Your factory network is the nervous system of every AI, IoT, and automation system you deploy. AI vision generates 1-10 Gbps per camera cluster. IoT sensors produce thousands of data points per second. SCADA and motion control need deterministic sub-millisecond latency. A flat network designed for office email guarantees failures when these workloads collide. In 2026, the fastest-growing cause of production downtime isn't failed drives or aging motors — it's overwhelmed communication networks that were never designed for today's traffic patterns. Redesigning after construction costs 5-10x more than greenfield planning because cable trays are sealed, conduit is full, and production can't stop for network upgrades. We design the complete architecture — fiber backbone to edge switches to wireless overlay — during greenfield planning, so every system has the bandwidth, latency, and isolation it needs from day one. Design Your Factory Network
What Happens When You Don't Segment
MES Burst Kills Motion Control
A European automotive plant ran motion controllers, vision systems, and MES on the same flat Ethernet backbone. During shift changeover, MES pushed large batch records — the resulting burst traffic caused motion synchronization losses and triggered periodic E-Stop events. Production stopped for hours before root cause was identified as network congestion.
AI Camera Floods SCADA
A single 12 MP camera at 60 fps generates 5.7 Gbps raw data. Without dedicated AI network segmentation, this traffic competes with PLC communication on shared switches. SCADA response times spike from 50ms to 500ms+, HMI screens freeze, and operators lose real-time visibility during the moments they need it most.
IoT Sensor Storm
1,000 IoT sensors reporting simultaneously create broadcast storms that overwhelm unmanaged switches. A single misconfigured sensor flooding packets can destabilize PROFINET, Modbus TCP, and EtherCAT networks sharing the same infrastructure. The result: intermittent PLC communication faults that are nearly impossible to diagnose.
Corporate Ransomware Reaches the Floor
Without network segmentation, a phishing email in the corporate network can traverse directly to PLCs, HMIs, and safety controllers. The Purdue Model (ISA-95) exists for this reason — but most flat factory networks ignore it entirely. A single breach can shut down production for weeks.
Planning a new factory? Design Your Factory Network — we specify topology, segmentation, cable routing, and switch placement before the first conduit is installed.
Three-Layer Hierarchical Architecture
Redundant fiber ring connecting all distribution switches and the server room. Dual-path topology (MRP, RSTP, or ERPS) for sub-50ms failover. OM4 multimode fiber for distances under 400m; OS2 singlemode for campus links exceeding 400m. Carrier-grade managed switches with 100 GbE uplinks. No end devices connect to the core — it exists purely for inter-zone transport.
One distribution switch stack per production zone or building. Aggregates traffic from 4-12 access switches per zone. Implements VLAN segmentation, QoS policies, and inter-zone firewall rules. Fiber uplinks to core ring. This is where traffic policies are enforced — AI vision traffic gets dedicated bandwidth, SCADA gets priority queuing, IoT gets rate-limited.
Industrial managed switches every 90m maximum (Ethernet distance limit). One switch per machine cell or equipment cluster. Connects PLCs, HMIs, cameras, sensors, and edge devices directly. PoE+ for cameras and sensors where applicable. CAT6A shielded copper for horizontal runs; fiber for EMI-heavy zones or runs exceeding 70m.
Cable Specification by Application
| Application | Cable Type | Speed | Max Distance | Environment Rating | Greenfield Routing |
|---|---|---|---|---|---|
| Core Backbone | OM4 multimode fiber (50/125μm) | 10-100 GbE | 400m (10G); 150m (100G) | Indoor riser/plenum; outdoor rated for building-to-building | Dedicated fiber tray above cable trays; redundant paths in separate conduit |
| Campus / Long-Haul | OS2 singlemode fiber (9/125μm) | 10-100 GbE | 10+ km | Outdoor armored for direct burial or aerial | Underground duct between buildings; spare fibers for future growth |
| AI Vision (Camera) | OM4 fiber or CAT6A STP | 1-10 GbE per camera | 100m (CAT6A); 400m (fiber) | Industrial; shielded for EMI environments | Dedicated vision conduit; separate from OT and power cables |
| SCADA / PLC | CAT6A S/FTP (shielded) | 100 Mbps - 1 GbE | 90m horizontal + 10m patch | Oil/heat resistant jacket; industrial connectors (M12, IX) | Dedicated OT conduit; minimum 300mm separation from power cables |
| IoT Sensors (Wired) | CAT6A STP or shielded 4-20mA | 100 Mbps (Ethernet); analog | 100m (Ethernet); 1,500m (4-20mA) | Industrial jacket; flex-rated where needed | Sensor conduit from machine pad to nearest access switch or junction box |
