Sie sind auf Seite 1von 9

1

Information Technology in Power Sector

'The author certifies that the paper titled- ' Utilizing IEC 61850, Ethernet and IP Standards for
Integrated Substation Communications ' and submitted for consideration for the Seminar- IT in
Power Sector ‘Performance Upgradation including Automation’ December 11- 12, 2008 || IHC,
New Delhi, India is original.

Utilizing IEC 61850, Ethernet and IP Standards


for Integrated Substation Communications
Rajesh Kukreja, GarrettCom India Pvt. Ltd.

The 61850 standards address the demanding


Abstract—As standards and technologies such as requirements of protection signalling and data
IEC 61850, Ethernet switching and IP communications processing applications coexisting on a common
have become an accepted framework for integrating network. However, despite the emerging primacy of
substation networks, a clear path is emerging for both Ethernet as the medium of choice for local
Greenfield designs and substation upgrades. An communications, many substations still must contend
integrated network for substation communications can with legacy control systems and other serial
be cost effective, and can easily incorporate new communications requirements. Thus, the 61850
systems in an established network. However, thought
must go into the architecture to ensure that over time it
architecture includes distributed protocol gateways
will continue to be perform in a way that is flexible, that convert legacy interfaces to 61850 information
reliable, and manageable. With varied needs of standards. In addition, there are other serial-IP
networking applications such as control systems approaches available that can link existing
(e.g.SCADA), measurement systems (e.g. metering, centralized legacy systems to remote devices over an
protection signalling among power systems), security Ethernet infrastructure.
(e.g. video surveillance, access control), and data
exchange with the control center and utility IT To deploy an IEC 61850 compliant system, it is
departments, a strategic and all-encompassing network critical that implementers understand the mechanisms
plan is mandatory. This article discusses some of the
defined in 61850 and in Ethernet to meet strict
key considerations for -- and the requirements of -- an
integrated network, and the types of tools available to physical reliability and network performance
planners when designing and deploying a successful requirements, as well as the requirements and
integrated substation network. limitations of a wide array of applications.

Within the standards-based integrated substation


I. INTRODUCTION network outlined above, mechanisms are available to
support both the physical and the cyber security
IEC 61850, Ethernet switching and IP accommodations that have become an important
communications are three of the most widely issue in networking critical power utility facilities.
accepted standards and technologies today for Within an Ethernet infrastructure it is possible to
providing the underlying framework for a strategic integrate video surveillance systems and access
integrated substation network. They have evolved to control systems on a common network – with Power-
address the needs and requirements of the substation over-Ethernet (PoE) available to simplify camera and
environment in a way that will support long-term access system deployment through a single cable
growth and performance needs in an organized and capable of supporting both data and power
cost-effective manner. requirements. Cyber security is implemented at
many levels within the network – protecting both the
2

systems and the devices attached to the network, as from metering, and various control systems used
well as providing secure management of the network differing data protocols, which forced the use of
infrastructure itself. separate networks. Video surveillance, when
implemented, was on a separate CCTV analog
Successful implementation of such a multi-purpose network. Protection signalling was isolated,
network requires a comprehensive vision of the target primarily because the extreme low latency and
architecture. The advantage of an Ethernet-based guaranteed performance requirements of protection
strategic substation network is that it has the capacity events could not be assured in a shared network.
and flexibility to support multiple applications at the Today, IEC 61850 and other initiatives identify
same time, even when they have widely differing IP/Ethernet as the basic networking technology upon
requirements. The capability is there, but the which to build an integrated substation network
architecture planners and implementers must take architecture, and facilitate data exchange with other
into account that the applications being served by the groups or organizations within the power utility..
network will include diverse objectives and
requirements for things such as protection signalling, Ethernet/IP provides broadly supported
control automation, metering, and that technology for system interconnection across many
communications functionality will be necessary to system suppliers. It leverages mass market
address both communications within the substation component volumes to create a cost-effective, high-
and those extending beyond it. This architecture performance network. In addition, Ethernet lends
guides each successive project as the network itself to fiber-based connectivity that is important in
evolves. Implementers must meet immediate project electrically noisy industrial environments, and it
needs while avoiding missteps that create obstacles to supports ring, dual-star and mesh topologies that are
future evolutionary growth. highly resilient against single-point network faults,
thus improving system reliability.
The paper assesses current and emerging
requirements for substation networking and discusses When multiple projects will share a new
a strategic architecture for local and wide area integrated network, an immediate benefit is reduced
substation networking and proposes practical cost for equipment and facilities. The larger
implementation guidelines that will enable project economic benefits come from reduced cost and delay
planners to proceed with greater confidence that they in adding additional systems to the substation in the
can both meet immediate project needs and also future, and also in reduced cost of ongoing
prepare for a cost effective and flexible path forward operations, including training and maintenance. Also,
into the future. with a larger scaled network serving more
applications, it is easier to justify added features in
II. TARGET ARCHITECTURE the network to increase reliability and security as
It should be a given in any network design additional benefits. See Fig. 1 for an illustration of
implemented today will support a single integrated an integrated power utility layout utilizing Ethernet
network. The alternative is a difficult-to-maintain and IP technology.
hodgepodge of separate networks under the same
roof. Traditionally SCADA networks were separate
3

