Tunneling

Introduction to tunneling

Network tunneling refers to a method in computer networking where data packets are encapsulated within a different protocol to securely and efficiently transmit data across incompatible or diverse networks. The process involves wrapping (or encapsulating) the data packets of one network protocol inside the packets of another protocol. This encapsulation allows the data to travel over networks that wouldn't otherwise support the original protocol. The destination network then decapsulates the data to retrieve the original packet format, enabling seamless communication.

A prevalent example of network tunneling is a Virtual Private Network (VPN). In a VPN, data from a private network is encapsulated within encrypted packets before being sent over the public internet. This ensures that the data remains secure and private, protecting it from eavesdropping and unauthorized access.

Tunneling in industrial communication

In industrial communication networks, tunneling plays a crucial role in securely transmitting data across different systems and devices that may not natively support each other’s protocols. This is especially important in environments like factories, power plants, and other industrial settings where reliable and secure communication is essential.

In Industry, the need for secure, reliable, and efficient data transfer is paramount. Industrial environments often span vast geographical areas, encompass diverse network infrastructures, and require stringent security measures. Against this complex backdrop, tunneling emerges as a crucial technology, enabling seamless and secure communication across different segments of a network. A tunneling mechanism usually follows the following pattern:

  1. Encryption

    At the outset, data packets are encrypted to maintain confidentiality and protect the data from unauthorized access during transmission.

  2. Encapsulation

    After encryption, data packets are encapsulated within a public network protocol, transforming them into the payload—the actual content being securely transmitted.

  3. Header Addition

    A header is added to the encapsulated packet, specifying both the originating point and the destination of the secure tunnel.

  4. Transmission

    The encapsulated packet traverses the public network undetected, ensuring that it remains secure during its journey.

  5. Decapsulation

    Upon arrival at the local network, the added header is removed, and the original encrypted data packet is retrieved.

  6. Decryption

    Finally, the data packet is decrypted and delivered to the intended destination IP address.

Tunneling predominantly operates at the network layer (Layer 3) of the OSI model. This technique involves encapsulating one network protocol within another, typically at the IP level, thus enabling communication across diverse or incompatible networks.  Tunneling protocols like Ethernet over EtherCAT (EoE) mailbox protocol, L2TP or MPLS also support cyclic communication while IPsec and SSL/TLS can support acyclic communication by ensuring secure and timely delivery of data across networks

Benefits of tunneling in industrial communication

  • Data Protection

    Industrial systems frequently transmit sensitive data, including control signals, operational statuses, and proprietary information. Tunneling is instrumental in encapsulating this data within secure protocols—such as IPsec (Internet Protocol Security)—that provide encryption and authentication. This strengthens cyber security making data packets virtually unreadable to unauthorized parties, thereby protecting against eavesdropping and tampering.

  • Network Segmentation and Isolation

    Industrial environments typically comprise a mix of different network types and protocols. Tunneling enables the segregation of critical industrial control traffic from regular IT traffic.

  • Remote Access

    Tunneling facilitates secure remote access to industrial systems for monitoring and maintenance. This capability is crucial for managing systems located in inaccessible or hazardous environments where physical access may be limited or risky.

  • Compatibility and Interoperability

    Industrial networks may utilize a variety of communication protocols that are not natively compatible with each other. Tunneling facilitates interoperability by enabling these disparate protocols to coexist and communicate over a common network infrastructure.

  • Performance

    Tunneling can route data through optimized paths, enhancing performance by reducing latency and improving bandwidth utilization.

Key use cases of tunneling

Remote Monitoring and Control

Secure tunneling enables engineers and operators to monitor and control industrial equipment remotely. VPNs are often used to tunnel communication to ensure encryption and data integrity.

Interconnecting PLCs and SCADA Systems

Programmable Logic Controllers (PLCs) and Supervisory Control and Data Acquisition (SCADA) systems often use different communication protocols. Tunneling helps bridge these protocols, ensuring seamless interaction between them.

Reliable Communication

In environments with mixed network technologies, tunneling ensures that critical data can be transmitted without interruption or loss, which is vital for maintaining operational efficiency and safety.

Hilscher's solutions for industrial communication

As a leading company in the field of industrial communication, Hilscher offers a broad portfolio of technologies and solutions for networking industrial environments.

This includes a wide range of interface solutions for connecting sensors, actuators and controllers to industrial communication networks. The communication controllers of the netX family form the basis for this. The multi-protocol-capable SoCs can be integrated into automation components as required and their extensive chip peripherals enable powerful, efficient and flexible solutions. A protocol change is achieved by simply reloading Hilscher's own netX firmware. Building on this, the company also offers embedded modules and PC cards in all form factors in order to realise the netX communication interface with less integration effort.

Hilscher also offers a comprehensive managed industrial IoT range under the netFIELD brand. This ranges from edge gateways as an application-oriented computer platform with integrated container management and the Edge OS Runtime running on it to the central cloud portal, via which the docker containers are deployed to the edge devices, through to turnkey containers for communication applications.

Gateways and switches, devices for network diagnostics as well as masters and bridges for the wireless connection of IO-Link sensors round off the automation portfolio.

Related Links

A hand pointing to the word work safety on a blue background.
Sécurité fonctionnelle avec netX

Dans l’univers de plus en plus complexe de l’automatisation, caractérisé par des procédés de production sophistiqués et des machines modularisées, la sécurité fonctionnelle joue un rôle de plus en plus important. La conformité aux normes comme IEC 61508 ou ISO 13849 est par conséquent essentielle. Découvrez comment mettre en œuvre facilement ces appareils respectant toutes les règles de sécurité avec netX.

Plus
Two employees of Hilscher are talking about a draft on an iPad
Assistance projets

Vous recherchez un partenaire d'intégration pour votre projet de communication industrielle ? Des puces netX multiprotocoles aux applications IIoT, notre réseau de sociétés partenaires vous apporte toute l’aide dont vous avez besoin !

Plus
A photo of the male and female customer support phone operator with different internationality
Customer Center / Sales Hilscher Gesellschaft für Systemautomation mbH

You've got questions? We've got the answers!