What is a Router?
A router is a network device that controls data traffic between different networks based on IP addresses. In OT environments, a router is often used to connect industrial segments to other Zones or to the IT network.
Routers provide traffic flow, separation of subnets and security in both IT and OT networks.
🧠 How does a router work?
- Routers operate at layer 3 of the OSI-model (the network layer)
- They use routing tables to decide where an IP packet should go
- On incoming traffic, the router looks at the destination IP address and forwards the packet to the appropriate network interface
- Modern routers offer additional functionality such as:
- NAT (Network Address Translation)
- VPN functionality
- Firewall options
- Routing protocols (e.g. OSPF, BGP)
Industrial networks typically use static routes or simple dynamic protocols.
🏭 Use of routers in industrial networks
- Separating the OT zone from the IT zone or office environment
- Access to a remote site via a VPN tunnel (e.g. for remote maintenance)
- Routing between different VLANs on a layer 3 switch or external router
- Integration with a Firewall and ACLs for access control
- Part of network segmentation according to the Purdue Model
Routers are essential for shielding critical OT systems from insecure networks.
🔍 Router vs. switch
| Aspect | Router | Switch |
|---|---|---|
| OSI layer | Layer 3 – network layer | Layer 2 (and sometimes layer 3 in managed switches) |
| Function | Connects networks (IP-based) | Connects devices within a network (MAC-based) |
| Routing | Yes | Only on layer 3 switches |
| NAT/VPN | Supported | Not by default |
| Security | Often an integrated firewall | Port security, ACLs |
🔐 Security considerations
- Use strong authentication on management interfaces (HTTPS, SSH)
- Restrict management to specific IP addresses with ACLs or RBAC
- Use routers with an integrated Firewall or combine with external firewalls
- Encrypt traffic via VPN or use separate networks with VLANs
- Monitor routing activity with SIEM, Syslog or SNMPv3
A poorly secured router is a critical entry point in an OT network.
📌 In summary
A router connects and protects network zones by intelligently distributing traffic, and is essential in a secure, segmented OT architecture. Combined with VLANs, Firewalls and ACLs, a router provides a reliable network structure and access control.