Multiple ethernet connection.

[microherb]

I haven't really done anything with ethernet before so please excuse my ignorance.
We have some limited experience with the STM32F4 and I know that the STM32F407/417 have the ethernet MAC.  What I'm not sure about is can a single ethernet MAC like the one on the STM32f407 be expanded to give me the 2 ethernet ports.

The application is for a highway variable message sign that requires 2 ethernet ports.  The first port is for local control, setup and diagnostics.  The second port is for remote control from the traffic management centre.

I thought that maybe we could use something like the LAN9313 from Microchip (Three Port 10/100 Managed Ethernet Switch with MII) connected to the STM32F417 MII to provide us with 2 ethernet interfaces.  Or do I need more than one MAC to be able to achieve what we need?

Thanks,
Microherb.

[jnz]

You'll need some sort of switch. No one would be able to definitely say you need more than one MAC, because we can't see the actual requirements. But if it's just signals, a switch should do it.

[Marco]

Assuming it uses IP and doesn't do something weird at the raw ethernet level, sure a switch would work.

[Jeroen3]

I would think you need something like this.
http://www.mouser.com/ds/2/268/9303-320903.pdf

But this is a rather complicated setup, what is preventing you from using 1 ethernet port and adding one of those separate 5-port switches where needed?

[Kjelt]

The application is for a highway variable message sign that requires 2 ethernet ports.  The first port is for local control, setup and diagnostics. 
The second port is for remote control from the traffic management centre.

So if I read the requirements correctly you are only allowed to setup and do diagnostics on port 1 and control should be able on port 1 and 2?
If that is correct, a switch can't help you with identifying which "services" or applications are allowed to run and which not.
You should make different vlan's or vpn's to do this.
Better study IP networks and (TLS) security or your product will also hit the tv stations as these did.

[Wilksey]

A switch will give you 2 physical ports (or more), but you will only have 1 address, I have used this method in the past for the provision of an "engineers terminal", quite straightforward if you can get away with having just 1 IP address.

[Jeroen3]

Maybe you shouldn't be using an STM32F4, rather get an more powerful* linux-capable system where you can easily use multiple ethernet/cellular connections with OTA updates of the essential libs and functional remote management capabilities.

On the other hand, how big is the team you're working with?

_{*raspberry pi class, but not the hardware.}

[Rasz]

most switch chips are manageable (VLAN tagging at the minimum), even the extreme bottom of the bin realtek ones

http://translate.google.com/translate?hl=en&sl=ru&u=http://b.sumy.net.ua/swich/pupa.da.ru/tran_url.html&prev=search
http://spritesmods.com/?art=rtl8366sb

separating ports on the layer 2 is no problem, look at the bargain bin $15 soho 5 port routers - there is only one mac in them, WAN-LAN separation is achieved thru VLANs

[Scrts]

most switch chips are manageable (VLAN tagging at the minimum), even the extreme bottom of the bin realtek ones

http://translate.google.com/translate?hl=en&sl=ru&u=http://b.sumy.net.ua/swich/pupa.da.ru/tran_url.html&prev=search
http://spritesmods.com/?art=rtl8366sb

separating ports on the layer 2 is no problem, look at the bargain bin $15 soho 5 port routers - there is only one mac in them, WAN-LAN separation is achieved thru VLANs

Agreed. VLANs is the way to go. E.g. the IP television use different VLANs for video stream and management data. Usually there are two different physical ports, but then it goes to a switch, which does the VLAN tagging, so it's more or less the same.

[microherb]

Thanks everyone for your responses.
I'll look deeper into the managed switch chips and try to educate myself some more on IP and Ethernet.

Maybe you shouldn't be using an STM32F4, rather get an more powerful* linux-capable system where you can easily use multiple ethernet/cellular connections with OTA updates of the essential libs and functional remote management capabilities.

On the other hand, how big is the team you're working with?

We have given some thought to using a more powerful Linux capable system.  We only have a team of two.  Myself and my colleague who has only really done some windows PC type programming (self-taught).

We currently have a system that uses a 8 bit Atmel microcontroller which communicates with the traffic management centre over a serial connection.  I wrote the software for this system and it's been working well now for some time.
Now we need to add the ethernet connectivity.  I've not done any programming with an operating system before so I thought the easiest step up for me was to progress to the more powerful STM32F4 without using any operating system. I've basically got a lot of the screen driving capability ported over to the STM32F4.  A lot of the reason for taking this step first was to get myself familiar with the STM32 ARM chip. We need to keep the serial connectivity so I wanted to port that across as well.  Then I wanted to get the IP side up and running and was hoping to use Lwip to do that.  Maybe I'm totally crazy to attempt that without an operating system but it just seems the less steep learning curve for me.

My offsider does not have any embedded programming or linux experience so I'm a bit concerned we might hit a dead end if we choose to go with an embedded linux system instead.  If we go that path there wouldn't be much I could do to help him. Maybe we will end up working separately on both solutions in parallel.

Any suggestions much appreciated.

[Kjelt]

Depending on the amount of products and allowed BOM costs you could make a choice for a dedicated IP module, you know those that have ip one side and uart on the other. You can add as many as you want they have their own buffers.
Getting a STM32 with lwip and security Wolf/cyassl running without experienced, hmmmm in my company some colleagues did that four years ago, a different ip stack but took a team of three over a year to get it really mature level. Yes it can be done if you have good examples, help, lots of experience but alone there are lots of pitfalls.

[Jeroen3]

The least you should do if you want it running in an STM32F4 is buy an IP-stack with SSL/TLS support and a phone number to call if you get stuck.
Otherwise you will turn it into a multi-year project or a shodan example.

[PJE]

Turck do something similar with a LAN9303 (from memory) to generate two isolated networks from a single Ethernet interface on the STM32 on one of their products.

I haven't really done anything with ethernet before so please excuse my ignorance.
We have some limited experience with the STM32F4 and I know that the STM32F407/417 have the ethernet MAC.  What I'm not sure about is can a single ethernet MAC like the one on the STM32f407 be expanded to give me the 2 ethernet ports.

The application is for a highway variable message sign that requires 2 ethernet ports.  The first port is for local control, setup and diagnostics.  The second port is for remote control from the traffic management centre.

I thought that maybe we could use something like the LAN9313 from Microchip (Three Port 10/100 Managed Ethernet Switch with MII) connected to the STM32F417 MII to provide us with 2 ethernet interfaces.  Or do I need more than one MAC to be able to achieve what we need?

Thanks,
Microherb.

[jnz]

The least you should do if you want it running in an STM32F4 is buy an IP-stack with SSL/TLS support and a phone number to call if you get stuck.
Otherwise you will turn it into a multi-year project or a shodan example.

So glad when I was searching for how to step up from 8bit to 32bit, someone said basically the same thing and now I have a lot of middleware that really just makes these project possible for me.

But... Lots of cheap people who don't want to spend the cash - work or hobby.

[Kjelt]

So glad when I was searching for how to step up from 8bit to 32bit, someone said basically the same thing and now I have a lot of middleware that really just makes these project possible for me.

But... Lots of cheap people who don't want to spend the cash - work or hobby.

What did you get and what did it cost?

[bson]

The STM32F4 ethernet controller isn't dual port, so there's nowhere to put the second PHY.  However, the controller can have four unicast MAC addresses it receives unicast traffic on, so it's easy to make it look like four logical interfaces.  This permits things like a remote management system connected over one logical interface to configure another without accidentally locking itself out and requiring manual intervention.