Relay Communication Basics
Short Description
Download Relay Communication Basics...
Description
Communications – Basic
Copyright © SEL 2011
Overview • Serial Communications • Ethernet • Fiber-Optic • SCADA Protocols • Peer-to-Peer Protocols • Ethernet Protocols • Comm Architectures
Communications Architectures Serial
Network
Serial Communications Serial is the simplest form of communication between two devices
Serial Standards • RS–232 • EIA–485 • Universal Serial Bus (USB) • RS–422 • G.703 • Many others…
Serial Standards • RS–232 • EIA–485 • Universal Serial Bus (USB) • RS–422 • G.703 • Many others…
So What is RS–232? RS–232 is a ‘Recommended’ Standard by which two devices communicate ♦
General practice recommends distances no greater than 50 feet over copper media
♦
Standard does not define protocol, only physical interface functionality
RS–232 Wiring • The original RS–232 specification denotes usage of a 25 pin cable • Modern RS-232 devices use DB9, including SEL serial products
RS-232 Flow Control (Handshaking) • Software (XON / XOFF) • Hardware (RTS / CTS) • Important to consider when transmission medium can require careful timing (wireless radios)
RS-232 Connector Types Two different connectors are associated with two major types of hardware ♦
Data Terminal Equipment, or DTE; SEL relays, meters (IEDs, in general) etc. are DTE
♦
Data Communications Equipment or DCE; SEL communications devices such as transceivers, media converters, etc. can be DTE or DCE
RS-232 Connector Types (cont) • DTE will transmit on pin 2 and receive on pin 3 • DCE will transmit on pin 3, and receive on pin 2 • Null modem allows DTE-DTE or DCE-DCE comms
RS–232 DB9 Pin-Out (DTE) DB–9M
Function
Abbreviation
Pin #1
Data Carrier Detect
CD
Pin #2
Receive Data
RD or RX or RXD
Pin #3
Transmitted Data
TD or TX or TXD
Pin #4
Data Terminal Ready
DTR
Pin #5
Signal Ground
GND
Pin #6
Data Set Ready
DSR
Pin #7
Request To Send
RTS
Pin #8
Clear To Send
CTS
Pin #9
Ring Indicator
RI
RS–232 DB9 Pin-Out (DCE) DB–9M
Function
Abbreviation
Pin #1
Data Carrier Detect
CD
Pin #2
Transmitted Data
TD or TX or TXD
Pin #3
Receive Data
RD or RX or RXD
Pin #4
Data Terminal Ready
DTR
Pin #5
Signal Ground
GND
Pin #6
Data Set Ready
DSR
Pin #7
Clear To Send
CTS
Pin #8
Request To Send
RTS
Pin #9
Ring Indicator
RI
“SEL IED” RS-232 DB9 Pin-Out (DTE connector) DB–9M
Function
Abbreviation
Pin #1
5 Vdc
n/a
Pin #2
Receive Data
RD or RX or RXD
Pin #3
Transmitted Data
TD or TX or TXD
Pin #4
+ IRIG–B
n/a
Pin #5
Signal Ground
GND
Pin #6
- IRIG–B
n/a
Pin #7
Request To Send
RTS
Pin #8
Clear To Send
CTS
Pin #9
Shield
n/a
DTE->DCE Communications • In serial cable terms, a “straight-thru” cable is used • ‘C285’ cable w/ 2 x DB9-M ends
DTE->DTE Communications • In serial cable terms, a “null-modem” cable is used • ‘C273A’ cable w/ 2 x DB9-M ends
Transmitting Data – How does it work? • RS–232 communication is dependent on a set timing speed at which both pieces of hardware communicate • The hardware knows how long a bit should be high or low • RS–232 also specifies the use of “start” and “stop” bits
To Talk the Talk… • Both devices must have the same data rate to communicate, but they must also know to handle problems • Baud rate is the number of changes in the signal per second, also known as bits per second, or bps
Common Serial Settings Most serial communications port settings are read in the following form: ♦
Bits per second (baud, or speed)
♦
Number of data bits
♦
Parity
♦
Number of Stop bits
Speed Limitations • All serial devices have an “UART” controller • SEL devices are typically limited to 57600 baud • Older SEL products may be limited to 38400, or even 9600 baud
What is RS–485? Communications interface using a ‘balanced’ or differential signal process to support point–to–point, point–to–multi–point, and multiple drop applications
RS–485 Specifications Physical Media:
Maximum Devices:
Twisted Pair Point-to-point, Multidropped, Multi-point 32 drivers/receivers
Maximum Distance:
4000 feet
Mode of Operation:
Differential
Maximum Baud:
