SlideShare ist ein Scribd-Unternehmen logo

Build Resilient Networks with Hardware Redundancy, Microsegmentation & Configuration Backups

Als PPTX, PDF herunterladen
Westermo Network Technologies
Westermo Network Technologies

Best practices on how to build resilient networks

Software
1 von 22
Building Resilient Networks November
Agenda  Introductions  Who is Westermo  Defining Network Resiliency  Hardware Redundancy  Microsegmentation  Configuration Backups
3 Introductions Dakota Diehl Network Application Engineer dakota.diehl@westermo.us 847.453.3899 Benjamin Campbell Technical Support Engineer benjamin.campbell@westermo.us 847.453.3896
4 Westermo Group 2020  Founded in 1975  Industry leading software and hardware development force  Own production in Sweden with state of the art process control  Own sales and support units in 12 key countries, distribution partners in many others
How To Build a Resilient Network
6  Resilience in computer networks is the “ability to provide and maintain an acceptable level of service in the face of faults and challenges to normal operation.”  This is a very wide definition, as it covers everything from packet loss to complete failure of a node or link.  Also includes the ability to defend against and respond to cybersecurity attacks, whether malicious or unintended misconfigurations.  The more resilient a network is, the more tolerant it is to faults or errors across the network and can maintain uptime.  Because of the wide definition, there are also a multitude of ways to improve your network’s resilience. Resiliency – What is it?
Hardware Redundancy
8  One of the most straightforward ways to improve resiliency is to add redundancy  If one node or link suffers a catastrophic failure, redundant connections keep the network running without impacting performance.  Unfortunately, not as simple as just dropping in another switch to the network!  Layer 2 protocols such as FRNT or RSTP manage ring topologies, adding extra paths to nodes without causing debilitating Broadcast Storms.  Layer 3 protocols such as OSPF and VRRP can automatically designate a route between networks and failover in the event of broken links. Hardware Redundancy
9  Built in functions to avoid uncontrolled broadcast storms.  Link integrity control.  Non-FRNT ports are not allowed to communicate with FRNT ports.  Default FRNT alarm signaling via SNMP, LED, Digital-Out and Syslog.  Very fast fail-over of Multicast traffic, no need to wait for IGMP timeouts.  Supports different medias fiber optic, copper and SHDSL, although fiber optic links allows for best fail- over performance.  Extremely fast convergence time of 20ms means little impact to network in the event of a link failure. This translates to high resilience! Layer 2 Redundancy FRNT
10 Layer 2 Redundancy: FRNT Ring Coupling FRNT Master Ring FRNT Sub Ring FRNT Sub Ring FRNT Sub Ring
11 Layer 2 Redundancy: FRNT Ring Coupling X X X FRNT Master Ring FRNT Sub Ring FRNT Sub Ring
12  Within the Network Layer, there are many options to add resiliency to a network:  RIP  OSPF  VRRP  RIP and OSPF are what are called “Dynamic Routing Protocols” which can automatically determine best paths between networks, for automatic convergence in the event of a network outage.  VRRP or “Virtual Router Redundancy Protocol” will automatically designate a router as a default gateway, with multiple routers configured as backups. Layer 3 Resiliency: Routing Protocols
13 Routing Protocols create resiliency on L3, between L2 Networks Dynamic Routing Protocols FRNT VRRP VRRP VRRP FRNT FRNT OSPF OSPF OSPFOSPF
14 Combining Layer 2 and Layer 3 resilience functionality allows for extremly high availablity. FRNT Super Ring FRNT Sub Ring FRNT Sub Ring RiCo Node RiCo Node RiCo Node RiCo Node CORE-Network X X X Link Failure FRNT Ring Failover Link Failure Ring Coupling Failover X X Link Failure FRNT Ring Failover Link Failure Ring Coupling Failover FRNT Ring Failover Distribution Layer, Rack/Control rooms Layer 3 Layer 2 XOSPF Failover OSPF Routing Protocol
Microsegmentation
16 Hybrid L2/L3 Network L2 ring topology 20-30ms re-convergence time L3 routing and FW at each node creates a Zone X Dynamic routing protocol (OSPF) used to advertise location of subnets only, not used for re-convergence
17 Efficient Routing to Minimize Network Delay Network backbone Router firewall Router firewall Router firewall Messages are only ever routed twice • Once into the backbone • Second time when leaving backbone • Messages pass though the FW when entering and leaving the network backbone
18 Multiple Zones Backbone Fibre ZONE 1 10.10.10.0/28 ZONE 2 10.20.20.0/28 Traffic cannot pass between zones unless it is allowed to do so XObject controller /smart IO
19 Maintainer’s Sandbox Connection Backbone Fibre ZONE 1 10.10.10.0/28 ZONE 2 10.20.20.0/28 Traffic cannot pass between zones unless it is allowed to do so XObject controller /smart IO ZONE 3 192.20.20.0/28 Maintainers sandbox entry point, access to network is FW, if 802.1x configured only valid users/machines can join the network
Configuration Backups
21 Getting Control of the Assets  Using common UN and PW are an open door to cyber actors  Maintainers leave taking the common credentials with them  Almost impossible to change UN and PW across a large user population  Maintaining a large user DB on each device is equally difficult  Solution is to use RADIUS or TACACS+ User Authentication  Effort required initially, much tighter control and lower ownership cost long- term Authentication server
22

