IPv6 and 5G based Architecture for IIoT
draft-tang-iiot-architecture-00
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Expired".
|
|
|---|---|---|---|
| Authors | Chaowei Tang , Wen Haotian , Ruan Shuai , Baojin Huang , Feng Xinxin | ||
| Last updated | 2020-11-02 | ||
| RFC stream | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-tang-iiot-architecture-00
Industrial Internet of Things C. Tang
Internet-Draft H. Wen
Intended status: Informational S. Ruan
Expires: 6 May 2021 B. Huang
X. Feng
Chongqing University
2 November 2020
IPv6 and 5G based Architecture for IIoT
draft-tang-iiot-architecture-00
Abstract
As the foundation of the current new round of industrial revolution,
the Industrial Internet of Things (IIoT) based on Cyber-Physical
Systems (CPS) [smart-factory] has become the focus of research in
various countries. In the entire development stage of IIoT, one of
the key issues is the standardization of the IIoT architecture. With
the development of intelligent manufacturing technology, the number
of the IIoT devices will increase sharply, and a large amount of data
will be generated in the industrial manufacturing process. However,
traditional industrial networks cannot meet the IIoT requirements for
high data rates, low latency, massive connections, interconnection
and interoperability. The current IIoT architectures also have
various limitations: mobility, security, scalability, and
communication reliability. These limitations hinder the development
and implementation of IIoT. As a network layer protocol, IPv6 can
solve the problem of IPv4 address exhaustion. As a high-speed, low-
latency wireless communication technology, 5G has great potential in
promoting IIoT. In order to solve the above problems, this draft
proposes an IIoT architecture based on IPv6 and 5G. It can provide
high-speed, low-latency communication services, provide massive
connectivity, mobility, scalability, security and other features for
industrial device. And the architecture can provide generalized,
refined, and flexible network services for devices outside the
factory. And an information model is defined to standardize the
representation of information in IIoT. Finally, the draft discusses
security challenges and recommendations in IIoT.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Tang, et al. Expires 6 May 2021 [Page 1]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 6 May 2021.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. IIoT Architecture . . . . . . . . . . . . . . . . . . . . . . 4
3. The Factory Internal Network . . . . . . . . . . . . . . . . 7
3.1. Status and Development Trends . . . . . . . . . . . . . . 7
3.2. Functional View . . . . . . . . . . . . . . . . . . . . . 8
3.3. Network View . . . . . . . . . . . . . . . . . . . . . . 10
3.4. Way of Communication . . . . . . . . . . . . . . . . . . 13
4. The Factory External Network . . . . . . . . . . . . . . . . 15
4.1. Situation . . . . . . . . . . . . . . . . . . . . . . . . 15
4.2. Development Trend . . . . . . . . . . . . . . . . . . . . 15
4.3. Enterprise Dedicated Line . . . . . . . . . . . . . . . . 16
4.4. Mobile Communication Network . . . . . . . . . . . . . . 19
5. Information Model . . . . . . . . . . . . . . . . . . . . . . 20
6. Security Challenges and Recommendations . . . . . . . . . . . 23
6.1. Sensing Security . . . . . . . . . . . . . . . . . . . . 24
6.2. Transport Layer Security . . . . . . . . . . . . . . . . 24
6.3. Appliacation Layer Security . . . . . . . . . . . . . . . 25
6.4. IIoT Security Solutions . . . . . . . . . . . . . . . . . 26
7. Informative References . . . . . . . . . . . . . . . . . . . 26
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27
Tang, et al. Expires 6 May 2021 [Page 2]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
1. Introduction
IIoT is an industry and application ecology formed by the
comprehensive and deep integration of the Internet, information
technology and industrial systems, and IIoT is a key information
infrastructure for the development of industrial intelligence. Its
essence is based on the network interconnection between machines, raw
materials, control systems, information systems, products, and
people. Intelligent control, operation optimization and production
organization reform will be achieved through comprehensive in-depth
perception of industrial data, real-time transmission and exchange,
fast calculation processing and advanced modeling analysis. The IIoT
foundation is the system architecture, this is the interconnection
and intercommunication of the entire industrial system through
technologies such as the Internet of Things and the Internet to
promote the full circulation and seamless integration of industrial
data.
The communication technology in the industrial network
interconnection architecture needs to meet the following major
requirements:
* High communication rate. More and more manufacturing activities,
such as real-time monitoring of all production factors and the
entire production process, and the application of cloud computing,
edge computing, virtual reality and augmented reality in the
manufacturing industry, will generate a large amount of
manufacturing data, which needs to be stable and uninterrupted
data rate exceeding 25 Mbps [iiot-5g] .
* High coverage. The goal of the IIoT is to establish "ubiquitous
communication." In other words, any area of the manufacturing
plant should achieve 100% networking coverage. However, in actual
factories, due to the complex production environment, such as
electromagnetic interference and obstacles, the current
communication technology cannot meet the requirements of high
coverage.
* Low latency. Advanced manufacturing activities, such as human-
machine cooperation, machine-machine cooperation, and remote real-
time control, have higher requirements on communication delays,
and generally require lower delays (about 1 ms). Although the
current wireless communication technology has made great progress,
and the end-to-end delay is about 20-100 ms [iiot-5g] , it still
cannot meet the urgent need for low delay in IIoT communication.
Tang, et al. Expires 6 May 2021 [Page 3]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
* Massive connections. Compared with traditional manufacturing,
because of the interconnection of all things in IIoT, data
collection in the entire process and will inevitably lead to an
exponential increase in the number of communication nodes. Taking
into account the current communication technology, wired
communication cannot meet the requirements of massive node
connections due to its difficult to arrange lines, and wireless
communication cannot meet the requirements due to the limitation
of the number of access nodes.
