Introduction to IT Networking Featuring Robert Lastinger from Distech Controls Agenda • Internet • Static IP • DHCP • IP Routing • Gateway • Subnet • NAT • DNS and Hosting • External Access: Firewalls, VPNs Internet Internet Layer
The Internet layer is responsible for placing data that needs to be transmitted into data packets known as IP datagrams. These will contain the source and destination addresses for the data within. This layer is also responsible for routing the IP datagrams. The main protocols included at Internet layer are IP (Internet Protocol), ICMP (Internet Control Message Protocol), ARP (Address Resolution Protocol), RARP (Reverse Address Resolution Protocol) and IGMP (Internet Group Management Protocol). Terms you will commonly hear that relate to this layer are IPV4 and IPV6. For the purposes of this training we will only be talking about IPV4. IP Addressing
192.168.99.11
192.168.12.1 192.168.12.101
192.168.12.100
192.168.12.2
Network mask: 255.255.255.0 (/24) Default gateway: 192.168.12.1 Notable IP Addresses • Loopback/localhost (127.0.0.0/8) • Private network (10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12) • Network source address (0.0.0.0/8) • Reserved (anything between 224.0.0.0 and 255.255.255.254) • Limited broadcast (255.255.255.255) • Last IP in a subnet ONS-S8 and ONS-NC600
ONS-C1601pi
ONS-YX
Network ONS-C401i Router/core switch ONS-C2410p
ONS-YX
Optical fiber ONS-C401i ONS-C401i Ethernet Static IP IPV4
DHCP (Dynamic Host Configuration Protocol)
DHCP Lease (Dynamic vs Reserved)
Static IP
Subnet
Gateway
DNS ( Domain Name System) DHCP DHCP
DHCP – is a client/server protocol that automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information such as the subnet mask and default gateway.
How it Works - DHCP provides an automated way to distribute and update IP addresses and other configuration information on a network. Typically a DHCP server will respond to requests from clients with an address that resides in the DHCP Scope. Along with IP addresses, DHCP servers can provide other information concerning the network if they are configured to do so.
DHCP Scope - A DHCP scope is a valid range of IP addresses that are available for assignment or lease to client computers on a particular subnet. In a DHCP server, a scope is configured to determine the address pool of IPs that the server can provide to DHCP clients. DHCP Dynamic & Reserved Leases
Dynamic Lease - When an address has a dynamic lease, the DHCP server can manage the address by allocating it to a client, extending the lease time, detecting when it is no longer in use, and reclaiming it.
Lease Reservation (Static DHCP) - A DHCP reservation is a permanent IP address assignment. It is a specific IP address within a DHCP scope that is permanently reserved for leased use to a specific DHCP client.
Lease Reservations are preferred over dynamic leases in controls networks. Knowing the IP address of a controller can be critical to sending and receiving data to other devices in the same network. Ensuring that the IP address doesn’t change will make the system easier to configure and manage. To make use of Lease Reservations you will need to know the MAC address for the controller. You will need to provide this to whoever is managing the DHCP Server so they can ensure each controller gets the IP address it’s supposed to have. Dynamic & Reserved Leases
Static IP (Fixed IP Address) – A manually configured IP addresses for a device. The IP address is referred to as static because it does not change without user input.
How it Works – When setting up a controller you will manually assign an IP address that corresponds to the IP range chosen for the job or assigned by the IT department. Each device on network the must have a unique IP address and each device will have to be manually assigned. The major disadvantage that static IP addresses have over dynamic addresses is that you have to configure the devices manually. Typically this is done on a per- device basis. ONS-S8 and ONS-NC600
ONS-C1601pi
ONS-YX Integrated DHCP Server
Network ONS-C401i
Router/gateway ONS-C2410p Standalone DHCP Server
10.10.100.0/24 10.10.200.0/24
ONS-YX
192.168.215.10 Optical fiber ONS-C401i ONS-C401i Ethernet IP Routing 192.168.11.20/24 IP Routing Default gateway: 192.168.11.1
192.168.11.1/24
10.10.0.254/16 192.168.12.1/24
192.168.12.2/24 10.10.88.100/16 Default gateway: 192.168.12.1 Default gateway: 10.10.0.254
Example route: 10.10.88.100 → 10.10.0.254 → 192.168.11.1 → 192.168.11.20
• Routes based on routing table • Routers do not pass broadcast packets • Reason we have BBMDs (BACnet Broadcast Management Devices) OPTIGO NETWORKS Campus ONS-S8 and ONS-NC600 in city B
ONS-C1601pi
Router/ gateway ONS-YX
Router/ gateway Internet ONS-C401i
ONS-C2410p
Router Building #3
ONS-YX Building Optical fiber #2 ONS-C401i ONS-C401i Ethernet Gateway Gateway
Gateway: Typically, in a TCP/IP network, nodes such as servers, workstations and network devices each have a defined default route setting, (pointing to the default gateway), defining where to send packets for IP addresses for which they can determine no specific route. The gateway is by definition a router. Subnet Subnet
A Subnet or a Sub Network is a logical subdivision of an IP network. The practice of dividing a network into two or more networks is called subnetting. A subnet is basically a smaller network within a larger one. We can subdivide a larger network to create a smaller network for our controllers and devices on a job and we can control how much of the network sees our broadcast traffic. Subnetting
Using two subnets that are very close to each other in appearance can show just how important this is. The subnet 255.255.255.0 and 255.255.254.0 look very similar. The only difference between the two is in the third octet where one is 255 and the other is 254. Even though this would appear to be a small difference it’s not when it comes to broadcast traffic. The subnet 255.255.255.0 can broadcast to a total of 256 hosts. The subnet 255.255.254.0 can broadcast to a total of 512 hosts. Choosing the correct subnet for a controls network with IP based controllers is critical to the speed, reliability and stability of the network. Subnetting
Fully understanding subnetting can take time and a lot of reading. Until you have the time to review and understand the concepts it’s best to remember some simple rules.