Empfohlen

Webinar how to prepare for the sunset of 2G and 3G cellular communications
Webinar how to prepare for the sunset of 2G and 3G cellular communicationsWebinar how to prepare for the sunset of 2G and 3G cellular communications
Webinar how to prepare for the sunset of 2G and 3G cellular communicationsWestermo Network Technologies
 
Westermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet NetworkingWestermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet NetworkingWestermo Network Technologies
 
How to secure your industrial network using segmentation and segregation
How to secure your industrial network using segmentation and segregationHow to secure your industrial network using segmentation and segregation
How to secure your industrial network using segmentation and segregationWestermo Network Technologies
 
Computer Networking Solutions for Energy Systems
Computer Networking Solutions for Energy SystemsComputer Networking Solutions for Energy Systems
Computer Networking Solutions for Energy SystemsWestermo Network Technologies
 
Westermo solutions for onboard rail networks
Westermo solutions for onboard rail networksWestermo solutions for onboard rail networks
Westermo solutions for onboard rail networksWestermo Network Technologies
 
The Basics of Industrial Ethernet Communications
The Basics of Industrial Ethernet CommunicationsThe Basics of Industrial Ethernet Communications
The Basics of Industrial Ethernet CommunicationsWestermo Network Technologies
 
Westermo solutions for trackside networks
Westermo solutions for trackside networksWestermo solutions for trackside networks
Westermo solutions for trackside networksWestermo Network Technologies
 
How to migrate legacy serial devices to IP broadband
How to migrate legacy serial devices to IP broadbandHow to migrate legacy serial devices to IP broadband
How to migrate legacy serial devices to IP broadbandWestermo Network Technologies
 

Empfohlen

Webinar how to prepare for the sunset of 2G and 3G cellular communications
Webinar how to prepare for the sunset of 2G and 3G cellular communicationsWebinar how to prepare for the sunset of 2G and 3G cellular communications
Webinar how to prepare for the sunset of 2G and 3G cellular communicationsWestermo Network Technologies
 
Westermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet NetworkingWestermo webinar: Learning the Basics of Ethernet Networking
Westermo webinar: Learning the Basics of Ethernet NetworkingWestermo Network Technologies
 
How to secure your industrial network using segmentation and segregation
How to secure your industrial network using segmentation and segregationHow to secure your industrial network using segmentation and segregation
How to secure your industrial network using segmentation and segregationWestermo Network Technologies
 
Computer Networking Solutions for Energy Systems
Computer Networking Solutions for Energy SystemsComputer Networking Solutions for Energy Systems
Computer Networking Solutions for Energy SystemsWestermo Network Technologies
 
Westermo solutions for onboard rail networks
Westermo solutions for onboard rail networksWestermo solutions for onboard rail networks
Westermo solutions for onboard rail networksWestermo Network Technologies
 
The Basics of Industrial Ethernet Communications
The Basics of Industrial Ethernet CommunicationsThe Basics of Industrial Ethernet Communications
The Basics of Industrial Ethernet CommunicationsWestermo Network Technologies
 
Westermo solutions for trackside networks
Westermo solutions for trackside networksWestermo solutions for trackside networks
Westermo solutions for trackside networksWestermo Network Technologies
 
How to migrate legacy serial devices to IP broadband
How to migrate legacy serial devices to IP broadbandHow to migrate legacy serial devices to IP broadband
How to migrate legacy serial devices to IP broadbandWestermo Network Technologies
 
