News

11月 11, 2022

Network address translation in automated systems


Network Address Translation (NAT) is the common process of mapping an internet protocol (IP) address to another by changing the header of the IP packet. In power substations or automated factories, this allows devices in different LANs to use same internal IPs, thus reducing the number of globally valid IP addresses needed in the whole system, and simplifying setup procedures.

 

There are many different NAT modes, each suited for different scenarios. The most basic is known as N:1 NAT, where multiple LAN devices (such as components in an SMT line) have their addresses translated into a single external address when communicating with WAN-side devices (like SCADA). A second line in the factory can then use the same IP set for its components, as long as they are translated into a different external IP for SCADA communication.

 

Once drawback of N:1 NAT is, however, that communication can only be initiated by LAN devices, since the WAN-side device has no way to identify individual LAN devices once a session ends. For Modbus clients (a WAN device) and slaves (LAN devices), this may cause problems. 1:1 NAT enables communication initiating from either the LAN or WAN side by allocating a dedicated external IP to each LAN device. This is a simple method that allows Modbus slaves to work in two-way communication with WAN clients, while retaining preset IPs in separate LANs.

 

And to preserve the benefits of IP conservation, virtual NAT combines 1:1 NAT and virtual routing mechanisms, mapping each external IP to a virtual IP. The WAN device’s default gateway will need to be set as the virtual LAN’s external IP, so each system can only support one virtual NAT LAN, but additional LANs can still use 1:1 NAT to mask their internal IPs.

 

Another way to initiate communications from the WAN side in NAT systems is to utilize IP and port forwarding. This method requires LAN devices with known TPC/UDP port numbers, but is certainly useful for limiting communication to specific devices, while still requiring minimal user configuration.

 

NAT also offers the opportunity to qualify or authenticate all data traffic and ensure security. Under DMZ (demilitarized zone) mode, all communications initiated by the WAN are directed to a single LAN device, so the others are inaccessible and protected from external attacks.

While NAT is normally implemented in transit through network routing, ATOP’s NSG3308/NSG3309 Series Gigabit Ethernet switch comes with built-in NAT functions. This allows additional switching functions like RSTP to run on a simpler topology. Each port can be configured as a LAN or WAN port, needing no extra router for access between interior and exterior networks. And as a L2 switch, it is easy to configure and difficult to mess up. What’s truly impressive is the throughput: 100 Mbps NAT is at least twice the speeds of competitors. Contact us to learn more about this solution that will upgrade your automation like never before.

Whitepaper download Whitepaper will be sent to the email address indicated in the form
I have read and agree to the Privacy Policy (art.13 and 14 of the GDPR - EU Regulation 2016/679) *
I have read and agree to the Privacy Policy (art.13 and 14 of the GDPR - EU Regulation 2016/679).