ODVA’s annual Hannover Messe press conference highlighted new technologies that extend EtherNet/IP and CIP Security to “resource-constrained” devices. Thanks to advance in 2-wire Ethernet, devices that were too small or too inexpensive for a network chip can now join the EtherNet/IP network. There is an international movement to change traditional networking terminology, for example “master-slave”, that would be offensive to many. Here are the news releases.
ODVA announced that CIP Security has added support for resource constrained EtherNet/IP devices. CIP Security can now provide device authentication, a broad trust domain, device identity via Pre-Shared Keys (PSKs), device integrity, and data confidentiality for resource-constrained devices such as contactors and push-buttons. Additionally, a narrow trust domain, user authentication, and policy enforcement via a gateway or a proxy are available options.
The recent integration of single pair Ethernet has opened up the door to overcoming lower-level device constraints and ultimately to expanding the footprint of EtherNet/IP. Adding simpler devices to EtherNet/IP allows for the benefits of additional remote diagnostics, asset information, and parameterization capability. The addition of more nodes to the network within the context of IT/OT convergence makes device level security a fundamental need to ensure that indispensable assets and people are protected from physical harm and monetary loss.
The new CIP Security specification has added a Resource-Constrained CIP Security Profile in addition to the EtherNet/IP Confidentiality and the CIP User Authentication Profiles. The Resource-Constrained CIP Security Profile is similar to the EtherNet/IP Confidentiality Profile, but is streamlined for resource-constrained devices. The same basic security aspects of endpoint authentication, data confidentiality, and data authenticity remain. Access policy information is also included to allow a more capable device, such as a gateway, to be used as a proxy for user authentication and authorization of the resource constrained device.
Implementation of CIP Security for resource-constrained devices requires only DTLS (Datagram Transport Layer Security) support instead of DTLS and TLS (Transport Layer Security), as it is used only with low-overhead UDP communication.
ODVA announced that the April 2021 publication of the DeviceNet and ControlNet Specifications have replaced the usage of the words “master” and “slave” within ODVA references. Developers of devices for ODVA networks will now utilize the words “client and server” (EtherNet/IP, including the integration of Modbus devices), “controller and device” (DeviceNet), and “system time supervisor or active keeper” (ControlNet) to describe these functions. With the goal of eliminating terminology that is hurtful, these changes are the first in a series to update the entire library of ODVA specifications and documents to rectify the use of these terms.
EtherNet/IP for Resource-Constrained Devices
ODVA announced that The EtherNet/IP Specification has been enhanced to allow vendors to bring the network to resource-constrained devices in-cabinet, including push buttons and contactors. Cost, size, and power restrictions have historically limited the usage of EtherNet/IP at the edge, where many nodes are still hardwired. However, the continued decrease in the cost of semiconductor chips has enabled increased connectivity of simple devices, as evidenced by the rapid expansion of the Industrial Internet of Things (IIoT). The sustained, strong growth of EtherNet/IP combined with accelerating IT/OT convergence has made it possible to deploy EtherNet/IP within cabinets on lower-level automation devices such as contactors and push buttons.
The inclusion of resource-constrained devices within cabinets on an EtherNet/IP network is enabled by recently published enhancements to The EtherNet/IP Specification including the physical layer In-Cabinet Profile for EtherNet/IP along with low overhead UDP-only resource-constrained EtherNet/IP communication. Resource requirements have been reduced via enhancements such as an IT friendly LLDP node topology discovery mechanism, auto-commissioning support, and auto-device replacement support. Additionally, a specification for a new select line circuit facilitates the efficient delivery of system wide sequential commands.
The EtherNet/IP in-cabinet bus solution reduces interface components through use of single pair Ethernet (IEEE Std 802.3cg-2019 10BASE-T1S) and reduces node cost via multidrop cabling that spans a single cabinet with one interface per device and one switch port that supports many devices. Cost is further reduced via cables that use composite network and control power to eliminate separate parallel runs. The select line for topology eliminates configuration switches by enabling discovery based on relative position and allows for direct connection with programming tools during assembly for parameterization. Assembly time is lowered by eliminating most wire or cable preparation with insulation displacement (piercing) connectors. Nodes will also be able to be replaced with compatible nodes of the same type during normal system operation without any engineering tools in a plug and play manner.
This will be made possible through reduced hardware requirements enabled by UDP-only EtherNet/IP communication, usage of single pair Ethernet, and shared in-cabinet external power and cabling. Adding low-level in-panel devices to the network will enable the benefits of additional remote diagnostics, asset information and parameterization capability, automatic node topology discovery, and plug and play device replacement.