Introducing the next generation industrial switch platform
Introducing the next generation industrial switch platformIntroducing the next generation industrial switch platform
Introducing the next generation industrial switch platformWestermo Network Technologies
 
4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial CybersecurityWestermo Network Technologies
 
SELTA Access Network Portfolio
SELTA Access Network PortfolioSELTA Access Network Portfolio
SELTA Access Network PortfolioSELTA
 
Profibus commissioning and maintenance - Richard Needham
Profibus commissioning and maintenance - Richard NeedhamProfibus commissioning and maintenance - Richard Needham
Profibus commissioning and maintenance - Richard NeedhamPROFIBUS and PROFINET InternationaI - PI UK
 
Ap8163 datasheet
Ap8163 datasheetAp8163 datasheet
Ap8163 datasheetAdvantec Distribution
 
SIS_LineCard_2016
SIS_LineCard_2016SIS_LineCard_2016
SIS_LineCard_2016Melanie Miller
 
ComNet NWK3 Data Sheet
ComNet NWK3 Data SheetComNet NWK3 Data Sheet
ComNet NWK3 Data SheetJMAC Supply
 
Copper cables an alternative to fibre - Extending Industrial Ethernet
Copper cables an alternative to fibre - Extending Industrial EthernetCopper cables an alternative to fibre - Extending Industrial Ethernet
Copper cables an alternative to fibre - Extending Industrial EthernetWestermo Network Technologies
 
PI UK Seminar (Nov 2021) - PROFINET Implementation and Testing
PI UK Seminar (Nov 2021) - PROFINET Implementation and TestingPI UK Seminar (Nov 2021) - PROFINET Implementation and Testing
PI UK Seminar (Nov 2021) - PROFINET Implementation and TestingPROFIBUS and PROFINET InternationaI - PI UK
 
Siemens & TPP Collaboration
Siemens & TPP CollaborationSiemens & TPP Collaboration
Siemens & TPP Collaborationtelemetria
 
ZTE Intelligent Campus Network Solution
ZTE Intelligent Campus Network SolutionZTE Intelligent Campus Network Solution
ZTE Intelligent Campus Network SolutionZTE Enterprise
 
Zte channel marketing product reference guide 201505(read version)
Zte channel marketing product reference guide 201505(read version)Zte channel marketing product reference guide 201505(read version)
Zte channel marketing product reference guide 201505(read version)逸云 张
 
PROFINET network diagnostics and support - May 2020 - Peter Thomas
PROFINET network diagnostics and support - May 2020 - Peter ThomasPROFINET network diagnostics and support - May 2020 - Peter Thomas
PROFINET network diagnostics and support - May 2020 - Peter ThomasPROFIBUS and PROFINET InternationaI - PI UK
 
Jio practical training
Jio practical training Jio practical training
Jio practical training Rasid Khan
 
PI UK Seminar (Nov 2021) - Update on APL
PI UK Seminar (Nov 2021) - Update on APLPI UK Seminar (Nov 2021) - Update on APL
PI UK Seminar (Nov 2021) - Update on APLPROFIBUS and PROFINET InternationaI - PI UK
 
RUGGEDCOM WIN5100 wimax
RUGGEDCOM WIN5100 wimaxRUGGEDCOM WIN5100 wimax
RUGGEDCOM WIN5100 wimaxashwini reliserv
 
Ap 6511 ss_0610
Ap 6511 ss_0610Ap 6511 ss_0610
Ap 6511 ss_0610Advantec Distribution
 
Profinet implementation and testing - Dave Tomlin and Xing Ye
Profinet implementation and testing - Dave Tomlin and Xing YeProfinet implementation and testing - Dave Tomlin and Xing Ye
Profinet implementation and testing - Dave Tomlin and Xing YePROFIBUS and PROFINET InternationaI - PI UK
 
Wifi wimax
Wifi wimaxWifi wimax
Wifi wimaxvarun1929
 
Chapter 14 : vlan
Chapter 14 : vlanChapter 14 : vlan
Chapter 14 : vlanteknetir
 
Comparative Study of Lora & Sigfox
Comparative Study of Lora & SigfoxComparative Study of Lora & Sigfox
Comparative Study of Lora & SigfoxKeshav
 
