KNXnet/IP
MECip
SECURE
- 14 -
2
KNXnet/IP
The presence of the Internet Protocol (IP) has led to the definition of the KNXnet/IP protocol.
As documented in the KNXnet/IP specifications, KNX telegrams are transmitted encapsulated
in IP packets, and Ethernet networks can be used to route and tunnel KNX telegrams.
IP routers and IP interfaces are an excellent alternative to TP line/area couplers and USB data
interfaces. KNX IP routers are similar to TP line couplers, but make use of the KNXnet/IP
communication protocol. They connect the IP communication medium to TP, instead of
connecting two TP lines. According to this, a TP backbone can completely be replaced by an
Ethernet based IP backbone. It is even possible to integrate end devices directly via IP.
2.1
IP Secure Tunneling
KNXnet/IP provides KNX connection via IP Tunneling. Such point-to-point IP Tunneling
connections usually are used to connect clients like the ETS or supervisory systems to the
KNX installation. On activation of “Secure Tunneling”, these
then called IP Secure Tunneling
connections become secured. This means the data communication of every channel is
encrypted and the possibility is offered to protect the single channels by passwords.
2.2
IP Secure Routing
Regarding KNX topology, KNX TP lines and areas can be connected by an Ethernet/IP
network, what then is called a KNX IP (backbone) line. KNX IP media couplers hereby transfer
the KNX data from TP to IP and vice versa, and are often called KNX IP routers for this reason.
For the data communication on KNX IP, or to be more exact, for the communication between
KNX IP devices, KNXnet/IP is the fundamental protocol for IP Routing. When IP Security is
active, the IP Routing specification is replaced by the IP Secure Routing specification and
KNX IP communication becomes entirely encrypted according to the security concept KNX
Secure. The KNX Secure part, that is relevant for IP, is called KNX IP Secure.
2.3
IP Firmware Update
To provide updating the firmware remotely via IP, MECip-Sec has a bootloader functionality
integrated. This function is called IP Firmware Update and can be executed in the web front-
end. The download process for rewriting the program memory content is independent from
ETS and replaces both communication stack and application software.