CPwE Parallel Redundancy Protocol Overview

This chapter includes the following major topics:

“CPwE PRP Introduction” section

“CPwE Overview” section

“CPwE Parallel Redundancy Protocol Use Cases” section

“CPwE Resilient IACS Architectures Overview” section

CPwE PRP Introduction

The prevailing trend in Industrial Automation and Control System (IACS) networking is the convergence of technology, specifically IACS operational technology (OT) with information technology (IT). Converged Plantwide Ethernet (CPwE) helps to enable IACS network and security technology convergence, including OT-IT persona convergence, by using standard Ethernet, Internet Protocol (IP), network services, security services, and EtherNet/IP. A highly available converged plant-wide or site-wide IACS architecture helps to enable the Industrial Internet of Things (IIoT).

Business practices, corporate standards, policies, industry standards, and tolerance to risk are key factors in determining the degree of resiliency and application availability required within an IACS plant-wide or site-wide architecture, e.g., non-resilient LAN, resilient LAN, or redundant LANs. A highly available network architecture within an IACS application plays a pivotal role in helping to minimize the risk of IACS application shutdowns while helping to maximize overall plant or site uptime.

A holistic resilient plant-wide or site-wide network architecture is composed of multiple technologies (logical and physical) deployed at different levels within the plant or site. When selecting a resiliency technology, various plant or site application factors should be evaluated, including the physical layout of IACS devices (geographic dispersion), recovery time performance, uplink media type, tolerance to data latency and jitter, and future-ready requirements. For more information on resiliency technology, refer to Deploying a Resilient Converged Plantwide Ethernet Architecture (CPwE Resiliency) Design and Implementation Guide (DIG).

Deploying Parallel Redundancy Protocol within a Converged Plantwide Ethernet Architecture (CPwE PRP) outlines several use cases for designing and deploying PRP technology with redundant network infrastructure across plant-wide or site-wide IACS applications. CPwE PRP is an extension to CPwE Resiliency and was architected, tested and validated by Rockwell Automation with assistance by Cisco Systems and Panduit.

CPwE Overview

CPwE is the underlying architecture that provides standard network and security services for control and information disciplines, devices, and equipment found in modern IACS applications. The CPwE architectures (Figure 1-1) were architected, tested, and validated to provide design and implementation guidance, test results, and documented configuration settings. This can help to achieve the real-time communication, reliability, scalability, security, and resiliency requirements of modern IACS applications. The content and key tenets of CPwE are relevant to both OT and IT disciplines.

CPwE key tenets include:

  • Smart IIoT devices—Controllers, I/O, drives, instrumentation, actuators, analytics, and a single IIoT network technology (EtherNet/IP), facilitating both technology coexistence and IACS device interoperability, which helps to enable the choice of best-in-class IACS devices.
  • Zoning (segmentation)—Smaller connected LANs, functional areas, and security groups (smaller trust zones).
  • Managed infrastructure—Managed Allen-Bradley® Stratix® industrial Ethernet switches (IES), Cisco Catalyst® distribution/core switches, and Stratix industrial firewalls.
  • Resiliency—Robust physical layer and resilient or redundant topologies with resiliency protocols.
  • Time-critical data—Data prioritization and time synchronization via CIP Sync™ and IEEE-1588 Precision Time Protocol (PTP).
  • Wireless—Unified wireless LAN (WLAN) to enable mobility for personnel and equipment.
  • Holistic defense-in-depth security—Multiple layers of diverse technologies for threat detection and prevention, implemented by different persona (for example, OT and IT) and applied at different levels of the plant-wide or site-wide IACS architecture.
  • Convergence-ready—Seamless plant-wide or site-wide integration by trusted partner applications.

Figure 1-1 CPwE Architectures

 

256705.jpg

CPwE Parallel Redundancy Protocol Use Cases

An IACS is deployed in a wide variety of industries such as automotive, pharmaceuticals, Consumer Packaged Goods, pulp and paper, oil and gas, mining, and energy. IACS applications are composed of multiple control and information disciplines such as continuous process, batch, discrete, and hybrid combinations. One of the challenges facing industrial operations is the industrial hardening of standard Ethernet and IP-converged IACS networking technologies to take advantage of the business benefits associated with IIoT. A high availability network architecture (Figure 1-2) can help to reduce the impact of a network failure on a mission-critical IIoT IACS application.

Parallel Redundancy Protocol (PRP) is a standard defined in IEC 62439-3 and is adopted in the ODVA, Inc. EtherNet/IP specification. PRP technology creates seamless network redundancy by allowing PRP enabled IACS devices to send duplicate Ethernet frames over two independent Local Area Networks (LANs). If a failure occurs in one of the LANs, traffic continues to flow through the other LAN uninterrupted with zero convergence time.