Www ccnav5 net_ccna_1_chapter_4_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_4_v5_0_exam_answers_2014Www ccnav5 net_ccna_1_chapter_4_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_4_v5_0_exam_answers_2014Đồng Quốc Vương
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introducing the next generation industrial switch platform
Introducing the next generation industrial switch platformIntroducing the next generation industrial switch platform
Introducing the next generation industrial switch platformWestermo Network Technologies
 
SELTA Access Network Portfolio
SELTA Access Network PortfolioSELTA Access Network Portfolio
SELTA Access Network PortfolioSELTA
 
ComNet NWK3 Data Sheet
ComNet NWK3 Data SheetComNet NWK3 Data Sheet
ComNet NWK3 Data SheetJMAC Supply
 
Copper cables an alternative to fibre - Extending Industrial Ethernet
Copper cables an alternative to fibre - Extending Industrial EthernetCopper cables an alternative to fibre - Extending Industrial Ethernet
Copper cables an alternative to fibre - Extending Industrial EthernetWestermo Network Technologies
 
Siemens & TPP Collaboration
Siemens & TPP CollaborationSiemens & TPP Collaboration
Siemens & TPP Collaborationtelemetria
 
ZTE Intelligent Campus Network Solution
ZTE Intelligent Campus Network SolutionZTE Intelligent Campus Network Solution
ZTE Intelligent Campus Network SolutionZTE Enterprise
 
Zte channel marketing product reference guide 201505(read version)
Zte channel marketing product reference guide 201505(read version)Zte channel marketing product reference guide 201505(read version)
Zte channel marketing product reference guide 201505(read version)逸云 张
 
Jio practical training
Jio practical training Jio practical training
Jio practical training Rasid Khan
 
Chapter 14 : vlan
Chapter 14 : vlanChapter 14 : vlan
Chapter 14 : vlanteknetir
 

Was ist angesagt? (20)

Introducing the next generation industrial switch platform
Introducing the next generation industrial switch platformIntroducing the next generation industrial switch platform
Introducing the next generation industrial switch platform
 
4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity4 Easy Steps for Increased Industrial Cybersecurity
4 Easy Steps for Increased Industrial Cybersecurity
 
SELTA Access Network Portfolio
SELTA Access Network PortfolioSELTA Access Network Portfolio
SELTA Access Network Portfolio
 
Profibus commissioning and maintenance - Richard Needham
Profibus commissioning and maintenance - Richard NeedhamProfibus commissioning and maintenance - Richard Needham
Profibus commissioning and maintenance - Richard Needham
 
Ap8163 datasheet
Ap8163 datasheetAp8163 datasheet
Ap8163 datasheet
 
SIS_LineCard_2016
SIS_LineCard_2016SIS_LineCard_2016
SIS_LineCard_2016
 
ComNet NWK3 Data Sheet
ComNet NWK3 Data SheetComNet NWK3 Data Sheet
ComNet NWK3 Data Sheet
 
Copper cables an alternative to fibre - Extending Industrial Ethernet
Copper cables an alternative to fibre - Extending Industrial EthernetCopper cables an alternative to fibre - Extending Industrial Ethernet
Copper cables an alternative to fibre - Extending Industrial Ethernet
 
PI UK Seminar (Nov 2021) - PROFINET Implementation and Testing
PI UK Seminar (Nov 2021) - PROFINET Implementation and TestingPI UK Seminar (Nov 2021) - PROFINET Implementation and Testing
PI UK Seminar (Nov 2021) - PROFINET Implementation and Testing
 
Siemens & TPP Collaboration
Siemens & TPP CollaborationSiemens & TPP Collaboration
Siemens & TPP Collaboration
 
ZTE Intelligent Campus Network Solution
ZTE Intelligent Campus Network SolutionZTE Intelligent Campus Network Solution
ZTE Intelligent Campus Network Solution
 
Zte channel marketing product reference guide 201505(read version)
Zte channel marketing product reference guide 201505(read version)Zte channel marketing product reference guide 201505(read version)
Zte channel marketing product reference guide 201505(read version)
 
PROFINET network diagnostics and support - May 2020 - Peter Thomas
PROFINET network diagnostics and support - May 2020 - Peter ThomasPROFINET network diagnostics and support - May 2020 - Peter Thomas
PROFINET network diagnostics and support - May 2020 - Peter Thomas
 
Jio practical training
Jio practical training Jio practical training
Jio practical training
 
