Mesh Control

(1)

B0700AZ

REV L

I/

I/A

A Se

Seri

ries

es

®

System

The MESH Control

The MESH Control Network Architecture Guide

Network Architecture Guide

October 15, 2009

(2)

(3)

Invensys, F

Invensys, Foxboro, FoxVoxboro, FoxViewiew, I/A, I/A Series, and the IPS Series, and the IPS logo are trademarks of Invlogo are trademarks of Invensysensys plc, its subsidiaries andplc, its subsidiaries and affiliates.

affiliates.

All other brand names may be trademarks of their respec

All other brand names may be trademarks of their respective owners.tive owners.

Copyr

SOFTW

SOFTWARE LICENSE ARE LICENSE AND COPYRIGHT AND COPYRIGHT INFORMAINFORMATIONTION Before usin

Before using the Invg the Invensysensys Systems,Systems, Inc. supplied Inc. supplied software supsoftware supported by this docported by this documentation, youumentation, you should read and understand the

should read and understand the following information concerninfollowing information concerning copyrighted software.g copyrighted software. 1.

1. The license The license provisionprovisions in ths in the software e software license for license for your system your system govern govern your oblyour obligationsigations and usage rights to the software described in this documentation. If any

and usage rights to the software described in this documentation. If any portion ofportion of those license pr

those license provisions ovisions is violated, Invis violated, Invensysensys Systems,Systems, Inc. will Inc. will no longer prono longer provide youvide you with support services and ass

with support services and assumes no further resumes no further responsibilities for yoponsibilities for your system or itsur system or its operation.

operation. 2.

2. All sAll softwaoftware isre issued bsued by Invy Invensyensyss SysSystems,tems, Inc. Inc. and coand copies opies of the sf the softwaoftware thre that you at you areare specifically permitted to make,

specifically permitted to make, are protected in accordance with Federal copyrightare protected in accordance with Federal copyright laws. It is illegal to make copies

laws. It is illegal to make copies of any software media provided to you byof any software media provided to you by Invensys

Invensys Systems,Systems, Inc. for Inc. for any purposany purpose other than e other than those purposes those purposes mentioned in mentioned in thethe software license.

(4)

Figures

1-1. Linear Topology ... 5

1-2. Ring Topology (Standard Configuration Only) ... 6

1-3. Star Topology ... 8

1-4. Inverted Tree Topology ... 10

1-5. Modified Inverted Tree Topology ... 11

1-6. The MESH Control Network (Star Topology Shown) ... 13

1-7. The MESH Control Network with an I/O Network ... 14

2-1. Large Network (Security Enhanced Configuration) ... 33

2-2. Small Network (Standard Configuration) ... 38

2-3. Medium Network (Ring) (Standard Configuration) ... 39

2-4. Medium or Large Network (Star) (Standard Configuration) ... 40

2-5. Medium or Large Network (Double Star) (Standard Configuration) ... 41

2-6. Large Network - All Blades (Standard Configuration) ... 42

2-7. Large Network - Inverted Stepped Tier Tree - All Blades (Standard Configuration) .... 44

2-8. Large Network - Blades and Low-Cost Switches (Standard Configuration) ... 45

2-9. The MESH Control Network Tiers ... 47

2-10. Root Switches Connected ... 48

2-11. Second Tier Connections ... 49

2-12. Third Tier Connections ... 50

2-13. Fourth Tier Connections ... 50

2-14. Labeling the Switches ... 51

2-15. Small Network (Security Enhanced Configuration) ... 52

2-16. Star Topology (Security Enhanced Configuration) ... 53

2-17. Double Star Topology (Security Enhanced Configuration) ... 54

2-18. Inverted Tree Topology (Security Enhanced Configuration) ... 56

2-19. Modified Inverted Tree Topology (Security Enhanced Configuration) ... 58

2-20. Switch to Switch and Switch to Patch Panel Connections ... 63

2-21. FCP270, ZCP270, FCM100Et and FCM100E Signal Cabling ... 65

3-1. Switch-to-Switch Fiber via Uplink Port ... 69

3-2. Port-to-Port Connection via Fiber Optic Ports ... 69

3-3. Connecting Switches via RJ-45 Ports ... 70

4-1. Accessing SMDH Switched Network Displays ... 75

4-2. SMDH Switched Network Display ... 76

4-3. Switch Equipment Change Display ... 77

4-4. Switch Equipment Information Display ... 78

4-5. Switch Configuration Information Display ... 80

4-6. Switch Domain Display ... 81

4-7. Switch Ports Display - Typical ... 82

4-8. Switch Equipment Change Display ... 83

4-9. Switch Port Equipment Information Display - Typical ... 84

4-10. SC Connector, Typical ... 86

4-11. Multimode MT-RJ Connector ... 87

(9)

B0700AZ– RevL Figures

5-1. Combining Two Star Network Topologies Into One Tree Network Topology

(Before) ... ... ... 93 5-2. Combining Two Star Network Topologies Into One Tree Network Topology (After) 93 5-3. Combining a Star Network Topology with a Tree Network Topology Into One Tree

Network Topology (Before) ... 95 5-4. Combining a Star Network Topology with a Tree Network Topology Into One Tree

Network Topology (After) ... 95 5-5. Combining Two Tree Network Topologies Into One Tree Network Topology

(Before) ... ... ... 96 5-6. Combining Two Tree Network Topologies Into One Tree Network Topology

(After) ... ... ... 96 5-7. Combining Two (4) Tier Tree Network Topologies Into One (4) Tier Tree Network

Topology (After) ... 97 5-8. Combining Ring Network Topologies ... 98

(10)

Tables

1-1. The MESH Control Network Specifications ... 15

1-2. NetSight Console Policies ... 20

1-3. NetSight Client Policy ... 21

1-4. NetSight Policy Bundle ... 21

1-5. NetSight Advanced Bundle ... 21

1-6. NetSight Single User Policy ... 22

1-7. NetSight A-La-Carte Plug-Ins ... 22

1-8. NetSight Appliance Policy ... 22

2-1. Fiber Cable Power Losses ... 59

2-2. Multimode Fiber Cables with LC Connectors ... 60

2-3. Multimode Fiber Cables with MT-RJ to ST Connectors ... 60

2-4. Multimode Fiber Cable with LC and SC Connectors ... 61

2-5. Copper Cables with RJ-45 Connectors ... 61

2-6. Single Mode Fiber Optic Cable - Maximum Transmission ... 61

2-7. Single Mode Fiber Optic Jumper Cables ... 62

2-8. Fiber Optic Cables ... 64

2-9. CAT5 Cable - Maximum Transmission Distance ... 66

2-10. Prefabricated CAT5 STP Cables with RJ-45 Connectors ... 66

2-11. Null Hub ... 66

3-1. Methods of Connecting Ethernet Switches ... 68

4-1. IP Address Assignments ... 71

4-2. Switch Equipment Change Display Actions ... 77

4-3. Switch Equipment Information Display Fields ... 78

4-4. Switch Configuration Information Display Fields ... 80

4-5. Switch Equipment Change Actions ... 83

4-6. Switch Port Equipment Information Display Fields ... 84

(11)

(12)

Preface

Purpose

This document provides overview guidelines and requirements for designing, installing, and maintaining The MESH control network. Topics include:

♦ Site Planning ♦ Installation ♦ Maintenance.

