Current Security Vulnerabilities in Control Systems
February 20th, 2009
EtherChannel is a technology used for port trunking (or “link aggregation” as Cisco calls it). It is used mostly in Cisco switches. The technology allows physical Ethernet ports to be grouped, forming one logical port/ connection. With that, only one connection is seen with the same MAC and IP address being shared, regardless of application(s) or user(s).
This is useful as a failsafe measure in the event that a link or several links are down makes it great for mission-critical applications — the technology redistributes traffic across the remaining active links with total transparency and speed. Distribution of loads across ports is based on Cisco’s proprietary algorithm which is calculated on the source/ destination IP, MAC and TCP/UDP port numbers.
EtherChannel is normally used within a network backbone rather than direct connections with end user devices/ machines. Connecting up end user devices would require the NIC / adapter of that particular device to be EtherChannel compatible. As of today, I don’t believe there is any PLC or embedded end user manufacturing/ control system device supporting EtherChannel, but that may change if the demand arises.
The maximum active number of ports that you can use with EtherChannel is eight (min. is two), regardless of the type of cable or whether it is Fast Ethernet, Gigabit Ethernet or 10 Gigabit Ethernet; with another one to eight ports acting as failover ports. The bandwidth is directly proportional to the ports and speed you use e.g. 5 ports running EtherChannel would give you 500 Mbit/s, 5 Gbit/s or 5 Gbit/s at Fast Ethernet, Gigabit Ethernet and 10 Gigabit Ethernet speeds respectively. This makes it very scalable as your traffic grows — a huge benefit.
When using EtherChannel, three things must apply:
1) All ports must be set to the same speed throughout
2) All links must comply with the IEEE 802.3 standard
3) All connected devices must support EtherChannel as well
One may argue the fact of why you would want to use EtherChannel when STP (Spanning Tree Protocol) is available. The answer would be that STP essentially limits the multiuse of links between switches and sends packets down one path at a time i.e. STP shuts down the extra redundant links. The use of EtherChannel allows the use of all available links between two devices at all times. You can use STP with EtherChannel to have a loop free topology and to prevent flooding of a network.
With all the good things being said, there is a drawback … EtherChannel is only limited to devices that support the proprietary technology. Therefore, you are bound by certain device manufacturers (mainly Cisco and Intel*). IEEE does have a similar open standard equivalent called IEEE 802.3AX (formerly IEEE 802.3ad).
*Intel has the capability to implement either the EtherChannel or IEEE 802AX within their Intel® PRO/100, PRO/1000, PRO/10GbE, Gigabit, and 10 Gigabit server adapters.