PI UK Seminar (Nov 2021) - Update on APL
PI UK Seminar (Nov 2021) - Update on APLPI UK Seminar (Nov 2021) - Update on APL
PI UK Seminar (Nov 2021) - Update on APL
 
RUGGEDCOM WIN5100 wimax
RUGGEDCOM WIN5100 wimaxRUGGEDCOM WIN5100 wimax
RUGGEDCOM WIN5100 wimax
 
Ap 6511 ss_0610
Ap 6511 ss_0610Ap 6511 ss_0610
Ap 6511 ss_0610
 
Profinet implementation and testing - Dave Tomlin and Xing Ye
Profinet implementation and testing - Dave Tomlin and Xing YeProfinet implementation and testing - Dave Tomlin and Xing Ye
Profinet implementation and testing - Dave Tomlin and Xing Ye
 
Wifi wimax
Wifi wimaxWifi wimax
Wifi wimax
 
Chapter 14 : vlan
Chapter 14 : vlanChapter 14 : vlan
Chapter 14 : vlan
 

Ähnlich wie Build Resilient Networks with Hardware Redundancy, Microsegmentation & Configuration Backups

Comparative Study of Lora & Sigfox
Comparative Study of Lora & SigfoxComparative Study of Lora & Sigfox
Comparative Study of Lora & SigfoxKeshav
 
Www ccnav5 net_ccna_1_chapter_4_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_4_v5_0_exam_answers_2014Www ccnav5 net_ccna_1_chapter_4_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_4_v5_0_exam_answers_2014Đồng Quốc Vương
 
Broadcast Storm - The Root Causes And The Solutions - Whitepaper 2012
Broadcast Storm - The Root Causes And The Solutions - Whitepaper 2012Broadcast Storm - The Root Causes And The Solutions - Whitepaper 2012
Broadcast Storm - The Root Causes And The Solutions - Whitepaper 2012Jiunn-Jer Sun
 
Brk 135 t-ccna_switching
Brk 135 t-ccna_switchingBrk 135 t-ccna_switching
Brk 135 t-ccna_switchingparthasn83
 
Field mobile tetra flex fmt ver 1 0 highres
Field mobile tetra flex fmt ver 1 0 highresField mobile tetra flex fmt ver 1 0 highres
Field mobile tetra flex fmt ver 1 0 highresсергей пехов
 
Tendencias de Uso y Diseño de Redes de Interconexión en Computadores Paralel...
Tendencias de Uso y Diseño de Redes de Interconexión en Computadores Paralel...Tendencias de Uso y Diseño de Redes de Interconexión en Computadores Paralel...
Tendencias de Uso y Diseño de Redes de Interconexión en Computadores Paralel...Facultad de Informática UCM
 
Ccna 4 Chapter 1 V4.0 Answers
Ccna 4 Chapter 1 V4.0 AnswersCcna 4 Chapter 1 V4.0 Answers
Ccna 4 Chapter 1 V4.0 Answersccna4discovery
 
PLNOG 8: Emil Gągała - DATA CENTER FABRIC COOKBOOK
PLNOG 8: Emil Gągała - DATA CENTER FABRIC COOKBOOK PLNOG 8: Emil Gągała - DATA CENTER FABRIC COOKBOOK
PLNOG 8: Emil Gągała - DATA CENTER FABRIC COOKBOOK PROIDEA
 
Some important networking questions
Some important networking questionsSome important networking questions
Some important networking questionsSrikanth
 
Nwk assignment body copy
Nwk assignment body copyNwk assignment body copy
Nwk assignment body copyTonny Michael
 
Network Level Redundancy for Campus LAN
Network Level Redundancy for Campus LANNetwork Level Redundancy for Campus LAN
Network Level Redundancy for Campus LANijtsrd
 
Network interview questions
Network interview questionsNetwork interview questions
Network interview questionsrajasekar1712
 
14th rio wireless alberto boaventura oi v1.0
14th rio wireless alberto boaventura oi v1.014th rio wireless alberto boaventura oi v1.0
14th rio wireless alberto boaventura oi v1.0Alberto Boaventura
 

Ähnlich wie Build Resilient Networks with Hardware Redundancy, Microsegmentation & Configuration Backups (20)

Comparative Study of Lora & Sigfox
Comparative Study of Lora & SigfoxComparative Study of Lora & Sigfox
Comparative Study of Lora & Sigfox
 