Additional documentation provides the information specific to the hardware for The MESH control network. These books are listed in “Reference Documents” below.

For detailed and specific information on the Ethernet equipment, refer to the documentation sup-plied by the switch vendor. These documents may also be available on the IPS Global Client Sup-port web site athttp://support.ips.invensys.com.The MESH control network documents for

I/A Series® systems are available on The MESH Network Configuration Tool CD-ROM (K0173ZU).

Audience

This book is intended for use by process engineering, operations, installation, and maintenance personnel. They are expected to have a working knowledge of Ethernet LANs and I/A Series con-figurations.

Revision Information

For this revision of the document (B0700AZ-L), the following changes were made: Chapter 1 “Introduction”

♦ Significantly expanded “Network Example” on page 12.

♦ Updated references to Invensys in “Advantages of Invensys-Supplied Switches” on

page 16.

♦ Updated Figure 1-6 “The MESH Control Network (Star Topology Shown)” on

page 13.

♦ Updated “The MESH Control Network Management Software Tool, NetSight®

Console” on page 20 to reflect the NetSight® products currently offered. Chapter 2 “Site Planning”

♦ Minor edits to “Switch Utilization in the Standard Configurations” on page 28. ♦ Added “I/O Network Design Rules” on page 36.

(13)

B0700AZ– RevL Preface

Reference Documents

The following documents provide additional or related information to the hardware used in The MESH control network:

♦ A-Series (P0973BH/P0973BJ/P0973BK) Switches, Hardware and Software Configura-

tion Instructions (B0700CH)

♦ The MESH Control Network Hardware Instructions for C-Series Switches

(P0973BL/HA) (B0700CJ)

♦ The MESH Control Network Hardware Instructions for N-Series Switches

(P0973AR/P0973AS/P0972YE) (B0700CK)

♦ V-Series (P0972WP/P0972YC) Switches, Hardware and Software Configuration Instruc-

tions (B0700CL)

♦ E7 Chassis and 16-port Fiber (P0972MK/P0972MJ) Switches, Hardware and Software

Configuration Instructions (B0700CM)

♦ I-Series (P0973GB) Industrial Switch, Hardware and Software Configuration Instruc-

tions (B0700CN)

♦ Media Converter Installation and Configuration Guide for Control Networks (B0700CP)

The following documents provide additional or related information to The MESH control network concepts:

♦ The MESH Control Network Operation, and Switch Installation and Configuration

Guide (B0700CA)

♦ The MESH Control Network Architecture (PSS 21H-7C2 B3)

♦ The MESH Control Network Ethernet Equipment (PSS 21H-7C3 B4) ♦ I/A Series System Definition: A Step-by-Step Procedure (B0193WQ) ♦ I/A Series Configuration Component (IACC) User’s Guide (B0400BP).

(14)

Terms and Definitions

10Base-T 10 Mb twisted-pair Ethernet 100Base-TX 100 Mb twisted-pair Fast Ethernet 100Base-FX 100 Mb fiber optic Fast Ethernet

1000Base-LX IEEE 802.3z specification for Gigabit Ethernet over two strands of 50/125 or 62.5/125 micron core MMF or 9/125 micron core SMF fiber cable using long wavelength optical transmission.

1000Base-SX IEEE 802.3z specification for Gigabit Ethernet over two strands of

50/125 or 62.5/125 micron core MMF fiber cable using short wavelength optical transmission.

1000Base-ZX IEEE 802.3z specification for Gigabit Ethernet over two strands of 9/125 micron core SMF fiber cable using 1550 nm wavelength optical transmis-sion.

1000Base-T IEEE 802.3ab specification for Gigabit Ethernet using CAT5 copper Ethernet cable.

ANSI American National Standards Institute

Auto-Negotiation Signalling method allowing each node to select its optimum operational mode (e.g., speed and duplex mode) based on the capabilities of the node to which it is connected.

Backbone Another term for bus - refers to the main link that connects network nodes. The term is often used to describe the main network connections composing the network.

Beacon The packet type and packet on the network upon which the port disabling is enacted.

BPP Beacon Priority Policy - A role/service that allows for the Beacon packet to have the highest priority when propagating though the network. This ensures the Beacon packet will be transmitted back to the PBQ in a flooded switch.

BootP Bootstrap Protocol

Bridge Priority Value

The range of priority values used to determine which device is selected as the Spanning Tree root. This value can range from 0- 65535 for bridge priority mode 802.1d (decrement by 1) or from 0-61440 for bridge prior-ity mode 802.1t (decrement by 4096).

CAT5 Category 5 Twisted Pair Cable - such as 10Base-T, 100Base-TX and 1000Base-T.

(15)

CBP (Circuit Breaker Policy) a role/service that disables a port when a Beacon packet is received from an edge switch or from the tier below.

Circuit Breaker A policy rule that will disable a port that receives an incoming packet of an outgoing Beacon packet “Loop”.

Circuit Breaker PBQ/SBQ

(CBPBQ/CBSBQ)

This is used to refer to policy rule that will disable an uplink port that interfaces two root switches that receives an incoming packet of an outgo-ing Beacon packet “Loop”. This function is a subset of the Circuit

Breaker.

CLI Command Line Interface

Core Switch Refers to the main body of switches that provide the network with its backbone connections. A core switch can also be considered an “edge switch” in reference to the root; however the outer most edge switches within the network are normally not considered to be core switches.

CRC Cyclic Redundancy Check

CSMA/CD Carrier Sense Multiple Access/Collision Detection Data Loop or Loop

Path

Refers to a condition where data traverses a redundant path with no termination point.

DCE Data Communications Equipment (modem)

DSR Data Set Ready

DTE Data Terminal Equipment

DTR Data Terminal Ready

Edge Switch Refers to an outer switch in a network topology that is linked to the pri-mary root or backup root bridge switch directly in one to two tier

configurations, and indirectly in three to four tier configurations.

ESD Electrostatic Discharge

FCS Frame Check Sequence

Fast Ethernet (FE) Set of Ethernet standards that carry traffic at the nominal rate of 100 Mbit per second.

FTM Frame Transfer Matrix

Full Duplex Transmission method that allows two network devices to transmit and receive concurrently, effectively doubling the bandwidth of that link.

(16)

ICMP Internet Control Message Protocol

IEEE Institute of Electrical and Electronics Engineers

IEEE 802.3 Defines carrier sense multiple access with collision detection (CSMA/CD) access method and physical layer specifications.

IEEE 802.3ab Defines a media access method and physical layer specifications for 1000Base-T Gigabit Ethernet.

IEEE 802.3u Defines a media access method and physical layer specifications for 100Base-TX Fast Ethernet over CAT5 cable.

IEEE 802.3x Defines Ethernet frame start/stop requests and timers used for paused flow control on full-duplex links.

IEEE 802.3z Defines a media access method and physical layer specifications for 1000Base Gigabit Ethernet.

IGMP Internet Group Management Protocol, used to establish host member-ships in particular multicast groups on a single network.

IOC Input/Output Controller (part of the Z-Module Control Processor (ZCP270))

IOM Input/Output Module

IP Internet Protocol

LAN Local Area Network

LDP Loop Detection Policy (Refer toThe MESH Control Network Operation, and Switch Installation and Configuration Guide (B0700CA) for more information.)