100 kbit/s - 10 Mbit/s
Voltage Levels:
-7 V to +12 V
Network Topology:
RS-485 Has Better Noise Immunity Opposing polarities and twisted pair conductors for transmit and receive signals provides immunity to magnetically– induced noise
RS–232 vs. RS–485
RS–485 Full–Duplex • “4-Wire” Standard • All device connections are consistent • Only first and last devices in chain connect the reference wire • Required for SEL point–to–point or LMD protocols
RS–485 Half–Duplex • “2-Wire” Standard • Only one device can talk at a time • Rx and Tx matching polarities are tied together (+ to + and - to -) • Does not support SEL protocols
RS–485 Half–Duplex • Half-Duplex Comms imply that receive/transmit be accomplished on same data lines. • Two methods to switch rx/tx mode: ♦
- RTS Line “High” on 232 Connector (HW+SW)
♦
- “SDC” – Send Data Control (SW-only)
RS–485 Termination Resistors • Used to match impedance of 485 TX node to communication cabling in use. • If mismatch is in place, portion of message reflected back at transmitter, data is truncated. • Connect +/- (or A/B) pairs of Transmitter / Receiver, only at extreme ends of network • Use resistors in range of 120-150 ohms.
Serial Physical media Copper
Fiber optics
Fiber-Optic Serial • Dual-Transceivers encode serial data over fiberoptic links
Universal Serial Bus (“USB”) • Developed as open standard for interconnection of computing peripheral devices. • Software Drivers required to determine behavior of USB connection.
USB/RS232 Converters • Connect a PC with no physical RS232 ports to legacy IEDs. • SEL Solution = C662
Network Communications • OSI Model • Physical media ♦
copper/twisted pair
♦
fiber optics
Network Communications
What is a ‘Network’? A collection of two or more elements linked together for the purposes of sharing information, resources, etc. ♦
ARPANET was the world’s first ‘packet switching’ network
♦
ARPANET successfully passed the first communication packets in 1969
Jump Forward 40+ Years…
The (OSI) Reference Model Application Data
Layer Layer 7 Application
Function Interface between NOS and user’s application software
Layer 6 Presentation
Data representation
Layer 5 Session
Name to address translation, access security
Layer 4 Transport Layer 3 Network Layer 2 Data Link Wire/Fiber
Layer 1 Physical
• Top 3 layers are application-oriented
• Responsible for presenting the application to the user
• Unaware of how data get to the application
Reliability of transmission from end to end End-to-end addressing (specific to the protocol) Media access and addressing (on the same physical wire) Cables, connectors, wires and signaling issues
• Lower 4 layers deal with packaging & delivery of data
• How it is transmitted • How it is reliably received
• How it is routed
OSI Stack and Ethernet
Ethernet
• Establishes direct connection between sender and receiver • Based on MAC (Layer 2) address
MAC Address
Ethernet Devices - Hubs Hub: Simple Muxing Device That Redistributes all Data that it Receives to all Connections • Physical Layer • Lowest cost • Effectively Obsolete (tough to buy new)
Ethernet Devices - Switches Switch: Intelligent Muxing Device Monitors and Redistributes Data to Appropriate Connections; will not Redistribute Detected Bad Data • Uses Data Link layer (MAC address filtering) • Additional functions in ‘Managed’ switches
Ethernet Devices - Switches • Can be used to interconnect different Ethernet cabling mediums (Copper, Fiber, etc)
Ethernet Devices – Managed Switches • Advanced Functions provided by managed switches include: ♦
Port security (disabling, VLAN, priority)
♦
Network Monitoring (SNMP, web interface)
♦
Redundant (ring-style) networking (RSTP)
Ethernet Devices - Routers Router: Interconnects Two Networks Such as Substation LAN and Utility WAN • Uses Network Layer/Transport layers • Commonly used for Network Security • Often contain ‘Firewall’ functions
Ethernet Media Types • CAT5E / CAT6 Twisted Pair Cable, RJ45 Connectors ♦
Most common interface standard, cables are relatively easy to manufacture.
