LoRaWAN IR800 + IXM IR800 Work Force Resilient Mesh (RF and PLC) IR829 Automation SCADA Protection Neighborhood Area Network
and Control Network NAN NAN Tier
Gas/Water Meters
AMI Metering/ Transformer Distribution Faulted Circuit EV Charging Direct Load Outdoor Distributed HAN Gateway Monitoring Automation Indicator Infrastructure Control Lighting Energy Resources Cisco Resilient Mesh IR500 Endpoints TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 122 Demand Response (DR) Load Controller
• Power generation and consumption must always be kept in balance • During periods of high power draw (peaking), energy consumption needs to be reduced to avoid brownouts • Demand Response allows control of high energy consumption devices on the grid • The DR device connected to water heater is connected to the FAN mesh (e.g. the meter on the home)
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 123 IPv6 Street Lighting
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Anatomy of a Smart Meter
Communications Board with Field Area Network (FAN) radio
Register board: registers voltage/energy usage, stores load/voltage profile and contains ZigBee radio for Home Area Network (HAN)
Metrology board: processes voltage and current measurements and converts them to pulses
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 125 Customer Portal
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 126 Farm of Smart Meters in an Underground Concrete Vault
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 127 Case Study: BC Hydro’s Conversion to IPv6
IPv6 made the mesh flatter and faster compared to proprietary implementation
• Before IPv6: Only 20% of meters were within 3 hops of CGR, 60% were 6+ levels deep. Max depth was 30 levels
• After IPv6: ~60% of meters within 3 hops of CGR with max depth of 14 levels deep
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 128 BC Hydro Case Study: Comparing to Full IPv6 After Conversion Pre-IPv6 Post-IPv6 Ping (msec) – Difference Average Round Trip Difference application-layer between levels Time between levels ping (non-IP) (msec) (msec) CGR 2670
Rank 1 4000 1330 430.5
Rank 2 5000 1000 716.1 285.7
Rank 3 7330 2330 1074 357.5
Rank 4 8330 1000 1119 45.05
Rank 5 11330 3000
Average 1732 279.69
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 129 Application Protocols for IoT Supervisory Control and Acquisition of Data (SCADA) SCADA Overview
• Created in the 1960 to carry data using L2 Supervisory System protocols over serial (e.g. RS-232 and RS- (Computers, HMI, 485) Data storage) • Evolved to support IP
• Master/slave relationship Control Communication Sensing • Commonly found in Infrastructure Manufacturing/Industrial (using protocols (Serial, ethernet, IP) like Modbus) and Utilities (DNP3 and International Electrotechnical Commission (IEC) 60870-5-101 protocols) verticals Remote Site 1 Remote Site 2 (RTU, PLC, (RTU, PLC, Sensors, Sensors, Equipment) Equipment)
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 131 SCADA Protocol Transport
Standards protocols Proprietary protocols Standard protocols over TCP/IP (IEC IEC 61850 over Serial over Serial (IEC 60870- 60870-5-104, DNP3, SCADA 5-101, DNP3, Modbus) Modbus)
Protocol Translation IP Tunneling • IEC 60870-5-101 to Using Raw IEC 60870-5-104 Ethernet/IP Socket • DNP3 to DNP3/IP • Modbus to MQTT
Secure IP infrastructure (Data Integrity, Confidentiality and Privacy)
(*) standards evolution) TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 134 MQTT (Message Queuing Telemetry Transport)
• Developed in 1999, MQTT uses TCP and a publisher/subscriber model • Publisher publishes “topic” at a given address • MQTT Server (MQTT Broker) can retrieve topics from publishers • Clients subscribe to topics from a broker or server • Broker can distribute topics to clients (subscribers)
Subscriber: Temp/RH Building climate control system Publishers: Temperature, RH
Operation Centers MQTT Server (Broker)
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 138 Example: Brokering Data Through a Cisco Industrial Gateway Using MQTT
Raspberry Pi or Virtualized RTU
Cisco Kinetic IR809 Router Cloud MQTT HVAC Broker
MQTT Publish Temperature Sensor
Smoke alarm Message Broker Data Client (MQTT Subscriber)
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 139 CoAP (Constrained Application Protocol)