* Interconnection. In the development of industrial networks, there
are many different communication protocols. Such as fieldbus
protocols: PROFIBUS, Modbus, HART, etc. Industrial Ethernet
protocols: Ethernet/IP, PROFINET, Modbus TCP, etc. Industrial
wireless protocols: WLAN, Bluetooth, WirelessHART, etc. Because
these protocols use different technologies at the physical layer,
link layer, and application layer, the interconnection and
interoperability are not ideal, which affects the expansion of the
IIoT to some extent.
The main work of this architecture is introduced as follows:
Combining the actual scenarios of factory intelligent manufacturing
and the requirements of IIoT for communication technology, an
industrial network interconnection architecture based on IPv6 and 5G
communication technology is designed, which can provide high-speed,
high-reliability, and low-latency communication services, including
inside the factory The network provides functions such as massive
connection, mobility, equipment registration and discovery, and
security for industrial production-related equipment; the factory
external network provides generalized, refined, and flexible network
services for equipment outside the factory. In order to standardize
the representation of information in IIoT, an information model is
defined. Summarized the current security challenges in IIoT, and put
forward some security recommendations.
2. IIoT Architecture
In the IIoT architecture, the network is the foundation, providing
infrastructure for the comprehensive interconnection of people,
machines, and things, and promoting the full flow and seamless
integration of various industrial data. The industrial Internet
network connection involves different technical fields with multiple
elements and multiple subjects inside and outside the factory, with a
large scope of influence and many optional technologies. There are
various network connection technologies in the industrial field.
These technologies are designed for specific scenarios in the
industrial field, and have played a huge role and performance
Tang, et al. Expires 6 May 2021 [Page 4]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
advantages in specific scenarios. However, in terms of data
interoperability and seamless integration, they often cannot meet the
growing demands of IIoT.
The overall goal of IIoT network connection is to promote the
interconnection and intercommunication between systems, unlock data
from isolated systems and networks, and make data play a greater
value for applications within and across industries.
This chapter proposes an industrial network system architecture based
on the transformation of factory IP network, including two major
networks, the factory internal network and the factory external
network, as shown in Figure 1.
The factory internal network is used to connect various elements in
the factory, including people (such as production people, designers,
external people), machines (such as equipment, office equipment),
materials (such as raw materials, work in progress, finished
products), Environment (such as instruments, monitoring equipment),
etc. Through the factory internal network, it is interconnected with
enterprise data centers and application servers to support business
applications in the factory.
The factory external network is used to connect smart factories,
branches, upstream and downstream collaborative enterprises,
industrial cloud data centers, smart products, and users. The data
center/application server in the smart factory is interconnected with
the industrial cloud data center outside the factory, through the
factory external network. Branches/collaborative enterprises, users,
and smart products are also connected to the industrial cloud data
center or enterprise data center through the factory external
network. The data intercommunication in IIoT realizes the seamless
transfer of data and information among various elements and systems,
so that heterogeneous systems can "understand" each other at the data
level, thereby realizing data interoperability and information
integration. IIoT requires breaking information islands, realizing
cross-system intercommunication of data, and fusion analysis.
Therefore, the data interoperability connection layer supports the
convergence of the underlying data generated by various factory
elements and factory products to the data center on the one hand; on
the other hand, it provides access interfaces to the data of the
multi-source heterogeneous system for the upper-layer applications to
support industrial applications. And the factory external network
also should support the rapid development and deployment of
industrial application.
Tang, et al. Expires 6 May 2021 [Page 5]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
_______________________ __________________ ________
|Upstream and | |Industrial | | |
|downstream companies | |Cloud Platform | | User |
|_______________________| |__________________| |________|
\ | /
\ | /
\ ___________________________|_____________/_____
{ }
{ Factory external network }
{ (Internet/mobile network/private network) }
{ }
{_______________________________________________}
/ | \
/ | \
_________/_____________|___________\_______________
{ _______ _______ _______ _______ _______ }
{ | MES | | SCM | | ERP | | CRM | | APP | }
{ |_______| |_______| |_______| |_______| |_______| }
{ }
{ Factory internal cloud platform }
{___________________________________________________}
/ \
/ \
_______/_____ ______\______
| Monitor | | Controll |
| System | | System |
|_____________| |_____________|
_____|__________________________|_______
| | | |
___|__ ___|__ ___|__ ___|__
|Device| |Device| |Device| |Device|
|______| |______| |______| |______|
Figure 1: IIoT Architecture
Architecture advantages:
* High communication rate. The factory network adopts industrial
PON and 5G technology, which can realize high-speed data
transmission.
* Low communication delay. The Ethernet-based TSN network [tsn] and
5G wireless network can realize low-latency communication and
ensure real-time industrial production.
Tang, et al. Expires 6 May 2021 [Page 6]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
* Massive connections. IPv6 [I-D.ietf-6lowpan-usecases] can assign
an IP address to each industrial IoT device, and the 5G network
supports the wireless access of a large number of IIoT devices.
* Scalability. When new industrial equipment joins the network, it
can register with the edge server. When other industrial
equipment has data and service requirements for the new industrial
equipment, the new industrial equipment can be found on the edge
server to access data or services.
* Mobility. After the device moves in multiple networks, it will
register with the edge server again, and the device will obtain a
new address from the edge server to perform subsequent
communication.
* Localization of computing and storage. Use edge computing
technology to perform computing or data storage services in edge
servers close to industrial sites [edge-computing].
* Support multiple communication protocols. Use OPC UA protocol,
support TCP, WebSocket, HTTP and other transmission protocols,
which can realize device-to-device communication; support UDP
broadcast, MQTT, AMQP and other protocols, and realize Sub/Pub
communication [I-D.ietf-core-coap-pubsub].
* Cloudization of network services outside the factory. Based on
cloud computing and enterprise dedicated line technology, the
enterprise business system will be deployed to the cloud to
facilitate external services. It can also provide segmented
services for different scenarios such as public cloud and private
cloud. Use network virtualization technology to improve the
flexibility of network services, so that The factory external
network will be able to quickly open services and quickly adjust
services according to enterprise requirements.