♦
Cable provides acceptable EMI shield for most industrial installations.
♦
Maximum cable limit of 300 ft.
♦
10 Mbit/s through to 1000 Mbit/s (gigabit)
Ethernet Media Types cont. • Fiber optic cable, multi-mode (MM) or single-mode (SM) ♦
Common in substation installations, due to EMI immunity.
♦
Maximum lengths of 15km (MM) and 110km (SM)
♦
10 Mbit/s through to 1000Mbit/s (gigabit)
Data Protocols
Protocols – What are they? • “A formal, defined set of digital message formats and rules for exchange of data messages between computing systems” • Frequently include signaling, authentication and error detection/correction capabilities
SCADA Protocols • Follow Master/Slave (or Client/Server) relationship • SEL Protocol • Modbus • DNP 3.0
SEL Protocol • Supported by all SEL IEDs • Combination of ASCII/Binary data transfer modes. • Supports auto-configuration of tag data • Time-stamps supported in target data range if target is in SER configuration.
SEL Protocol – Auto Configuration • “CAS” Command – Return Meter and Event Report Configuration Data • “DNA X” Command – Return complete index map of relay word bits
SEL Protocol – Fast Op. Commands • Two main styles of bits can be written to SEL IEDs – Remote Bits (RBs) and Breaker Bits (BRs) • Breaker Bits correspond to OC and CC targets in Relay Logic • Remote Bits typically used for additional logic.
Serial Protocols - Modbus
Modbus Protocol • Referred to as “Modbus/RTU” • Developed by Modicon for their PLCs • Simple Protocol Used in Many RTUs, PLCs, and Other IEDs • Compatible w/ RS-232 and 485
Modbus Register Mapping • Register map defined by manufacturer • Hard-coded and configurable map are possible • All boolean data types are single-bit registers • Holding and Input registers are 16-bit
Modicon Addressing • Modicon Addressing • 0X
Discrete Output / Coils
• 1X
Discrete Input
• 3X
Input Register
• 4X
Holding Register
Modbus Message Framing • Data Request and Response ♦
1 byte
Slave address
♦
1 byte
Function code
♦
n bytes Data bytes
♦
2 bytes CRC-16 block check
Read Coil Status (01h) • Reads Status of Various Bits • Read Up to 1000 Bits per Request • Technically classified as 'Digital Output' status data type
Read Input Status (02h) • Read Input Status (02h) • Identical Operation as Read Coil Status (01h) • Functionally used as 'Digital Input' data type
Read Holding Register (03h) • Used to Read From Database Directly • Data Response Is Entire Register • Read up to 125 Registers per Request
Read Input Register (04h) • Functionally identical to Read Holding register op-code. • Many devices will only have a single register map and will return the same value whether op-code 0x03 or 0x04 is used.
Force Single Coil (05h) • On SEL equipment, Operate Remote and Breaker Bits • Clear Archive Records • Hold and Release Copies of Data Records
Preset Single Register (06h) • Write 16-bit value (2 Bytes) Directly to a Database Register • Technically corresponds with Input Register data map.
