The BACnet Firewall Router (BTR) is an application that combines BACnet routing capability with
traffic management functions to carefully control access to building automation and control networks.
The BTR project, similar to the SourceForge VTS project, was funded by the National Institute for
Standards and Technology (NIST) Building and Fire Research Laboratory
(BFRL) as a test platform for exploring security functionality at
a network level. It is being released as a public domain project to encourage participation in developing
standards and best practices for securing building automation and control networks that use BACnet.
The application, written in C++, is designed to run on a dual NIC PC, minimal Linux boot floppy. It has
been successfully used with Coyote Linux, but is not designed with any
particular Linux distribution in mind.
The BACnet standard specifies a variety of networking technologies; Ethernet, ARCNET, an EIA-485
master/slave token passing scheme, and IP (UDP). It also specifies how the networks are connected and how
packets are routed, assuming all devices on the internetwork are peers. However, in the real world, not
all devices are in fact peers and there should be some mechanism to control the visibility and access
to devices. BACnet also specifies services that generate broadcast packets which is a real headache as
the internetnetwork scales up to hundreds of nodes.
The BFR project is designed to help network engineers regain some control. It has filtering mechanisms
to restrict the distribution of packets, and tools to build virtual networks that can help mask network
topology problems. It has support for being a BBMD, providing foreign device registration services, and
acting as a foreign device by automatically maintaining its registration.
The BFR is also intended to be a platform for exploring additional network layer security services
to the standard, so that as the SSPC reviews proposals they can be implemented and tested before being
"approved".
Development of BFR is continuing with the support of NIST and other organizations and individuals and
is coordinated through SourceForge.
BACnet - A Data Communication Protocol
for Building Automation and Control Networks. Developed under the auspices
of the American Society of Heating, Refrigerating and Air-Conditioning Engineers
(ASHRAE), BACnet is now an American national
standard, a European pre-standard, and a potential global standard. The protocol
is supported and maintained by ASHRAE Standing Standard Project Committee
135.
There is an electronic mailing list for discussing BACnet related issues hosted
by Cornell University and instructions for joining and posting messages are
available here.
ASHRAE® and BACnet® are registered trademarks of
the American Society of Heating, Refrigerating and Air-Conditioning Engineers,
Inc., 1791 Tullie Circle NE, Atlanta, GA 30329. The logos on this page are all trademarks of their respective companies.