Www ccnav5 net_ccna_1_chapter_4_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_4_v5_0_exam_answers_2014Www ccnav5 net_ccna_1_chapter_4_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_4_v5_0_exam_answers_2014
 
Broadcast Storm - The Root Causes And The Solutions - Whitepaper 2012
Broadcast Storm - The Root Causes And The Solutions - Whitepaper 2012Broadcast Storm - The Root Causes And The Solutions - Whitepaper 2012
Broadcast Storm - The Root Causes And The Solutions - Whitepaper 2012
 
Brk 135 t-ccna_switching
Brk 135 t-ccna_switchingBrk 135 t-ccna_switching
Brk 135 t-ccna_switching
 
Designing 5G NR (New Radio)
Designing 5G NR (New Radio)Designing 5G NR (New Radio)
Designing 5G NR (New Radio)
 
5G network architecture progress
5G network architecture progress5G network architecture progress
5G network architecture progress
 
Field mobile tetra flex fmt ver 1 0 highres
Field mobile tetra flex fmt ver 1 0 highresField mobile tetra flex fmt ver 1 0 highres
Field mobile tetra flex fmt ver 1 0 highres
 
UNIT III- 1.RPL.pptx
UNIT III- 1.RPL.pptxUNIT III- 1.RPL.pptx
UNIT III- 1.RPL.pptx
 
Allied Telesis IE510-28GSX
Allied Telesis IE510-28GSXAllied Telesis IE510-28GSX
Allied Telesis IE510-28GSX
 
Tendencias de Uso y Diseño de Redes de Interconexión en Computadores Paralel...
Tendencias de Uso y Diseño de Redes de Interconexión en Computadores Paralel...Tendencias de Uso y Diseño de Redes de Interconexión en Computadores Paralel...
Tendencias de Uso y Diseño de Redes de Interconexión en Computadores Paralel...
 
Ccna 4 Chapter 1 V4.0 Answers
Ccna 4 Chapter 1 V4.0 AnswersCcna 4 Chapter 1 V4.0 Answers
Ccna 4 Chapter 1 V4.0 Answers
 
IoT_standards
IoT_standardsIoT_standards
IoT_standards
 
PLNOG 8: Emil Gągała - DATA CENTER FABRIC COOKBOOK
PLNOG 8: Emil Gągała - DATA CENTER FABRIC COOKBOOK PLNOG 8: Emil Gągała - DATA CENTER FABRIC COOKBOOK
PLNOG 8: Emil Gągała - DATA CENTER FABRIC COOKBOOK
 
Some important networking questions
Some important networking questionsSome important networking questions
Some important networking questions
 
wp233
wp233wp233
wp233
 
Nwk assignment body copy
Nwk assignment body copyNwk assignment body copy
Nwk assignment body copy
 
Network Level Redundancy for Campus LAN
Network Level Redundancy for Campus LANNetwork Level Redundancy for Campus LAN
Network Level Redundancy for Campus LAN
 
dan-web5g.pptx
dan-web5g.pptxdan-web5g.pptx
dan-web5g.pptx
 
Network interview questions
Network interview questionsNetwork interview questions
Network interview questions
 
14th rio wireless alberto boaventura oi v1.0
14th rio wireless alberto boaventura oi v1.014th rio wireless alberto boaventura oi v1.0
14th rio wireless alberto boaventura oi v1.0
 

Mehr von Westermo Network Technologies

450 MHz – Das neue Medium in OT-Netzwerken der Energiewirtschaft
450 MHz – Das neue Medium in OT-Netzwerken der Energiewirtschaft450 MHz – Das neue Medium in OT-Netzwerken der Energiewirtschaft
450 MHz – Das neue Medium in OT-Netzwerken der EnergiewirtschaftWestermo Network Technologies
 

Mehr von Westermo Network Technologies (20)

Westermo Technologie Webinar WeOS4 und WeOS5
Westermo Technologie Webinar WeOS4 und WeOS5Westermo Technologie Webinar WeOS4 und WeOS5
Westermo Technologie Webinar WeOS4 und WeOS5
 
Westermo Webinar - Geroutete Redundanzen
Westermo Webinar - Geroutete RedundanzenWestermo Webinar - Geroutete Redundanzen
Westermo Webinar - Geroutete Redundanzen
 
Webinar - WeOS 4.33.0 und WeConfig 1.19.0.pdf
Webinar - WeOS 4.33.0 und WeConfig 1.19.0.pdfWebinar - WeOS 4.33.0 und WeConfig 1.19.0.pdf
Webinar - WeOS 4.33.0 und WeConfig 1.19.0.pdf
 
