After a previous article about Honeywell Experion Controllers with PMIO, I received some feedback in regards to how Experion controllers connect to a process control network (PCN).

I wanted to provide a short overview in response and hope it provides some useful information about the configuration of Fault Tolerant Ethernet (FTE) and the Control Firewall (CF9).

Above Image from Honeywell's Fault Tolerant Ethernet Guide 

What is Fault Tolerant Ethernet (FTE) ?

FTE is a single Local Area Network (LAN) topology, but with redundancy. The FTE network contains two parallel tree hierarchies with redundant switches (FTE Yellow and FTE Green), that are connected at the highest level with a crossover cable.

Failover is achieved by the configuration of Spanning Tree Protocol (STP) in the FTE Switches. The FTE network contains other redundant networking components such as switches, cabling, and redundant network adapters.

An FTE community is a group of nodes that communicate with one another using a common multicast address for FTE test messages and are all members of the same broadcast domain.

FTE Nodes are loaded with an FTE Driver that handles the communication with other nodes.

FTE Network Levels

  • Level 4 – Plant Level Applications
  • Level 3.5 – DMZ
  • Level 3 – Advanced Control and Non-critical Control Applications, Routing
  • Level 2 – Supervisory Control, Operator HMI
  • Level 1 – Real-Time Control (Controllers and I/O)

Most Experion nodes reside at Level 2 – Experion Servers, Console Stations, ACE/ACE-T nodes, Flex Stations, Application Nodes, E-APP Nodes, ELCN Nodes, EtherNet I/P Interface Nodes and so much more.

These nodes must communicate with devices such as the C300/C200 Experion Controllers at Level 1.

The Control Firewall (CF9)

The Control Firewall is connected between Level 2 FTE Nodes and Level 1 Controllers. All traffic between nodes and controllers must go through the firewall that allows only CDA connected traffic and Modbus TCP traffic through by using TCP port filtering.

The CF9 does not require any user configuration and provides many other features including the limiting of broadcasts to ARP and Bootp as well as limits the rate.

The CF9 also limits multicast to FTE messages and limits the rate of connection to mitigate SYN flood attacks. It allows NTP and IEEE 1588 time sync packets, but limits the data rate.

 Reference:

Conclusion

In the FTE community, nodes can communicate at a single network architecture that can provide redundancy in the case of network failure and in some cases, more than one failure can occur.

With that said, it is very important to implement network monitoring and evaluation to correct any issues or failures when they occur so failures do not go unnoticed until multiple failures take the network down.

With Redundant Controllers, Redundant Control Firewalls and Redundant FTE Switches, high network availability and reliability is achieved and can be maintained.

Written by Brandon Cooper
Senior Controls Engineer and Freelance Writer

Have a question or comment on this article? Join our community to take part in the discussion! You'll also find all of our courses at TheAutomationSchool.com.

Brandon Cooper