dnp3 adv
DESCRIPTION
CommunicationTRANSCRIPT
ComparisonofDNP3andIEC61850communicationprotocols
EnriqueQuintero
Abstract
Intoday’sworld,therearemanychoicesforimplementingasupervisorydataandcontrolprotocolinthefieldmakingitdifficulttoselectthepropersupervisorydataandcontrolprotocolforaspecificapplication.Nowadays,allsupervisorydataandcontrolprotocolshaveadvantagesanddisadvantagesthatallowsengineerstohaveageneralidearegardinghowasupervisorydataandcontrolprotocolworks.ThispaperwillgiveyouageneralinsightontheoperationofDNP3andIEC61850aswellasthegeneralideaofsomesimilaritiesanddifferencesbycomparingDNP3andIEC61850protocolswhichsofararethemostpopularprotocolsacceptedintheindustry.
Introduction
Theboomoftechnologywastakingplaceduringthe1970’s.Duringthistimeutilityindustriesbegantoseetheneedtohavesystemsthatcouldbemonitoredandcontrolledwithouthumanintervention.Asaresult,manycompaniesbeganinventingtheirowndatacommunicationprotocols(closeprotocols)thatfulfilledthatneed.Theideawasverysuccessfuluntilthecompaniesstartedtorealizethathavingonlyonespecificcommunicationprotocolthatwasdevicespecificwasnotveryefficient.Thelackofcompatibilitybetweenprotocolsanddevicesendedwithaninteroperabilityproblemofdatacommunicationprotocols.Afewyearslater,industryandvendorsrecognizedtheproblemandstartedproposingsolutionstotheinteroperabilityproblemuntiltheyarrivedatafinalsolution.So,in1985vendorsandorganizationsdedicatedtotheadvancementoftechnologysuchasInstituteofElectricalandElectronicsEngineers(IEEE),ElectricPowerResearchInstitute(EPRI)andInternationalElectrotechnicalCommission(IEC)hadseveralmeetingswiththemainobjectiveofdiscussingtheinteroperabilityproblemindatacommunicationprotocols.Theconclusionofthesemeetingswasthatcommunicationprotocolsforrealtimedataneededtobestandardized.In1988,thefirststandardizedprotocolemergedwhichwastheIEC870.In1990takingtheIEC870protocolasthebasis,threepathstookplaceinparallel.Thefirstpathdevelopedwhatweknowtodayasutilitycommunicationarchitecture(UCA)andIEC61850,thesecondpathdevelopedwhatweknowtodayasIEC60870,andthethirdpathdevelopedwhatweknowtodayasDistributedNetworkProtocolversion3(DNP3).Asaresult,thestandardizationofcommunicationprotocolsstarteditslongjourney.Todaycommunicationprotocolsarecompatiblewithvariousdevicesfromdifferentmanufactures.
IEC61850(GenericObjectOrientedSubstationEvent)protocol
IEC61850(GOOSE)isanunsolicitedevent‐drivenpeer‐to‐peercommunicationprotocolthatdefinescommunicationbetweenoneUCAcompliantElectronicIntelligentDevicetoanotherUCAcompliantElectronicIntelligentDevice.IEC61850isacollectionofstandardswiththemainobjectiveofbeingcompactiblewithmanythirdpartyapplications.IEC61850hasstandardizednames,meaningofdata,abstractservices,anddevicebehaviormodel.InIEC61850allmappingofabstractservicesandmodelsarespecificallyforcontrolandmonitoring,protection,andtransducers.InIEC61850protocol,thepublisherbroadcastaGOOSEmessagetoallsubscribers.Whenthesubscriberseesthemessageithastwooptions:capturesthemessageorignoreit.InIEC61850alldataisoriginatedatthesourcewhichhelpstheimplementationbyminimizingwiring.
IEC61850(GOOSE)Layers
IEC61850(GOOSE)layeredarchitectureisconformedaccordingtotheUtilityCommunicationArchitecture(UCA).TheUtilityCommunicationArchitectureconsistsofdefinitionsofgenericobjectmodelsandtheinstructionstocreatenewmodels.TheUCAprotocolisdividedintothreebasicbuildingblocks:theuniformcommunicationinfrastructure,theuniformapplicationinterface,andtheuniformdatamodel.