| Wireless Backhaul | CAT6A STP to each AP | 1-2.5 GbE per AP | 90m to nearest switch | Plenum-rated for ceiling runs | AP locations pre-determined; cable drops and PoE pre-provisioned |
Network Zone Segmentation & VLAN Design
| Zone | VLAN Range | Traffic Type | QoS Priority | Internet Access | Cross-Zone Rules |
|---|---|---|---|---|---|
| SCADA / OT Control | VLAN 10-19 | PLC ↔ HMI, drive comms, safety | Highest (DSCP EF / CoS 6) | None | Read-only to historian via DMZ; no inbound from any other zone |
| AI Vision | VLAN 20-29 | Camera streams, GPU inference, model updates | High (DSCP AF41 / CoS 5) | Limited (model downloads only) | Results to MES via API gateway; raw images stay in zone |
| IoT / Condition Monitoring | VLAN 30-39 | Sensor data, MQTT, edge analytics | Medium (DSCP AF31 / CoS 4) | Limited (cloud sync for model training) | Aggregated data to CMMS/ERP via API; no direct OT access |
| Wireless Overlay | VLAN 40-49 | Mobile HMI, tablets, AGV, AR | Medium (DSCP AF21 / CoS 3) | Controlled | Authenticated access to specific OT dashboards only |
| DMZ / Historian | VLAN 90-99 | OPC servers, historians, data diodes | Medium | Outbound only (to cloud analytics) | Receives data from OT; publishes to corporate; no reverse path |
| Corporate / IT | VLAN 100-199 | Email, ERP, MES dashboards, internet | Best-effort (DSCP BE / CoS 0) | Full | Access to DMZ only; zero direct access to OT, AI, or IoT zones |
Need a complete VLAN and firewall architecture for your new factory? Design Your Factory Network — we deliver segmentation specs, QoS policies, and firewall rules as construction-ready documentation.
Switch Placement & Density Planning
Access Layer: 1 Switch per Machine Cell
Industrial managed switch within 90m of every connected device (Ethernet distance limit). Typical density: 1 switch per 8-24 ports serving a machine cell, robot station, or inspection point. DIN-rail mounted in local panels or floor-mounted cabinets. IP30 minimum; IP67 where exposed to wash-down or harsh environments. Fiber uplink to distribution layer.
Distribution Layer: 1 Stack per Zone
Aggregation switch stack serving 4-12 access switches per production zone. Located in zone-level network cabinets (climate-controlled if needed). Redundant fiber uplinks to core ring. Implements VLAN trunking, QoS, and ACLs. Typical: 24-48 port managed switches with 10GbE uplinks. Stackable for expansion without rewiring.
Core Layer: 2 Redundant Switches
Data center-grade managed switches in the main server room. Dual-chassis with hot-standby failover. 100 GbE backbone ports connecting all distribution switches in a redundant ring. Also connects to GPU server room, historian, DMZ firewalls, and WAN uplinks. Sub-50ms reconvergence on any single link failure.
Wireless: AP Every 30-50m
WiFi 6/6E access points covering the entire production floor, warehouses, and yards. Industrial-grade (IP67 where needed) with external antennas optimized for metal-rich environments. Controller-based architecture for seamless roaming (AGVs, mobile HMIs). AP locations specified in ceiling plans; PoE+ switches pre-provisioned.
Future-Proofing: TSN & Private 5G
Time-Sensitive Networking (TSN)
IEEE 802.1 TSN extends Ethernet with deterministic latency (sub-1 μs synchronization via 802.1AS), scheduled traffic (802.1Qbv), and frame replication for safety (802.1CB). For greenfield in 2026, TSN is viable for machine-level domains — converging motion control, safety, and I/O on a single network instead of parallel cable plants. Specify TSN-capable switches at machine level with TSN uplinks to the distribution boundary. This eliminates separate PROFIBUS/EtherCAT wiring and reduces cabinet complexity.
Private 5G
Licensed spectrum (CBRS in US) provides interference-free wireless with 1-10ms latency and guaranteed QoS — ideal for AGVs, mobile robots, and high-reliability wireless monitoring. Greenfield design: install small cell locations, fiber backhaul to each cell, and core network equipment in the server room during construction. Private 5G complements WiFi 6 — use 5G for critical mobile assets and WiFi for general connectivity.
Key Benefits & ROI
The Network You Build Today Determines What AI You Can Run Tomorrow
iFactory designs complete factory network architecture — fiber backbone, structured cabling, switch placement, zone segmentation, QoS policies, and wireless overlay — delivered as construction-ready cable schedules and rack layouts.
Frequently Asked Questions
A Flat Network Is a Factory Waiting to Fail
AI, SCADA, IoT, and corporate traffic on one flat network is a guaranteed bottleneck. Segment it right during construction — not after the first production-stopping network incident.