LED Light Emitting Diode

MAC Media Access Control

MDI Media Dependent Interface or Media Device Interface

MIB Management Information Base

MMF Multi-mode Fiber cable

NEM Network Expansion Module

PBQ Primary Beacon Queryer - The switch with the lowest IP address and with the IGMP “Beacon” enabled.

Policy A group of rules which a network device uses to make forwarding, block-ing or port-disable decisions.

(17)

RFC Request for Comment

RMON Remote Monitoring

Role A collection of services

RSTP Rapid Spanning-Tree Protocol (IEEE 802.1w standard) Rule Hit An action when a packet classifier finds the packet.

Rules Packet classifiers that are used to identify packet types on the network.

RXD Receive Data

SBQ Secondary Beacon Query - The switch with the second lowest IP address and with the IGMP “Beacon” enabled.

Service A collection of Rules

SFP Small Form Factor Pluggable (Type of Mini-GBIC)

SMF Single-mode Fiber cable

SNMP Simple Network Management Protocol

STP Spanning-Tree Protocol (IEEE 802.1d standard) TCP/IP Transmission Control Protocol/Internet Protocol

TDR Transient Data Recorder

TFTP Trivial File Transfer Protocol

TXD Transmit Data

UTP Unshielded Twisted Pair

(18)

1. Introduction

This chapter provides an introduction to the concepts and equipment used in The MESH control network.

Overview of The MESH Control Network

Architecture

The MESH control network is a switched Fast Ethernet network based on IEEE 802.3u (Fast Ethernet) and IEEE 802.3z (gigabit Ethernet) standards. The MESH control network consists of a number of Ethernet switches connected in a MESH configuration.

The MESH control network configuration allows high availability by providing redundant data paths and eliminating single points of failure caused by component link failures. The flexibility of the architecture allows you to design a network configuration that fits the needs of the control sys-tem. Configurations can be as simple as a workstation and controller connected with a single pair of switches, or as complex as a multi-switch, fully meshed control network, communicating at speeds up to 1 gigabit per second.

The MESH control network architecture integrates powerful control stations and workstations in a 100 Mb/1 Gb Ethernet network. These control stations, workstations and networks comprise scalable systems for process monitoring, process control and integration with industrial informa-tion management systems.

High speed, coupled with redundancy and peer-to-peer characteristics, provides high perfor-mance and superior security. Station interfaces to redundant Ethernet switches ensure secure communications between the stations. Station interfaces can use single paths but this compro-mises the security of The MESH control network.

NOTE

All graphics of switches and media converters in this document are intended as generic illustrations of networking concepts and do not necessarily reflect the cur-rently offered products.

Switched Ethernet Characteristics

Standard Fast Ethernet switches and fiber optic/copper cabling provide versatile solutions for building MESH networks using industry standard protocols. The 16-port or larger managed Ethernet switches used in The MESH control network allow connection of multiple control sta-tions, workstations and other Ethernet switches. Unmanaged switches are not supported by The MESH control network because they offer no redundancy and you cannot run diagnostics if the switch should fail.

(19)

B0700AZ– RevL 1.Introduction

The MESH Control Network Features

Two types of network configuration methods are available in The MESH control network -Standard Configuration and SecurityEnhanced Configuration.

Standard Configuration Features

The Standard Configuration of The MESH control network provides the following features.

♦ System scalability by interconnecting Ethernet switches with 16-ports or more in a

linear, ring, star, inverted tree or modified inverted tree network topology (configura-tion). The topology is dependent on the network site requirements.

♦ Ethernet switches connected in a MESH configuration with up to 1920 I/A Series

stations

♦ Support for Fast Ethernet (100 Mb) and Gigabit (uplink only) Ethernet (1000 Mb) ♦ Modular uplinks to high-speed backbones using 1 Gb 1000Base-T, 1000Base-SX,

1000Base-LX and 1000Base-ZX standards

♦ Full-duplex operation based on the IEEE 802.3 standards

♦ Rapid Spanning Tree Protocol (RSTP - IEEE 802.1w) which manages redundant

paths, prevents loops, and provides high speed convergence time for a network

♦ Network management and configuration via local port or Web access for various

switches

♦ System Management software for monitoring the health of the control system and

managing equipment in the system

♦ Software in every station that manages redundant Ethernet ports in response to

network faults

♦ High speed response to network and station faults to provide a highly reliable

redun-dant network.

Security Enhanced Configuration Features

The Security Enhanced Configuration is now available to provide additional features. Due to the recent advances in switch network technologies, the Security Enhanced Configuration of The MESH control network offers improvements in network security, Loop Detection and many additional features not offered in the Standard Configuration.

The Security Enhanced Configuration deploys specific network topologies and switch configura-tions that allow for advanced network loop detection in the event of a RSTP failure. This

advanced network loop detection minimizes the potential for a single point of failure that will degrade communications between devices in the network.

Deploying the advanced network loop detection is accomplished by carefully designing the work and correctly deploying the Loop Detection Policy (LDP) algorithms required for the network design, and by following the network configuration requirements provided in this

(20)

NOTE

When designing a Security Enhanced Configuration network, each device/switch within the network is required to be connected to two different switches within the

network. If the network is constructed with less than two connections between devices/switches, data traffic could be disrupted if any single device fails or there is a fault that causes the loop detection algorithm Rule Hit.

Loop Detection Policy (LDP) Deployed on The MESH Control Network

Due to the design of the Standard or Security Enhanced Configurations of The MESH control network, redundant links form physical loops in the network and are controlled (Blocked) by Rapid Spanning Tree Protocol (RSTP), creating a logical loop-free network. In a Security Enhanced Configuration in addition to RSTP, Loop Detection (LDP) is deployed to block redundant loops that could occur in the event of an RSTP or Data Loop (storm) failure.

A loop is determined by establishing a well-known data path and its source. To establish a known path, the concept known as the “Beacon” is developed. The Beacon routinely sends out an IGMP data packet. When the data packet is seen at an unexpected source port, the assumption is that a loop occurred and an action (Rule) needs to occur. A switch’s port deployed with “Circuit

Breaker” will disable the first port on which the incorrectly sourced packet is received.

Recent chassis switches, such as the N-Series Platinum (DFE) switches (P0973BQ, P0973BR, P0973BT, and P0973BS), offer advanced packet switching services that can scope data packets beyond the source and destination MAC-address. By looking at other data points in the packets, the switch can make decisions on which of these data points to mark a packet on. Once a particu-lar packet is identified, the switch can take action on it. The action of interest is disabling a looped port. Disabling this looping port maintains a loop-free network. The switches alert the network administrator with SNMP traps and syslog messages. These should be acted upon to 'fix' the network loop in a timely manner. When disabled by the LDP, a disabled port can be monitored by

SMDH via a link down trap. Other methods of monitoring and management of ports can be accomplished by utilizing the switch's CLI port or NetSight Policy Manager.

Virtual Local Area Networks (VLANs) on The MESH Control Network

A VLAN acts like an ordinary Local Area Network (LAN), but in a VLAN, connected devices do not have to be physically connected to the same segment. The VLAN allows devices located in separate areas or connected to separate ports to belong to a single VLAN group. Devices that are assigned to such a group will send and receive broadcast and multicast traffic as though they were all connected to a common network. VLAN-aware switches isolate broadcast, multicast, and unknown traffic received from VLAN groups, so that traffic from stations in a VLAN are con-fined to that VLAN.