Webinar WeConfig - State of the Art NCM
Webinar WeConfig - State of the Art NCMWebinar WeConfig - State of the Art NCM
Webinar WeConfig - State of the Art NCM
 
Webinar Serial-over-IP
Webinar Serial-over-IPWebinar Serial-over-IP
Webinar Serial-over-IP
 
Webinar - Protokollkonvertierung
Webinar - ProtokollkonvertierungWebinar - Protokollkonvertierung
Webinar - Protokollkonvertierung
 
OpenWRT - Überblick
OpenWRT - ÜberblickOpenWRT - Überblick
OpenWRT - Überblick
 
DHCP
DHCPDHCP
DHCP
 
Switchkonfiguration
SwitchkonfigurationSwitchkonfiguration
Switchkonfiguration
 
PoE & Lösungen.pdf
PoE & Lösungen.pdfPoE & Lösungen.pdf
PoE & Lösungen.pdf
 
VPN&Verschlüsselung
VPN&VerschlüsselungVPN&Verschlüsselung
VPN&Verschlüsselung
 
Mobilfunkanbindungen
MobilfunkanbindungenMobilfunkanbindungen
Mobilfunkanbindungen
 
450 MHz – Das neue Medium in OT-Netzwerken der Energiewirtschaft
450 MHz – Das neue Medium in OT-Netzwerken der Energiewirtschaft450 MHz – Das neue Medium in OT-Netzwerken der Energiewirtschaft
450 MHz – Das neue Medium in OT-Netzwerken der Energiewirtschaft
 
Netzwerkmonitoring.pdf
Netzwerkmonitoring.pdfNetzwerkmonitoring.pdf
Netzwerkmonitoring.pdf
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdf
 
WeOS 4.32.0 und WeConfig 1.15.pdf
WeOS 4.32.0 und WeConfig 1.15.pdfWeOS 4.32.0 und WeConfig 1.15.pdf
WeOS 4.32.0 und WeConfig 1.15.pdf
 
WLAN
WLANWLAN
WLAN
 
Merlin - Die neue Mobilfunkrouterserie
Merlin - Die neue MobilfunkrouterserieMerlin - Die neue Mobilfunkrouterserie
Merlin - Die neue Mobilfunkrouterserie
 
We os 4.31.0 und weconfig 1.14.0
We os 4.31.0 und weconfig 1.14.0We os 4.31.0 und weconfig 1.14.0
We os 4.31.0 und weconfig 1.14.0
 
Layer 2 Redundanzen
Layer 2 RedundanzenLayer 2 Redundanzen
Layer 2 Redundanzen
 

Kürzlich hochgeladen

Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfkalichargn70th171
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxRTS corp
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Lecture # 8 software design and architecture (SDA).ppt
Lecture # 8 software design and architecture (SDA).pptLecture # 8 software design and architecture (SDA).ppt
Lecture # 8 software design and architecture (SDA).pptesrabilgic2
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecturerahul_net
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Rob Geurden
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxAndreas Kunz
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLionel Briand
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 

Kürzlich hochgeladen (20)

Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Lecture # 8 software design and architecture (SDA).ppt
Lecture # 8 software design and architecture (SDA).pptLecture # 8 software design and architecture (SDA).ppt
Lecture # 8 software design and architecture (SDA).ppt
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecture
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 

Build Resilient Networks with Hardware Redundancy, Microsegmentation & Configuration Backups