Fig. 1. Integrated Power Utility Diagram Utilizing Ethernet and IP Technology

III. SUCCESSFUL INTEGRATED NETWORK


DESIGN surrounds this core with edge and access layers for
The key success factors for an integrated network Ethernet devices, serial devices and wide area
design are: (1) Flexibility to adjust and grow the network connections.
topology as requirements change, (2) Performance,
especially Quality of Service techniques, to enable Ethernet is the infrastructure of choice now and
effective prioritization among competing applications for the future, thus it is the context in which new
and to meet critical requirements of the most requirements will be added; new standards will
important protection and control systems, and (3) assume the use of an Ethernet infrastructure and will
Reliability, for critical protection systems, but also be designed to fit comfortably in that structure.
because so many different systems are relying on the
same infrastructure. A distributed architecture based on Ethernet
directly addresses three critical success factors for
A complete view of the emerging substation substation network integration: flexibility,
network (as depicted in Fig. 2) uses high capacity performance and reliability.
Ethernet switches at the core of the network, and then
1) Flexibility
A network must be flexible enough to
accommodate both network growth (i.e., scalability)
and changes in functional requirements (i.e.,
versatility). A network hierarchy that enables
implementers to add switches to the network without
disruption is key to scalability. Note that in Fig. 1,
additional end devices can be added to the periphery
of the network easily by adding additional edge
switches that are tied into the common core.
Similarly, the core of the network can be augmented
Fig. 2. Illustration of core/edge/service layers of an integrated
without disrupting the edge.
network
4

At the edge of the network, there will be a wider


diversity of requirements. It is important to be able to Virtual Local Area Networks (VLANs per
consider a broad range of edge devices to meet 802.1Q) that are sometimes implemented for security
varying needs. One major consideration is the purposes can also be useful in implementing
requirement for a range of physical interfaces, such prioritization policies. Devices of similar priority and
as 10/100 and 10/100/1000 copper Ethernet, different traffic profile may be assigned to a common VLAN
sorts of fiber connectors including SFF, SFP and with the priority treatment associated with that
more traditional ST and SC connections, special VLAN, rather than assigned individually to each
purpose interfaces such as for Power-over-Ethernet, device.
and non-Ethernet serial protocols. One element of
flexibility is to be able to employ a broad product 3) Reliability
line of different Ethernet switch types for the edge, Certain applications such as control and protection
all compatible with a common core. Another require virtually 100 percent uptime, but in addition,
approach is to select highly modular edge switches it is important to note that many applications may be
that can be purchased with a wide variation of affected by a single network failure. Ethernet-based
different interfaces on the same switch. substation networks have many tools to ensure
reliable behavior.
One additional enabler of smooth growth is
careful attention to networking standards. Standards To ensure reliability, multiple factors must act
permit a mixed vendor environment if a single together: network switches and connection media
vendor cannot meet all needs over time. Standards must be built to withstand the environments in which
must apply to both basic connectivity of Ethernet they will be deployed, the physical topology of the
devices and also other key enabling technologies network connections must support redundancy, and
such as Quality of Service, VLANs and SNMP the network software must be intelligent enough to
network management. recover from various physical failures.