Additional details about VLANs are provided inThe MESH Control Network Operation, and Switch Installation and Configuration Guide (B0700CA revision F or later), in Chapter 10 “VLANs Usage on The MESH Control Networks” and Appendix D “Understanding Virtual Local Area Networks (VLANs)”.

(21)

The MESH Control Network

The MESH control network is designed to provide multiple communication paths between any two devices or stations connected to the network. This network architecture provides very high availability, while reducing network complexity, cost, and maintenance requirements.

The MESH Control Network Topologies

There are several basic MESH control network topologies supported by the I/A Seriessystem in each of theStandard andSecurityEnhanced Configurations. These are:

♦ Standard Configuration ♦ Linear

♦ Ring ♦ Star

♦ Inverted tree

♦ Modified inverted tree

♦ Security Enhanced Configuration ♦ Linear

♦ Star

♦ Inverted tree

♦ Modified inverted tree

NOTE

When deploying the Security Enhanced Configuration, The MESH control network should be constructed using one of the four enhanced topologies listed above.

The ring topology should never be used when deploying this configuration.

Each configuration/topology listed has unique features and the one chosen for a particular network depends on the specific requirements of the site or installation. The following diagrams

pro-vide examples of the different topologies as well as recommendations on where they might be used.

(22)

Linear Configuration

The linear configuration is appropriate for a small, two switch network, as shown in Figure 1-1. In this example a failure of any one component in The MESH control network does not affect the operation of the remaining components. The linear configuration does not require a root or back-up switch configuration. Large chassis switches with hundreds of ports can be used in a linear configuration to create a large control system. A multiple switch linear configuration (more than two) is not supported due to its lack of network redundancy, which can result in loss of communi-cation between two devices within the network.

(23)

Ring Topology

This topology is suited to networks containing three to seven switches. As shown in Figure 1-2, each switch has connections to the two adjacent switches. In the event of a failed switch, the ring is broken and the network assumes the characteristics of the linear topology shown in Figure 1-1. There is a limit of seven (7) switches between any two devices on the network. This limit is imposed by the I/A Series system and cannot be exceeded.

Figure 1-2 illustrates a network composed of six managed switches configured in a ring. A network in this configuration is able to handle a single component failure and still maintain its

integ-rity. The ring configuration does not require a root or backup root switch configuration. The ring topology cannot be configured with the Security Enhanced Configuration. When LDP is deployed in a ring topology, the loop detection algorithm will run before RSTP can block the port resulting in an uplink port being disabled. The end result will produce a multi-ple switch linear topology which is not a supported configuration. When designing Security Enhanced Configurations, use one of the four supported topologies (on page 4).

(24)

Star Topology

The star topology is the preferred topology for all networks, provided that geographical con-straints allow this topology. In a star topology, the switches at the outside edge of the network have connections to each of the two root switches. The root switches are connected to each other and the edge switches. Redundant data paths allow the network to continue to operate if any one component fails.

Figure 1-3 illustrates a star network containing ten edge switches and two root switches. In a Stan-dard Configuration star topology utilizing Gold Series blades, as many as 40 edge switches can be connected to the Chassis switch using 1 Gb uplinks. When utilizing Platinum Series blades, as many as 166 edge switches can be utilized.

For a Security Enhanced Configuration star topology (Policy enabled switches only) a maximum of 166 edge switches can be connected to the Chassis switch using 1 Gb uplinks. An inverted tree topology can be considered if there is a larger number of edge switches required (up to 250

switches).

Refer to the table “Qualified Switch Standard/ Security Enhanced Configuration Compatibilities Matrix” inThe MESH Control Network Operation, and Switch Installation and Configuration Guide (B0700CA) for a list of switches capabilities.

(25)

(26)

Inverted Tree Topology

The inverted tree topology is suited to very large networks with specific physical constraints. In this topology the switches are arranged in tiers, with the root switches in the top tier and up to three tiers below them. The root switches (Tier 1) are the only switches in the network that have connections between switches on the same tier; all other switches have two connections to

switches in the tiers above them. This topology is supported in both the Standard and Security Enhanced Configurations.

When deployed in a Security Enhanced Configuration, all switches within the network must be switch types that support Loop Detection (LDP). Refer to the table “Qualified Switch Stan-dard/Security Enhanced Configuration Compatibilities Matrix” inThe MESH Control Network Operation, and Switch Installation and Configuration Guide(B0700CA) for a list of the switches applicable to either of these configurations.

An inverted tree network topology is illustrated in Figure 1-4.There can be no more than four-tiers of switches (including the root) in order to comply with the I/A Series system requirement limiting the number of switches between devices to seven.

(27)

Figure 1-4. Inverted Tree Topology

Modified Inverted Tree Topology

The modified inverted tree topology is suited for very large enhanced networks with specific phys-ical constraints and requirements. The modified inverted tree topology allows for standard quali-fied (lower cost) switches to be utilized at the outer edge, which allows for larger networks to be deployed at a lower cost. In this topology, the switches are arranged in tiers, with the root switches in the top tier with up to three tiers below them. The root switches (Tier 1) are the only switches

Note: Primary and Backup Root Switches have two connections.

(28)

connections interface to the network on different tiers. A modified inverted tree network topol-ogy is illustrated in Figure 1-5.

There can be no more than four-tiers of switches (including the root) in order to comply with the I/A Series system requirement limiting the number of switches between devices to seven.

(29)

The MESH Control Network

Network Example

The MESH control network utilizes qualified Fast Ethernet switches which are configured to form a highly robust redundant network. Figure 1-6 on page 13 shows an example with several I/A Series stations and Control Processors connected redundantly to The MESH control network.

Workstations are also redundantly connected to the Fast Ethernet switches.

The Z-module Control Processor 270 (ZCP270) main processor’s Ethernet ports connect to The MESH control network, where the ZCP270 I/O controller (IOC) ports have t he option of con-necting directly to The MESH control network or a dedicated I/O network.

The Fieldbus Communications Module (FCM100Et or FCM100E) provides the interface

between the ZCP270 and the FBMs and connects to The MESH control network or a dedicated I/O network.

When designing The MESH control network architecture, the following concerns should be addressed:

♦ For critical I/O communications, which in this context can be defined as I/O

applica-tions that cannot allow for a disruption of fieldbus communicaapplica-tions over a five second span, it is recommended that the ZCP270 IOC and FCM I/O be placed on a separate network.

♦ For non-critical I/O communications, the FCM100s and ZCP IOC ports can

con-nect directly to The MESH. Whenever possible, it is recommended that the ZCP IOC ports and FCMs be attached to the same switches within the network, keeping the ZCP IOC to FCM communications local to the switch. (See Figure 1-6.)

If a dedicated I/O network is to be employed, a simple linear topology is used and switch selection should be per the standard guidelines for The MESH, where the ZCP270 I/O controller (IOC) ports A/B and FCM I/O ports A/B (Fieldbus A and Fieldbus B) A side and B side are separated on independent networks. It is also possible to have multiple I/O networks, such as having an I/O network for each ZCP IOC and its FCMs.

WARNING

!

Switches on a dedicated I/O network cannot be seen in SMDH or System Manager. However, Fieldbus A and Fieldbus B errors are indicated in a normal manner via the “Sys” Key and are visible in SMDH or System Manager.

Also, a dedicated I/O network cannot be used for FBMs using the GPS SOE/TDR time sync package (seeTime Synchronization User's Guide (B0700AQ)).

