Connecting a cRIO To The Internet Using A Mobile Connection

[Neil Pate]

Hi all,

I wonder if anyone can share some advice for me. I am working on a new project that is the pretty standard cRIO + Windows PC combination. The network topology is not super complicated and I have tried to diagram it.

The use case I am trying to solve is this: How can I connect to the cRIO and the Windows PC from my dev PC which is connected via the internet and a mobile phone network? Phrased another way, how do I assign static, internet facing IP addresses to the cRIO and Windows PC?

In my diagram all the IP addresses are totally made up, but are just to prove a point. If the cRIO is on 192.168.1.100 and the Windows PC is 192.168.1.200. As I understand I have to somehow get a static IP address from my mobile phone vendor (say the 136.154.2.75) and then modify the port forwarding on the Mobile Router so that traffic goes to the right place. What if I had two cRIOs, how would I address them independently?

Sorry, these are probably quite basic networking questions. Given the proliferation of IoT and remote monitoring devices I would assume these kinds of things are commonly solved.

Does anyone have any advice or info?

 

[JKSH]

12 hours ago, Neil Pate said:

how do I assign static, internet facing IP addresses to the cRIO and Windows PC?

There are multiple considerations:

• Public IP address: Your mobile carrier (or Internet service provider) assigns you a public IP address.
   
• STATIC public IP address: Be aware that this is an increasingly rare commodity. I don't know which country you live in, but I'd be very surprised if your consumer mobile carrier provides static public IP addresses anymore. You might find a commercial/enterprise provider that still sells static IP addresses, or you can use a Dynamic DNS (DDNS) service like https://www.noip.com/ -- DDNS allows you to connect to an address like neilpate.ddns.net which stays static even if your IP address is dynamic.
   
• Unique public IP address PER DEVICE: Unfortunately, if you have 1 SIM card, you will get 1 public IP address to be shared between your Windows PC and all of your cRIOs. This is the same as your home Internet: All the PCs, laptops, tablets, phones, and other smart devices that connect to your home Wi-Fi all share a single public IP address. This is Network Address Translation (NAT) in action. If you really want multiple unique public addresses, you'll need multiple SIM cards.
   
• Unique public IP address per SIM card???: Nowadays, you also need to double-check if your carrier even provides you with a unique public IP address at all! Carriers around the world have started implementing Carrier-Grade NAT (CG-NAT) for both mobile and home Internet users. This means your SIM card might share a public IP address with many other SIM cards. If this is the case, then DDNS won't work!

 

12 hours ago, Neil Pate said:

What if I had two cRIOs, how would I address them independently?

Suppose you have 1 public IP address, and each of your devices host a web service at port 443. You can assign a unique port per device on your modem and do port forwarding as you mentioned:

• Dev PC --> neilpate.ddns.net:54430 (modem) --> 192.168.1.200:443 (Windows PC)
• Dev PC --> neilpate.ddns.net:54431 (modem) --> 192.168.1.100:443 (cRIO 1)
• Dev PC --> neilpate.ddns.net:54432 (modem) --> 192.168.1.101:443 (cRIO 2)

This means the client program on the Dev PC needs to know to use a non-standard port. You can do this easily in a web browser or a terminal emulator, but I'm not sure that LabVIEW can use a custom port to connect/deploy a cRIO.

 

Alternative solutions

You don't necessarily need a public IP address for remote access.

Some modems can be configured to automatically connect to a Virtual Private Network (VPN). If you enable VPN access to your office and you ask your modem to connect to that VPN, your devices will be on the same (local) subnet as the Dev PC in your office -- we have done this for a cRIO that's deployed into the middle of a desert. If your modem doesn't support this, you could configure each device to individually connect to the VPN instead.

Or, your provider might offer enterprise-level solutions that connect multiple sites to the same VPN. For example, they could offer SIM cards that provide a direct connection to your corporate VPN without the need to configure your modem or devices.

