Profitap Blog

Recent Posts

Stay up to date


Return to Blog

Monitoring hub-based OT networks

In the rapidly evolving world of industrial automation and control systems, Operational Technology (OT) networks stand out for their unique characteristics and requirements. One of the most striking differences between OT and traditional IT networks is the continued prevalence of hub-based network architectures in many OT environments. This article explores the reasons behind this phenomenon, the benefits of using network TAPs in these environments, and how modern tools like IOTA's Modbus analysis engine are revolutionizing OT network monitoring.

The persistence of hub-based networks in OT

While most IT networks have long since transitioned to switched architectures, many OT networks continue to rely on hub-based topologies. This seemingly outdated approach persists for several compelling reasons:

 

  1. Simplicity and reliability: In industrial settings, simplicity often equates to reliability. Hubs are passive devices with no complex software or configuration requirements, making them less prone to failures that could disrupt critical processes.
  2. Deterministic behavior: Many industrial protocols, such as Modbus RTU over serial lines, were designed with deterministic timing in mind. Hub-based networks provide a predictable, collision-based environment that aligns well with these protocols' expectations.
  3. Legacy system compatibility: Industrial systems often have long lifecycles, sometimes spanning decades. Hub-based networks ensure compatibility with older devices and protocols that may not function correctly in a switched environment.
  4. Real-time performance: For certain time-critical applications, the predictable latency of a hub-based network can be preferable to the variable latency introduced by switches, especially in small, localized network segments.
  5. Ease of troubleshooting: In a hub environment, all devices see all traffic, which can simplify debugging and monitoring processes for technicians familiar with these systems.

The side-effects of using hub-based networks 

Although hub-based networks are still very common and actually more widespread than one might think coming from more IT-based traditional areas, it should be noted that there are also side-effects to using them:

  1. Only half-duplex: Hubs are by design half-duplex. The physical medium needs to be reserved for a single communicator in order to avoid collisions.
  2. 100MBit only: Due to the design, introducing a hub into a network automatically reduces the available bandwidth to 100MBit. For most process applications in OT, this is enough, though, as typical payload sizes are in a very low byte range, and frames often do not exceed the 64 MByte base length of the basic ethernet frame. 

Hub-vs-Switch-3

The power of TAPs in OT networks

While hub-based networks offer some advantages in OT environments, they also present challenges for modern network monitoring and security practices. This is where network Test Access Points (TAPs) become invaluable:

 

  1. Non-intrusive monitoring: TAPs allow for passive monitoring of network traffic without introducing any changes to the existing network infrastructure. This is crucial in OT environments where any modification could potentially disrupt critical processes.
  2. Complete visibility: Unlike SPAN ports on switches, which may drop packets during high traffic periods or fail to capture certain types of traffic, TAPs provide a complete, unfiltered view of all network communications.
  3. No impact on network performance: TAPs are passive devices that don't introduce latency or affect the timing of network communications, preserving the deterministic behavior that many OT protocols rely on.
  4. Bidirectional monitoring: Many TAPs provide separate monitoring ports for each direction of traffic, ensuring comprehensive visibility into all network conversations.
  5. Security and compliance: As cybersecurity concerns in OT environments grow, TAPs provide a secure way to implement monitoring solutions without creating new attack vectors or compliance issues.

Embracing the future while respecting the past

The persistence of hub-based networks in OT environments is a testament to industrial control systems' unique requirements and challenges. Rather than viewing this as a limitation, forward-thinking organizations are leveraging tools like network TAPs and advanced analysis platforms like IOTA to bring modern monitoring capabilities to these traditional networks.

By combining the simplicity and reliability of hub-based architectures with the power of non-intrusive TAPs and protocol-aware analysis engines, OT teams can achieve unprecedented visibility into their networks. This approach supports the maintenance and optimization of existing systems and paves the way for the gradual adoption of more advanced networking technologies as older equipment is phased out.

As we move towards an increasingly connected industrial landscape, the ability to monitor, analyze, and secure OT networks becomes ever more critical. Tools like IOTA's Modbus analysis engine represent a bridge between the enduring legacy of industrial automation and the cutting-edge capabilities of modern network analytics. By embracing these technologies, organizations can ensure the continued reliability, efficiency, and security of their industrial operations well into the future.