TheUCA’sfirstbuildingblockistheUniformCommunicationInfrastructurewhichcontainsthecommunicationlayers.UniformcommunicationInfrastructureusesUCA2protocolthatisdividedintothreelayersnamedLprofiles,TprofilesandAprofiles.LprofilelayerscorrespondtotheOSIphysicalanddatalinklayer.TheLprofileallowsLAN,WAN,orasynchronousserialdatalinkcontrolformulti‐droplinksforSCADAmonitoringandcontrolsystems.Lprofileservicesareestablishingandmaintainingchannelcommunication,errordetection,datacontrol,connect,disconnect,send,receiveandstatus.TprofilelayercorrespondtotheOSInetworkandtransportlayers.Tprofileprovidesend‐to‐enddeliveryofwholemessage.Tprofileservicesincluderouting,disassemblyandreassemblyofGOOSEpacketsandGOOSEmessageerrordetection.UCA2providestwooptionsatTprofile,oneisusingtheISOnetworkandtransportstandardsforLANandWANprotocolsandthesecondoneisusingtheIETFnetworkandtransportstandardsformulti‐dropserialdatalinkinfrastructure.TheAprofilelayercorrespondtotheISOpresentation,sessionandapplicationlayers.Aprofilelayeristhemostrobustlayerbecauseitisresponsibleforgeneratingtherequesteddatabyusingthelowerlayerstoachieveend‐to‐endtransmissionoftheGOOSEmessagesandalsoprovidingservicesattheapplicationlayerofUCA2compliantElectronicIntelligentDevices.AprofileusestwoapplicationstheAbstractCommunicationServicesInterface(ACSI)andtheManufacturingMessageSpecification(MMS).AbstractCommunicationServicesInterface(ACSI)applicationestablishesandreleasescommunicationconnectionsbetweenapplicationfunctionsand
communicationfunctions.TheManufacturingMessageSpecification(MMS)applicationprovidesmessagestructure,messagesyntax,andmessagedialogproceduresformonitoringandcontrollinginformationcommunication.
TheUCA’ssecondbuildingblockistheUniformDataModel.Uniformdatamodelcontainsservicemodelapplicationssuchaseventmodel,devicecontrolmodel,dataaccesscontrolmodel,associationmodel,securitymodel,timemodel,multicastservicesmodel,andBLOBmodel.AllthesemodelapplicationsexchangeinformationbetweenthembyusingtheCommonApplicationServiceModel(CASM)thatprovidesastandardsetofcommunicationsfunctionsandotherdatahandlingbetweenobjectmodelapplications.
TheUCA’sthirdbuildingblockistheuniformdatamodel.Uniformdatamodelcontainslogicaldevices,bricks,componentsdataclassesanddataattributesinordertocollectthespecificinformationfromtheUCAcompliantElectronicIntelligentDevices.UniformdatamodelstandardsallowtheextractionofdatafromtheUCAcompliantElectronicIntelligentDevicetoobtaintherequiredinformation.
IEC61850(GOOSE)MessageStructure
AnIEC61850GOOSEmessageiscreatedbytheManufacturingMessagingSpecification(MMS)protocol.ThereareMMSapplicationsforRemoteTerminalUnit(RTU),EnergyManagementSystem(EMS),andotherElectronicIntelligentDevice(EID).MMSprovidesasetofservicesforpeer‐to‐peerrealtimerealtimecommunicationsoveranetwork.MMSstandardscanbedividedintotwoparts.MMSpart1istheservicespecification.Servicespecificationincludesvirtualmanufacturingdevicedefinition(VMD),theservicesormessagesexchangedbetweennodesonanetwork,andtheattributesandparametersassociatedwiththeVMDandservices.MMSpart2istheprotocolspecification.Protocolspecificationdefinestherulesofcommunicationincludingthesequenceofmessagesacrossthenetwork,theformatorencodingofthemessagesandtheinteractionofMMSwithotherUCAOSIlayers.AGOOSEmessagecanbeevent‐drivenorsentonceeveryminute.EachGOOSEmessagehasitsowntextIDnameandspecialmulticastEthernetdestinationaddress.GOOSEmessagehasonespecialcharacteristic:theHoldTimefunctionwhichdefineshowlongtoconsideramessagevalid.