2) Performance IEC 61850-3 standards specify a number of


Various applications have differing performance “hardened” characteristics that network products
requirements of various applications. Protection should meet to withstand the potentially
signalling is perhaps the most severe of these electromagnetically harsh substation environment:
requirements, and it is discussed further below. such as immunity to electrical surge, electrostatic
SCADA and other control processes also require discharges and other phenomena that would cause
high performance guarantees. File transfers such as non-hardened devices to fail.
oscillography capture files and metering applications
have exacting performance parameters, perhaps less Fiber media, which protects both signal integrity
time sensitive but still requiring accuracy. and attached devices from surges, is the best choice
for critical connections (and, ideally, for any
Sufficient bandwidth is key to ensuring network connections that are separated by any significant
performance requirements are met. Gigabit Ethernet distance within the substation) should be used to
trunks interconnecting with core switches and protect both signal integrity and the attached devices
switches with non-blocking switch architectures go a from surges. Ethernet switches with all fiber
long way toward ensuring sufficient capacity for connections should be capable of withstanding
multiple concurrent applications. Nonetheless, there immunity challenges with no loss of data.
is a statistical probability that congestion will occur
from time to time. The Ethernet infrastructure must Substation networks should be laid out in a way
be capable of implementing traffic prioritization as that ensures that there is always at least one
defined in standard 802.1p. The three key elements alternative path if a particular facility or intervening
of traffic prioritization are: (1) policies for deciding device fails. A common Ethernet-based architecture
priorities as traffic enters the Ethernet network, (2) is to have a small core of mesh-connected switches
effective marking of traffic for the appropriate with rings of edge switches centred on this core. In
priority (802.1p priority tagging) so that the policy some cases, smaller edge switches may be dual-
can be communicated to each of the switches in the homed, connecting to the resilient rings with two
network, and (3) effective traffic queuing and fibres, but not participating in protecting the ring
prioritized forwarding, following specific pre- itself.
emption and weighting factors.
5

network traffic. Within milliseconds of a critical


Rapid Spanning Tree Protocol is the primary system event, GOOSE messages are multicast to
standard protocol for ensuring network recovery other registered IEDs attached to the Ethernet
from facility or switch failures, while also ensuring a network, replacing earlier generation station bus
valid network topology, and the latest revision to the communications.
standard, represented by IEEE 802.1D-2004, offers a
higher speed implementation that can also support To meet latency requirements for GOOSE
larger ring and mesh networks. Many vendors have messages, Ethernet switches involved with protection
made their own variations to improve performance signalling must be capable of recognizing GOOSE
over basic RSTP, but the newest standard virtually messages, and forwarding them on a pre-emptive
eliminates any need for a non-standard priority basis, and all involved switch connections
implementation. Substation planners should be must be fiber and be at least 100 Mbps at the edge
careful to maintain support for standard RSTP to with non-blocking Gigabit Ethernet in the core. With
maintain design flexibility. With attention to ring size careful engineering and multiple priority classes,
and topology planning, networks should recover in station bus signalling and data processing traffic can
tens of milliseconds from single faults in rings. share a single Ethernet infrastructure.

IV. PROTECTION SIGNALING V. SERIAL AND LECAGY INTEGRATION


The critical nature of protection switching within When developing an integrated network, it is
substations was one of the principal challenges important to ensure that non-Ethernet, serial protocol
addressed in the development of IEC 61850 network devices are included. One common class of serial
protocols and related network design guidelines. devices are IEDs with legacy control protocols. In
With the definition of GOOSE messages (Generic addition, there are many devices with serial console
Object Oriented System-wide Event messages), it type interfaces for administrative functions.
was possible to directly map these time-sensitive
messages (see Fig. 2), into Ethernet, bypassing the There are three generic approaches to legacy serial
protocol overhead of TCP/IP protocols. GOOSE protocols, illustrated in Figure 3 a, b and c, below:
messages are recognized by compliant Ethernet (1) leave them on separate local connections from
control stations to the IEDs/RTUs, usually using
Fig. 2 Illustration of protocol stack of general data (TCP/IP vs. serial-over-fiber Link/repeaters for signal protection
GOOSE messages on long wiring connections across the substation; (2)
deploy distributed protocol gateways, consistent with
Appli- 61850 Other the IEC 61850 architecture, to convert the legacy
61850 61850
Sampled Data protocol to the standard 61850 information structure
cations GOOSE MMS
Values Appls.
at the edge of the network, and then integrate the
standard IP-based communications onto the Ethernet
Network LAN; and (3) use distributed serial-IP terminal
TCP / IP servers/device servers around the edge of the LAN to
encapsulate the serial messages onto the Ethernet to
Ethernet Logical Link Control (LLC)
reach centralized protocol gateway processors that
Data then translate the legacy protocol to modern IEC
Link standards. Alternatively, serial-IP encapsulation can
Ethernet Media Access Control (MAC)
be reversed centrally to interface to legacy serial
switches to have pre-emptive priority over other servers.
6