3. The Factory Internal Network
3.1. Status and Development Trends
In the IIoT factory, on the one hand, the digitization of the factory
requires that the digitization of many existing business processes be
carried by the corresponding network. On the other hand, a large
number of new networked devices have been introduced, such as AGVs,
robots, mobile handheld devices, etc.; a large number of new business
processes have been introduced, such as asset performance management,
predictive maintenance, and personnel/material positioning. The
introduction of new equipment and business processes creates new
demands on the network. As a result, the traditional two networks
Tang, et al. Expires 6 May 2021 [Page 7]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
(production network and office network) in the factory will become
multiple networks, which will correspondingly cause changes in the
network architecture in the factory.
In order to break information islands and improve operational
efficiency, companies will deploy business systems that were
originally deployed on various servers, such as MES, PLM, ERP, SCM,
CRM, etc., to the data center/cloud platform in the factory. The
data generated by each networked device and business process must be
able to be aggregated in the data center/cloud platform in real time
for joint analysis and rapid decision-making. Changes in business
system deployment will also cause changes in network architecture.
The IIoT demand for flexible manufacturing and personalized
customization requires the production domain to be flexibly
reconfigured according to requirements, and intelligent machines may
be adjusted and migrated between different production domains. This
requires the network architecture in the factory to be able to adapt
to the needs of fast networking and flexible adjustment.
The factory internal network proposed in this chapter can be
understood from two aspects: functional view and network view.
3.2. Functional View
Functional view: According to the specific functions of the system
and devices, and the location of the network, the factory internal
network can be divided into device layer, control layer, and factory
management layer, as shown in Figure 2.
Tang, et al. Expires 6 May 2021 [Page 8]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
_______ _____________________________________
| |<--->| Factory management device |
| | |_____________________________________|
| | ^ ^
| | | |
| | _______v________ |
| |<--->| Monitor device |<---+ |
| | |________________| | |
| | ^ | |
| Edge | | | |
| server| | | |
| | _______v_________ | |
| |<--->| Controll device |<--+--+
| | |_________________| |
| | ^ |
| | | |
| | | |
| | _______v_______ |
| |<--->| Manufacturing |<----+
| | | device |
|_______| |_______________|
Figure 2: Functional View
(1) Device layer: realize the sensing and execution of the
manufacturing process, and define the activities involved in the
perception and execution of the manufacturing process. The time
resolution granularity can be seconds, milliseconds, and
microseconds. Various sensors, transmitters, actuators, RTUs,
barcode scanners, RFID readers, and intelligent manufacturing
equipment such as CNC machine tools, industrial robots, AGVs,
conveyor lines, etc. run on this layer. These devices are
collectively referred to as field devices.
(2) Control layer: Realize the monitoring and control of the
manufacturing process, and define the activities of monitoring and
controlling the manufacturing process. The time resolution
granularity can be hours, minutes, seconds, and milliseconds.
According to different functions, this level can be further
subdivided into:
* Monitoring and control layer: With operation monitoring as the
main task, it also has some management functions such as advanced
control strategies and fault diagnosis. Visual data acquisition
and monitoring system (SCADA), HMI (human-machine interface), DCS
operator station, real-time database server, etc. run on this
layer;
Tang, et al. Expires 6 May 2021 [Page 9]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
* On-site control layer: measure and control the production process,
collect process data, perform data conversion and processing,
output control signals, and realize logic control, continuous
control and batch control functions. Various programmable control
equipment, such as PLC, DCS controller, industrial computer (IPC),
other special controllers, etc. run on this layer.
(3) Factory management: realize the production management of the
factory and define the workflow/recipe control activities for the
production of expected products, including: maintenance records,
detailed production scheduling, reliability assurance, etc. The time
resolution granularity can be day, shift, hour, minute, second.
Manufacturing execution system (MES), warehouse management system
(WMS), quality management system (QMS), energy management system
(EMS), etc. operate at this layer.
In order to achieve the scalability of the IIoT (after a new device
joins the network, other devices can access data or call related
services), this architecture designs device registration and device
discovery functions.
Device registration: When a new device is connected to the network,
it will register its name with the edge gateway. The format of the
registered name is /Service-Name/Gateway-Name/Device-Name, and the IP
address of the device is stored and bound with the name.
Device discovery: When a device needs to access data in other devices
or call services in other devices, it can be queried in the edge
gateway. It can find the IP address of a corresponding group of
devices based on the service name and gateway name, and based on
Service name, gateway name, device name to find the corresponding IP
address of a certain device. After finding the IP address, device
can communicate with the corresponding device.
3.3. Network View
Network view: The factory internal network can be divided into three
parts: edge network, backbone network, and factory cloud platform.
They can be interconnected through industrial PON. As shown in
Figure 3.
Due to the diversification of connected production factors, the edge
network presents a variety of types: according to business needs, the
edge network can be an industrial control network, office network,
monitoring network, positioning network, etc.; according to real-time
requirements, the edge network can be real-time network, non-real-
time network; according to the transmission medium, the edge network
can be wired network or wireless network; according to the
Tang, et al. Expires 6 May 2021 [Page 10]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
communication technology adopted, the edge network can be industrial
Ethernet, 5G wireless network, etc.; the range of the edge network
may be a workshop, An office building, a warehouse, etc.; each edge
network is composed of edge servers, edge gateways, and field
devices. Industrial enterprises can comprehensively consider
business requirements and costs, and select appropriate technologies
to deploy corresponding edge networks.
The backbone network is used to realize the interconnection between
edge networks, cloud platforms/data centers in the factory, etc.,
requiring high bandwidth and high speed. Depending on the size of
the enterprise, the backbone network can be large or small. It can
be a cluster of fully interconnected routers, or it can include only
one or two backbone routers.
For example, industrial device, control device, and monitoring device
that need wired connections can be connected to switches that support
industrial Ethernet protocols through optical fibers. The specific
physical layer protocol can use industrial PON, and the data link
layer protocol can use TSN protocol to form TSN Ethernet edge
network.