For more information on configuring a dedicated I/O network, refer to “I/O Network Design Rules” on page 36 and “I/O Network Topology Configurations” on page 58.

(30)

Figure 1-6.

Figure 1-6. The MESH Control NThe MESH Control Network (Star Tetwork (Star Topology Shown)opology Shown)

The MESH The MESH ETHERNET ETHERNET SWITCHES SWITCHES ZCP270 ZCP270 FCP270 FCP270 TO/FROM TO/FROM PROCESS PROCESS CONTROL NETWORK CONTROL NETWORK TO/FROM TO/FROM PROCESS PROCESS DIN RAIL DIN RAIL FCM100Et FCM100Et WORKSTATIONS WORKSTATIONS INFORMATION NETWORK INFORMATION NETWORK BASEPLATE BASEPLATE SPLITTER/COMBINER SPLITTER/COMBINER FBM FBM FBM FBM

(NOT USED WITH F

(NOT USED WITH F CM100E)CM100E) SPLITTER/ SPLITTER/ COMBINERS COMBINERS DIN RAIL DIN RAIL BASEPLATE BASEPLATE or FCM100E or FCM100E

(31)

B

B00770000AAZZ–– RReevv LL 11..IInnttrroodduuccttiioonn

ZCP270 ZCP270 SPLITTER/ SPLITTER/ COMBINERS COMBINERS TO/FROM TO/FROM DIN RAIL DIN RAIL FCM100Et FCM100Et BASEPLATE BASEPLATE SPLITTER/COMBINER SPLITTER/COMBINER FBM FBM (NOT USED WITH FCM100E) (NOT USED WITH FCM100E)

or FCM100E or FCM100E The MESH The MESH CONTROL NETWORK CONTROL NETWORK I/O NETWORK I/O NETWORK A A B B

(32)

The MESH Control Network Specifications

For more information, refer to the following Product Specifications Sheets: For more information, refer to the following Product Specifications Sheets:

♦

♦ The MESH The MESH Control Network Architecture Control Network Architecture (PSS 21H-7C2 B3) (PSS 21H-7C2 B3) ♦

♦ The MESH Control The MESH Control Network Ethernet EquipmentNetwork Ethernet Equipment(PSS 21H-7C3 B4).(PSS 21H-7C3 B4).

The MESH Control Network Workstations

I/A

I/A Series workstations caSeries workstations can be connected to The MESH control networkn be connected to The MESH control network. These workstations. These workstations provide host services to

provide host services to fault-tolerant control processors. In addition, the workstation providesfault-tolerant control processors. In addition, the workstation provides the operator interface for the display of

the operator interface for the display of graphic and textual information.graphic and textual information.

Each workstation connects to the switches in The MESH control network by way of copper or Each workstation connects to the switches in The MESH control network by way of copper or fiber interface cards in the workstation. Two Network Interface Cards (NIC) are offered:

fiber interface cards in the workstation. Two Network Interface Cards (NIC) are offered:

♦

♦ 100Base-FX100Base-FX ♦

♦ 10/100Base-TX 10/100Base-TX

The workstation can be directly connected to Ethernet switches or through the use of a

The workstation can be directly connected to Ethernet switches or through the use of a mediamedia converter, described in

converter, described in Media Converter Installation and Configuration Guide for Media Converter Installation and Configuration Guide for Control Networks Control Networks (B0700CP). In addition, the built-in Ethernet interface on the workstation’s motherboard can be (B0700CP). In addition, the built-in Ethernet interface on the workstation’s motherboard can be used to interface to a

used to interface to a plant information network.plant information network.

Table 1-1. The MESH Control Network Specifications Table 1-1. The MESH Control Network Specifications Specifications

Specifications

Number of

Number of I/AI/A Series stations connectSeries stations connected toed to The MESH control network

The MESH control network

1,920 I/A

1,920 I/A Series stations including switchesSeries stations including switches, maximum (FCM100Et, maximum (FCM100Etss and FCM100Es are not included in count). Up to 250 switches. and FCM100Es are not included in count). Up to 250 switches. Number of Ethernet switches between any

Number of Ethernet switches between any two stations

two stations

Seven maximum Seven maximum N

Nuummbbeer r oof f IIP P aaddddrreesssseess 1100,,00000 0 mmaaxxiimmuum m iinncclluuddees s sswwiittcchheess, , ccoonnttrroolllleerrss, , wwoorrkkssttaattiioonns s aanndd FCM100Ets and FCM100Es.

FCM100Ets and FCM100Es. VL

VLANANs on s on ThThe Me MESESH coH contntrorol nel netwtworkork SiSix (6x (6) co) confnfigigururabable Vle VLALANs Ns arare sue supppportorted oed on Thn The MEe MESH SH CoContntroroll Network

Network S

Sttaannddaarrdds s SSuuppppoorrtteedd 11000 0 MMb b FFuullll--dduupplleex x ooppeerraattiioon n ffoor r ffiibbeer r ooppttiic c aannd d ccooppppeer r ccaabbllee.. Modular uplinks using 1

Modular uplinks using 1 Gb 1000Base-TGb 1000Base-T, 1000Base-SX and, 1000Base-SX and 1000Base-LX standards

1000Base-LX standards S

Sppeeeedds s SSuuppppoorrtteedd FFaasst Et Etthheerrnneet t ((11000 0 MMbb) ) aannd d uupplliinnk k GGiiggaabbiit t EEtthheerrnneet t ((1100000 0 MMbb)) P

Prroottooccoolls s UUsseedd RRaappiid d SSppaannnniinng g TTrreee e PPrroottooccool l ((RRSSTTP P - - IIEEEEE 8E 80022..11ww)), , 880022..33,, 802.3ad

802.3ad Cable Lengths - Interconnecting stations or

Cable Lengths - Interconnecting stations or Ethernet switches

Ethernet switches

CA

CAT5:100Base-TX or 1000Base-T; 100 m (328T5:100Base-TX or 1000Base-T; 100 m (328 ft) maximumft) maximum Fiber optic: Fiber optic: 100Base-FX; 2 km (6,560 ft) maximum (MMF) 100Base-FX; 2 km (6,560 ft) maximum (MMF) 1000Base-SX; 275 m (900 ft) maximum (MMF) 1000Base-SX; 275 m (900 ft) maximum (MMF) 1000Base-LX/LH; 2 km (6,560 ft) maximum (MMF) 1000Base-LX/LH; 2 km (6,560 ft) maximum (MMF) 1000Base-LX; 10 km (6.2 mi)

1000Base-LX; 10 km (6.2 mi) maximum (SMF)maximum (SMF) 1000Base-ZX; SMF, 80 km (49.7 miles) maximum 1000Base-ZX; SMF, 80 km (49.7 miles) maximum Cable Lengths - Total connection length

Cable Lengths - Total connection length allowed between switches

allowed between switches

Single mode fiber (SMF), 80 km

Single mode fiber (SMF), 80 km (49.7 mi) maximum(49.7 mi) maximum Multimode fiber (MMF), 2 km (6,560 ft)

Multimode fiber (MMF), 2 km (6,560 ft) maximummaximum M

MEESSH CH Cononttrorol Nl Netetwworork Dk Diiststaancncee It It iis ps posossisibble le tto eo extxteend nd ThThe Me MESESH cH cononttrorol nl netetwworork dk disisttanance ce uusisingng various third-party network equipment and extenders. It should be various third-party network equipment and extenders. It should be noted that the total network delays between two end

noted that the total network delays between two end devices shoulddevices should not exceed 100ms roundtrip.

