The worlds of IT and Operational Technology (OT) are merging more and more these days as the Internet of Things grows in prominence. This collaboration between IT and OT is great, but there are still gaps in understanding that keep these worlds from fully working together.
To help, we teamed up with Distech Controls to create a webinar series on networking, for OT professionals. Be sure to check out our previous Introduction to Networking, Network Access, and Internet Layer sessions as well!
In this edition about the Transport and Application layers, we dug into TCP, UDP, protocols, and more. Watch our webinar recording, and read the recap below. You can also download the PDF handout of our presentation to refer back to later.
The webinar dug into a lot of topics, including:
- TCP & UDP (from 9:49 to 16:51)
- Application Layer (from 16:51 to 24:40)
- BACnet and BBMDs (from 24:40 to 41:55)
- Live Demo
- Protocols (from 41:55 to 58:27)
- Hyper Text Transfer Protocol (HTTP)
- Voice Over IP (VOIP)
- Simple Mail Transfer Protocol (SMTP)
- Simple Network Management Protocol (SNMP)
- Secure SHell (SSH)
- Secure File Transfer Protocol (SFTP)
Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)
The Transport Layer (from 9:49 to 16:51) defines the level of service and status of the connection used when transporting data. It’s helpful to think of this layer as the “language”: it basically defines what language two devices will speak to one another.
The primary protocols (languages) used to facilitate this are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). There are many more protocols, but these are the two you will most often use when working with IP-based controllers.
TCP is a standard that defines how to establish and maintain a network conversation via which application programs can exchange data. TCP is considered a reliable transmission protocol because it re-orders unordered segments into the correct order, and it will re-send any data that gets lost in the network. On the downside, TCP has significantly more overhead than UDP, and does not allow for “one-to-many” messages.
UDP is a connectionless protocol that, like TCP, runs on top of IP networks. Unlike TCP, UDP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It's used primarily for broadcasting messages over a network. UDP allows for multi-cast and is typically faster than TCP with less delay, assuming ideal network conditions. Unfortunately, UDP is not considered reliable, since it doesn’t typically make use of acknowledgements, retransmission of missing packets, or timeouts.
Application layer
The Application Layer (from 16:51 to 24:40) provides network services to applications, and contains high-level protocols. Before, we said that the Transport Layer is like the language two devices are speaking to each other. Following that line of thinking, the Application Layer is like the topic of conversation. This is typically the layer that most people are familiar with, because most of the services they are interested in using are at this layer.
The Application Layer has a lot of protocols — far more than there was time to discuss in this webinar session. A common one that many will be familiar with is BACnet/IP. It looks a lot like traditional IT networking, but BACnet/IP uses lots of broadcasts, employs BBMDs, connects with MS/TP, and uses no authentication or encryption.
There are two different types of network communications on the application layer: client server, and peer to peer.
Client Server:
- Centralized server contains the useful application
- Website/Data base
- Authentication of clients
- Remote commands
- Request/Response based messaging
- Pro: stable system
- Con: server can be bottleneck
Peer to Peer:
- Data exchange between devices
- Distributed data
- Streaming
- File exchange
- Direct or broadcast messaging
- Pro: cheap & easy to scale
- Con: less control over data
BACnet and BBMDs
Now, looking at BACnet (from 24:40 to 41:55) with what we know about the transport and application layers, BACnet is:
- UDP
- Peer to Peer
- Looks like IT except for:
- Lots of broadcasts (e.g. Who-Is)
- BBMDs
- MS/TP
- No authentication or encryption
BACnet Broadcast Management Devices (BBMDs) act as a sort of forwarding service. They’re especially useful on large, complicated networks. A BBMD forwards messages from one subnetwork to another, so communications can be broadcast locally. No overwhelming the network, and no convoluted network of one-to-one communications.
Protocols
Common ports for protocols
Ports are assigned to a specific application/service via configuration. This is a means to differentiate traffic by service (recall the firewall discussion). This assignment can change if you want it to (i.e. SMTP defaults to port 25 but it can assigned another port).
| Port number | Protocol | Application |
|---|---|---|
| 20 | TCP | FTP data |
| 21 | TCP | FTP control |
| 22 | TCP | SSH |
| 23 | TCP | Telnet |
| 25 | TCP | SMTP |
| 53 | UDP, TCP | DNS |
| 67, 68 | UDP | DHCP |
| 69 | UDP | TFTP |
| 80 | TCP | HTTP (WWW) |
| 110 | TCP | POP3 |
| 161 | UDP | SNMP |
| 443 | TCP | SSL |
Next, we covered common protocols (from 41:55 to 58:27). There are many more than what we could cover in this webinar session, so it’s important to learn what you need to know in your day to day position.
Hyper Text Transfer Protocol (HTTP)
- Allows applications to define content by mark up language (HTML)
- Body of messages can contain a wide range of session and presentation layer data
- Client-server model (browser = client, website = server)
- TCP message exchange to send client requests and server responses
- HTTPS – secure version
- Rest APIs – Architecture communicates via HTTP
Voice Over IP (VOIP)
- Peer to peer model (some can be client <-> server <-> client)
- Voice recording broken into small packets and sent to peer in “real-time” using UDP
- Priority is ensuring fast communication so that conversation doesn’t get out of sync
- If some packets are lost the human brain can fill in the missing data (to an extent)
Simple Mail Transfer Protocol (SMTP)
- Application’s that exchange emails between users across the network
- Uses TCP messaging between sender’s and recipient’s email servers
- Two-way client server model (sender = client, receiver = server)
- Other related protocols or extensions: POP3 & IMAP
Simple Network Management Protocol (SNMP)
- Used by network devices to provide their status to network (BACnet of IT world)
- Client server model where the client is any management system needing SNMP data and the server is the management information base (MIB) located on the device
- Client uses UDP message format to request data and MIB responds likewise
- Also can send Alarms/Traps from the device using similar UDP messages
- Issue: unreliable – alarms/traps can be missed!
Secure SHell (SSH)
- Applications used to remotely connect to and execute commands on servers
- Client server application
- TCP based messaging exchanges request and response
- SSH has a secure session while Telnet does not
- Delay is OK but need to make sure the messages are acknowledged by the remote server
Secure File Transfer Protocol (SFTP)
- Transfer of encrypted files between a client and server
- Uses TCP to ensure file integrity and security
- More secure that the old FTP method
