What is UDP?
UDP stands for User Datagram Protocol and is a lightweight, connectionless transport protocol that enables fast network communication without error correction or acknowledgement. UDP is designed for situations where speed is more important than reliability.
In OT networks, UDP is used for applications such as SNMP, Syslog, PTP (time synchronisation) and some fieldbus protocols over Ethernet.
🧠 How does UDP work?
- UDP sends data in the form of datagrams without first establishing a connection
- There is no guarantee that the datagram will arrive, be correct, or be delivered in order
- Runs on top of IP at Layer 4 (transport layer) of the OSI model
- Very low overhead – only source port, destination port, length and checksum
- Suited to real-time and broadcast communication
UDP is often used in situations where delay is unacceptable, even if that means packets may be lost.
🏭 Application of UDP in industrial networks
- PTP (Precision Time Protocol) for accurate time synchronisation between devices
- SNMP traps for status notifications from Switches or Routers
- Syslog for sending log data to SIEM platforms
- Real-time control of sensors or field equipment with minimal delay
- Multicast communication with multiple devices simultaneously (e.g. GOOSE in IEC 61850)
UDP is suitable for time-critical applications where small losses can be accepted.
🔍 UDP vs. TCP
| Aspect | UDP | TCP |
|---|---|---|
| Connection-oriented | No | Yes |
| Error correction | None | Yes – with acknowledgements and retransmission |
| Speed | High – minimal overhead | Lower – more reliability mechanisms |
| Use in OT | Time-critical, broadcast/multicast systems | Reliable communication (SCADA, HMI, MES) |
| Examples | SNMP, Syslog, PTP, GOOSE | Modbus TCP, OPC UA, HTTP |
🔐 Security aspects
- UDP is vulnerable to spoofing and DoS attacks (such as UDP flood)
- Use Firewalls to block unwanted UDP ports
- Restrict broadcast and multicast traffic via VLAN and ACL
- Combine with SIEM for logging and detection of abnormal UDP activity
- UDP traffic is often unencrypted – use VPN or segmentation where necessary
Because of the lack of session management and authentication, UDP is risky without additional security measures.
📌 In summary
UDP is a fast and lightweight network protocol, ideal for Real-time applications in OT environments where low Latency is more important than reliability. Good management and network segmentation are necessary for safe use.