Industrial device, control device, and monitoring device that need
wireless connections can be connected to 5G base stations through 5G
wireless connections to form a 5G wireless edge network.
Tang, et al. Expires 6 May 2021 [Page 11]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
___________________________________________________
{ _______ _______ _______ _______ _______ }
{ | MES | | SCM | | ERP | | CRM | | APP | }
{ |_______| |_______| |_______| |_______| |_______| }
{ }
{ Factory internal cloud platform }
{___________________________________________________}
|
|
___________|____________
| |
| Backbone network |
|________________________|
/ \
/ \
_______/_____ ______\_________
| Wired edge | | Wireless edge |
| gateway | | gateway |
|_____________| |________________|
____________|__________________________|_______
| | | |
___|___ _____|_________ ____|___ ___|_____
| | | Manufacturing | |Controll| | Monitor |
|Product| | device | | device | | device |
|_______| |_______________| |________| |_________|
Figure 3: Network View
In order to realize the communication between edge networks of
different protocols and the IP of industrial device, control device,
and monitoring device, the IPv6 protocol can be used at the network
layer. However, there are still a large number of devices and
applications of the IPv4 protocol. In the transition phase to the
IPv6 protocol, if the number of IPv4 devices and applications is
large, the GI DS LITE tunnel technology solution can be used. If the
number of IPv4 devices and applications is small, IPv4/IPv6 dual-
stack technology solutions can be used
The backbone network is used to realize the interconnection between
edge networks and cloud platforms in the factory, and requires high
bandwidth and high speed. Depending on the size of the enterprise,
the backbone network can be large or small. It can be a cluster of
fully interconnected routers, or it may contain only one or two
backbone routers.
The factory cloud platform can be upgraded to a TSN network on the
basis of the original standard Ethernet, which can meet the
requirements of industrial cloud platforms for high bandwidth and low
Tang, et al. Expires 6 May 2021 [Page 12]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
latency. TSN also has excellent upper-layer support compatibility
and can support a variety of upper-layer communication protocols.
For example, TSN and OPC UA can solve data intercommunication
problems in the factory, and extend OPC UA data collection and cloud
services to the field level. Our architecture will realize all-round
real-time data collection and real-time operation in the production
environment.
3.4. Way of Communication
The relationship between the functional view and the network view:
the communication between the device layer and the control layer can
be realized in the edge network; the functions of the factory
management layer can be deployed in the factory cloud platform; the
backbone network is responsible for the communication between the
device layer, the control layer and the factory management layer.
(1) Communication between device and device: The one-to-one
communication between devices can adopt the C/S architecture in OPC
UA, and support the transmission protocols of TCP, WebSocket, and
HTTP. OPC UA server and client are separately deployed in the two
devices. When device need to access data or send instructions, it
can use its own client to initiate communication with the other's OPC
UA server. As shown in Figure 4.
____________ Return data ____________
| _______ | Operation result | _______ |
| |OPC UA |--|------------------|>|OPC UA | |
| |Server |<-|------------------|-|Client | |
| |_______| | Query data | |_______| |
| | Send operation | |
| Device A | | Device B |
| | Return data | |
| _______ | Operation result | _______ |
| |OPC UA |<-|------------------|-|OPC UA | |
| |Client |--|------------------|>|Server | |
| |_______| | Query data | |_______| |
|____________| Send operation |____________|
Figure 4: The C/S Architecture in OPC UA
The communication between one-to-many devices can use the Pub/Sub
mechanism in OPC UA, and supports multiple mechanisms such as UDP
broadcast, MQTT, AMQP, etc. If multiple devices have requirements
for the data in one device, multiple devices can subscribe to this
device. This device will publish this data to multiple devices when
it collects or detects data changes. As shown in Figure 5.
Tang, et al. Expires 6 May 2021 [Page 13]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
subscribe
_____________ message _____________
| |<-------| OPC UA |
| |------->| Subscriber |
| |publish |_____________|
| OPC UA |message
| Publisher |
| |subscribe
| | message _____________
| |<-------| OPC UA |
| |------->| Subscriber |
|_____________|publish |_____________|
message
Figure 5: Pub/Sub mechanism in OPC UA
(2) Communication between device and edge server.
Use the server/client mode in OPC UA, which is suitable for
application scenarios such as larger data volume and industrial
automation control. For example, in the scene of machine vision
product quality inspection, device uses a camera to collect machine
vision pictures of the product after the product is manufactured or
assembled, and the picture is sent to the edge server's intelligent
detection algorithm for analysis and processing through the OPC UA
protocol. Then the edge server returns the detection result to the
industrial equipment, and the industrial equipment performs the next
step according to the detection result.
Use the subscription/push mode in MQTT, which is suitable for
communication between devices with small data volume, low bandwidth,
and low hardware resources and edge servers. For example, in the
scenario of factory temperature intelligent adjustment, the energy-
saving management program in the edge server needs to automatically
turn on or control the adjustment device according to the change of
temperature and humidity. The energy-saving management program in
the edge server can first subscribe to the edge gateway with the
theme of temperature and humidity. After the sensor device in the
factory periodically collects the temperature and humidity data, it
publishes relevant messages to the edge gateway with the theme of
temperature and humidity. Then the edge gateway pushes this message
to the energy saving management program in the edge server, and then
realizes the automatic adjustment function.
(3) Communication between device and cloud server: A variety of
production management applications are running on the factory cloud
platform, which realizes data collection, process monitoring,
industrial device management, quality management, production
Tang, et al. Expires 6 May 2021 [Page 14]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
scheduling, and data statistical analysis for the entire production
process, so as to realize the informatization, intelligence and
flexibility of the smart manufacturing management. In order to
realize the communication between device and cloud server, you can
use OPC UA protocol to deploy OPC UA server on device and deploy
client on cloud server, so that cloud server can read real-time
production data on device and send it control instruction. Or the
cloud server first subscribes to the device for data, and when the
data is ready, the device sends the data to the cloud server, and the
cloud server sends instructions or data to the device.