▪ CoAP (RFC 7252) is a lightweight version of HTTP defined by IETF in the Constrained RESTful Environments (CoRE) standard ▪ UDP based with small headers (<10 bytes) ▪ Request / Response model (GET, POST, PUT, DELETE) Applications ▪ Supports block transfer, proxy, caching, resource discovery CoAP IPv6
6LoWPAN
MAC
Phy
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 140 CoAP Communication Example
coap://my-bright-light.com:5683/foo.xml
CON or confirmable 0x47 is the message ID, means an ACK is required ensures reliability
In this example, CoAP CON tid=0x47 is used to adjust the brightness of a PoE POST /foo light using a CoAP POST command Operation POST is used to send Centers data/command
Client Light
TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 141 CoAP Communication Example
coap://my-bright-light.com:5683/foo.xml
Light confirms CON tid=0x47 brightness adjustment POST /foo
Operation ACK tid=0x47 Centers 2.01 “ 0x47 is correct message ID Client ACK or acknowledgement Light of CON message 2.01 indicates success for the POST action TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 142 CoAP Versus MQTT CoAP MQTT Network Protocol IPv6 IPv6 Transport Protocol UDP TCP Typical Messaging Request/Response (like HTTP) Publish/Subscribe Effectiveness in LLNs Excellent Fair Security DTLS SSL/TLS Scalability Complex Simple Strengths Light-weight and fast with low TCP and QoS options provide robust overhead, suitable for constrained communications; simple management networks; Uses RESTful model that and scalability using a broker is easy to code to; Easy to parse, architecture; and process for constrained devices TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 143 Securing IoT The Age of Cyber Warfare has Arrived Increasing Industrial Threats IT and OT Have Gaps Challenges between IT & OT • IT prefers to patch as quickly as German Steel Mill possible Cyber attack (2014) 78% • OT prefers not to patch, EVER! Cyber attack on Saudi • Devices can go years with serious Aramco (2012) 78% of IT security staff lack cyber vulnerabilities 151 Cyber Incidents led to visibility & management to secure IoT devices* power outage or disruptions in 2014 US* Unauthorized Malicious People, Code Device Industrial Physical Protocol Offense Attack TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 145 Remember WannaCry? TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 146 TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 147 Which Assets to Protect? Asset Description Examples and Notes Intelligent Electronic Device – Commonly used Sensor, actuator, motor, transformer, IED within a control system, and is equipped with a circuit breaker, pump small microprocessor to communicate digitally. Remote Terminal Unit – Typically used in a substation or remote location. It monitors field Overlap with PLC in terms of capability and RTU parameters and transmit data back to central functionality station. Programmable Logic Controller – A specialized Most PLCs do not use commercial OS, and PLC computer used to automate control functions use “ladder logic” for control functions within industrial network. Human Machine Interfaces – Operator’s HMIs are typically modern control software HMI dashboard or control panel to monitor and running on modern operating systems (e.g. control PLCs, RTUs, and IEDs. Windows) Supervisory Collect information from industrial assets and Unlike HMI, a supervisory workstation is Workstation present the information for supervisory purposes primarily read-only Software system that collects point values and Data Typically with built-in high availability and other information from industrial devices and Historian replicated across the industrial network store them in specialized database Many other devices may be connected to an For example, printers can be connected Other Asset industrial network directly to a control loop © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public The Challenges of Protecting OT Digital Systems: Weak and/or Old Protocols, limited security culture in OT • Visibility and asset management is extremely difficult in IoT • Assets are uncontrolled • SCADA is the predominant protocol used in IoT - it was created in the 1960s and is inherently insecure • IT and OT have different skills, priorities and centers of control • Little to no security segmentation TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 