(33)

The MESH Control Network Ethernet Switches

A switch is an active multiport network and bridge device that provides a separate collision domain for each port, and uses Media Access Control (MAC) layer to direct network packets to the appropriate station or switch. This allows multiple simultaneous communications among network devices connected to the switch.

The MESH control network utilizes standard commercial off-the-shelf Ethernet switches to allow you to configure your system to meet your functional, performance and plant requirements. Switches listed in “Reference Documents” on page xii have been tested and qualified by Invensys for use with I/A Series products. Other Fast Ethernet switches from other vendors may be allowed to be on The MESH control network. Using non-qualified switches may cause unpredictable fail-ures or responses. The list of vendors and their qualified switches can be obtained from the Global Client Support Center (Global CSC) web site athttp://support.ips.invensys.com .

Refer to the documentation included with your Invensys qualified Ethernet switches for details of their capabilities.

NOTE

The MESH control network was designed and tested for operation with the Ether-net switches listed in “Reference Documents” on page xii. The Ether-network may operate with similar, off-the-shelf equipment, but Invensys Systems, Inc. is not responsible

for any system malfunctions that may occur if such equipment is used. If you use your own network:

1. You must meet the bandwidth requirements for the I/A Series equipment you have chosen (1 Gb for uplinks and 100 Mb for ports).

2. There can be no Layer 3 inter-network devices (for example, routers) between any I/A Series equipment.

3. Typically a failover time of less than 1 second is achievable using Fast Ethernet switches qualified and supplied by Invensys and configured in accordance with I/A Series documentation.

The network management module for the Fast Ethernet switches, provides a menu-driven or Command Line Interface (CLI) system configuration program with management capability. See the documentation included with your Invensys qualified Ethernet switches and the vendor man-uals listed in “Reference Documents” on page xii for further details.

Advantages of Invensys-Supplied Switches

The MESH control network requires switches purchased from Invensys. This provides a number of advantages, described below.

♦ Can customers include Ethernet switches from other suppliers for use in The MESH

control network?

Only Invensys-supplied Ethernet switches have been qualified for use in the I/A Series system. Other switches may or may not work and may not meet the performance specifications required for a secure, reliable high performance in The MESH control network.

(34)

♦

♦ Why won't other switc Why won't other switches provide the samhes provide the same performance?e performance?

The Invensys-s

The Invensys-supplied switch is off the shelf upplied switch is off the shelf equipment and has been optimizedequipment and has been optimized to meet

to meet the stringent performance specifications for The MESH network. Forthe stringent performance specifications for The MESH network. For example, the Rapid Spanning Tree Protocol algorithm that manages traffic paths example, the Rapid Spanning Tree Protocol algorithm that manages traffic paths is optimized

is optimized to meet the requiremto meet the requirement for network recoent for network recovery on failure of a rvery on failure of a rootoot switch in less than one second. This level of

switch in less than one second. This level of performance is much better than isperformance is much better than is typically achievable with other vendor's hardware and RSTP implementation. typically achievable with other vendor's hardware and RSTP implementation.

♦

♦ Can customers purchase switches from third parties with Can customers purchase switches from third parties with the correct certified firm-the correct certified

firmware to work wi

ware to work with the I/Ath the I/A Series system?Series system? Although switch

Although switches qualified for use with es qualified for use with I/AI/A Series systems caSeries systems can also be purchasn also be purchaseded from third parties, they will not necessarily have been furnished with the correct from third parties, they will not necessarily have been furnished with the correct firmware version that has been qualified. The

firmware version that has been qualified. The I/A Series Switch ConfiguratorI/A Series Switch Configurator Application S

Application Software (SCASoftware (SCAS), supplied with the In), supplied with the Invensys-supplvensys-supplied switch, is alsoied switch, is also designed to

designed to configure switches qualified by configure switches qualified by Invensys, making configuration easierInvensys, making configuration easier,, quicker

quicker, more , more reliable and facilitates troubleshooting and reliable and facilitates troubleshooting and configuration verifica-configuration verifica-tion.

tion.

♦

♦ How could a user get How could a user get the correct firmware?the correct firmware?

They would need t

They would need to contact Invensys and either o contact Invensys and either purchase replacement firmwarpurchase replacement firmwaree for each switch on a one

for each switch on a one time charge basis or purchase an Invensys support con-time charge basis or purchase an Invensys support con-tract which would cover the cost

tract which would cover the cost of replacement firmware.of replacement firmware.

♦

♦ Is the firmware provided by Invensys for The Is the firmware provided by Invensys for The MESH network switches exclusive toMESH network switches exclusive to

Invensys-s

Invensys-supplied upplied switches?switches?

Changes to the firmware used in I/A

Changes to the firmware used in I/A Series systems are incluSeries systems are included in the standardded in the standard product.

product.

Periodically, changes are made to the firmware; future versions of the firmware Periodically, changes are made to the firmware; future versions of the firmware which have n

which have not been qualified by Iot been qualified by Invensys may or may nnvensys may or may not be compatible withot be compatible with I/A

I/A SerSeries syies systemsstems..

Control Network Cabling

Three different types of cabling of various lengths may be used: Three different types of cabling of various lengths may be used:

♦

♦ Shielded twisted-pair 100Base-T CAT5 cabling - 100 m (328 ft.) maximumShielded twisted-pair 100Base-T CAT5 cabling - 100 m (328 ft.) maximum ♦

♦ Shielded twisted-pair 1000Base-T CAT5 cabling - 100 m (328 ft.) maximumShielded twisted-pair 1000Base-T CAT5 cabling - 100 m (328 ft.) maximum ♦

♦ Multimode fiber optic cabling - 2 km (1.25 mi) maximum for 100Base-FX Multimode fiber optic cabling - 2 km (1.25 mi) maximum for 100Base-FX ♦

♦ Multimode fiber optic cabling - 275 m (900 ft) maximum for 1000Base-SX Multimode fiber optic cabling - 275 m (900 ft) maximum for 1000Base-SX ♦

♦ Multimode fiber optic cabling - 550 m (1800 ft) maximum for 1000Base-LX Multimode fiber optic cabling - 550 m (1800 ft) maximum for 1000Base-LX ♦

♦ Multimode fiber optic cabling - 2 km (1.25 mi) maximum for 1000Base-LX/LHMultimode fiber optic cabling - 2 km (1.25 mi) maximum for 1000Base-LX/LH ♦

♦ Single mode fiber optic cabling - Single mode fiber optic cabling - 10 km (6.21 mi) 10 km (6.21 mi) maximum for 1000Base-LX.maximum for 1000Base-LX. ♦

♦ Single mode fiber optic cabling - 80 km (49.68 mi) maximum forSingle mode fiber optic cabling - 80 km (49.68 mi) maximum for

1000Base-ZX/ELX. 1000Base-ZX/ELX.

(35)

B

B00770000AAZZ–– RReevv LL 11..IInnttrroodduuccttiioonn

Category 5 Cabling

There are two basic configurations of Category 5 (CAT5) cables: There are two basic configurations of Category 5 (CAT5) cables:

♦

♦ Straight-Straight-through cables: cables used to through cables: cables used to connect workstations to Ethernet switches, andconnect workstations to Ethernet switches, and

media converters to Ethernet switches. media converters to Ethernet switches.