4. The Factory External Network
The factory external network is designed to support various
activities in the entire life cycle of the industry and is used to
connect the upstream and downstream of the enterprise, the network
between the enterprise and the product, and the enterprise and the
user.
4.1. Situation
Due to the different levels of informatization development in
different industries and fields of industry, the breadth and depth of
the development and utilization of industrialized data and
information are not the same, so there is an uneven network
construction and development outside the factory, and some industrial
enterprises only apply for ordinary Internet access. There are still
islands of information between different areas of some industrial
enterprises.
4.2. Development Trend
With the development of industrial networking and intelligence, the
systems and applications in the factory are gradually expanding
outward, and the industrial Internet services outside the factory are
showing a trend of generalization, refinement and flexibility.
Tang, et al. Expires 6 May 2021 [Page 15]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
Network services outside the factory are universal. The traditional
network outside the factory mainly provides the communication of
commercial information, and the information systems of the enterprise
are also deployed on the network inside the factory. The network
outside the factory has few connection objects and single service.
With the development of cloud platform technology, some enterprise
information systems (such as ERP, CRM, etc.) are being externalized,
and more and more IT software is also based on the Internet to
provide services on the cloud. With the development of the remote
service business of industrial products and device, the remote
monitoring, maintenance, management, and optimization of massive
device will be carried out based on the network outside the factory
in the future.
Refined network services outside the factory. The factory external
network will realize the ubiquitous interconnection of the entire
industrial chain and value chain. The complex and diverse connection
scenarios promote the refined development of services. On the one
hand, the connection demand of massive device has promoted the
construction of mobile networks outside the factory and the rapid
development of wide-coverage services; on the other hand, the shift
in enterprise Internet demand to cloud demand has promoted the
refinement of private line services. Provide segmented services for
different scenarios such as enterprise Internet access, business
system cloud access, public cloud and private cloud interoperability.
Flexible network services outside the factory. The development of
network virtualization and softwareization has improved the
flexibility of network services, so that the network outside the
factory will be able to quickly open services and adjust services
according to enterprise requirements; the application of a large
number of mobile communication network technologies has improved the
convenience and convenience of network access. The speed of
deployment provides a more flexible way for enterprises to achieve
extensive interconnection.
4.3. Enterprise Dedicated Line
The wide-area Internet business requirements of industrial entities
mainly include the following aspects:
The Internet access requirements of industrial entities, the
interconnection and isolation requirements between industrial
entities across regions, the interconnection requirements of
industrial networks and hybrid clouds, and the differentiated
requirements (QoS, security/protection, etc.) of the industrial
Internet for wide-area bearer networks.
Tang, et al. Expires 6 May 2021 [Page 16]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
At present, to meet the above requirements, the widely used carrier
private line services mainly include: MPLS VPN dedicated line, and
OTN-based optical network dedicated line.
MPLS VPN virtual private network builds enterprise virtual private
network on the public MPLS network, to meet the needs of safe, fast
and reliable industrialized communication between branches in
different cities (international and domestic), and can support
multimedia services that require high-quality and high reliability,
such as office, data, voice, and images.
The MPLS VPN dedicated line is based on IP and high-speed label
forwarding technology. Through the setting of QoS bits, the
distinction of service levels and quality service guarantee can be
realized.
The intelligent optical network based on OTN (Optical Transport
Network) is an ideal solution for large-particle broadband service
transmission. If the main dispatching particle of the external
private network of an enterprise reaches the Gb/s level, the OTN
technology can be considered as a priority for network construction.
With the increase in enterprise network application requirements,
large enterprises also have large-particle circuit scheduling
requirements. The introduction of OTN technology can realize the
flexibility of large-particle circuit scheduling. Compared with MPLS
VPN, OTN technology can realize an end-to-end physical private
network, which is more attractive for specific enterprises that
require large bandwidth (above Gbps) and require higher data and
service reliability and security.
In addition, emerging technologies such as SD-WAN and CloudVPN can
complement existing technologies, integrate various dedicated line
resources, and open the call platform through a unified capability to
form a transparent, integrated, and shielded part of the technical
complexity for users. The factory's extranet solution can more
economically meet the rapidly changing needs of enterprises for
private line services.
(1) The CloudVPN cloud dedicated line is new generation enterprise
private line network solution redefines enterprise interconnection
centered on cloud services, simplifying business deployment to the
greatest extent. CloudVPN can reduce the time of opening and
adjusting VPNs traditionally on a weekly or monthly basis to the
minute level, thereby providing convenient and flexible business
options and realizing enterprise interconnection on demand.
Tang, et al. Expires 6 May 2021 [Page 17]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
The CloudVPN cloud private line solution includes the basic network
equipment layer, management control layer, collaboration layer, and
user interface. The operator's private line access capability is
encapsulated as a simple OpenAPI interface, which supports
developers' applications to quickly order, activate, and adjust on-
demand services such as enterprise private line services and Internet
access private lines by directly calling the interface. CloudVPN
dedicated line network can be opened on demand in real time and
elastically expanded: it supports real-time adjustment of dedicated
line network bandwidth in industrial environments such as distance
education, data intercommunication, and video conferencing.
SD-WAN is an extranet interconnection service formed by applying new
SDN technology to WAN scenarios. This kind of service is used to
connect enterprise networks, data centers, Internet applications and
cloud services in a wide geographical area.