149 Example: Stuxnet (2008) SCADA Attack at the PLC Layer Internet Corporate Media Network Z HMI Network M (Sit. Awareness, D Control, Protec on) Computers Vendors / Partners Z ICS Network M (Programming, D Maintenance) PLC Network (Physical Devices) TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 150 Stuxnet Started a Revolution in Industrial Security Customer Networks Built in this Period Vulnerabilities Stuxnet Black Hat 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 151 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Case Study: Ukraine Substation Industrial Attack City of Kiev, December 2015 • Widespread attack against the Ukrainian power grid • Dozens of sub-stations disconnected power • Attackers gained access to the SCADA system and turned off power Photo credit: CBS News TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 153 Ukraine Grid Attack – Kill Chain Spear phishing to gain Theft of Remote operation KillDisk to erase MBR business network access Credentials of ICS Systems and delete targeted logs BlackEnergy 3 Use of VPNs to S2E devices compromised at Power Outage malware installed access ICS network firmware level TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 154 Ukraine Grid Attack – Kill Chain Spear phishing to gain Theft of Remote operation KillDisk to erase MBR business network access Credentials of ICS Systems and delete targeted logs Attack on IT Domain Attack on OT Domain BlackEnergy 3 Use of VPNs to S2E devices compromised at Power Outage malware installed access ICS network firmware level TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 155 Protecting the Industrial Protocol Layer Industrial Security Appliance 3000 TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 156 ISA 3000 Protocol Parser for Modbus Unit Function Parameter Value (Data) TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 157 Cisco Cyber Vision Visibility is the Key to Securing OT Environments Visibility IT cares about OT cares about Cyber Threats Operational Insights Is this event a malicious Did this event impact the attack on the system? integrity of the system? Are security policies Security Analytics Are my OT assets properly enforced in the OT domain? configured? TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 159 Cisco Cyber Vision An edge monitoring architecture leveraging the network infrastructure Cyber Vision Center: Centralized Analytics & Data Visualization Cisco Integrations Partner Integrations ISE, Stealthwatch, Deep analytics Firepower, DNA-C Sensor Sensor Sensor Sensor Sensor Industrial IoT Gateways / Industrial Industrial Sensor Networking Switching Compute Routing Wi-Fi (RF Mesh) Cyber Vision Sensors: Deep Packet Inspection Built into Network Elements TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 160 Network Elements Act as Passive Sensors Cyber Vision Center Centralized Analytics & Data Visualization Cisco Integrations Partner Integrations ISE, Stealthwatch, Deeper analytics Firepower, DNA-C Available today Future Sensor Sensor Sensor Sensor IR 1101 Gateway Catalyst 9000 Series Switch IC3000 Industrial Compute IE 3400 Switch Hardware-Sensor Network-Sensors To support brownfield Deep Packet Inspection built into network elements TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 161 CyberCyber VisionVision VisibilityVisibility DynamicDynamic CommunicationCommunication MapMap TECIOT-2400 © 20202020 CiscoCisco and/orand/or itsits affiliates.affiliates. AllAll rightsrights reserved.reserved. CiscoCisco PublicPublic 162 Demo: Airport Baggage Claim System Security 1. No Segmentation and Flat Networks with unmanaged switches Airport 2. Contractor connects to network to do IT Network maintenance 3. Malware Spreads from Contractor device 4. Increased traffic impacts critical devices and operators lose visibility into the process 1 Flight No. Flight No. 2 from from PLC PLC Actuators Drives Sensors HMIs Actuators Drives Sensors HMIs Barcode scanners TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 163 Airport Data Airport Baggage Claim with Cisco IoT Center Cisco DNA-C 1. Cyber Vision Identifies Assets and application flows Cisco ISE to enable segmentation via DNA-C and ISE Airport Cisco Cyber Vision 2. Cyber Vision detects application level changes IT Network 3. DNA-C & ISE integration restrict access and segment to prevent