Today exercise is about providing access to a devices (PLC, speed drives, etc.), which we would like to hide behind the routers to segregate the network.
Secondly in case we are running out of IP addresses in chosen subnet.
Elegant and efficient solution is to introduce new IP subnets and provide interconnectivity via routing and incorporate NAT for devices without default gateway (cannot change configuration immediately, need to wait till next maintenance cycle). Westermo configuration files included.
In my example devices without default gateway are represented by IP Addresses:
10.10.10.55
10.10.10.56
For server (IP:192.168.2.22
) to access those devices, we would use NAT (SNAT - where router change SRC IP in the incoming packet, cellular interface, to be a router's IP Address, LAN interface).
I am good and like to have redundancy, where it counts. I would like to have 2 routers. This means I need to use VRRP and I prefer to use OSPF (easy to configure and maintain) for routing redundancy.
Another challenge with VRRP is, what if I loose connectivity only with one VRRP instance and that would mean miss-match of main/back-up VRRP instances on one router. Westermo helps here, with implementation of VRRP grouping. This means if one of the group instances changes state this propagate to all grouped instances.
At this stage it looks like it should work :) and it does. PC (SCADA server) can access all devices hidden behind the routers and we incorporated redundancy in routers. Over time, when all field devices are configured with default gateway the NAPT
can be removed from the configuration of Westermo Lynx switches.
Configuration of Westermo switches (model: L210-F2G, FW: 4.13.4
)