 

12 hours ago, Neil Pate said:

Given the proliferation of IoT and remote monitoring devices I would assume these kinds of things are commonly solved.

Yes, these are commonly solved. The issue is that there are so many possible solutions, so you need to figure out which one works best for your use-case.

Edited May 19, 2020 by JKSH

[Neil Pate]

Wow that answer is incredible, so much to digest.

Thank you so much for your insight, I clearly have a huge amount to wrap my head around.

[hooovahh]

If you can't get a dedicated IP address, one thing you can do is have your software query the outside world and find out what its public IP address is, and then update some location that you can get access to.  This is essentially dynamic DNS.  I have a domain I registered and have a website that I host.  I have the computer that serves the web page update its own DNS every couple of hours because my IP address may change.  Another option might be to do something like write a text file to Dropbox.  Then when you want to connect to it read the dropbox file and that will tell you the public IP.  Then the ports as JKSH mentioned will reference each device.

[Jordan Kuehn]

We had a customer a while back use GSM modems from SEA like this and configure it with a VPN that worked well for them. I believe when all was said and done it could be targeted from within the Project Explorer on the local PC in LabVIEW even, in addition to accessing it via FTP/MAX/etc. I can look back through my notes and see if anything else jumps out, but I think this is a good approach if you can deal with setting the VPN up.

[Neil Pate]

Thanks everyone for the into. This sounds like the kind of thing that is easy to screw up and I cannot really afford that.

I have got one chance to get my system right, it will be deployed far far away. Does anyone have any recommendations for companies that offer this kind of advice as a (paid for) consultancy? I can do all the LabVIEW development myself but I need good solid advice on choice of hardware and basically IoT related stuff like MQQT and pros and cons of the different IoT platform cloud vendors.

[Neil Pate]

The more I think about hooovahh's idea the more I like it.

Maybe I am thinking about this all wrong and should just embrace the dynamic IP address issue. As long as my cRIO can talk to my cloud then it can store its own IP address somewhere in there.

Is this how the IoT hubs work? Like azure IoT?

[JKSH]

7 hours ago, Neil Pate said:

The more I think about hooovahh's idea the more I like it.

...

As long as my cRIO can talk to my cloud then it can store its own IP address somewhere in there.

Important: Make sure you sign up for a 4G service that does not use Carrier Grade NAT. If your cRIO is behind CG-NAT, then knowing its public IP won't help you.

• If your service gives you a unique public address, then the public IP address points directly to your modem. In this case, you're good to go with hooovah's method.
• If your service is under CG-NAT, then the public IP address points to your carrier's modem which is outside your control. In this case, hooovah's method won't work.

 

7 hours ago, Neil Pate said:

Maybe I am thinking about this all wrong and should just embrace the dynamic IP address issue.

Dynamic IP addresses are a fact of life now unless you're willing to pay up, or unless you obtained a static address many years ago and you've never cancelled the service since then.

(Hopefully, IPv6 will solve the problem -- but it's not supported everywhere yet)

 

8 hours ago, Neil Pate said:

Does anyone have any recommendations for companies that offer this kind of advice as a (paid for) consultancy?

...

Is this how the IoT hubs work? Like azure IoT?

I'll haven't used any of these before so I'll leave this to experienced people.

Edited May 20, 2020 by JKSH

[mcduff]

I know it's 3 years later, but would you, @Neil Pate, mind sharing which method you chose? I will need to set up a similar system.

 

Thanks

[Neil Pate]

6 minutes ago, mcduff said:

I know it's 3 years later, but would you, @Neil Pate, mind sharing which method you chose? I will need to set up a similar system.

 

Thanks

Sure, I will try and remember and type up something tomorrow.

Before you get your hopes too high, I got things working ok with Azure IoT hub and Power BI, but it was never productionised.

[mcduff]

No hassles. Just curious. I need to set up a remote RT system, no FPGA, and am trying to find best practices/methods. In addition, what were your security considerations?

 

Thanks!!