Preset Multiple Registers (10h) • Write Multiple 16-bit Words of Data to Contiguous Database Registers • Write up to 120 Registers at once
Modbus Error Responses • 01 - Illegal Function • 02 - Illegal Data Address • 03 - Illegal Data Value • 04 - Failure in Associated Device • 06 - Busy, Rejected Message
Modbus Decoding - Poll • Ex: 01 03 00 00 00 10 DA FC • 01 = Address of Remote Slave IED • 03 = “Read Holding Reg” Op-Code • 00 00 = Start a Holding Reg Addr 00 • 00 10 = Return 16 x 16-bit Registers • DA FC = CRC-16 Error Detection
Modbus Decoding - Response • Ex: 01 03 20 DA FC • 01 = Address of Remote Slave IED • 03 = Holding Register Data Type • 20 = Number of Data Bytes Returned • = Raw Holding Register Data • DA FC = CRC-16 Error Detection
Modbus Protocol Types • 4 Distinct Flavors of Modbus ♦
Modbus ASCII
♦
Modbus RTU
♦
Modbus RTU over TCP
♦
Modbus/TCP
Modbus Register-Encoding • How to use 16-bit registers for advanced data? ♦
16 Packed Boolean statuses
♦
32-bit Integers
♦
32-bit Floating Point
Modbus Packed Booleans • 16-bit Register is used to store 16 individual Bit states: ♦
Given: 0x0A1F = 0000 1010 0001 1111
Bit 0 = IN101 = 1
Bit 5 = IN106 = 0
Bit 15 = IN116 = 0
Modbus 32-bit Integers • Combine 2 x 16-bit registers into a single 32-bit Register: ♦
Host requests 2 registers, combines into 1.
♦
High and Low 16-bit register (order?)
♦
Signed or unsigned?
♦
Windows “Calculator” is a useful tool.
Modbus 32-bit Floating Point • Combine 2 x 16-bit registers into a single 32-bit IEEE754 Floating point Register: ♦
Host requests 2 registers, combines into 1.
♦
High and Low 16-bit register (order?)
♦
32-bit broken down into sign (1 bit), exponent (8 bits) and mantissa (23 bits)
www.binaryconvert.com • Free web-site for converting raw binary/hex quantities into formatted data.
DNP3 Protocol • Master/Slave (Client/Server)-style Protocol • Overcomes many limitations of earlier SCADA protocols • Open standard, free for implementation by any vendor
DNP3 History
DNP3 Introduction • DNP Intent ♦
Telecontrol
♦
Read / write of database data
♦
SCADA information
SOE (time-stamp retrieval)
COS (state-change report)
time synchronization
SBE (select-before-execute)
DNP3 Introduction • Event Based ♦
Binary change of state
multiple change detection
SOE
♦
Analog % change
♦
Event classes
♦
Event buffer
DNP3 Introduction • Object Based ♦
Data specification
♦
No direct memory access
♦
Object types
♦
value
change
frozen
Additional attributes
DNP3 Reporting Mechanisms • A classic example of a Modbus-style polling request Master requests specific memory area from slave
Slave responds with all data in region
DNP3 Reporting Mechanisms • DNP3 can perform a ‘Static’ or ‘Integrity’ Poll Master requests all data of a type of Class 0
Slave responds with all data of type or all Classes
DNP3 Reporting Mechanisms • The master process can also utilize class polling to use Report-By-Exception and improve performance Master performs periodic Class 0 poll for sync refresh Master performs regular Class 1,2,3 poll
Slave responds to Class 0 poll with all data
Slave reports event data
DNP3 Reporting Mechanisms • For extremely low-bandwidth connections, unsolicited reporting can be used. Slave reports unsolicited event data Master performs occasional Class 0 poll for sync refresh Slave responds to Class 0 poll with all data
DNP3 Reporting Mechanisms • Quiescent polling can also be used, whereby the master process never polls for data and relies entirely on the slave process to report changes. Slave reports unsolicited event data Master does not poll
