Solutions

OT Software-Defined Networking

Improve network security, situational awareness, and reliability with OT SDN.

What Is OT SDN?

OT SDN, or operational technology software-defined networking, is a protection-class Ethernet network solution for critical infrastructure.

Purpose-engineered technology forms the backbone of critical infrastructure systems. These systems must perform specific tasks accurately and precisely—without fail.  

The system’s Ethernet network must be designed to the same rigorous standard as the technology it supports. That’s why SEL developed OT SDN—to give you the ability to engineer the behavior and content of your critical infrastructure network.

OT SDN is a networking solution that is purpose-engineered to meet the specific demands of IEC 61850 and cyber-sensitive facility-related control systems. It unlocks the previously closed, restricted networking behavior of legacy solutions and delivers improved security, situational awareness, reliability, and performance.   

OT SDN also reduces a system’s total cost of ownership. Legacy technology requires owners to invest significant time manipulating the closed, fixed behavior of their networks, increasing the complexity in system testing and upkeep. With OT SDN, owners have direct control over the operation of and the content that is forwarded on the network. They also have the confidence the network will operate exactly as intended at all times—regardless of traffic or devices attempting to connect—resulting in secure, simple, and reliable networks.

Ethernet is quickly becoming the leading communications protocol in power systems throughout the world—both in terms of what is currently being deployed and what is being modeled for systems of the future.

Meanwhile, the standards community has launched hundreds of efforts focused on how to modify legacy Ethernet technology to meet the industry’s changing needs. For system owners with legacy technology, these evolving standards will lead to extensive change management in the future.

In contrast, OT SDN offers simplicity. With fully programmable control and data planes, you no longer have to wait for standards and suppliers to be updated to deliver the desired behavior—you now have direct programmable control. It also eliminates long-term change management while offering a level of security and performance that can only be found in a solution that was intended for critical infrastructure from the start.

OT SDN Benefits

The SEL OT SDN solution prioritizes network security, situational awareness, reliability, and high-speed performance for critical applications. OT SDN also simplifies data collection for NERC CIP compliance and can help you prepare for the proposed NERC CIP internal network security monitoring (INSM) standards.

OT SDN is foundational to the SEL approach to cybersecurity, particularly the idea of zero trust (removing implicit trust). OT SDN deny-by-default technology offers the strongest option for designing a network that aligns with a zero-trust architecture strategy.

With a deny-by-default architecture, no conversations happen on the network that the system owner has not authorized. Instead, the system owner pre-programs all primary and backup communications paths using the SEL-5056 Flow Controller.

This allows vulnerable legacy technology to be removed from managed Ethernet switches’ control plane. This eliminates network vulnerabilities to MAC spoofing, Bridge Protocol Data Unit (BDPU) attacks, or flooding attacks.

Any unauthorized packets that attempt to access an OT SDN network are identified and denied access to the network by default. The system owner may also choose to forward these packets to an intrusion detection system (IDS). OT SDN makes IDS integration simpler and more cost-effective.

As a testament to its cybersecurity, OT SDN is certified onto the Department of Defense Information Network (DoDIN) Approved Products List (APL).

How Does Deny-by-Default Technology Work?

OT SDN uses flow match rules to approve network flows. The ingressing packets are matched against the ingress port, Ethernet source or destination MAC address, Ethertype, VLAN identifier, IP source or destination address, and so on. Then, the owner defines actions for ingressing messages that match the various criteria. Finally, a set of counters is used to monitor the ingress and egress of traffic and the overall network health.

From our knowledge base

Learn & Lock Features of SEL-5056

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

SDN Commissioning

1 of 4
  • Learn & Lock Features of SEL-5056

  • Commission and User Creation with the SEL-5056 Flow Controller

  • Adopt SEL-2740S Using the SEL-5056 Flow Controller

  • Adopt Hosts using the SEL-5056 Flow Controller

SEL-5056 SDN Quick Start

In this video, we go over how to set up a small network using the SEL-5056 Software-Defined Network Flow Controller.

SDN Communication Setup

1 of 6
  • SEL-5056 SDN Quick Start

  • SEL-5056 Logical Connections Part 1- CSTs and Logical Connection Definitions

  • SEL-5056 Logical Connections Part 2- Creating CSTs

  • SEL-5056 Logical Connections Part 3- Creating Unicast Logical Connections

  • SEL-5056 Logical Connections Part 4- Creating Multicast Logical Connections

  • Enabling SEL Relay Failover Mode with the SEL-5056 Flow Controller

Backing Up and Restoring SEL-5056 Databases

SDN Management and Troubleshooting

1 of 1
  • Backing Up and Restoring SEL-5056 Databases

Your first look into the all new flow controller—coming soon

SEL-5056 Version 3.0 Release Videos

1 of 1
  • Your first look into the all new flow controller—coming soon

Our Services

SEL is your partner in implementing OT SDN and tailoring the solution to your priorities and requirements. Depending on your needs, we can deliver a turnkey solution or assist you with specific stages of your project, such as cybersecurity evaluations, OT SDN network engineering, and system testing. We support greenfield installations or existing network migrations.

With every project, we prioritize the system owner’s self-sufficiency at the handover stage. SEL will ensure your team has the training and information needed to independently maintain your OT SDN network or make changes to it in the future.

Our Support

We believe you should never have to worry about whether your protection and control systems will be working when you need them most. SEL products are designed and manufactured for the world’s most challenging environments, exceeding all industry standards for temperature, shock, and electric stress, which has led to one of the highest MTBF ratings in the industry.

However, sometimes the unexpected happens. That’s why you always have access to SEL engineers—and every device we manufacture comes with a ten-year warranty and no-cost technical support.

After your systems are commissioned, our application engineers provide technical support for SEL products at no cost.

As long as your SEL products remain in service, you have access to direct technical support from SEL engineers—not just a handful of customer-facing product engineers, but a large corps of application engineers who are intimately familiar with the way our devices are deployed and the functions they typically perform in the field.

No matter how often you need to call or how long your SEL products have been in service, our customer service and technical support professionals are ready to help.

Customer support staff and application engineers are stationed in regional offices across North America and around the world.

Find your local office 

SDN News

Get the latest updates about OT SDN enhancements, options, and applications.
Subscribe to SDN News

Training

SELU Course SYS 407: Software-Defined NetworksStudents will learn how to engineer networks using OT SDN to enhance the cybersecurity, situational awareness, and performance of OT networks. This hands-on course uses SDN to engineer a network supporting a motor protection system with dual sources, teaching how to design, configure, test, troubleshoot, and validate an SDN network.

Questions? Contact Us!

If you have any questions about SEL products, services, solutions, or support, please contact us. Our service and support professionals are ready to provide the answers you need.

Unbeatable Support

SEL support teams are stationed in regional offices around the world and staffed with application engineers who are experts in our products and in power system applications.

Technical support for SEL-manufactured devices is always free. No matter how often you need to call or how long your SEL products have been in service, you’ll reach an SEL expert who can provide the service and support you need.

Our cybersecurity team is always ready with the information and resources needed to keep your OT networks and critical systems secure and working effectively. Cyber services support contracts can include incident response, audits, system hardening, and more, depending on your anticipated needs.

More about SEL warranty and support