Think Small – If you only have 10 IP based controllers for a job you would want a subnet of 255.255.255.224 which can broadcast to a total of 32 hosts. If you have a customer who gives you the subnet 255.255.0.0 for all your controllers. You should ask them to check with their IT dept to ensure that it needs to be this big. A subnet of 255.255.0.0 can broadcast to 65,536 hosts, which is far more than you would want for a controls network.
Subnet Calculator – Use a subnet calculator. They are widely available on the Internet and there are a large number of apps available for mobile devices. This will help to avoid mistakes and make planning your next job much easier. NAT Network Address Translation (NAT)
Many Private IPs
192.168.0.5 Single Public IP
192.168.0.6 206.12.0.100 Router/Gateway Internet 192.168.0.7 with NAT
What does it do? • Convert all private IP address as one public IP address • Uses port mapping to provide uniqueness • Example: • 192.168.1.5:8080 ←→ 206.12.0.100:23456 • 192.168.1.7:80 ←→ 206.12.0.100:23457 Why use NAT?
Limited number of public IP Addresses • Despite the huge number of IP Addresses available (approximately 4.3 billion!) the internet is running out of routable IP Addresses • Billions of IoT devices coming online and growing very fast • OT is contributing heavily to this increase • Likely an OT project will be assigned less public IP Addresses than devices
Added Security • IP Addresses in the private network are not directly routable/visible • Hackers would need to scan/probe ports to find NATed devices (easily detectable) ONS-S8 and ONS-NC600
ONS-C1601pi
Integrated NAT on ONS-YX Router/Gateway
Network ONS-C401i
ONS-C2410p
ONS-YX
Optical fiber ONS-C401i ONS-C401i Ethernet DNS and Hosting DNS
URL IP www.optigo.net DNS 69.67.187.44
§ DNS (Domain Name System) – The Internet's system for converting alphabetic names into numeric IP Domain Name Service (DNS) addresses. For example, when a Web • DNS is the yellow pages of the internet address (URxL) is typed into a browser, • Maps hostnames to IP Addresses DNS servers return the IP address of • Central registry hosted by trusted companies (ISP, Google, etc..) the Web server associated with that name. Notable DNS servers
• Internet Service Provides will provide DNS however you can use these publicly available DNS servers as well • Google (8.8.8.8) • Quad9 (9.9.9.9) • OpenDNS (208.67.222.222) ONS-S8 and ONS-NC600
ISP or Public DNS Server
ONS-C1601pi
ONS-YX
Internet ONS-C401i
Router/gateway ONS-C2410p Local DNS Server
ONS-YX
Optical fiber ONS-C401i ONS-C401i Ethernet External Access: Firewall and VPN Firewall and VPN
Firewall • permit/block traffic based on rules • Example: • Only port 47808 may exit
VPN • Extend network over a secure encrypted tunnel • Give remote trusted device(s) a local IP address ONS-S8 and ONS-NC600
ONS-C1601pi
ONS-YX
Integrated Firewall/router/ gateway
Network ONS-C401i VPN server
Standalone ONS-C2410p Firewall
ONS-YX
Optical fiber ONS-C401i ONS-C401i Ethernet Thank you.
Optigo Networks Inc. www.optigo.net 1-888-629-6559
1200 – 555 West Hastings St Vancouver, BC Canada, V6B 4N6