DNP3 Protocol Benefits • Optimized Communication ♦
♦
Event-driven polling
class 0
class 1, 2, 3
Minimum message size
DNP3 Protocol Benefits • High Data Integrity ♦
16-Bit CRC every 16 bytes
♦
Hamming distance of 6
♦
Data link confirmations
♦
Application confirmations
DNP3 Protocol Benefits • Structured Evolution ♦
Subset definitions
♦
Object definitions
♦
Standard documentation
♦
Conformance testing
♦
User’s group
♦
Technical committee
DNP3 Recent Developments • ‘Recent’ is defined as 2000-era • Ethernet LAN/WAN Support • Virtual Terminal Applications • File Transfer Capabilities
DNP3 Protocol Structure • DNP Structure ♦
Modified 3 Layer OSI model Application Presentation Session
Application
Transport
Data Link
Network
Physical
Data Link Physical
DNP3 Message Structure • Typical DNP3 Message Frame 05
64
DWG: #853_001
DNP3 Message Structure • Data-Link Header, every message starts with this. 05
• • • • •
64
LEN
DLC DESTINATION LSB
MSB
SOURCE LSB
MSB
0x0564 Length Control Byte Destination and Source Addresses 16-bit CRC
CRC
DNP3 Message Structure • Transport and Application Layer includes actual data. TH
APP Header
Object Header
• Transport Header • Application Header • Object Header • Data Block • CRC
Data
CRC
DNP3 Message Structure • Application-Layer Object Data Object Header
• Object Header ♦
Group
♦
Variation
♦
Qualifier
♦
Range
Data
DNP3 Message Structure • Common Application Layer Function Codes: ♦
01 – Read
♦
02 – Write
♦
03 – Select, 04 – Operate, 05-Direct-Operate
♦
23 – Delay Meas, 24 - Record Current Time
♦
129 – Response
♦
130 – Unsolicited Response
DNP3 Message Structure • Common DNP3 Default Object Types and Variations: ♦ ♦ ♦ ♦ ♦ ♦ ♦ ♦
Binary Inputs – Obj 1,2 Var 2 Binary Outputs – Obj 10 Var 2, Obj 12 Var 1 Counters – Obj 20, 22 Var 5 Frozen Counter – Obj 21,23 Var 1 Analog Inputs – Obj 30 Var 4, Obj 32 Var 2 Analog Outputs – Obj 40,41 Var 2 Time/Date Objects – Obj 50 Var 1 Class Objects – Obj 60 Var 1,2,3,4
DNP3 Class Data • Reports “Change Event” data from an IED • Q: What does Class 1, 2 and 3 data represent? • A: Whatever the IED defines it as! • Typically: Binary = 1, Analog = 2, Counter = 3
DNP3 Static vs. Event Data • Static data from Class 0 object poll ♦
“Current” (snapshot) Value
♦
Does not contain timestamp information
• Event data from Class 1,2,3 object poll ♦
“New Value” from IED event buffer
♦
Timestamp is critical component of message.
DNP3 Message Structure - Options • Object Type Optional Components ♦
Time-Tag (Change events-only)
♦
Status Flag
Value, Forces, Restart, Online
Point Force (Local or Remote)
Over-Range
DNP3 Message Structure - IIN • IED Responses will include 2-bytes of IIN (internal indications) bits. ♦
Device trouble, re-start, in-local, corrupt
♦
Time Sync Required
♦
Class 1, 2 or 3 data available
♦
Event Buffer Overflow
♦
Requested objects are unknown
DNP3 Commands • Use “Control Relay Output Block” (CROB) from host to write to Binary Output Index. • Supported styles of commands: ♦
Pulse On, Pulse Off
♦
Pulse w/ Trip or Close Qualifier
♦
Latch On, Latch Off
DNP3 Commands – IED Interpretation • IEDs will have different interpretations of DNP3 command codes • Check the device-specific DNP3 appendix • From SEL-351S-7:
Peer–to–Peer Protocols • Serial: Mirrored Bits® • Network: IEC 61850 GOOSE
SEL MIRRORED BITS Review Relay-to-Relay Logic Communication
Relay 1
Relay 2 DB9 Connectors
...
.....
..... .....
Proprietary
.....
...