IEC61850(GOOSE)MessageTransmission
InIEC61850aGOOSEmessagehastofirstgothroughUCAobjecthierarchyandthenthroughUCAcommunicationprotocollayers.Then,whenUCAcompliantelectronicintelligentdevicesensesthatonestatusoreventchangeditsstatetheobjectmodelscreatethestatusoreventobjectandthenMMSprotocolcreatesaGOOSEmessage.ThereareseveralstepstocreatingaGOOSEmessage.First,attheUCAcompliantdevice,thestatusoreventisconvertedintoanintegervaluewhichiscalleddataattribute.Second,thedataattributeissentintoacomponent
dataclasswhichisacollectionofinformationwithinabrick.Third,thecomponentdataclassinformationisincludedinabrick(smalldataobject).Fourth,thebrickissendintoalogicaldevicethatprovidesinformationtotherestofthelogicaldevicesusingCommonApplicationservicesModels(CASM).Fifth,thebrickissentfromthelogicaldevicetotheAbstractCommunicationServicesInterface(ACSI)applicationinordertobetransferredtotheUCAcommunicationprofiles.Sixth,thebrickistransformedintoaGOOSEmessagebytheMMS.Seventh,MMSsendstheGOOSEmessagetothelowercommunicationlayerssuchasnetwork,transport,datalinkandphysicallayers(Profiles).NowaGOOSEmessagehasbeencreatedandreadytomulticasttotheothernetworkedUCAcompliantdevices.Inthissituation,theUCAcompliantdevicebroadcasttheGOOSEmessagetootherUCAcompliantdeviceswhichdecidetotaketheGOOSEmessageorignoreit.
IEC61850Security
IEC62351definessecurityforIEC61850.IEC62351‐3defineshowtosecureTCP/IP‐basedprotocolsforreal‐timedataprotocols.IEC6235‐4defineshowtosecureManufacturingMessageSpecification(MMS)basedprotocols.Securityobjectivesincludeauthenticationofdatatransferthroughdigitalsignatures,andintrusiondetection.
DNP3Protocol
DNP3isacommunicationprotocolversion3.3.DNP3communicationisdefinedascommunicationbetweenmasterstations,remoteterminalunit(RTU)andanyotherElectronicIntelligentDevice(EID)programmedtobecompatiblewithDNP3.DNP3allowsmultipletopologiessuchaspoint‐to‐pointcommunication(Master‐Slave),multi‐dropfromonemaster,andmultiplemasters.DNP3allowsEID’stobesynchronizedwithamasterunitclock.DNP3datacanbeencapsulatedtobetransportedusingtheTCP/IPprotocol.
DNP3Layers
DNP3layeredarchitectureisconformedtotheInternationalElectrotechnicalCommission(IEC)EnhancePerformanceArchitecture.DNP3usesthreemainlayerssuchasapplication,datalink,andphysical,butaddsomepseudotransportandnetworkfunctions.
Applicationlayeristhehighestlayerinchargeofgeneratingtherequesteddata(DataObject),itusesthelowerlayerstoachieveend‐to‐endtransmissionoftheDNP3messages,andprovidesservicestouserapplicationprogramssuchasHumanMachineInterface(HMI),RemoteTerminalUnit(RTU),EnergyManagementSystem(EMS)andotherElectronicIntelligentdevices.Datalinklayerisresponsibleforprovidingreliabilityinthecommunicationofthemessagesorframesbycontrollingthedataflowanddetectingdataerrors.Servicesprovidedbythedatalinkareestablishingandmaintainingthecommunicationchannel,reportchannel
statustohigherlayersanddetectandcorrectdataerrorduringtransmission.Thephysicallayeristhephysicalmediawhichthecommunicationprotocolusesforthetransmissionofbits.ThephysicalmediahasseparatedstandardsforthetransmissionofdatasuchasITU‐TX.21,DTE‐DCEV.24,EIARS232,andLAN.Theservicesprovidebythephysicalmediaareconnect,disconnect,send,receiveandstatus.
