Page 61 - 108
P. 61
IT Networks OT Networks
Frequent network topology changes Purpose-engineered networks
Plug-and-play connections Deny-by-default security
Unhampered connectivity Allowlisted fl ows
Rapid STP for backup paths Predefi ned failover paths
Intermittent services with short lifetimes Constant services with long lifetimes
of this technology, it can open the door for multiple is considered as a part of a control plane), while
attack techniques. the data plane is where the packets are forwarded.
Moreover, even if redundancy was not considered SDN is all about separating the two planes and
in the initial design of Ethernet networks, several enabling network control to become programma-
standardized variations of the Spanning Tree Pro- ble and centralized with the underlying network
tocol (STP) have been published to allow ring-ba- elements abstracted from the applications and ser-
sed topology. A ring is the easiest way to make an vices.
alternative path available, but the Ethernet imple-
mentation has some constraints that limit perfor- The separation allows a single software known as
mance. The Ethernet switch must enable or disable Flow Controller to manage multiple data-plane ele-
physical links to avoid broadcast storms, and this ments. Flow Controller can directly instruct data-
process requires time to calculate and activate a plane elements (i.e., routers, switches, and other
new logical topology (convergence time) in case of middleboxes) using a standardized and well-defi -
a network event (i.e., a loss of a link). The perfor- ned application programming interface (API), such
mance of any variant of STP in an OT network is as OpenFlow.
unacceptable for protocols, such as IEC 61850-
9-2 or GOOSE messages, when used for critical
interlocking or intertrip operation.
The following table compares characteristics of IT
and OT networks.
Addressing cybersecurity
ad reliability with SDN
Both cybersecurity and performance concerns can
be addressed by an emerging paradigm known as
SDN, which relies on the separation of the control
plane from the data plane. The control plane is the
part of a network that controls how data packets
are forwarded—meaning how data are sent from
one place to another (i.e., creating a routing table
Impiantistica Italiana - Novembre-Dicembre 2023 57