A common concern for control engineers building OEM machine systems is to build the control networks on their machines such that all the network addresses are common. For example, a packaging OEM is providing six packaging machines for six tissue lines at a Kleenex manufacturer. It’s highly desirable that each of those machines use the same PLC program so that there is only one packaging machine control program to maintain. That means that the PLC scanner in each of those PLCs must use an identical list of EtherNet/IP Adapter network addresses.
It’s not generally a problem that all those packaging machines use identical addresses if the packaging machine programmable controller and all its devices are never included in the overall control network. But if devices with those common network addresses need to be exposed to the rest of the control network or even the enterprise network, the control engineer has a problem because all six packaging machines have the same network addresses.
Network Address Translation (NAT) is one way of solving this problem. NAT devices “translate” one IP address into a different IP address. For example, let’s assume we have a motor drive with energy data on each of those packaging machines and it has the address 192.168.100.10. A NAT device for that network could be configured to translate that .10 address into an address like 10.10.5.10 where the third octet, the ‘5’, indicates the fifth machine in the line. In general, a sophisticated NAT device could translate all the devices on that machine to 10.10.x.y addresses where the x is the machine number and y is the fourth octet of the original address. It’s a good way for the control engineer to make some or all of the devices on a machine available for external access.
Advantages of using NAT include:
- Access to specific devices can be made available to an external network while access to other devices is blocked.
- Specific addresses of devices in a sub-network need not be made available to external users.
- OEMs can set the addresses of all devices in a sub-network identically, facilitating faster assembly and configuration.
- OEMs can set the IP addresses of all devices in a machine network independent of user network addressing.
- OEM networks are isolated to the end-users’ network, limiting the impact of the end-users’ network on the OEM network.
- NAT translation is independent of the protocol implementation. Addresses for EtherNet/IP, Modbus TCP, PROFINET IO, and any other device can be translated.
The disadvantage of NAT is that a control engineer must keep track of the network addresses that are used to hide the internal addresses and maintain the NAT software or NAT device.
In a future article, I will discuss some different ways that Network Address Translation can be used in a control system. I’ll talk about a very secure NAT device that I really like.