The technical features of SD-WAN include:
SD-WAN cloudizes the control capabilities of hardware networks
through software, thereby supporting the opening of user-perceivable
network capabilities;
The introduction of SD-WAN technology reduces the complexity and
technical threshold of user-side WAN operation and maintenance;
SD-WAN technology has a high degree of self-service capabilities, and
users can open, modify, and adjust private network interconnection
parameters. The core concept of SD-WAN is the user's networking
requirements and networking intentions, which can be translated and
managed through the centralized control orchestrator provided by the
communication service provider, shielding the complexity of the
underlying network technology;
SD-WAN supports heterogeneous network (access can be done in many
different ways including the Internet, other access methods such as
OTN, other dedicated lines, etc.), the access equipment is generally
on the user side, and the service differentiation point is on the
user side; Support users to make flexible business adjustments
through the self-service interface.
SD-WAN has the advantages of heterogeneous network and flexible
operation, but because its virtual private network may be implemented
based on Internet access, it may cause some hidden dangers in network
attacks and data security, and end-to-end encryption needs to be
implemented through encryption protocols.
Tang, et al. Expires 6 May 2021 [Page 18]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
4.4. Mobile Communication Network
With the development of the IIoT, the industrial production process
is no longer limited to the factory, and gradually integrates
industrial production with Internet business models, factories and
products, and customers through the factory external network. In
some production processes, the communication demand between the
factory and the devices outside the factory has also increased
significantly.
In these scenarios, mobile communication networks have been
increasingly used in industrial production due to the characteristics
of wide coverage, high speed, high network reliability and mature
industrial chain, which greatly expands the connotation and extension
of traditional industrial networks. Mobile communication network has
provided a good foundation for the development of IIoT.
3GPP's 5G defines three types of application scenarios: enhanced
mobile broadband (eMBB), large-scale machine communication (mMTC),
and high-reliability and low-latency communication (uRLLC). Among
them, the eMBB scenario can support the gradual emergence of high-
traffic services on IIoT, such as virtual factories and high-
definition video remote maintenance. Large-scale machine
communication scenarios are mainly aimed at massive field device
communications.
The 5G network is a network that separates control and forwarding.
The forwarding plane focuses more on the efficient routing and
forwarding of business data. It has the characteristics of
simplicity, stability and high performance to meet the forwarding
needs of massive mobile traffic in the future. The control plane
uses a logically centralized approach to achieve unified policy
control, ensure flexible traffic scheduling and connection
management. The centralized control plane realizes the programmable
control of the forwarding plane through the mobile flow control
interface.
The 5G core network supports various services with low latency, large
capacity, and high speed. The core network forwarding plane further
simplifies the sinking, and at the same time moves the business
storage and computing capabilities from the network center down to
the network edge to support high traffic and low time delay business
requirements, and realize flexible and balanced traffic load
scheduling function.
Main features and advantages:
Tang, et al. Expires 6 May 2021 [Page 19]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
The 5G network is a new type of network based on the separation of
control and forwarding. It improves the overall access performance
of the access network in complex 5G-oriented scenarios, simplifies
the core network structure, provides flexible and efficient control
forwarding functions, supports high intelligence operation, opens
network capabilities, and improves the overall service level of the
entire network.
The separation of the control plane and the forwarding plane makes
the network architecture flatter, and the gateway device can be
deployed in a distributed manner, thereby effectively reducing the
service transmission delay.
Diversified business scenarios have diverse performance requirements
and functional requirements for 5G networks. The 5G network has the
ability to adapt to business scenarios, and provides appropriate
network control functions and performance guarantees for each 5G
business scenario to achieve the goal of on-demand networking.
Applicable scene: 5G provides a more reliable, more open, and on-
demand network for IIoT. The 5G network will better support the
large-traffic services that are gradually emerging in the industrial
Internet, such as virtual factories and high-definition video remote
maintenance. The 5G network also supports a large number of
equipment monitoring inside and outside the factory, such as remote
monitoring and control of various device, remote control of wireless
video surveillance, remote monitoring and reporting of environmental
parameters and control machinery data, to meet the needs of the IIoT
applications.
5. Information Model
Information model is a method used to define information
representation, standardize data generated in industrial production,
and facilitate communication between different devices and different
applications. The information model should clarify three levels of
content: (1) define which objects and the data contained in the
objects; (2) how to organize these objects and data; (3) how to
define the data format. The information of each device in the
digital factory includes various parameters of the device itself,
runtime data and data composition of the components in the device.
This information is the object to be modeled.
The device information model can be divided into: static attribute
set, dynamic attribute set and component assembly set. The data in a
device is defined by attributes, and the collection of all
information data contained in the device is called its attribute set.
In the information model, information data is divided into static and
Tang, et al. Expires 6 May 2021 [Page 20]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
dynamic. Static information represents information data that does
not change or changes slowly after definition. In the device, it is
mainly manifested as asset identification, order data, etc., such as
material coding, processing device number, etc.; and dynamic
information represents data that is generated, disappeared or changed
in real time with the production process, generally device status
data, part production process record data, such as working status,
part processing size, logistics information, start and completion
time and many more. According to the static and dynamic nature of
information data, attributes are divided into static attributes and
process attributes. Static attributes form a static attribute set,
and process attributes form a process attribute set.
Each attribute set contains attribute data of several information
objects. Information objects are described by attributes, and
attributes are composed of attribute elements. This defines the
hierarchical structure of the information model as shown in Figure 6.
The elements of information model are explained from small to large
as follows in Figure 6.
Attribute elements: the basic elements that make up attributes, the
basic units of attributes, such as attribute identification, name,
data type, etc.
Attribute: the data describing the nature and characteristics of an
object. Each attribute consists of multiple attribute elements, but
not every attribute contains all attribute elements.
Information object: A body of information in the factory domain that
describes a general, real, or abstract entity that can be
conceptualized as a whole. Examples of information objects are the
spindle of a machine tool, the processing route of a certain part,
and the receipt of a certain material. The information object
completes its digital definition and digital description through its
attributes.
