For the Segmented Network architecture, a segment of the IT network – a single VLAN and subnet – is allocated to the BAS network. How the network segment is used depends on customer requirements. It is common to have requirements for placing the Metasys server or a few IP controllers on the IT network. Most IP controllers will still reside in the BAS private address space.
For the network engine s to communicate with BACnet devices in the IT network (such as an IP controller that has the outdoor air temperature), the network engine s need to connect directly to the designated network segment. This gives the network engine s visibility into the IT network.
If there are BACnet/IP devices in the IT network with which the network engine s need to communicate, the network engine s again need to reside in the IT VLAN and subnet allocated to the BAS network by IT.
If there are no BACnet devices in the IT network, or if there are but the Metasys devices do not need to communicate with them, the network engine s can reside in the BAS network’s private address space with the IP controllers they supervise. In this case the Metasys server must reside in the IT VLAN allocated to the BAS network for the network engine s and IP controllers to be visible from the IT network by way of the Metasys server .
General purpose VLANs in the IT network can be used to connect a BBMD and a small number of Metasys BACnet/IP devices that are physically remote from the rest of the BAS network (for example, an outside air temperature sensor) such that they need to traverse the IT network to reach the BAS network. In this architecture, the number of IP addresses allocated from the IT network's address space is smaller than the total number of BACnet/IP BAS devices that need to be connected. Except for the Metasys server and the physically remote devices and their associated BBMDs, all BAS devices are physically connected to the BAS network switches.
The segmented architecture is applicable when the IT department is not willing to allocate all the required IP addresses and switch ports needed for the Metasys IP controllers. In this case, the interface between the BAS and IT networks is also a boundary between the BAS and IT IP addressing schemes. Within the building network, the BAS network switches manage the IP addresses that are private to the BAS network, and then can follow an address scheme that is independent of the main IT network. An advantage of having a private address space is in its robustness, especially in anticipation of future IT network configuration changes.
Figure 1 depicts a Segmented BAS network. VLAN A is allocated by IT for communicating with the network engine s inside the BAS network. VLAN B serves as a general purpose VLAN in an IT network with a BBMD and a remote IP controller (which may itself be the BBMD). VLAN X and Y are allocated within the BAS network independent of IT. All devices in VLAN X and VLAN Y are assigned IP addresses from the BAS network's private address space; separate network routing domains are configured such that the devices are not visible from the IT network. The network engine s in VLAN A are assigned IP addresses from the IT network's IP address space such that the network engine s are visible from the IT network, enabling communication between the Metasys server and the network engine s. Since the network engine s are in a different VLAN than the devices they supervise, directed broadcasts must be configured on the BAS switches to enable the network engine s to discover the devices in VLANs X and Y. By grouping the network engine s in the same VLAN and using directed broadcasts in concert with ACLs to limit the BACnet broadcasts sent from the network engine s to the IP controllers they supervise, the scope of the BACnet broadcasts can be significantly reduced.