♦

♦ CrossovCrossover cables (also called er cables (also called a null hub): cables used a null hub): cables used to interconnect Ethernetto interconnect Ethernet

switches. switches.

Some switches have auto MDI/MDI-X ports (for example,

Some switches have auto MDI/MDI-X ports (for example, 24-P24-Port Copper) which provides theort Copper) which provides the crossover and do not require a crossover cable.

crossover and do not require a crossover cable.

NOTE NOTE

All catego

All category 5 Cablinry 5 Cabling must be of sg must be of shielded thielded type for oype for optimal intptimal interference merference mitigation.itigation. Normally, when one switch is connected to another, the transmit and receive wires must be Normally, when one switch is connected to another, the transmit and receive wires must be crossed over

crossed over, such that , such that the transmit wires from switch #1 the transmit wires from switch #1 connects to the connects to the receive wires fromreceive wires from switch

switch #2, and vice versa. Crossover cables are used much less frequently than straight-thr#2, and vice versa. Crossover cables are used much less frequently than straight-throughough cables. A straight through cable can be

cables. A straight through cable can be used as a used as a crossovcrossover cable if er cable if used in conjunction with a used in conjunction with a nullnull hub cable adapter

hub cable adapter (P0971PK(P0971PK).). A null hub is a

A null hub is a very short cable that has a male Rvery short cable that has a male RJ-45 connector J-45 connector on one end and a female RJ-on one end and a female RJ-4545 connector on the other. The transmit and receive wires are rev

connector on the other. The transmit and receive wires are reversed, so when it ersed, so when it is connected tois connected to the end of a

the end of a straight-throustraight-through cable, the resulting cable system can act as a gh cable, the resulting cable system can act as a crossover cable. Thecrossover cable. The null hub is used

null hub is used to interconnect switches using straight-through CAto interconnect switches using straight-through CAT5 when neither switch isT5 when neither switch is equipped with auto MDI/MDI-X ports (crossover port).

equipped with auto MDI/MDI-X ports (crossover port).

Fiber Optic Cabling

Fiber optic cable is used to connect workstations to Ethernet switches and to make connections Fiber optic cable is used to connect workstations to Ethernet switches and to make connections between Ethernet switches. The

between Ethernet switches. The fiber optic cable’fiber optic cable’s electrical isolation s electrical isolation characteristics provide pro-characteristics provide pro-tection from voltage differentials and ground loops

tection from voltage differentials and ground loops and permit communication installations toand permit communication installations to pass through areas where intrinsically safe operation is

pass through areas where intrinsically safe operation is required. The fiber optic cable is required. The fiber optic cable is unaf- unaf-fected by electrical noise such as EMI and RFI and

fected by electrical noise such as EMI and RFI and can be installed even in the following cases:can be installed even in the following cases:

♦

♦ Areas containi Areas containing rotating machng rotating machineryinery, arc welders, and so forth, arc welders, and so forth ♦

♦ Cable trays containing high voltage power linesCable trays containing high voltage power lines ♦

♦ Outdoor areas exposed to Outdoor areas exposed to lightning hazards (with appropriately rated cable)lightning hazards (with appropriately rated cable) ♦

♦ Areas contain Areas containing strong magning strong magnetic fieldsetic fields ♦

♦ Longer distances than twisted pair cable.Longer distances than twisted pair cable.

Two different types of fiber optic cable may be used in The MESH control network: Two different types of fiber optic cable may be used in The MESH control network:

♦

♦ Single mode cableSingle mode cable ♦

(36)

NOTE NOTE

Single mode and multimode fiber optical devices are not

Single mode and multimode fiber optical devices are not compatible. Both devicescompatible. Both devices being connected (and the cable) must be of the same type in

being connected (and the cable) must be of the same type in order to ensure properorder to ensure proper operation. In certain limited cases (connecting Ethernet switch uplink ports, for operation. In certain limited cases (connecting Ethernet switch uplink ports, for example), a mode conditioning cable may be

example), a mode conditioning cable may be employed so that multimode fiberemployed so that multimode fiber cable can be used with a single mode device. Refer to the

cable can be used with a single mode device. Refer to the diagrams in the “Ethernetdiagrams in the “Ethernet Switch Interconnection Diagrams” in the documentation included with your

Switch Interconnection Diagrams” in the documentation included with your Invensys qualified Ethernet switches for

Invensys qualified Ethernet switches for specific information.specific information.

NOTE NOTE

The fiber optic cables mentioned in

The fiber optic cables mentioned in this document may require additionalthis document may require additional mechanical

mechanical protection, particularlprotection, particularly when run between different enclosury when run between different enclosures.es.

Single Mode Cable

In the control network, single mode fiber optic cable can be

In the control network, single mode fiber optic cable can be used to connect Ethernet switches toused to connect Ethernet switches to each other through each switch’

each other through each switch’s uplink port. s uplink port. The uplink ports of The uplink ports of each of the each of the switches being con-switches being con-nected must be designed for single mode operation. Refer to the “Ethernet Switch

nected must be designed for single mode operation. Refer to the “Ethernet Switch Interconnec- Interconnec-tion Diagrams” in the documentaInterconnec-tion included with your Invensys qualified Ethernet switches tion Diagrams” in the documentation included with your Invensys qualified Ethernet switches for information on uplink modules for use with single mode fiber optic

for information on uplink modules for use with single mode fiber optic cable.cable.

Multimode Cable

Mu

Multimode fiber optic ltimode fiber optic cable is employed in cable is employed in different situations in The MESH control network:different situations in The MESH control network:

♦

♦ Controller to Switch - A controller connects through splitter/combiner(s) to theController to Switch - A controller connects through splitter/combiner(s) to the

Ethernet switch(es) 100B

Ethernet switch(es) 100Base-FX port(s) using a ase-FX port(s) using a multimode fiber optic cable termi-multimode fiber optic cable termi-nated with MT-RJ connectors. The connection is LC on one end and MT-RJ on the nated with MT-RJ connectors. The connection is LC on one end and MT-RJ on the other end between the

other end between the switch and the switch and the splittersplitter. Ethernet switch(es) without fiber optic. Ethernet switch(es) without fiber optic port(s), can use media

port(s), can use media converter(s) between the switch(es) and the splitter/com-converter(s) between the switch(es) and the splitter/com-biner(s) to enable a

biner(s) to enable a connection.connection.

♦

♦ Field Communications Module (FCM) to Switch - A redundant FCM connectsField Communications Module (FCM) to Switch - A redundant FCM connects

through splitter/combiners to the Ethernet switches 100Base-FX ports using a

through splitter/combiners to the Ethernet switches 100Base-FX ports using a multi- multi-mode fiber optic cable terminated with MT-RJ connectors. The connection is LC on mode fiber optic cable terminated with MT-RJ connectors. The connection is LC on one end and

one end and MTMT-RJ on the -RJ on the other end between tother end between the switch and the he switch and the splittersplitter. Ethernet. Ethernet switch(es) without fiber optic port(s), can

switch(es) without fiber optic port(s), can use media converter(s) between theuse media converter(s) between the

switch(es) and the splitter/combiner(s) to enable a connection. A single FCM module switch(es) and the splitter/combiner(s) to enable a connection. A single FCM module does not use

does not use a splitter/combiner and connects directly to a splitter/combiner and connects directly to a switch via an a switch via an LC/MTLC/MT-RJ-RJ fiber cable.

fiber cable.

