Industrial Communications Handbook August 2016

it may be necessary to reconfigure some software to work with the new ranges—such as SCADA and other monitoring or control software—as well as firewall and routing configurations. 6.7 Routing Routing is directly and intrinsically related to the IP structuring on the network. On a Greenfield project de- signing routing is similar to designing the IP structuring for the network. The same information is required as for designing IP structures (list of devices and segregation framework), as well as a list of what devices need to intercommunicate with each other. From here, it be- comes simple matter of planning out the routing table and configuring the routing rules on all the routers. In some cases it may also be possible to clean up the rout- ing tables by super-netting multiple IP ranges together, depending on the network design. In an existing network that is being expanded, rout- ing is similar to IP structure design, in that it can prove to be extremely easy or monumentally hard. In some cases it may be a simple case of adding a new route or two to the routing table to cater for the new devices on the network, whilst in others a complete redesign of the network is required depending on the complexity of the routing system. Furthermore, a redesign will require reconfiguration of all end devices that require routing, as their gateway IP address will need to be changed to match the new network design. This again shows the importance of correctly planning not only for the origi- nal network in the starting phases, but also for future upgrades and expansion. 6.8 Firewalls A router is set up to move data between different sub- nets. However, it only gives control over what data will be routed where, not control over what data is allowed to be routed where. For this, a firewall is required on the network. Most industrial routers these days include a firewall, but it is important to make the distinction between the routing component of the device and the firewall. Setting up a firewall on a mission-critical site is closely tied in with the router setup, and since both are performed together, the firewall setup follows a similar

pattern to the routing setup when viewed from a Green- field/non-Greenfield perspective. On an expanding net- work, if we have originally catered correctly for the ex- pansion, firewall setup will involve either setting up a few new rules on an existing firewall, or implementing a completely new firewall if none exists. Both options are pretty straightforward as long as all the requirements are clearly laid out. If the entire network needs to be redesigned, the firewall will need to be reconfigured entirely and this could be a time-drain and can cause downtime on the mission-critical network. On a Greenfield project, the firewall will also need to be configured from scratch. As long as the previous steps and all firewall requirements have been laid out in a clear fashion, the actual configuration should not take too long a period of time. Because firewalls (and routing) are so closely tied in with the IP structure, the amount of work that needs to be invested in the router setup is largely dependent on the complexity and chang- es on the IP structure of the network. However, as with most other points, the ‘clean slate’ provided by a Green- field project will generally provide time and production savings, and also give the option of designing the net- work to fit the application, rather than designing the ap- plication to fit the network. 6.9 Less stress Greenfield projects are almost always easier to work on than existing networks, and if the benefits they provide are understood and utilised, commissioning a stable and secure network can be created from the get go. If all steps are properly documented along the way, main- taining this network should also prove to be straightfor- ward. On the other hand, constantly making unplanned changes and expansions on an existing network can lead to a frustrating mess that constantly causes prob- lems, especially if the changes are not properly docu- mented. One of the most important considerations of a Greenfield project, as has been stressed many times, is to plan properly for future expansion and upgrades. This will lead to time and production savings, as well as greatly decreased frustration and stress for those who are in charge of maintaining the network and attached devices.

41

industrial communications handbook 2016