About the Radio | 35
Aprisa SRx User Manual 1.3.0
Avoiding Narrow Band Radio Traffic Overloading
The Aprisa SR supports mechanisms to prevent narrowband radio network overload:
1.
L3/L4 Filtering
The L3 filtering can be used to block undesired traffic from being transferred on the narrow band channel,
occupying the channel and risking the SCADA critical traffic. L3/4 filtering has the ability to block a known
IP address and applications using TCP/IP or UDP/IP protocols with multiple filtering rules. The L3 (/L4)
filter can block/forward (discard/process) a specific IP address and a range of IP addresses. Each IP
addressing filtering rule set can also be set to filter a L4 TCP or UDP port/s which in most cases relates to
specific applications as per IANA official and unofficial well-known ports. For example, filter and block E-
mail SMTP or TFTP protocol as undesired traffic over the SCADA network. The user can block a specific or
range of IP port addresses, examples SMTP (Simple Mail Transfer Protocol) TCP port 25 or TFTP (Simple
Trivial File Transfer Protocol) UDP port 69.
2.
L2 Address Filtering
L2 Filtering (Bridge Mode) provides the ability to filter radio link traffic based on specified Layer 2 MAC
addresses. Destination MAC (DA) addresses and a Source MAC (SA) addresses and protocol type (ARP, VLAN,
IPv4, IPv6 or Any type) that meet the filtering criteria will be transmitted over the radio link. Traffic that
does not meet the filtering criteria will not be transmitted over the radio link.
3.
L2 Port VLANs Ingress Filtering and QoS
Double VLAN (Bridge Mode)
Double VLAN is used to distinguish/segregate between different radio sub-networks (Base-repeaters-
remotes). Traffic with double VLANs which are not destined to a specific sub-network will be discarded on
the ingress of the radio sub-network, avoiding the overload of the radio sub-network.
Single VLAN (Bridge Mode)
Single VLAN is used to distinguish/segregate between different traffic types assigned by the user in its
industrial corporate LAN. In order to avoid the overload of the radio network, traffic with single VLANs
which are not destined to a specific radio network will be discarded on the Ethernet ingress port of the
radio network. All single VLANs which set and are eligible will be transmitted over the radio link.
QoS using 802.1p priority bits (Bridge Mode)
The priority bits can be used in the VLAN tagged frames to prioritized critical mission SCADA traffic and
ensure SCADA traffic transmission relative to any other unimportant traffic. In this case, traffic based on
VLAN priority (priority 0 to 7) enters one of the four priority queues of the Aprisa SR (Very High, High,
Medium and Low). Traffic leaves the queues (to the radio network) from highest priority to lowest in a
strict priority fashion.
4.
Ethernet port QoS
The Aprisa SR supports ‘Ethernet Per Port Prioritization’. Each Ethernet port can be assigned a priority and
traffic shall be prioritized accordingly. This is quite useful in networks where customers do not use VLANs
or cannot use 802.1p prioritization.