Tang, et al. Expires 6 May 2021 [Page 21]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
___________________
|Device information |
| model |
|___________________|
| ______________________ ____________________ __________
+----| Static attribute set |---| Information object |---| Attribute|
| |______________________| |____________________| |__________|
| ______________________ ____________________ __________
+----|Process attribute set |---| Information object |---| Attribute|
| |______________________| |____________________| |__________|
| ______________________ ____________________ ______________________
+----| Component set |---| Component |-+-| Static attribute set |
|______________________| |____________________| | |______________________|
| ______________________
+-| Process attribute set|
| |______________________|
| ______________________
+-| Component set |
|______________________|
Figure 6: Information Model
Attribute set: A collection of a series of attributes. The attribute
set can be composed of sub-attribute sets or the attributes of
several information objects. According to the static and dynamic
nature of information, the attribute set is divided into static
attribute set and process attribute set.
Component: a physical object or logical object, which is a physical
or logical part of the upper-level object, and its characteristics
are described by the attribute set. Components can be nested,
components can have their own subcomponents, and all subcomponents of
the same object form a component set.
The device information model is an expandable tree structure that
allows nesting between attribute sets and components. In the above
definition, the attribute set and the component set are abstract
structural elements that constitute the description of the factory
information model. They are not a mapping of an actual object and do
not contain actual content. They are only used for the framework and
level of the organization model.
The device information model defined above is only an abstract
framework. When modeling the information in the actual device and
developing functions based on the information model, the actual
device and function need to be based on the category and semantics of
the frame. Various information model elements are filled to form an
information model object with practical meaning. This process is
Tang, et al. Expires 6 May 2021 [Page 22]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
called the instantiation of the information model. When the
information model is implemented, it needs to be based on the
specific description method and communication mechanism to realize
the organization and storage of the instantiated information model.
This section provides an information model implementation scheme
based on the OPC UA protocol, as shown in Figure 7.
According to various information in the actual device, use the device
information model to model, and use the OPC UA model generator to
generate the corresponding XML file according to the established
information model, and put it in the process model of the OPC UA
server. The process model can obtain real-time data of the physical
device through the data access module, save and update the value of
the corresponding attribute in the information model.
The information model can be displayed through the address space of
the OPC UA server, and the OPC UA client accesses the address space
of the server to obtain the data and information defined by the
information model. When the OPC UA client accesses or modifies the
attribute information defined in the information model to the server,
the UA service will access or modify the corresponding attribute
information in the process model and return the result to the OPC UA
client.
____________________________________________________________________
| |
___________________ | _____________ _______________ ______________ | _________________
| OPC UA Client | | | UA Server | | Process Model | | Data Access | | | Physical Device |
| |<---|--->| |<---->| |<--->| Module |<----|---->| |
|___________________| | |_____________| |_______________| |______________| | |_________________|
| |
| OPC UA Server |
|____________________________________________________________________|
Figure 7: Information model realization scheme based on OPC UA
protocol
6. Security Challenges and Recommendations
With the rapid development of sensor networks, cloud computing,
artificial intelligence, and 5g technologies, the number of network
devices in the future will rise sharply, and the corresponding market
scale will also become larger, which will also cause corresponding
security problems. Information leakage, virus proliferation, and
even the destruction of public infrastructure, such as the impact of
the national grid, communication equipment, servers, etc., before
that, the security of IIoT has not attracted much attention, and the
leakage of data collected by medical device has aroused widespread
Tang, et al. Expires 6 May 2021 [Page 23]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
discussion in today's Internet era. People are becoming more aware
of the importance of data security. With the recent extensive
national-level management and control, more attention has been paid
to the security of IIoT. It has also received attention from
relevant agencies and enterprises in various countries. Regardless
of life or technology, IIoT security will become a problem that must
be solved for future development.
The current IIoT architecture is roughly based on the classic three-
tier model, which is essentially logically divided into: sensing,
transport, and application.
6.1. Sensing Security
The sensing layer is to realize the sense and collection of data in
the physical world, use sensors, cameras, RFID and other smart
devices to realize data collection, and realize the secure
transmission of data through limited networks and wireless networks.
Its key technologies are RFID technology and sensor networks. The
IIoT sense front-end is responsible for real-time detection and
collection of data, and uploads it to the cloud data center for
processing through the transmission network, while the presenter of
the sense terminal is vulnerable to various security issues such as
virus intrusion, information leakage, tampering, etc. Therefore, for
weak terminals with limited cost and performance, two-way
authentication, encrypted transmission, and remote upgrade
capabilities should be met. Terminals with strong resource
performance should meet stronger security capabilities, such as
security certificate management, antivirus, and intrusion detection.
For smart factory application scenarios, there are low latency
requirements and fast response to services. Therefore, it is
necessary to design efficient and lightweight security algorithms to
deal with security threats, such as PRESENT block ciphers [PRESENT],
DES lightweight ciphers, KATAN/KTANTAN lightweight ciphers [KATAN],
and LBlock [Lblock] have all provided Different solutions.
6.2. Transport Layer Security
Consistent with the security requirements of the sensing layer, the
task implemented by the transport layer is to re-responsibly transfer
the data of the sensing layer to the application layer for
processing. It also requires the transmission network and
communication protocol, and the network node has been attacked by the
network (such as man-in-the-middle, and counterfeit attacks), causing
node paralysis, which may further cause the leakage of communication
keys and affect the security of the entire network. At the same
time, a large number of nodes and data can easily cause network
congestion and cause denial of service attacks, which will also
Tang, et al. Expires 6 May 2021 [Page 24]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
affect the transmission layer. Security puts forward higher
requirements. Due to the need for communication between networks
with different architectures in the transport layer, it is necessary
to face security issues such as cross-network authentication, key
negotiation, data confidentiality and integrity protection of
heterogeneous networks. There are some confrontational security
technologies, homomorphic encryption technology, secure multi-party
technology, and anonymization technology.
