Air gaping sACN Networks

First of all, sACN is very forgiving. As long as you use broadcast the ip-range is not very important. 

If you need to keep things separate I would use an extra NIC on the console to interface with the automation network. 

Right now this is just theory crafting.

In the perfect world there would be a physical separation between the two networks, not only sub-netting/vlans, because right now we don't feel comfortable making Configuration changes on the switches, since this system is accessed by different departments and the integrator has exclusive control over static ips. 

Sadly the EOS Ti enhanced only has two NICs which we are both already using. Apex is still some time out for us.

I was really hoping theres some kind of device which off the shelf can route sACN between two NICs. I'm sure a PC could do this just fine but i don't like this option from a reliability standpoint. 

Also, if we used two nics on the console id imagine there's gonna be problems with a Tracking Backup. Since if the Primary dies mid show all relays would de-energize if youre directly plugging into the desk.

the reason i like the "low-tech" solution of having two gateways connected by DMX is that it's very simple. from a configuration standpoint, from a reliability standpoint, from diagnostic standpoint and last but not least it's simple to understand for external people having to learn, modify or extend the system.

provided all you need is quite a small number of universes since this solution doesn't really scale well.

This was my reasoning behind this solution. It "routes" 1:1 without really ever having to touch the configuration once its setup. To make this work for us, currently we would need to route 3 Universes.

I think this approach could also be helpful for bigger systems, where you might need to route sACN to lets say the sound/video department for control without ever having to merge networks. 

Since this doesn't really scale i was thinking maybe theres a product (lets say a sACN to Paradigm/Mossaic/Dali) in/out converter, where you're not limited by the 512 channels per wire. Since I've never used this kind of architectural control (and honestly im not really trying to learn it at this point), maybe someone can tell me if this is possible. 

sACN -> Architectural Protocol -> sACN (for more than just 512 Channels per Converter)

In the perfect world, there would just be a simple device called "sACN isolator/distributer with 4 NICs which an do this kind of thing. I guess the Apex/IonXE RPU ticks most of these boxes haha.....

I guess also just vlan routing could do the trick but im not really sure if this is really possible with sACN. Its also not as haptic as just having two gateways. 

Maybe a better (and definately more cost-effective) way of solving this problem is to adhere to a thourough IP standard. In the Netherlands we are working towards a standard which describes a clear and practically applicable approach for integrating lighting, audio, and video networks, among others, based on IP separation through agreed fixed IP ranges, VLANs, and network settings. This standard provides for in-house equipment and guest/touring equipment. This way it is much more scalable in case of future expansions.

In this webpage you can find a bit more information: downloads

This is an excellent topic, and im wondering what ueliriegg thinks about this. Our management is currently pitching that we should merge the networks Lighting/Sound/Video/Front Of House/Catering. I think with modern switching equipment and some trained IT people, this can work. 

But honestly, right now, we are desperately trying to keep the networks separated because we don't have dedicated IT staff for the venues. I personally think, keeping thinks seperated and easy to grasp is essential to keep the critical infrastructure going. Especially if you're not trained in IT.

I've read through the guidelines and it has some nice information for general network design. But I feel like, under 3.2 Network Architecture "To separate disciplines, it is also possible to use different flat networks side by side, creating a hardware separation." basically describes what we are all currently doing. To me, it kinda just looks like another way to divide up IP ranges for departments. And this is just one of the many available "standards". 

If you all get along nicely i'm sure this will work, but i personally feel like at the State/National Theatre level its more about politics most of the time. 

I mean it may be overkill, but you can look at the luminex Lumicore range - its designed to link Guest networks into house networks - with some pretty powerfully merging and routing engines.  then you can have the Integrators supply it with a IP Address - and then you can have LX off in its own world - and know you can map through to the universes you need in the house - or easily tell a visiting person - patch these channels on this universe and youll be fine.

I think if you can isolate systems it should be - if not a well set up VLAN system - setup by someone with solid knowledge of Entertainment systems is needed.   So that the right settings per protocol are present on the right VLAN.   If there is not a super smart person onsite at all times - i would go down the path of Entertainment switches as the backbone - with a good gui to change ports to the needed Vlans at a location - this also requires a very well built and solid fibre backbone with enough bandwidth to cover now and future needs especially if you start to push video around the venue - then you need lots of bandwidth. 

I don't think just isolating with IP addresses is a solid solution - i think isolating what traffic can flow is far more secure.

On a few shows i have done - we have discussed why we do not have one supplier deal with the networking backbone - but it always come down to if something goes wrong they are responsible, especially if another dept does something stupid or weird.  So unfortunately we end up most of the time having a LX network switch, Comms network and Video networks run to same spot.

Yeah, it really boils down to responsibility and who is in charge of maintaining the network. If there's always an IT person on-site to save the show, I don't think combining all the networks is realistic. 

We've had a look at the LuminexGigaCore range, which would be the optimal choice if price were not a subject. But the GigaCore i30, which is the only switch that ticks the boxes we need, only has 24 RJ45, which I'm not sure is going to be enough in 5-10 Years. In terms of connectivity, im really liking the Cisco Catalyst C1300-48FP-4X which is also officially supported by ETC. 

Do you have any experience with AV switches (Luminex/Netgear)? Do they have some inherent benefits to traditional switches besides ease of configuration? We are a house with a fixed configuration and minimal guest productions, so I'm not really sure that ease of configuration is going to be a selling point for us.

It looks like this is exactly what i was looking for! I was not aware luminex had this kind of hardware. I will definitely read up on what this can do for us. Having Luminex hardware for this critical application would really give some peace of mind. Thank you for making me aware of this. 

Hello, you should ask help from your integrator / system engineer.

It should be able to have a switch for lighting network, that talks to the building network switch. With different IP adresses and different subnets. 

If in doubt draw a picture or flow chart of what you want to do before talking to the system integrator. In my experience this helps :)

You could use documentation from Etc or https://www.fent-tech.nl/ to explain what you need.