[Neil Pate]

OK, this is what I remember.

Hardware was something like this:

• cRIO
• Ethernet switch
• Industrial modem (Teltonika something... you put a SIM in and connect the ethernet to the switch)

Security I just had to kinda figure out. I think I got it working in the end, check out this thread: 

 

 

The big question mark for me was how I was going to manage the cRIO remotely as my LTE connection could not guarantee a fixed IP address, so I had no simple way to connect to the cRIO after it had been deployed in the field. Finally we decided that we would actually need a PC anyway for something else, and the cRIO would be connected to that. The plan was to remote desktop into the PC and then connect to the cRIO that way, or get the dynamic IP address of the cRIO. Or maybe the idea was to the cRIO to broadcast somewhere its IP address. The project was put on ice and never deployed to the field, so I was not able to test these assumptions.

People do get stuff like this to work, so I am sure somebody had a solution for these problems.

Hope this helps!

 

[Jordan Kuehn]

SystemLink is an (expensive) solution to this as well. Though it doesn't give you project or shell access.

 

Another, cheaper, alternative is to utilize a modem/router based VPN so that you can see the devices. Cradlepoint and Peplink are two that we have used. 

[Rolf Kalbermatter]

On 6/25/2023 at 9:46 PM, Neil Pate said:

OK, this is what I remember.

Hardware was something like this:

• cRIO
• Ethernet switch
• Industrial modem (Teltonika something... you put a SIM in and connect the ethernet to the switch)

Security I just had to kinda figure out. I think I got it working in the end, check out this thread: 

 

 

The big question mark for me was how I was going to manage the cRIO remotely as my LTE connection could not guarantee a fixed IP address, so I had no simple way to connect to the cRIO after it had been deployed in the field. Finally we decided that we would actually need a PC anyway for something else, and the cRIO would be connected to that. The plan was to remote desktop into the PC and then connect to the cRIO that way, or get the dynamic IP address of the cRIO. Or maybe the idea was to the cRIO to broadcast somewhere its IP address. The project was put on ice and never deployed to the field, so I was not able to test these assumptions.

People do get stuff like this to work, so I am sure somebody had a solution for these problems.

Hope this helps!

 

Some Dynamic DNS or similar could help with the problem of a dynamic IP adres device in the field. It would require a fairly simple modification in the cRIO setup, but if you use an NI Linux RT type this should be pretty trivial. Of course you will need to have access to a Dynamic DNS service somehow, they are usually not for free.

No-IP for instance provides a free version but requires you to manually confirm it every 30 days and does not support SSL certificates on that level. For 1.99 per month you do get SSL and a 1 host name resolution without monthly confirmation. Other services have similar offers. The free tier has usually several limitations that are inconvenient but not a huge problem for private deployments. But they pretty much won't work for a commercial deployment.

[ShaunR]

22 hours ago, Jordan Kuehn said:

SystemLink is an (expensive) solution to this as well.

Tor is a much cheaper solution both in money and resources.

Technically, The DNS issue is the IT depts problem. But usually they, all of a sudden, plead ignorance on the topic and can't understand what you are asking for.

Edited June 27, 2023 by ShaunR

[Neil Pate]

3 hours ago, Rolf Kalbermatter said:

Some Dynamic DNS or similar could help with the problem of a dynamic IP adres device in the field. It would require a fairly simple modification in the cRIO setup, but if you use an NI Linux RT type this should be pretty trivial. Of course you will need to have access to a Dynamic DNS service somehow, they are usually not for free.

No-IP for instance provides a free version but requires you to manually confirm it every 30 days and does not support SSL certificates on that level. For 1.99 per month you do get SSL and a 1 host name resolution without monthly confirmation. Other services have similar offers. The free tier has usually several limitations that are inconvenient but not a huge problem for private deployments. But they pretty much won't work for a commercial deployment.

Yup, I was going to use those (no-ip if I recall correctly) but then we needed to introduce a PC and so my problem kinda went away.