♦

♦ W Workstation to Ethorkstation to Ethernet Switcernet Switch - A workstation is ch - A workstation is capable of connecting apable of connecting directly todirectly to

Ethernet switch’s 100Base-FX port using a multimode fiber optic cable terminated Ethernet switch’s 100Base-FX port using a multimode fiber optic cable terminated with MT

with MT-RJ connectors. A-RJ connectors. An Ethernet swin Ethernet switch without a fiber optic tch without a fiber optic port, can use twoport, can use two media converters between the switches and the workstations. Connection is based on media converters between the switches and the workstations. Connection is based on NIC type and switch type. Media converters can be used when NICs do

NIC type and switch type. Media converters can be used when NICs do not matchnot match switch ports.

(37)

♦ Ethernet Switch to Ethernet Switch - Ethernet switches that are equipped with

multi-mode fiber uplink ports may be connected directly to each other. The fiber optic cable should be terminated with MT-RJ type or LC type connectors, depending on the switch interface modules.

The MESH Control Network Management Software

Tool, NetSight

®

Console

The NetSight® Console enables enterprise-wide management of The MESH control network to provide network-wide monitoring and troubleshooting, such as device discovery, topology map-ping, and event management.

The enterprise-level command and control console provides:

♦ Multi-element management approach to facilitate the abstraction of complex network

policy into everyday business language

♦ System-level monitoring, and troubleshooting capabilities such as device discovery,

event management, and logging.

NetSight Plug-ins use the advanced features while reducing administrative burden and lowering total cost of ownership. The Plug-in applications include the NetSight Policy Manager.

Netsight Policy Manager

An advanced plug-in application for NetSight®, the NetSight Policy Manager enables simple management of complex network security policies to greatly enhance reliable network connectiv-ity. It provides the following.

♦ Role-based enterprise management

♦ Defines Roles, Rules and Services of the network

♦ Matches the role of the device with available network services ♦ Facilitates a distributed firewall to all edge points in the network

♦ Automated capabilities - offers ease of implementation, administration and

troubleshooting

♦ Complex policy management - provides an Audit Trail (event log)

The following tables list the various NetSight Policy Manager software available.

Table 1-2. NetSight Console Policies

Part Number Detailed Description

NS-CON-50 NetSight Console 50 Devices (50 device license for 1 server plus 3 concurrent user licenses)

NS-CON-U NetSight Console Unrestricted (Unrestricted device license for 1 server plus 25 concurrent user licenses)

(38)

Table 1-3. NetSight Client Policy

NS-USER NetSight User (Add 1 concurrent user license to existing NetSight server)

Table 1-4. NetSight Policy Bundle

NS-PB-50 NetSight Policy Bundle 50-devices (50 device Console license for 1 server plus 3 concurrent users, Policy Manager and Policy Control Console)

NS-PB-U NetSight Policy Bundle Unrestricted (Unrestricted device Console license for 1 server plus 25 concurrent users, Policy Manager and Pol-icy Control Console)

NS-PB-U-UG NetSight Policy Bundle 50 to Unrestricted Upgrade

Table 1-5. NetSight Advanced Bundle

NS-AB-50 NetSight Advanced Bundle 50-devices (50 device Console license for 1 server plus 3 concurrent users with Policy Manager, Policy Control Console, Automated Security Manager, Inventory Manager, and NAC Manager)

NS-AB-U NetSight Advanced Bundle Unrestricted (Unrestricted device Con-sole license for 1 server plus 25 concurrent users with Policy Manager, Policy Control Console, Automated Security Manager, Inventory Manager, and NAC Manager)

NS-AB-U-UG NetSight Advanced Bundle 50 to Unrestricted Upgrade

NS-AB-50FT NetSight Advanced Bundle 50-devices FT (50 device Console license for 1 server plus 3 concurrent users, Policy Manager, Policy Control Console, Automated Security Manager, Inventory Manager, NAC Manager, a redundant NetSight license for fault tolerance (manual failover), Includes Lab License)

NS-AB-UFT NetSight Advanced Bundle Unrestricted FT (Unrestricted device Console license for 1 server plus 25 concurrent users, Policy Manager, Policy Control Console, Automated Security Manager, Inventory Manager, and NAC Manager, a redundant NetSight license for fault tolerance (manual failover), includes Lab License)

(39)

Obtaining Network Management Software

To obtain Invensys pricing discounts, use the following contact information:

Table 1-6. NetSight Single User Policy

NS-SU-10 NetSight Single User 10-devices (10-device, single client (on same machine as server) license for Console, Policy Manager, and Inven-tory Manager)

Table 1-7. NetSight A-La-Carte Plug-Ins

NS-ASM NetSight Automated Security Manager (NetSight Automated Secu-rity Manager. Requires existing NS-CON-50 or NS-CON-U license) NS-IM NetSight Inventory Manager (NetSight Inventory Manager. Requires

existing NS-CON-50 or NS-CON-U license)

NS-NAC NetSight NAC Manager (NetSight NAC Manager. Requires existing NS-CON-50 or NS-CON-U license)

NS-PM NetSight Policy Manager (NetSight Policy Manager. Requires exist-ing NS-CON-50 or NS-CON-U license)

NS-LAB NetSight Lab License (Non-production use, one-time fee inclusive of maintenance. 50 device license for 1 server plus 2 concurrent users with Policy Manager, Automated Security Manager, Inventory

Man-ager, NAC ManMan-ager, Policy Control Console. Requires existing NS-CON-50 or NS-CON-U license)

Table 1-8. NetSight Appliance Policy

SNS-NSS-A NetSight Appliance (Hardware only, requires separate NetSight license) Holly O'Gara 978-878-4579 (U.S. Number) [email protected] OR Christine Leblanc 978-684-1559 (U.S. Number) [email protected] Enterasys Networks Corporate Headquarters 50 Minuteman Road Andover, MA 01810 U.S.A

Mesh Control

B0700AZ

B0700AZ

REV L

REV L

I/

I/A

A Se

Seri

ries

es

®

®

System

System

The MESH Control

The MESH Control Network Architecture Guide

Network Architecture Guide

Contents

Contents

Figures

Tables

Preface

Purpose

Audience

Revision Information

Reference Documents

Terms and Definitions

1. Introduction

Overview of The MESH Control Network

Architecture

Switched Ethernet Characteristics

The MESH Control Network Features

Standard Configuration Features

Security Enhanced Configuration Features

Loop Detection Policy (LDP) Deployed on The MESH Control Network

Virtual Local Area Networks (VLANs) on The MESH Control Network

The MESH Control Network

The MESH Control Network Topologies

The MESH Control Network

Network Example

The MESH Control Network Specifications

The MESH Control Network Specifications

The MESH Control Network Workstations

The MESH Control Network Workstations

The MESH Control Network Ethernet Switches

Advantages of Invensys-Supplied Switches

Control Network Cabling

Control Network Cabling

Category 5 Cabling

Category 5 Cabling

Fiber Optic Cabling

Fiber Optic Cabling

Single Mode Cable

Single Mode Cable

Multimode Cable

Multimode Cable

The MESH Control Network Management Software

Tool, NetSight

®

Console

Netsight Policy Manager

Obtaining Network Management Software