VI. VIDEO SURVEILLANCE


The risks of sabotage and theft have increased
concern for the physical security of substations.
Many utilities are employing video surveillance as a
key element in providing access control and intrusion
detection. Video surveillance complements other
sophisticated access control systems; with the
addition of motion sensing software intelligence it
becomes an important part of intrusion detection, and
it provides another operational view of the status of
equipment and of weather conditions. Digital video
is particularly beneficial because it is more easily
manipulated, searched and archived for both real-
time and forensic analysis.

Digital video cameras have recently overtaken


analog video cameras in terms of price and
performance for many applications. IP-enabled video
cameras can now share the Ethernet infrastructure
with other applications so long as bandwidth is
sufficient and Quality of Service is effectively
implemented. Some Ethernet vendors implement
enhancements to IGMP multicast protocol handling
by the Ethernet infrastructure in order to better
optimize network performance when integrating
video applications.

Video Monitoring

IP Video Data
Server Applications

Ethernet Infrastructure

Fig. 3a, b and c: Three architectures for legacy and 61850


Ethernet IED’s with 61850 applications. Ethernet Edge
PoE:
Power and Switches
Itis also desirable to network-enable serial Fiber
Video/IP PoE Ethernet
consoles. By attaching serial consoles via serial-IP
terminal servers onto the IP-Ethernet IED IED

infrastructure, the console ports can be centrally


administered and remotely accessed by any
authorized user of the network, from a remote Fig. 5 Video surveillance implementation over PoE
work position. One enabling technology for video camera is
Power over Ethernet (PoE). IETF RFC 802.1af
The serial edge networking approach of provides a standard for implementing the distribution
distributed serial-IP terminal servers creates a of electrical power directly over a 10/100TX
common solution to these two requirements. Fig. 3 a, electrical Ethernet connection from an Ethernet
b and c: Three architectures for legacy and 61850 switch to an end device. As shown in
Ethernet IEDs with 61850 applications. Figure 5, PoE can be used to simplify the deployment
of video cameras by eliminating the need for separate
Direct fiber Ethernet interfaces and more than one electrical power feed to the camera. PoE may also be
Ethernet connection into the core network, providing used for applications such as powering VOIP
a highly reliable, dynamic serial edge. telephone handsets or access control readers.
7

VII. WIDE AREA NETWORK CONNECTION even less common.


Some distribution substations are operated locally
with personnel on site on a regular basis and with With an integrated substation network, a single
limited remote monitoring. Increasingly, larger wide area communications link can provide remote
substations also have full time communications to access to a number of different systems within the
central operations centres so that the utility substation. SCADA and Energy Management
operations staff can monitor the overall status of the Systems (EMSs) can be connected from central
power grid and respond more quickly to service systems to remote IEDs in real time. Engineers
affecting issues. working from their main office can access
administrative ports on remote devices, gather
Prior to the integrated substation network, it was register settings or reprogram IED parameters
typical for any remote system to require its own without travelling to the substation. Fig. 6 illustrates
communication connection to the substation. This substation connectivity with a remote operations
drove up costs and made remote communications center.

Fig. 6 Integrated Substation Networking with WAN access to Remote Operations Centres

One key is to implement Internet Protocol (IP) as connection into the Ethernet core network over
the common protocol across systems. As described Ethernet and participate in RSTP for greater
above, legacy serial ports, including administrative reliability. There are several different WAN media
IED ports, can be accessed from a central PC using available, including wireless, fiber and various
common terminal emulation software such as telecommunication carrier services. The WAN
Windows HyperTerminal or by PC client programs gateway should support direct interfaces to the
provided by many IED manufacturers. appropriate service, such as an E1 carrier line.