An IACS device enabled with PRP technology has two ports that operate in parallel and attach to two independent LANs (Figure 1-2), e.g., LAN A and LAN B. This type of IACS device is known as a PRP double attached node (DAN). During normal network operation, an IACS DAN simultaneously sends and receives duplicate Ethernet frames across both LAN A and LAN B. The receiving IACS DAN accepts whichever frame arrives first and discards the subsequent copy.

IACS devices that do not support the PRP technology can use a PRP redundancy box (RedBox) to connect to the two independent LANs (Figure 1-2). The RedBox functions similarly to the DAN; a PRP enabled IES is an example of a RedBox.

IACS devices that connect to both LAN A and LAN B through a RedBox are referred to as a PRP Virtual DAN (VDAN).

A single attached node (SAN) is an IACS device without PRP support that only resides on either LAN A or LAN B.

PRP supports flexible LAN topologies including linear, star, redundant star, and ring topologies. If both LAN topologies are resilient and single-fault tolerant, PRP architecture can recover from multiple faults in the network. There is no convergence time in a PRP network after a fault in one of the LANs.

In contrast, other resiliency technologies are typically single-fault tolerant, are a single LAN, and use redundant path topologies (e.g., ring and redundant star). A resiliency protocol is used to forward Ethernet frames along one physical path while blocking the other physical path to avoid Ethernet loops. Network convergence times vary across resiliency technologies. Convergence time disruption is defined as the time that it takes to discover a failure (e.g., link or device) along a path, unblock the blocked path, then start forwarding Ethernet frames along that unblocked path. For example, the convergence time for the ODVA, Inc. Device Level Ring (DLR) protocol standard is 3 ms.

Figure 1-2 Representative Plant-wide or Site-wide PRP Deployment

 

387863.jpg

For more information on PRP, see EtherNet/IP Parallel Redundancy Protocol Application Technique
 https://literature.rockwellautomation.com/idc/groups/literature/documents/at/enet-at006_-en-p.pdf

CPwE PRP outlines the concepts, requirements, and technology solutions for reference designs developed around a specific set of priority use cases. These use cases were tested for solution functional validation by Cisco Systems and Rockwell Automation with assistance by Panduit. This helps support a redundant converged plant-wide or site-wide EtherNet/IP IACS architecture.

The CPwE PRP Design and Implementation Guide includes:

  • Parallel Redundancy Protocol technology overview
  • Design and configuration considerations for plant-wide or site-wide IACS PRP deployments

blank.gif Topology choices

blank.gif PRP devices— e.g., DAN, VDAN, SAN, and RedBox

blank.gif Distribution switch selection

  • Selection of Industrial Ethernet Switches (IES)

blank.gif Allen-Bradley Stratix 5700, Stratix 5400, and Stratix 5800 IES as LAN A and LAN B switches

blank.gif Allen-Bradley Stratix 5800, Stratix 5400, and Stratix 5410 RedBox IES

CPwE Resilient IACS Architectures Overview

Protecting availability for IACS assets requires a defense-in-depth approach where different solutions are needed to address various network resiliency requirements for a plant-wide or site-wide architecture. This section summarizes the existing Cisco, Panduit and Rockwell Automation CPwE Cisco Validated Designs (CVDs) and Cisco Reference Designs (CRDs) that address different aspects of availability for IIoT IACS applications.

  • Deploying A Resilient Converged Plantwide Ethernet Architecture Design and Implementation Guide outlines several use cases for designing and deploying resilient plant-wide or site-wide architectures for IACS applications, using a robust physical layer and resilient LAN topologies with resiliency protocols.

blank.gif Rockwell Automation site:
https://literature.rockwellautomation.com/idc/groups/literature/documents/td/enet-td010_-en-p.pdf

blank.gif Cisco site:
https://www.cisco.com/c/en/us/solutions/enterprise/design-zone-manufacturing/landing_ettf.html

  • Deploying Device Level Ring within a Converged Plantwide Ethernet Architecture Design Guide outlines several use cases for designing and deploying DLR technology with IACS device-level, switch-level, and mixed device/switch-level single and multiple ring topologies across OEM and plant-wide or site-wide IACS applications.

blank.gif Rockwell Automation site:
https://literature.rockwellautomation.com/idc/groups/literature/documents/td/enet-td015_-en-p.pdf

blank.gif Cisco site:
https://www.cisco.com/c/en/us/solutions/enterprise/design-zone-manufacturing/landing_ettf.html

  • Physical Infrastructure for the Converged Plantwide Ethernet Architecture Application Guide helps customers address the physical deployment associated with converged plant-wide or site-wide EtherNet/IP architectures. As a result, users can achieve resilient, scalable EtherNet/IP networks that can support proven and flexible CPwE logical architectures designed to help optimize OEM, plant-wide or site-wide IACS network performance.

blank.gif Rockwell Automation site: https://literature.rockwellautomation.com/idc/groups/literature/documents/td/enet-td020_-en-p.pdf

blank.gif Cisco site:
https://www.cisco.com/c/en/us/td/docs/solutions/Verticals/CPwE/5-1/Phy_Arch/CPwE_PhyArch_AppGuide.html