BACnet/IP Across VLANs: BBMD and Foreign Device Registration (FDR) Cookbook
BACnet/IP discovery relies heavily on broadcast behavior. Once you introduce routers and VLANs, Who-Is/I-Am traffic will not automatically cross subnet boundaries. BBMD (BACnet Broadcast Management Device) and Foreign Device Registration (FDR) exist to solve that—but only if implemented deliberately.
Problem
You can see BACnet/IP devices on the same subnet, but discovery fails across VLANs and subnets. Workstations cannot find anything unless temporarily placed on the controller VLAN.
Root Cause
IP routers do not forward broadcast packets between subnets. BACnet/IP discovery breaks unless you implement a BACnet broadcast management strategy.
Solution
Step A: Decide your pattern
Common patterns:
- BBMD per BACnet/IP subnet, with all BBMDs sharing a Broadcast Distribution Table (BDT).
- Foreign Device Registration (FDR) for devices or workstations that are not on a BACnet subnet (e.g., a remote workstation or service laptop).
Step B: Choose the BBMD host(s)
BBMD capability is typically provided by a BACnet/IP router, supervisory controller, or dedicated gateway device. Select a stable, always-on device per subnet.
Step C: Build the Broadcast Distribution Table
- Enumerate each BACnet/IP subnet that must participate.
- Add each BBMD IP address to the BDT on every other BBMD (full-mesh BDT).
- Validate that your BDT configuration is controlled and documented—the BDT governs how broadcast forwarding operates across subnets.
Step D: Configure Foreign Device Registration where needed
Use FDR for:
- Portable service tools (temporary access)
- Remote operator workstations not placed on a BACnet subnet
- Remote integrations that must receive broadcast-type announcements but cannot be on the same L2 network
Implementation checklist:
- Confirm the BBMD supports FDR and has an accessible Foreign Device Table (FDT).
- Set an appropriate registration TTL (time-to-live) and monitor renewal behavior.
Step E: NAT and remote access caution
If you are relying on NAT for remote access, test carefully. Broadcast forwarding and address translation can create non-obvious failure modes. Treat remote BACnet/IP discovery through NAT as a design requirement that needs explicit validation—not an assumption.
Step F: Security baseline
- Keep BACnet/IP traffic scoped to only required networks.
- Avoid exposing BACnet services directly to the public internet.
- Prefer a segmented design and document which hosts are allowed to originate BACnet traffic.
Verification
- From a workstation on VLAN A, you can discover devices on VLAN B reliably.
- BBMD tables are consistent across all participating subnets.
- FDR devices appear in the FDT and continue to receive discovery responses until TTL expiry and renewal.