The Wide Area Network (WAN) gateway device The WAN gateway also plays an important role in
is basically an IP router. Like the other devices in the cyber security for the substation. The WAN gateway
substation, it should be hardened to substation should provide the primary electronic security
equipment standards. It should provide more than perimeter protection. The gateway should include IP
one Firewall features to block unauthorized access to the
8

substation network. Virtual Private Network (VPN) log access events, and optionally all activity during
technologies such as IPsec and Secure Socket Layer the user session.. Some utility cyber security
(SSL) should at least be available to provide implementations have additional active mechanisms
increased security in the future. Secure management in place to detect and alert on forms of attack more
of all network devices is also important, using complex than a direct login attempt. An example is
SSL/SSH and SNMPv3. an Intrusion Detection System (IDS) that looks for
patterns of attack such as aggressive transmissions to
VIII. ACCESS MANAGEMENT SYSTEMS exposed protocol ports or other vulnerabilities in host
As cyber security becomes an integral part of operating systems. IP Firewalls at the control center
substation networks, access management systems and at substations may also detect basic network
provide a bridge between the substation world and IT attacks (or simply misguided packets) that also
by both functioning as the secure gateway for legacy constitute security events. To manage these diverse
devices, and by interoperating with existing sources it is desirable to link firewall events, AMS
Enterprise authentication services. AMS systems events and IDS events to a common Security Event
check for user credentials and establish secure Management console, also shown in Figure 7.
connection to target IEDs. In addition AMS servers

Figure 1: Access Management Architecture

Enterprise Network

AD
Control Center

AMS
RSA Intranet

PC with Access Client IDS


AMS: Access Mgt. System Router M
IDS: Intrusion Detection System
RSA: RSA SecurID server
AD: Microsoft Active Directory
IP-based Substation Dial-up
Wide Area Network PSTN

Router
Router / Dial-up
Term Server Port Switch
Communications
Gateway

IED IED RTU IED IED RTU RTU IED

Fig. 7 Access management architecture


devices and software applications common to
utilities, can also enhance end user productivity,
Access Management must also integrate with the doubly enhancing their value. AMS systems can:
substation network itself. For ease of initial
implementation, an AMS may interoperate with a • Organize the IEDs that are relevant to that
wide variety of substation gateway devices on a particular user --- essentially only those that
secure basis. the user is allowed to access -- into graphic-
assisted directories, grouped into various
AMS systems that are purpose-built for the combinations of region, substation or device
substation environment, as opposed to using generic type
IT access tools that do not understand the protocols,
9

• Support PC software that provides click- X. BIOGRAPHY


through access to the target IEDs, making
the network connection and session logging
functions transparent to the user.
• Associate the appropriate vendor-specific
software application on the user’s PC, such
as AcSELerator, WinECP or Enervista, with
each target IED, enabling AMS client
software to automatically launch this
application, further simplifying on-demand
IED access. Rajesh Kukreja (BS, MBA) is Director of
GarrettCom India Pvt. Ltd. focused on technical
sales and marketing, technical services and product
IX. SUMMARY development for power utility and Industrial
customers in India and neighboring countries.
The technology is now available to integrate the Rajesh has more than 15 years experience in
various communications requirements within a telecommunications (spl. Ethernet), with technical
substation onto a single infrastructure. Such an marketing and planning background in Enterprise,
integrated approach has many economic benefits and industrial and carrier sectors. He also spent many
the practical advantage of making it easier to add years in product design and development.
automation projects over time.

Ethernet switching is at the core of this strategic


architecture. Various technologies will create a
dynamic edge of services around this core,
accommodating a multitude devices and applications
with specialized needs.

Advanced planning and a clear vision of a target


architecture is required to ensure the successful
integration of substation communications. With this
vision, the network can grow one project or one new
device at a time. The key success criteria remain
constant from the initial vision to each incremental
project: flexibility, performance and reliability.
Ethernet technology is now ready to deliver on all
three.

Das könnte Ihnen auch gefallen