The job I am currently working on uses ignition to control their batching process. All the devices are class A (10.x.x.x). I would like to use it to also provide an overview of production equipment which are all class C (192.168.68.x, 192.168.88.x, 192.168.1x and so on). What is the best way preferably without a router for each.
Is there an existing bridge between the various networks?
Who administers it?
There currently there isn't, each production machine has its own self contained network for things like PLC, hmi, vfd, servo drives.
I suggest that a router is the best way to go - despite your reluctance.
- Get a multi-NAT router for each production machine.
- Give the router a 10.0.0.0 address and create a WAN IP address for each device that requires access.
- Create a NAT rule for each device tying the WAN IP to the NAT IP.
I used Ubiquiti EdgeRouter X for about 30 machines. They're not industrial but were metal cased and very economical. I fitted a DIN rail clip to each for panel mounting. They can be powered from 12 to 12 V DC. (Buy some screw-terminal jack plugs for this.)
If money is no object then buy something more industrial.
You need to restrict this as much as you can to allow only necessary connections.
2 Likes
As long as they're all on unique subnets, you could get a single router and set up routing between all the subnets and would just need to put gateway IPs put into the PLCs to get everything to communicate.
We physically segregate between IO networks with our plant devices and corporate networks wherever possible, ignoring the IT guys' protestations that they can VLAN / route traffic, etc, etc.
Separate routers, separate cables, with very, very limited routing between them.
This is based on several experiences of CIP devices just occasionally - just so occasionally! - losing connection due to network issues.
Yes, it adds install cost. Yes, it's totally worth it. We had a couple of customer networks where we learned this the hard way. Just occasionally - multiplied many times - is well and truly enough to make the difference between a site that is considered reliable and one that is not.
Having our OT switches that we have a relatively free hand to administer, that the IT guys leave alone, and that will never ever be affected or affect site IT is beneficial for everyone.
Can second the router per machine, per few machines poster here. A few Edgerouters don't cost much, and you can keep things really simple.
1 Like