Who Accessed the Network When, Where and Why?

Combining functional analysis with condition monitoring

  • Indu-Sol’s measuring practice has produced three quality criteria: the telegram jitter, the load ratio and the general bus load.
    Indu-Sol’s measuring practice has produced three quality criteria: the telegram jitter, the load ratio and the general bus load.
  • The security mentality that has established in the office network already, i.e. knowing the network, should equally become standard in automation.
    The security mentality that has established in the office network already, i.e. knowing the network, should equally become standard in automation.
  • PROscan integrated in the PROmanage network management software facilitates the automatic creation of easy-to-survey network topologies displayed on a web-based surface.
    PROscan integrated in the PROmanage network management software facilitates the automatic creation of easy-to-survey network topologies displayed on a web-based surface.

The fact that a system works says nothing about the network quality. Practice frequently confirms this conclusion, and a network monitoring is inevitable to prevent any trouble. It is equally important, however, to know the current network topology to quickly identify the cause of trouble, for example. Therefore, the functional analysis should be combined with condition monitoring. It applies in particular to PROFINET the use of which being on the increase.


PROFINET is increasingly becoming the communication standard for industrial Ethernet applications. The advantages are obvious: starting with the fact that all network structures such as ring, star, line or network can be implemented, through to lesser electromagnetic susceptibility due to point-to-point connection, PROFINET convinces as an open, manufacturer-independent, internationally standardized bus standard and meets growing acceptance by users. It is considered the ideal complement to PC-based automation systems and provides for a simple, vertical integration from the field level to the corporate level. Network communication experts warn, however, not to be too unsuspecting when dealing with this issue, and there are good reasons for it Bus systems are the "main arteries" of automation. But their reliability is challenged rarely only and one should know from experience with PROFIBUS reminds Karl-Heinz Richter Managing Director for Sales & Marketing of Indu-Sol GmbH. "Experience has showed that the pure network function is not enough to assess the quality of communication." It equally applies to PROFINET. But operators do not yet see themselves forced to do anything because of a current lack of negative experience. The operative word is "current", and it will certainly be a question of time only until suitable diagnostic tools will gain acceptance.

Learning from the IT sector
"Quite a few people will have to get their fingers burnt on the proverbial hotplate before they feel affected by the issue", Richter regrets to say."Learning it the hard way is indeed unnecessary since measurable network state variables for PROFINET have meanwhile emerged from our measuring practice that could well become generally accepted quality criteria in PROFINET communication." Such criteria include, for example, the telegram jitter, bus load and load ratio, e.g. the ratio of PROFINET to TCP/IP. On the other hand another approach to communication control is equally important that is closely related to the functioning of the industrial Ethernet and advantages and disadvantages associated with it.
Unlike PROFIBUS the PROFINET principally permits a worldwide remote access which has advantages but also entails risks unfortunately. Therefore it should be the basic requirement for the purpose of security to know the network, i.e. who had access to the network and when, where and why and possibly interfered with the communication or caused a problem by it. The security mentality that has established in the office world should also serve as a rule in the automation sector. It is really worthwhile to learn from the IT sector in this respect. In every PFOFINET assembly it should be possible to definitely answer the question of which IP address was active at a certain point in time.

Knowing the current network topology
As a precondition it requires a current topology plan not only showing the IP addresses but also the current port assignments, device names and software and hardware statuses. It means that the network should be scanned at regular intervals. In the automotive sector this kind of approach has attracted wide interest. Indu-Sol's PROmanage software is an efficient tool for this analysis describing the system that has been designed as a central software including database to control the entire Ethernet data traffic. Possible uses are manifold.
PROscan, for example, an independent module of this network management software can also be used as "lean" tool without databases and is suitable to automatically create easy-to-survey network topologies. The constantly increasing Ethernet interconnectedness in the industrial environment has made it an indispensable means for setup and start-up. "Growing interest has been shown by the network administration, service and maintenance sectors", said Richter. "Whatever the manufacturer and the device type of the components used are, it is possible to identify and graphically represent the network structures and show the existing routes. The current topology can be printed out attached inside the switchgear cubicle door, for example. A great number of our customers, especially from the automotive sector, like this possibility very much."

Looking to the remotest corner
In this respect PROscan is by far more versatile than the usual engineering tools: Once installed on the operating panel of a machine it scans all components down to the lowest level. Irrespective of the manufacturer and the device type of the network components used, such as switches, hubs, PC, printer or any other controller in the network, the network scan is started by entering an IP address range. Thus, it is possible to reliably identify the real wiring structures indicating the current IP address, port assignment, device properties, hardware and software statuses, and every change of network connections and components. The data obtained are graphically represented by an internet browser on a web-based surface. No other software needs to be installed to visualize the network data.

Unlike engineering tools the mapping software is manufacturer-independent, i.e. it operates beyond hardware borders. The advantage is illustrated by a concrete example: Different car models are handled on a welding line. To this end the robots must be provided with different welding tongs. It is no problem for the mapping software to identify all modules and their IP addresses at the push of a button from the operating panel. A manufacturer-dependent engineering tool has often no such function.

Knowing the neighbours
The only prerequisite for this look into the remotest corner of the machine is an LLDP functionality of the individual components which is increasingly available today. "The manufacturer-independent Link Layer Discovery Protocol is a Layer-2 protocol through which information can be exchanged between neighbouring devices," explains Richter. "Every device supporting the LLDP incorporates a small software component called LLDP agent that periodically sends out information on itself and constantly receives information from neighbouring devices. It takes place completely independent of each other and therefore the LLDP is called "one-way protocol" that builds no communication with other devices." So, every component knows its current neighbour. Then, the mapping software merges this information in the topology plan. Due to the fact that the topology is scanned at regular intervals it is possible to have the current status of the time concerned indicated if an error occurs.

The knowledge of the communication network can thus be easily improved and at least the security concept implemented in automation. Eventually PROFINET operators will have not choice but using the function monitoring as addressed above to know the current network quality and avoid trouble in advance to the extent possible. For this purpose Indu-Sol has developed the PROFInet-INspektor. The diagnostic tool is a silent monitor in the Ethernet and PROFINET networks that creates a precise snapshot of events, e.g. utilization, speed, data throughput, telegram jitter, repeat telegrams, error telegrams, device diagnoses and device failures.

Finally Richter stated: "Indu-Sol is in no case a PROFINET know-it-all or sceptic. Every day we spend much time to get systems running and make them meet the requirements of the operators at high quality. As soon as we identify weaknesses or potentials for improvement we disclose our empirical values and discuss the same. The very good relations based on partnership and the open-minded and sometimes controversial discussions with device manufacturers and maintenance people of plant operators have been a recipe for the company's success story of ten years."

Graduated in political sciences and international relations in Paris, Anis joined the team in early 2019. Editor for IEN Europe and the new digital magazine AI IEN, he is a new tech enthusiast. Also passionate about sports, music, cultures and languages. 

More articles Contact