The world of industrial automation is undergoing a profound transformation, driven by the need for greater agility, efficiency, and reliability. Traditional operational technology (OT) environments, often characterized by rigid, proprietary hardware, are evolving towards more flexible, software-defined architectures. Broadcom is at the forefront of this transformation. With this previous announcement showcasing how Broadcom supported Audi in delivering next-generation factory automation using VMware Cloud Foundation (VCF), we want to highlight the critical role VCF Networking plays in Audi’s modernization journey.
As part of Audi’s Edge Cloud for Production initiative, a key use case involves virtualizing the physical PLCs that control critical factory floor operations, such as robotic car assembly. The goal is to virtualize the PLCs and run them as VMs or containers – managed like modern IT workloads from Audi’s private cloud. Powering this transformation is the Industrial vSwitch (IvS), introduced in VCF 9.0. Developed in collaboration with industrial automation experts, IvS brings virtualization to the factory floor by enabling near real-time communication between vPLCs and I/O devices.
What Is The Industrial vSwitch?
The Industrial vSwitch (IvS) is a purpose built feature within NSX that functions like a distributed network switch for industrial networks. Its primary purpose is to facilitate real-time PROFINET communication across layer 2 networks between devices that require sub-millisecond latency. This enables the seamless forwarding of critical PROFINET traffic between virtual Programmable Logic Controllers (vPLCs) deployed within VCF and physical IO devices located on the shopfloor.
Built on the foundation of NSX Enhanced Datapath (EDP), the IvS is designed to meet the stringent demands of industrial control systems, which require low latency, bounded jitter, and deterministic network attributes. Industrial automation demands hypervisor latency in the range of hundreds of microseconds to meet real-time performance requirements.
Key Functionalities
The key functionalities of the Industrial vSwitch include:
- PROFINET Support:
- It supports PROFINET Discovery and Configuration Protocol (DCP), which is essential for device discovery, network configuration, and management of the vPLC and IO devices connected to a PROFINET network.
- The IvS handles VLAN tagging/untagging of PROFINET Ethernet frames and maintains the Class of Service for both Real-time (RT) and Non-Real-time (NRT) PROFINET traffic.
- It achieves latency optimization and minimizes jitter for PROFINET traffic by leveraging the NSX Enhanced Datapath (EDP) Dedicated mode, which uses CPU poll mode to enable high performance packet processing.
- Parallel Redundancy Protocol (PRP) Support:
- IvS supports PRP RedBox mode. Enable it to connect vPLC VMs in a VCF workload domain to two independent networks for high availability.
- It sends PRP Supervision frames on behalf of vPLCs and continuously monitors both LAN networks for health.
- The IvS participates in PRP networks, ensuring interoperability with other PRP-capable devices and managing the PRP Node Table and VDAN Table.
- Packet Latency Measurement:
- The IvS provides packet-level latency monitoring within ESX, tracking unidirectional latency between each VM’s vNIC and the host uplink, with alerting on threshold violations.
Why Now? The Drive for Software-Defined Manufacturing
The motivation behind the Industrial vSwitch is clear – manufacturers need to virtualize their OT operations and modernize their shop floors to become more agile and competitive. The key component and the brain of the operation in these modern shop floors is the programmable logic controller (PLC). By virtualizing PLCs on the shop floor over a highly available network, the IvS enables:
- Greater flexibility and agility in industrial operations
- New functionalities provided to the factory in software with faster updates and upgrades
- Significantly reduced recovery times in the event of PLC failures, with higher reliability than hardware-based PLCs
- Centralize management and operations.
- Standardization of application and software stacks, improving security and lifecycle management across both on-premises and remote environments
- Consolidation of multiple PLCs per host – supporting up to 12 vPLCs per system
- Maximum redundancy with zero failover time for uninterrupted operation
Architecture and Prerequisites
Deploying the Industrial vSwitch requires specific Broadcom products and careful consideration of compatibility with network infrastructure and the industrial automation partner ecosystem:
- Software Prerequisites:
- VMware Cloud Foundation 9.0 with updated NSX
- VCF workload domain hosts configured with Industrial vSwitch
- Network Interface Card (NIC) Prerequisites:
- NICs configured as uplinks for the Industrial vSwitch must be compatible with NSX Enhanced Datapath – Dedicated.
- Tested and validated NICs include the NVIDIA Mellanox ConnectX-6 Ethernet Network Interface Card
- vPLC Software Compatibility: The IvS was tested with Siemens AG’s software suite, including TIA Portal v20 and SIMATIC S7-1500V. As well as CodeSys IDE and Control VM.
