Network Address Translation (NAT) is a widely-used Layer 3 technology in which one or more local or “private” IP addresses are translated into one or more Global or “public” IP addresses in order to provide Internet access to the local hosts.

Compared to NAT applications in residential or commercial networks, NAT in Industrial Automation and Control Systems (IACS) is more varied and complex, although the overall concept remains the same.

In IACS, NAT is primarily about gaining access to information buried within a system outside your own. Consider a situation where a higher-level network outside the plant, for instance, the IT department, needs to access data located on a separate lower-level network or subnet in the OT department, consisting of a 12-port industrial Ethernet switch connecting PLCs, motor drives, IP cameras, and I/O devices. For the purpose of illustration, also assume there is a preventive maintenance application on a PC in the IT department.

This industrial application is seeking data such as heat, energy, and cycle times from a motor drive to predict its future maintenance needs. Since the two networks are on different addresses, however, the IT department PC is prevented from “talking” to the motor drive.

In this situation, an industrial NAT router can be deployed to assign a new IPv4 public address solely for the PC’s messages. Keep in mind this new address is not the private IP address of the PC itself.

When a data packet is sent from the PC, the NAT knows to convert it to the motor drive’s address, therefore bridging the gap. When the motor drive responds with the requested data, the NAT subsequently converts the drive’s address back to the PC message address which in turn is sent to the PC.

Port address translation

The above describes a straightforward example of the one-to-one static NAT protocol. In IACS, the Port Address Translation (PAT) version of the dynamic NAT protocol is often required when multiple devices are involved yet only one IPv4 address is available.

So, let’s assume the same situation as above. Now, however, we need data from the motor drive as well as from three PLCs. Since we only have one IPv4 address we’ll need to assign a port number to each device’s IP address by adding a colon, i.e., 192.155.100.18 to 192.155.100.18:3 where the “3” indicates the port.

When the PC sends a message requesting information from one of the three PLCs or the drive, the NAT router reads the address and knows to send it to whatever device is assigned to port 3, although all the devices share the same IPv4 address.

For an OEM machine maker, NAT is equally valuable. NAT allows an OEM to reuse IPv4 addresses without introducing a duplicate IP address error into the network architecture.

For example, an OEM may use NAT for the replication of multiple control systems on skids and machines, including IP addressing, to help reduce development and commissioning costs. This way the end-user can have multiple machines on the same line configured with identical network settings and be able to perform remote support through a VPN connection.
Industrial strength

Like other industrial network devices, industrial NAT routers must be hardened to operate in environments where they will be subjected to extreme temperatures, heavy vibration, and electromagnetic interference. Carefully review a router’s environmental specifications before deploying it, especially in an industrial area rated as Hazardous due to the presence of explosive levels of gases, dust, or liquids.

NAT router applications

Control Rooms or Network Cabinets: Many industrial facilities have control rooms or network cabinets where networking equipment is housed. This is a common location for NAT routers, along with other networking components such as switches, firewalls, and communication gateways. The NAT router in this context would provide a gateway between the local industrial network and the external network (e.g., the Internet).

Remote Monitoring Stations: Industrial facilities might have remote monitoring stations where engineers and technicians can access and monitor industrial processes from a distance. These stations might be equipped with NAT routers to facilitate secure remote access to the industrial network.

Communication Gateways: In complex industrial systems, there are often communication gateways that connect different protocols and networks. These gateways might incorporate NAT routing functionality to manage communication between different parts of the system and the outside world.

IoT and Edge Devices: As industrial IoT devices become more prevalent, NAT routers can be integrated into edge devices to manage communication between these devices and central servers or cloud platforms. This helps ensure that IoT devices can securely send data to and receive commands from remote locations.

Robotics and Manufacturing Cells: In manufacturing environments that utilize robotic systems or individual manufacturing cells, NAT routers can be used to provide remote access for maintenance and troubleshooting, as well as to facilitate data collection and analysis.

Energy Monitoring and Control Systems: Industries like energy production and distribution might employ NAT routers to enable remote monitoring and control of power generation, distribution, and consumption.

Process Control Systems: In industries such as chemical manufacturing, food and beverage production, and pharmaceuticals, NAT routers can be used to securely access and control critical processes remotely.

Water and Wastewater Treatment Plants: Facilities responsible for water treatment and wastewater management may use NAT routers to enable remote monitoring and control of pumps, valves, sensors, and other equipment.

Mining and Extraction Operations: Industries involved in mining, oil extraction, and natural resource management can use NAT routers to establish secure connections for remote management and optimization of operations.

Transportation and Logistics: In sectors like transportation and logistics, NAT routers can be employed to enable remote tracking and management of fleets, as well as for maintaining communication with vehicles and sensors.

Remember that the specific location and implementation of NAT routers in industrial automation setups can vary greatly depending on the complexity and requirements of the system. The primary goal is to ensure secure, efficient, and reliable communication between industrial devices and external networks.

Technology report by Antaira