Thepseudotransportandnetworklayersareresponsibleforprovidingend‐to‐enddeliveryofwholemessagesincludingdatapacketsdisassemblyandreassembly,packetrouting,packetflowcontrolandpacketdataerrordetectionovernetworks.
DNP3MessageStructure
DNP3dataandcontrolinformationiscreatedattheapplicationlayerintodataobjects.Thecollectionofdataobjectsiscalledalibrary.EachdataobjecthasastructuredefinedbyDNP3documentation.Thereare90dataobjectsdescribedintheDNP3BasicFourDocumentation.Objectgroup0‐9isbinaryinputobjectthatrepresentsthestateofphysicalinputorasoftwareinput.Objectgroup10‐19isbinaryoutputobjectthatrepresentsoftwareorhardwarephysicaloutputs,controloptionlikepulseon,pulseoff,latchonandlatchoff.Objectgroup20‐29iscounterobjectthatrepresentsaccumulationofpulsesfromthelasttimetheirvalueisreported.Objectgroup30‐39isanaloginputthatrepresentshardwareorsoftwareanaloginput.Objectgroup40‐49isanalogoutputthatrepresentsthevalueoftheoutput.Objectgroup50‐59istimeobjectthatrepresentsthetimeanddateoftheobject.Objectgroup60‐69isaclassobjectthatrepresentscallingorrequestingforobjectsofaspecificclass.Objectgroup70‐80isafileobjectthatrepresentsafileidentifierdataobject.Objectgroup80‐90isadeviceobjectthatrepresentsdevicedataflags.
DNP3MessageTransmission
InDNP3eachlayertakesthedataobjectandaddstheservicesperformedbythatlayertothedatapacketandthensendsthedatapacketintothelowerlayers.Thedataobjectmaybeanalarm,event,status,orcontrolsignalthatneedstobesendfromthemastertoIEDorviceversa.Theapplicationlayerinitiallyconvertstheoriginaldataobjectintomanageablesizepacketscalledapplicationservicedataunits(ASDU’s).Thenapplicationlayercreatesanapplicationprotocoldataunit(APDU’s)bycombiningtheapplicationlayerservicesinformationheaderwithapplicationservicedataunits.Finally,theAPDUissenttothetransportlayer.Atthetransportdatalayer,theAPDUchangesitsnametotransportservicedataunits(TSDU’s).Inthetransportlayerthetransportservicedataunit(TSDU)issplicedintosmallerunitscalledtransportprotocoldataunits(TPDU).FinallytheTPDUissenttothedatalinklayer.Atthedatalinklayer,theTPDUiscombinedwithadatalinkheaderandfinallysenttothephysicallayer.Atthephysicallayereachpacketisconvertedintoananalogrepresentationofabitstreamthatis
transmittedutilizingprotocolssuchasbitserialasynchronous,8databits,startandstopbits,parity,RS232CorCCITV.24(DTE‐DCE).
DNP3Security
DNP3wasneverdesignedwithsecuritymechanismsinmind,sotheprotocollackssecurity.OnewaytousesecurityinDNP3protocolistoimplementDNP3overIPandaddIPsecuritystandardssuchasIPsec.Currently,manypeopleareproposingsecuritymethodsforDNP3protocol
ComparingDNP3andIEC61850protocols
1.Overviewofprotocols
DNP3isaprotocolthatdefinescommunicationbetweenmasterstations,remoteterminalunitsandotherelectronicintelligentdevices.DP3isanopenprotocolthatmakeseasierthirdpartyapplicationstoaccessinformationfrommultipleEID’sfrommultiplevendors.IEC61850isanopencommunicationprotocolthatdefinescommunicationbetweenclient/serverandotherelectronicintelligentdevices.ThemainkeyinIEC61850isthatthisprotocolseparatestheapplicationfunctionsfromcommunicationfunctions.IEC61850isalsoaprotocolthatmakeseasierthirdpartyapplicationstoaccessinformationfrommultipleEID’sfrommultiplevendors.
