CODESYS - the IEC 61131-3 automation software

Welcome to the official CODESYS Forum by 3S-Smart Software Solutions GmbH | A member of the CODESYS Group
Deutsche Version English version russian version 
It is currently Tue Aug 20, 2019 8:13 am

All times are UTC+01:00




Post new topic  Reply to topic  [ 8 posts ] 
Author Message
 Post subject: Disable UDP Broadcast
PostPosted: Mon Feb 04, 2019 9:55 am 
Offline

Joined: Thu Jan 31, 2019 2:19 pm
Posts: 4
Dear Codesys community

Is it possible to disable the UDP Broadcast on the ports 1740-1743? Since they cause 50% of the whole traffic on a customer's network over UMTS and he naturally has to pay for it.
My first thought was a firewall, which is not practical and too expensive because there are several of these stations.
On my search I found the Whitepaper with a short list of Ports, where it says these ports are not reconfigurable but not entirely disableable.
So does anyone have an idea how to solve this?

German:
Ist es möglich den UDP Broadcast, auf den Ports 1740-1743, auszuschalten? Sie verursachen 50% des gesamten trafic auf dem Kundennetz, welches über UMTS angebunden ist und muss dies natürlich zahlen.
Mein erster Gedanke war eine Firewall einzubauen, was aber nicht zahlbar wäre, da es mehrere solcher Stationen gibt. Auf meiner Suche nach einer Lösung habe ich das Whitepaper gefunden mit einer Auflistung der ports, in der steht, dass genau diese Ports nicht veränderbar sind aber nicht komplet abschaltbar.
Hat Irgendwer eine Idee wie ich das Lösen könnte?


Top
   
PostPosted: Mon Feb 04, 2019 11:01 am 
Offline
Frequent User
Frequent User

Joined: Fri Feb 23, 2018 3:41 pm
Posts: 149
What protocol are you using over TCP/UDP ?
How is your network config (static, dynamic) ?

If you don't need them, you may want to disable any adressing services that may run on your plc, and switching your adressing to static mode.

Sniffing with wireshark may also give some clues about what protocol are spaming.


Top
   
PostPosted: Mon Feb 04, 2019 1:04 pm 
Offline

Joined: Thu Jan 31, 2019 2:19 pm
Posts: 4
I don't transmit anything on purpose. The PLC is searching with these packages for an active Codesys and would connect, if it found something.
There are 4 packages, sometimes 8 and are transmitted every minute. They are called UDP Runtime communication in the whitelist paper.
The Network is static.

Could I configure the PLC, so it may only connect to 1 single address for updating its program? It would expect the Codesys only at that address and wouldn't search for it via broadcast. At least in my understanding.


Top
   
PostPosted: Mon Feb 04, 2019 1:59 pm 
Offline
Frequent User
Frequent User

Joined: Fri Feb 23, 2018 3:41 pm
Posts: 149
Assuming this is a UMTS router, there's something I don't get.
If you are using a UMTS router, and broadcast is passing through the router, that would mean that the other interface of the router is on the same LAN segment, in respect of the broadcast address.

Are you trying to communicate via your UMTS router in the same subnet ? So the router would be acting as a gateway only ?
If so, this could be addressed using different subnet and configuring the right gateway setting on your PLC.


EDIT: What is the broadcast address of your UDP SPAM packet ?


Last edited by dFx on Mon Feb 04, 2019 2:39 pm, edited 1 time in total.

Top
   
PostPosted: Mon Feb 04, 2019 2:25 pm 
Offline

Joined: Thu Jan 31, 2019 2:19 pm
Posts: 4
I'm sorry i didn't specify that.
The UMTS router has a build in VPN function to another router in another building. So everything is in the same Subnet.
No Communication from the PLC is needed, but a unix system is runing in the same device and also the same physical port with 2 IPs, and communicates via IEC 60870-104.

The destination of the broadcast is 255.255.255.255.

I guess you just told me a vayable solution. I configurate the Gateway of the PLC in another subnet so the Packages won't go over the VPN router. If i would access it I'd just need to set my PC to that new subnet.
I'll try that.

Thank you for your time and help.


Top
   
PostPosted: Mon Feb 04, 2019 2:51 pm 
Offline
Frequent User
Frequent User

Joined: Fri Feb 23, 2018 3:41 pm
Posts: 149
With a broadcast address of 255.255.255.255, it targets all LAN nodes ( and will still go through your router's VPN in my mind).
If you don't manage to restrain this broadcast address, and can't apply some filters in your router, the only solution I see (appart from having support from mods like @Edwin) is placing a cheap router that will do the filtering job between your plc and router (as router discards 255.255.255.255 broadcast messages, see more in the linked page).

This may help also : https://community.cisco.com/t5/other-network-architecture/broadcast-address-and-255-255-255-255/m-p/317057/highlight/true#M116980


Top
   
PostPosted: Mon Feb 04, 2019 3:08 pm 
Offline

Joined: Thu Jan 31, 2019 2:19 pm
Posts: 4
You're right. It'd go to through.
Do you know how I could contact a mod?


Top
   
PostPosted: Mon Feb 04, 2019 3:37 pm 
Offline
Frequent User
Frequent User

Joined: Fri Feb 23, 2018 3:41 pm
Posts: 149
Try to yell them ;) (no clue how)


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 8 posts ] 

All times are UTC+01:00


Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Limited