spreading Sensor Sensor Cisco IE Cisco IE 3400 with 3400 with Cyber Vision Cyber Vision 1 Flight No. Sensor Sensor Flight No. 2 from from PLC PLC Actuators Drives Sensors HMIs Actuators Drives Sensors HMIs TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 164 Firepower Management Centre Integration © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 165 In Summary A comprehensive security architecture for IoT Cyber Vision Center Operational Insights Threat Detection Cisco Firepower Cisco ISE Traffic Filtering Access Control T VISIBILITY A C L Sensor T O Cisco DNA-C Sensor Cisco Stealthwatch R Network Management AP Network Flow Analysis S Gateway Sensor Threat Threat Intelligence Response Switch Cyber Vision Sensors Deep Packet Inspection Built into Cisco Industrial Network Cisco Security for Industrial IoT TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 166 Data and Analytics for IoT The Value of IoT is in the Data! How do you access it when it’s so spread out? • Imagine a mega-field of oil with no way to extract it from the ground • Data needs to be extracted before it can be refined, and then used TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 168 In IoT, the “Things” are Distributed App App App App App App App App App App TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 169 Edge Computing + Cloud Management is Necessary of data will be created and Smart Critical processed outside a Insights biz decision 45%75% traditional centralized data center or cloud by 2025* Multi-Cloud Top Drivers Cost, Efficiency, Regulatory IoT Edge & Data Complexity Instrumenting / Sensors / Measuring stands in the way - bringing HW/SW components together * Gartner TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 170 Example: Fanuc • Data Collection • Edge Compute • Predictive Analytics • Proactive Part Replacement CELL 07 REPLACE BEARINGS Intelligence at the Edge is Needed Cisco IOx • Run distributed compute at the edge • Leverage secure connectivity of Cisco IOS software • Manageable with on-premises or cloud- based interface • Runs on wide variety of IoT platforms • Builds on existing developer tools and trainings on DevNet TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 172 Major Components of Cisco IOx IOx Cisco Cisco Application IOS / IOx Services Local Application Hosting Manager IOS-XE Framework Software (CAF) Application Management Linux TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 173 Example: IOx App Development with Docker Edge Network #> export DOCKER_HOST=tcp://***.**.***.***:**** #> exportdocker DOCKER_TLS=*run -–network=container:***** #> export--volume=/software/ DOCKER_API_VERSION=*.*caf/work/repo-docker/*** Enable Docker Access And Create App Profile On Edge --memory= 64m docker_image_name Setup Remote Access Environment On Dev Machine Transfer Docker Image To Edge Run & Test Container With App Profile < / > Developer TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 174 Iox Capable Edge Compute Technology IoT Edge Compute Network CGR 1120, 1240 IC3000 IR1101 IR829 IR809 IE3000 with Compute Module TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 175 Introducing Cisco Edge Intelligence Management App & Analytics App & Analytics EI Manager Cloud On-Prem App Management Provider DC GW Management Cyber Vision Edge Intelligence ISV Micro-svc IOx - Edge Compute Infrastructure IoT GW - Ready IoT networking/compute portfolio Edge to multi-cloud Out of the box experience with One stop solution data delivery centralized deployment for scale for IoT edge needs TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 176 Customer / Partner apps Customer / Partner User • Technician apps Persona • SI/OT Developer • SI/OT Soln Architect Azure/AWS IoT Hub Azure IoT Hub EI Manager for OT UI & Work Flow Azure/ AWS Infra Azure Stack/ DC Infra Control Path Data Path Edge Intelligence Edge GovernanceEngine NB Connector 1 NB Connector 2 NB Connector 3 NB Connector 4 NB Connector 5 Azure IoT MQTT Client AWS IoT …. …. EngineScripting Broker SB Connector 1 SB Connector 2 SB Connector 3 SB Connector 4 SB Connector 5 OPC ModBus EIP/CIP MQTT Server ….. IOx IC, IR, IE TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 177 Smart & Centralized to deploy across hundreds of Gateways -- Templates automatically push data policy to all locations Location 1 Location 2 Location 3 Location 4 TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 178 Kinetic Gateway Management Module (GMM) Configuration and Image Management of IoT Networking Gear Cisco GMM config APPs • Secure connection of IoT Devices • Secure IoT app lifecycle management • Simplified GW management at scale TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 179 Example: Large Transit Operator (2000 buses) LTE Gateway WiFi Gateway Mobile Radio LTE Gateway RFID LTE Gateways Fare Payment (e.g. Motorola, Telematics/ODB-II Passenger WiFi Automatic System Harris) (Engine, Bus Vehicle Logic Unit Passenger (e.g. Cubic performance, fuel (VLU) Counter monitoring, etc.) Compass) Voice (Init, Trapeze, Mobile Dispatch Clever Devices) Data System Terminal [HW and SW] Vehicle Video Sensors Security (Door, Bike rack, Tires, etc.) IP Video Cameras Destination Passenger Info PA System Signs Display Characteristics: Results: 1. VLU centric solution with custom hardware 1. Large hardware footprint & expensive airtime 2. Multiple LTE gateways, unnecessary CPUs 2. Significant OT overhead to deploy and manage 3. Minimal to no security 3. Significant security risks due to multiple networks 4. Legacy vendor lock-in TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 180 CAN bus - Controller Area Network Accessing and processing data from a vehicle Oil / Fuel Tire Pressure Steering wheel consumption monitor Stability Engine sensors Air Control Pressure Vehicle speed and acceleration • A Controller Area Network (CAN bus) is a vehicle bus standard allowing microcontrollers and devices to communicate with each other without a host computer • CAN bus provides a rich base of data for analysis TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 181 Consolidation of Networks and Applications Typical Legacy Hardware Next-gen Architecture 1. Consolidate to one dual-LTE/WiFi RFID Systems Gateway (reduce LTE costs, streamline LTE Gateway LTE Gateway Land Mobile Radio WiFi AP/Gateway LTE Gateways connectivity management) packaged with packaged with fare (e.g. Motorola, installed by WiFi installed by engine VLU System Harris, JVC) provider vendor & body builder • VLU, Signage, Video Cameras, APC, Vehicle Sensors • Fuel/Operations monitoring • WiFi • Fare Payment Vehicle Logic Unit Fare Payment System Voice Dispatch Passenger Vehicle (CAD/AVL) (e.g. Compass/Cubic) System WiFi Engine/Performance • VoIP dispatch E.g. Trapeze, INIT, Monitoring Clever Devices • Bus vendor telematics Fuel Monitoring Destination Signage (e.g. Transign) 2. Position next-gen, cloud-based Video Cameras (3- applications + edge compute 5) (multiple vendors) Automatic Passenger Counter 3. Layer in additional Cisco products: (e.g. Dilax) Security, ICs, Collab, Video, etc. Vehicle Sensors (Door, Bike rack, Tires, etc) TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 182 TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 183 Design Objectives: • Consolidate networks on bus Head Office • Network resiliency ASR1000 • Live data analysis • Easy to manage for OT FlexVPN Data Cisco Kinetic GMM LTE Provider 1 Tunnel LTE Provider 2 Kinetic GMM is the LTE 1 LTE 2 FlexVPN Control FlexVPN Control Plane Tunnel Dual-SIM Mobile Router (e.g. IR829) The vehicle on vehicle has one active LTE backhaul TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 184 IR 829 Block Diagram Serial 1 Gigabit Ethernet 0 RS232 DTE WAN SFP Serial 0 • 4 x 10/100/1000Mbs RJ45 switched Gigabit Ethernet ports RS232/RS485 With POE option ports with PoE option to share 30.8W + DCE/DTE GI 1 1 GE Routed port SFP GI 2 USB Type A port Dual Core CPU with • Serial ports and adapter for ODBII HW Crypto GI 3 (smart telematics interface) + • Dual Cellular interface Status LEDs Memory GI 4 + • GPS, Accelerometer/Gyroscope Storage Accelerometer + AP803 • Ignition/power management Gyroscope Wi-Fi • IOx Capable DC Power 3G/4G LTE + Ignition Power modem Management + GPS Mini-USB Type B 2nd 3G/4G LTE Console port modem + GPS IR 829 (roadmap) TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 185 VPN Performance at Scale (2000 IR829s) Tested in Cisco VPN performance validation labs, Belgium TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 186 Security and ISE Pushes policy for all buses, supervisor vehicles, etc. to ASR 1000 – managing on- Policy Control boarding and security for bus routers ASR1000 Cisco Kinetic (GMM) LTE