2.Pollingoptions
DNP3hastwowaysofgatheringinformation.Thefirsttypeispolling,masterrequestallevents(changes)toslaves.Thesecondtypeisunsolicited,themasterneverpollsandreliesonunsolicitedreportsonlyfromtheslaves.IEC61850isunsolicited(event‐driven),electronicintelligentdevicessendinformationonlywhenaneventchangesoronceeveryminutetomaintainuptodatenewdevicesjoiningthenetwork.
3.Layeredarchitecture
DNP3layeredarchitectureisconformedthroughtheInternationalElectrotechnicalCommission(EIC).DNP3layersarephysical,datalinkandapplication.IEC61850layeredarchitectureisconformedthroughUtilityCommunicationArchitecture(UCA).IEC61850layerLprofile,TprofileandAprofile.
4.Communication
DNP3supportspeer‐to‐peercommunication(master‐slave),worksonserialcommunicationRS232,RS485,fiberserialloopandfiberserialstartconfigurationandalsooperateoverIPandnetworkswhichoftenisreferredasDNP3overIP.IEC61850supportpeer‐to‐peercommunication(EID‐EID)andoperatesoverIPandnetworks.
5.Features
DNP3sendsandreceivesdataobjectsoftennamedpointssuchasstatusinformationaboutdevices(binaryinputs),analoginformation(analoginputs),accumulatorinformation(counters),setpoints(analogoutputs),andcontrols(binaryoutputs),supportstimesynchronizationaswellastimestampedofeventswhentheyoccur,reportsstaticdata(currentvalue)andeventdata(withorwithouttimestamped).IEC61850sendsandreceivesdataobjectsoftencalledbrickswithstatusandeventinformation,supportsprocessbusthathelpstominimizewiringrequirementstoequipmentbyconvertingstatusandanaloginformationintobricksatthesource,providesahighlyfunctionalobjectorientedsolutiondesignedtosupportimplementationandmaintenanceofautomationapplications,supportshighspeedpeer‐to‐peermessagingusingtheGenericObjectOrientedSubstationEvent(GOOSE)andGenericSubstationStatusEvent(GSSE),supportsmanydifferentprotocolsbecausemapstheobjectsandabstractcommunicationservicestoMMSwhichhasarobustsetoffeaturesthatmapswellIEC61850objectsandservices.
Security
DNP3protocollackssecuritystandards.IEC61850hasIEC62351protocolthatprovidesallthenecessarystandardsforencryption,digitalsignaturesandintrusiondetectionforIEC61850protocol.
Conclusion
BothIEC61850andDNP3arebasedondataobjectsconcepts.However,IEC61850isamorerobustcommunicationprotocolthanDNP3.IEC61850containsacollectionofmultipleprotocols,conceptsandcomponentstandardsthatmakeIEC61850probablymorethanacommunicationprotocol.Ontheotherside,DNP3isasimplerstandardfocusedonthreelayersandoneobjectlibrary.However,DP3maybebettertobeimplementedbecauseitiscompatiblewithlegacyandmodernSCADAequipment.Ingeneral,bothcommunicationprotocolshavedifferentwayofcommunicatingthedataIEC61850morecomplexthanDNP3,buttheybothdothesamereal‐timedatacollectionfunction.
Personally,whenIstartedthisclassIdidnotknowalotaboutDNP3orIEC61850.AftercompletingthispapernotonlyamIabletounderstandDNP3andIEC61850,Iamalsoabletounderstandandapplyhowareal‐timedataprotocolworks.Thatalonewasoneofthemainreasonsfortakingthisclass.Incompletingthisassignmentthereweretwomainchallenges.Thefirstwastranslatingcomplexconceptsintosimpleterms.Mysecondchallengewastocondensealotofinformationintoinfivepagedocument.
References
[1]ClarkGordonandReyndersDeon,PracticalModernSCADAProtocols,Newnes,2004.
[2]StallingsWilliam,DataandComputerCommunications,”Pearson,9thedition,2011
[3]WoodwardDarold,“TheHowsandWhysofEthernetNetworksinSubstations,”SchweitzerEngineeringLaboratories,Pullman,WA,USA.
[4]“OverviewandIntroductiontotheManufacturingMessagingSpecification(MMS),”SystemIntegrationSpecialistCompany,Inc.,1995.
[5]“DNP3,”SubnetSolutions,Inc.,2012