- PRP Compatibility: The PRP Redbox functionality of the IvS has been validated with industrial Ethernet switches including the Cisco IE3400 and Siemens Scalance switch.
The architecture comprises vPLCs and the IvS deployed within a VCF workload domain, forming a dedicated workload cluster that serves as the control layer for factory floor operations. This solution integrates seamlessly with existing industrial fieldbus systems. Replacing traditional hardware PLCs, the vPLCs running on VCF interface with shop floor I/O devices via Industrial Ethernet protocols such as PROFINET. Striving for zero downtime, the solution deploys Parallel Redundancy Protocol connected to two network fabrics LAN-A and LAN-B.
Sample Design and Deployment
This diagram illustrates an example deployment based on this design, in which these architectural components enable a highly resilient end-to-end network for PLC applications:
- Deploy vPLC VMs in the VCF 9 workload domain and assign each vPLC to its own dedicated NSX VLAN segment that reaches its robot cell on the shop floor.
- IvS connects to both LAN-A and LAN-B through its built-in PRP interface and establishes PRP channels with the PRP-capable switches at each robot cell.
- Replicate vPLC‑to‑I/O traffic across both LANs for high availability and to meet defined communication timeout thresholds.
- Configure the shop‑floor switches at the robot cells as PRP Redboxes to deliver fault‑tolerant connectivity between fieldbus devices (robots, etc.) and the vPLCs.
- Deploy core infrastructure services – NSX Manager, vCenter, and other VCF appliances – in the VCF Management domain.
How Does It Work?
The IvS is purpose-built to meet the unique operational demands of the vPLC use case, which requires a real-time capable virtualization platform, a real-time capable virtual switch with bounded latency and jitter, resiliency against network failures, and PROFISAFE integration for human safety. In this use case, real-time compute and virtualization are addressed through the advanced compute capabilities of ESX, and the networking needs are fulfilled by the Industrial vSwitch and its built-in support for PRP. PROFISAFE integration was achieved through close collaboration with PLC vendors as part of the overall solution design.
Here’s how to configure the Industrial vSwitch in VCF 9.
Step 1: Create the IvS in vCenter
The first step in enabling the Industrial vSwitch is to create the vSwitch in vCenter, and then configure the host uplinks for LAN annotations if PRP will be enabled.
Step 2: Onboard the vSwitch in NSX
Onboard the vSwitch in NSX as part of a Transport Node Profile and configure PROFINET, PRP, and other real-time configuration settings.
Step 3: Create the IvS Segment Profile and VLAN Segments
Create an IvS Segment Profile to be used on any segment designated for vPLC deployment. Configure PRP and enable Latency Measurement accordingly.
Next, configure the NSX VLAN segments to match the VLANs used by the vPLC and I/O devices. Then assign the IvS Segment Profile to the segment to apply the configurations on a per-VLAN basis.
Step 4: Deploy the vPLC virtual machine
Deploy the vPLC VM with its interface connected to the IvS. The vNIC settings Strict Latency and Latency Measurement will configure the appropriate interface settings. Specifically, the Latency Measurement configuration should match the segment profile. It will enable TX and RX latency measurements for packets forwarded between the vNIC and the host uplinks.
Once configured, IvS continuously monitors packet latency per vPLC vNIC to ensure deterministic performance and bounded jitter. The system tracks the maximum latency per vNIC and triggers an alert if it exceeds the predefined threshold. Here’s a sample output from one interface showing the worse case latency (maxLatency field) observed over 400M samples. The maximum TX latency was 108 microseconds and the maximum RX latency was 67 microseconds.
With the core Industrial vSwitch configuration completed, you can now commission and program any additional vPLC VMs connected to the Industrial vSwitch through the engineering IDE. For optimal performance, refer to our official documentation for advanced tuning guidance – such as optimizing host BIOS settings and ensuring correct NUMA alignment.
Looking Ahead
The Industrial vSwitch in VCF 9 marks a major step forward in extending software-defined infrastructure into the demanding, real-time environment of industrial automation. Supporting high-performance and highly available network communication for virtualized controllers, the IvS provides a solid foundation for building more agile, efficient, and resilient factory operations of the future.
Looking ahead, we plan to add additional fieldbus protocol support, expand collaboration with technology partners, and keep strengthening the platform for OT use cases.
Resources
Discover more from VMware Cloud Foundation (VCF) Blog
Subscribe to get the latest posts sent to your email.