Provider 1 LTE Provider 2 Kinetic GMM is the LTE 1 LTE 2 FlexVPN Control FlexVPN Control Plane Tunnel Dual-SIM Mobile Router (e.g. IR829) The vehicle on vehicle has one active LTE backhaul TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 187 ISE – Single Source of Policy Control aaa group server radius ISE server name ISE Per-Vehicle Configuration on Head ip vrf forwarding Mgmt-intf End Router (ASR 1000) ip radius source-interface GigabitEthernet0 ! crypto ikev2 keyring Flex_key aaa authorization network ISE group ISE peer TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 188 ISE – A Single Point of Policy Control TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 189 On-Boarding with Mobile App TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 190 Summary • IoT is a rapidly developing technology – new protocols, new access methods, new challenges • Wireless and Industrial Ethernet are the predominant access methods, but require specialized handling • IPv6 is taking hold as the networking protocol of choice and has been adapted for IoT use cases • Securing IoT is extremely challenging and requires visibility as the baseline • The future of IoT will be in how we analyze the data and leverage AI/ML TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 191 Tuesday, Jan. 28th Monday, Jan. 27th Wednesday, Jan. 29th BRKIOT-2600 BRKIOT-2213 16:45 Enabling OT-IT collaboration by 17:00 From Zero to IOx Hero transforming traditional industrial TECIOT-2400 networks to modern IoT Architectures IoT Fundamentals 08:45 BRKIOT-1618 Bootcamp 14:45 Industrial IoT Network Management PSOIOT-1156 16:00 using Cisco Industrial Network Director Securing Industrial – A Deep Dive. Networks: Introduction to Cisco Cyber Vision PSOIOT-2155 Enhancing the Commuter 13:30 BRKIOT-1775 Experience - Service Wireless technologies and 14:30 BRKIOT-2698 BRKIOT-1520 Provider WiFi at the Use Cases in Industrial IOT Industrial IoT Routing – Connectivity 12:15 Cisco Remote & Mobile Asset speed of Trains and Beyond Solutions PSOIOT-2197 Cisco Innovates Autonomous 14:00 TECIOT-2000 Vehicles & Roadways w/ IoT BRKIOT-2497 BRKIOT-2900 Understanding Cisco's 14:30 IoT Solutions for Smart Cities and 11:00 Automating the Network of Internet Of Things (IOT) BRKIOT-2108 Communities Industrial Automation Solutions Connected Factory Architecture Theory and 11:00 Practice PSOIOT-2100 BRKIOT-1291 Unlock New Market 16:15 Opening Keynote 09:00 08:30 Opportunities with LoRaWAN for IOT Enterprises Embedded Cisco services Technologies IOT IOT IOT Track #CLEMEA © 2020www.ciscolive.com/emea/learn/technology Cisco and/or its affiliates. All rights reserved. Cisco-tracks Public.html Cisco Live Thursday, Jan. 30th Celebration 18:30 Friday, Jan. 31st Guest Keynote 17:00 BRKIOT-2548 BRKIOT-2100 Cisco Distributed 08:30 IoT and Intent-Based Networking Automation Solutions Solutions for Smart Cities and Connected Roadways 11:30 BRKIOT-2225 BRKIOT-3511 BRKIOT-2003 A security design for enabling IoT gateway scalable 09:45 Digital Building Theory & Practice deployment with Cisco Industry 4.0 Kinetic Gateway Management Module (GMM) BRKIOT-2204 BRKIOT-2394 Leveraging industrial BRKIOT-2526 Unlocking the Mystery of Machine 09:00 device visibility and 11:15 Wi-Fi Technology in Learning and Big Data operational intent to 14:45 Industrial IoT inform security policies and controls PSOIOT-2400 Bringing IT and OT together PSOIOT-1151 to drive business benefits Achieving business 13:15 outcomes using IoT 13:30 solutions IOT IOT IOT Track #CLEMEA © 2020www.ciscolive.com/emea/learn/technology Cisco and/or its affiliates. All rights reserved. Cisco-tracks Public.html Complete your online session • Please complete your session survey survey after each session. Your feedback is very important. • Complete a minimum of 4 session surveys and the Overall Conference survey (starting on Thursday) to receive your Cisco Live t-shirt. • All surveys can be taken in the Cisco Events Mobile App or by logging in to the Content Catalog on ciscolive.com/emea. Cisco Live sessions will be available for viewing on demand after the event at ciscolive.com. TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 194 Continue your education Demos in the Walk-in labs Cisco campus Meet the engineer Related sessions 1:1 meetings TECIOT-2400 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 195 Thank you