SEL-28xx
Fiber
SEL-28xx
Other
µ Wave Audio Radio Fiber
Other
SEL MIRRORED BITS Communications
• EIA-232 Asynchronous Message (6-O-1) • 8 Bits of Bidirectional Status or Control • High Speed – 10 to 20 ms contact xfer time
SEL MIRRORED BITS Communications
TMB1 . . . TMB8 Transmit Receive
1 1
2 2
3 3
4 4
5 5
6 6
RMB1 . . . RMB8
Relay 1
TMB1 . . . TMB8 7 7
8 8
1 1 Channel
Channel Interfaces and Communications Equipment
2 2
3 3
4 4
5 5
6 6
7 7
RMB1 . . . RMB8
Relay 2
8 8
Transmit Receive
Transmit “Mirrored” to Receive Relay 1 T R A N S M I T
TMB1
R E C E I V E
TMB2
Relay 2 0
1
0
0
..
TMB2 TMB8
TMB1
..
..
TMB8
0
0
RMB1
1
0
RMB2
0
0
..
RMB2
RMB8
0
0
RMB8
..
..
..
RMB1
..
T R A N S M I T R E C E I V E
Communications Media Requirements • Full-Duplex Communications • EIA-232 Serial Port Interface ♦
Up to 38400 bps
• Immune to Power System Fault Generated Transients • Acceptable Speed for the Application
Ethernet Protocols • Telnet • FTP • Web / HTTP • DNP3 / IP • IEC 61850 (SCADA and real-time)
Telnet Protocol • Provide Virtual “Terminal” session on remote host • Command-line session supported • No built-in authentication • TCP port 21
FTP Protocol • FTP = “File Transfer Protocol” • Use to read/write files to/from remote devices (IEDs, relays, etc). • Simple Authentication supported • TCP port 23
Web / HTTP Protocol • “HyperText Transfer Protocol” • Supports HTML Text-file encoding language that provides formatted data information from a server to a client. • Simple Authentication supported • TCP port 80
DNP3/IP Protocol • “DNP3 over IP” • 99.9% Identical to serial SCADA protocol • Differs only in Time-synchronization function codes and objects used. • TCP Port 20000
IEC-61850 Protocol(s) • Vendor-neutral • MMS – Classic Client/Server protocol ♦
“Tag-Based” Protocol Language
♦
Standardized Naming
• GOOSE – Peer-to-Peer messaging ♦
High-speed data sharing
Communications Architectures • Star Topology • Bussed/Daisy-Chain Topology • Ring Topology • Hybrid Ethernet Topologies • “Classic” SEL Topology
Star Topology
Star Topology • Benefits: ♦
Flexible for Serial/Ethernet hardware
♦
Independent Data Path to end devices
♦
Quick Concurrent polling of end devices
• Draw-Backs: ♦
Additional Comms Cable, More $$$
♦
Occasional use of repeaters required
♦
No redundancy
Bussed / Daisy-Chain Topology
Bussed / Daisy-Chain Topology • Benefits: ♦
Inexpensive communications to many devices (minimal cabling)
• Draw-Backs: ♦
Round-robin polling delays (slow data updates)
♦
Devices must be addressable (no SEL protocol)
♦
No redundancy
Ring Topology
Ring Topology • Benefits: ♦
Less cost of cabling
• Draw-Backs: ♦
Extra Configuration
♦
Some devices do not support (for Ethernet, Managed Switches required)
♦
Proprietary Connections
Hybrid Topologies – Redundant Star
Hybrid Topologies – Redundant Star*
Hybrid Topologies – Star/Ring
Hybrid Ethernet Topologies • Benefits: ♦
Redundant, self-healing Architectures
• Draw-Backs: ♦
Extra $$$ for additional cabling/switches
♦
Extra Configuration
♦
Some devices do not support (Managed Switches generally required)
“Classic” SEL Topology • Communications processor concept • SEL-2032 vs. SEL-3530 RTAC • Settings and hardware features
Classic Comm. Processor System Wireless Device Satellite
SCADA Master
Local HMI SEL-3021
Modem PC
Alarms
Metering Events
Configuration
Controls Time Synchronization
SEL-2032
SEL-2407 GPS Clock
SEL Relay
SEL Relay
SEL Relay
Non-SEL Relay
SEL Relay
Modern Comm. Processor System
Questions?
View more...
Comments