  • 2. Agenda  Introductions  Who is Westermo  Defining Network Resiliency  Hardware Redundancy  Microsegmentation  Configuration Backups
  • 3. 3 Introductions Dakota Diehl Network Application Engineer dakota.diehl@westermo.us 847.453.3899 Benjamin Campbell Technical Support Engineer benjamin.campbell@westermo.us 847.453.3896
  • 4. 4 Westermo Group 2020  Founded in 1975  Industry leading software and hardware development force  Own production in Sweden with state of the art process control  Own sales and support units in 12 key countries, distribution partners in many others
  • 5. How To Build a Resilient Network
  • 6. 6  Resilience in computer networks is the “ability to provide and maintain an acceptable level of service in the face of faults and challenges to normal operation.”  This is a very wide definition, as it covers everything from packet loss to complete failure of a node or link.  Also includes the ability to defend against and respond to cybersecurity attacks, whether malicious or unintended misconfigurations.  The more resilient a network is, the more tolerant it is to faults or errors across the network and can maintain uptime.  Because of the wide definition, there are also a multitude of ways to improve your network’s resilience. Resiliency – What is it?
  • 8. 8  One of the most straightforward ways to improve resiliency is to add redundancy  If one node or link suffers a catastrophic failure, redundant connections keep the network running without impacting performance.  Unfortunately, not as simple as just dropping in another switch to the network!  Layer 2 protocols such as FRNT or RSTP manage ring topologies, adding extra paths to nodes without causing debilitating Broadcast Storms.  Layer 3 protocols such as OSPF and VRRP can automatically designate a route between networks and failover in the event of broken links. Hardware Redundancy
  • 9. 9  Built in functions to avoid uncontrolled broadcast storms.  Link integrity control.  Non-FRNT ports are not allowed to communicate with FRNT ports.  Default FRNT alarm signaling via SNMP, LED, Digital-Out and Syslog.  Very fast fail-over of Multicast traffic, no need to wait for IGMP timeouts.  Supports different medias fiber optic, copper and SHDSL, although fiber optic links allows for best fail- over performance.  Extremely fast convergence time of 20ms means little impact to network in the event of a link failure. This translates to high resilience! Layer 2 Redundancy FRNT
  • 10. 10 Layer 2 Redundancy: FRNT Ring Coupling FRNT Master Ring FRNT Sub Ring FRNT Sub Ring FRNT Sub Ring
  • 11. 11 Layer 2 Redundancy: FRNT Ring Coupling X X X FRNT Master Ring FRNT Sub Ring FRNT Sub Ring
  • 12. 12  Within the Network Layer, there are many options to add resiliency to a network:  RIP  OSPF  VRRP  RIP and OSPF are what are called “Dynamic Routing Protocols” which can automatically determine best paths between networks, for automatic convergence in the event of a network outage.  VRRP or “Virtual Router Redundancy Protocol” will automatically designate a router as a default gateway, with multiple routers configured as backups. Layer 3 Resiliency: Routing Protocols
  • 13. 13 Routing Protocols create resiliency on L3, between L2 Networks Dynamic Routing Protocols FRNT VRRP VRRP VRRP FRNT FRNT OSPF OSPF OSPFOSPF
  • 14. 14 Combining Layer 2 and Layer 3 resilience functionality allows for extremly high availablity. FRNT Super Ring FRNT Sub Ring FRNT Sub Ring RiCo Node RiCo Node RiCo Node RiCo Node CORE-Network X X X Link Failure FRNT Ring Failover Link Failure Ring Coupling Failover X X Link Failure FRNT Ring Failover Link Failure Ring Coupling Failover FRNT Ring Failover Distribution Layer, Rack/Control rooms Layer 3 Layer 2 XOSPF Failover OSPF Routing Protocol
  • 16. 16 Hybrid L2/L3 Network L2 ring topology 20-30ms re-convergence time L3 routing and FW at each node creates a Zone X Dynamic routing protocol (OSPF) used to advertise location of subnets only, not used for re-convergence
  • 17. 17 Efficient Routing to Minimize Network Delay Network backbone Router firewall Router firewall Router firewall Messages are only ever routed twice • Once into the backbone • Second time when leaving backbone • Messages pass though the FW when entering and leaving the network backbone
  • 18. 18 Multiple Zones Backbone Fibre ZONE 1 10.10.10.0/28 ZONE 2 10.20.20.0/28 Traffic cannot pass between zones unless it is allowed to do so XObject controller /smart IO
  • 19. 19 Maintainer’s Sandbox Connection Backbone Fibre ZONE 1 10.10.10.0/28 ZONE 2 10.20.20.0/28 Traffic cannot pass between zones unless it is allowed to do so XObject controller /smart IO ZONE 3 192.20.20.0/28 Maintainers sandbox entry point, access to network is FW, if 802.1x configured only valid users/machines can join the network
  • 21. 21 Getting Control of the Assets  Using common UN and PW are an open door to cyber actors  Maintainers leave taking the common credentials with them  Almost impossible to change UN and PW across a large user population  Maintaining a large user DB on each device is equally difficult  Solution is to use RADIUS or TACACS+ User Authentication  Effort required initially, much tighter control and lower ownership cost long- term Authentication server
  • 22. 22