Networking Daemon

Purpose

The function of the networking daemon is to route packet-level communications from the lower level controllers up to the controls applications, and to do so transparently so that neither the controllers nor applications need to be reconfigured to handle the dynamic switchover.

How It Works

The core of the networking daemon is a process that routes TCP communications to and from lower-level devices (PLCs, RTUs, etc.) to primary and “clone” systems. More sophisticated failover cases and dynamic switchover triggers (e.g. for patching) are handled by a webserver, which takes incoming requests from the orchestrator to change the system from primary to clone mode.

This core process is built on a combination of a standard proxy application (currently nginx, though our beta builds are beginning to test HAProxy and we have deployed Apache systems in the past) and a Go webserver to handle reconfiguration of this system when the system changes state.

Non-TCP communications are handled with utilities that convert between the binary inflow of data from non-TCP sources into TCP packets in transit. We are currently using Socat for socket-level modifications and LT2Pv3 for encapsulation of layer 2 communications.

The networking daemon also holds health checkers that evaluate whether the primary service is correctly running or not, similar to Kubernetes sidecar services. These health checkers use several mechanisms, ranging from heartbeat analysis to URL pings and response time recording.