1. Field of the Invention
The present invention relates to a method for setting up a secure communication connection, a communication device and a connection controller.
2. Description of the Related Art
Industrial automation systems are used to monitor, control and regulate technical processes, in particular in the field of production, process and building automation, and make it possible to operate control devices, sensors, machines and industrial installations in a manner that is intended to be as independent as possible and independent of human interventions. On account of the continuously increasing importance of information technology for automation systems comprising numerous networked control or computer units, methods for reliably providing functions distributed over an automation system to provide monitoring, controlling and regulating functions are becoming increasingly important.
Interruptions in communication connections between computer units of an industrial automation system or automation devices may result in undesirable or unnecessary repetition of transmission of a service request. As a result, additional utilization of communication connections of the industrial automation system are caused, which may result in further system disruptions or faults. In addition, messages that have not been transmitted or have not been completely transmitted may prevent an industrial automation system from changing to or remaining in a safe operating state, for example. This may ultimately result in failure of a complete production installation and in a costly production standstill. A particular problem regularly results in industrial automation systems from message traffic with comparatively numerous but relatively short messages, thus intensifying the above problems.
EP 1 770 458 A2 describes an industrial automation system having at least one programmable logic control unit in which a configuration unit for configuring the control unit and for announcing its availability to a communication network is provided. Here, the configuration unit allocates a unique communication network address, which may be an IPv6 address, for example, to the control unit. The control unit can be automatically activated in this manner.
Earlier published European patent application EP 14171757.9 discloses a method for allocating communication network addresses for network subscribers of a segmented network having a plurality of subnetworks. The subnetworks are each connected, via a subnetwork router, to a collection network that interconnects them. Here, the subnetwork routers determine a common address space in a decentralized manner by interchanging router messages distributed over the collection network, and communication network addresses for the network subscribers are stipulated inside the address space.
Changes to communication network addresses as part of “network renumbering” in IPv6 communication networks, in particular, constitute fundamentally provided operations. In addition, IPv6 communication devices can simultaneously manage a plurality of assigned communication network addresses that each have a defined lifetime. In the case of an existing secure connection between a communication device inside an industrial communication network and a communication device outside the industrial communication network, a change in a communication network address of one of the two communication devices may result in a temporary interruption that may entail further disruptions.