6.3. Appliacation Layer Security
The application layer is the logical highest layer of the
architecture. The tasks implemented in it are very many and complex,
and the number of application categories is also different, such as
monitoring services, smart grid, industrial control, green
agriculture, etc. The application layer needs to process effectively
the data from transport layer. Taking into account the huge data and
network node calculations of IIoT, huge storage and computing
capabilities are required, and the use of cloud computing technology
can carry these tasks at a significant cost-effectiveness. The
current architecture is based on cloud computing, and cloud platforms
realize applications. The processing response of business logic
emphasizes the combination of IIoT and cloud computing. Therefore,
there are also cloud computing and cloud platform security issues,
including platform data storage, exchange, processing and other
security issues, as well as data security and interaction issues
arising from the integration of different platforms. At present, the
cloud platform uses WAF, firewall, and HIDS. To a certain extent, it
has played a role in data protection, but further security technical
support is still needed. The distributed structure based on edge
computing can share the computing pressure, decrease response time,
and to a certain extent limit security risks to a certain area.
Reduce the security risk of the core network, so the application of
edge computing will be a good opportunity. The cloud intelligent
platform can deal with huge data. It is easy to have many abnormal
data and abnormal behaviors. It is not easy to detect and exclude.
Security has a strong impact, and the use of various emerging
technologies such as data mining, machine learning, AI, etc. to
analyze data can further detect data anomalies and improve data
security. At the application level, it is relevant in many large
enterprises those applications all collect a large amount of private
data, such as health status, purchase behavior, travel routes, group
contact, value orientation, etc., which also generate data privacy
protection problems. Therefore, scholars have proposed homomorphic
encryption algorithms. Blockchain also provides a new solution for
this. For example, blockchain can realize an anonymous sharing
method of IIoT devices [permissioned-blockchains]. Blockchain is
widely used in the field of IIoT, which can effectively improve the
Tang, et al. Expires 6 May 2021 [Page 25]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
lack of the traditional centralized data storage mode of IIoT. The
full nodes of the blockchain network record complete data information
to jointly maintain the data security of the IIoT device and reduce
the traditional cost of maintaining a centralized database for the
application of IIoT. The tamper-proof modification of the
blockchain, the timing guarantee the security and traceability of the
data of the entire network node, the use of block chain technology
can ensure data privacy and security.
6.4. IIoT Security Solutions
Combining the security issues of the IIoT architecture, summarize the
existing security issues and corresponding solutions, mainly
including device protection, device identification, authentication
mechanisms, secure communication mechanisms, data privacy protection,
anomaly detection and intrusion detection security status, the
corresponding solutions are as follows As shown in the Figure 8.
+---------------------------------+---------------------------------------------+
| Security problem | Solutions |
+---------------------------------+---------------------------------------------+
| Device protection | Lightweight data encryption algorithm |
| | |
| Device identification and | RFID, blockchain |
| authentication mechanism | |
| | |
| Secure communication mechanism | Edge computing, converged gateways, routing |
| | protocols, Homomorphic encryption algorithm |
| | |
| Data privacy protection | Blockchain, encryption algorithm, cloud |
| | computing |
| | |
| Anomaly detection and | Machine learning, data mining |
| intrusion prevention | |
+---------------------------------+---------------------------------------------+
Figure 8: Security problems and solutions
7. Informative References
[smart-factory]
Chen, B., Wan, J., and S. Lei, "Smart factory of industry
4.0: key technologies, application case, and challenges",
2017.
Tang, et al. Expires 6 May 2021 [Page 26]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
[iiot-5g] Cheng, J., Li, D., and W. Chen, "Industrial IoT in 5G
environment towards smart manufacturing", 2018.
[tsn] DetNet Data Plane: IP over IEEE 802.1 Time Sensitive
Networking, detnet., "https://tools.ietf.org/html/draft-
ietf-detnet-ip-over-tsn-03", 2020.
[I-D.ietf-6lowpan-usecases]
Design and Application Spaces for 6LoWPANs, ipv6.,
"https://tools.ietf.org/html/draft-ietf-6lowpan-usecases-
10", 2012.
[edge-computing]
Mach, P. and Z. Becvar, "Mobile edge computing: a survey
on architecture and computation offloading", 2017.
[I-D.ietf-core-coap-pubsub]
Publish-Subscribe Broker for the Constrained Application
Protocol, pubsub., "https://tools.ietf.org/html/draft-
ietf-core-coap-pubsub-09", 2020.
[PRESENT] Bogdanov, A., Knudsen, L., and G. Leander, "PRESENT: An
Ultra-Lightweight Block Cipher. Cryptographic Hardware and
Embedded Systems", 2007.
[KATAN] Canniere, C. and O. Dunkelman, "KATAN and KTANTAN -- A
Family of Small and Efficient Hardware-Oriented Block
Ciphers", 2009.
[Lblock] Wu, W. and Lei. Zhang, "Lblock: a lightweight block
cipher", 2011.
[permissioned-blockchains]
Hardjono, T., "Cloud-Based Commissioning of Constrained
Devices using Permissioned Blockchains", 2016.
Authors' Addresses
Chaowei Tang
Chongqing University
No.174 Shazheng Street, Shapingba District
Chongqing
400044
China
Email: cwtang@cqu.edu.cn
Tang, et al. Expires 6 May 2021 [Page 27]
Internet-Draft IPv6 and 5G based Architecture for IIoT November 2020
Haotian Wen
Chongqing University
No.174 Shazheng Street, Shapingba District
Chongqing
400044
China
Email: wenhaotianrye@foxmail.com
Shuai Ruan
Chongqing University
No.174 Shazheng Street, Shapingba District
Chongqing
400044
China
Email: rs@cqu.edu.cn
Baojin Huang
Chongqing University
No.174 Shazheng Street, Shapingba District
Chongqing
400044
China
Email: baojin-huang@foxmail.com
Xinxin Feng
Chongqing University
No.174 Shazheng Street, Shapingba District
Chongqing
400044
China
Email: xxfeng@cqu.edu.cn
Tang, et al. Expires 6 May 2021 [Page 28]