Listen to a narration of the blog on YouTube.


I recently shared some key trends and challenges rail operators are navigating, as well as Cisco’s approach to strengthening and securing onboard network infrastructure in this blog series. For this post, let’s explore the building blocks of modern trackside networks.

As rail operators invest in Communications-Based Train Control (CBTC), they need trackside network infrastructure that supports ultra-reliable train-to-wayside wireless connectivity, resilience and high availability, and robust cybersecurity.

Cisco has designed an architecture that supports CBTC, vital signaling, level crossing, and other safety-critical applications. And because the same trackside infrastructure supports asset monitoring, video surveillance, passenger Wi-Fi, and other non-vital systems, the Cisco solution curbs the time and costs associated with implementation, operations, and maintenance. This unified infrastructure offers advantages that rail operators’ aging – and often siloed – networks simply can’t deliver.

Signaling resilience

Cisco’s solution uses a tiered architecture composed of an access layer with ruggedized IP switching infrastructure, a highly redundant and reliable service provider or large enterprise–grade backbone networks, and a data center connectivity layer. Together, these elements offer resilient communications paths – at scale – between trains, tracksides, stations, and operations control centers.

Solution highlights include Cisco ruggedized Catalyst Industrial Ethernet switches at the access and distribution layer. The resilient ring topology connects trackside and station equipment, such as wayside radio, axle counter, interlocking, and other CBTC equipment. At the aggregation and backbone layer, the Cisco solution helps achieve sub-50-millisecond fast reconvergence. It achieves that by migrating from legacy circuit-based transport infrastructure to Unified Multiprotocol Label Switching (MPLS) backhaul with fast reroute protection, by simplifying existing MPLS infrastructure with Segment Routing (SR), or by deploying a Cisco Connected Communities Infrastructure (CCI) multiservice architecture.

Securing trackside

As with all industrial organizations, rail operators are concerned about cyber security. Many have experienced a security incident; most have expressed concern about the adequacy of their current security practices.

Cisco’s industrial security journey provides a step-by-step path toward information technology (IT)/operational technology (OT) convergence. It starts with building a security foundation by defining the IT/OT security boundary with Cisco secure firewall. From there, apply Cisco Cyber Vision to gain asset visibility, communication patterns, device security posture, and operational insight. Then use visibility to drive industrial network segmentation and integrate with Cisco Identity Service Engine (ISE) for security policy automation. Lastly, investigate threats and orchestrate response with SecureX.

Autonomous operating systems could reduce rail traffic fatalities by up to 90%. In addition to saving lives, such a reduction would avoid US$900 billion annually in associated public health costs.[1] Resilient, secure trackside network infrastructure is a key to realizing those compelling outcomes – and it’s exciting to be part of that solution.

To learn more about the solution, please check out Cisco Connected Rail Solution Brief.


[1] McKinsey, “Signals for Growth—how OEMs can be successful in a digitalized infrastructure”


Wei Zou

Solution Architect

IoT Product Management Networking