...
| draw.io Diagram | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Pivot object model
The pivot object model is based on 61850 semantic.
...
- if CA of ASDU is known otherwise throw an error message.
- if IOA is known otherwise throw an error message.
- if type of ASDU is known otherwise an error message.
- The label attribute shall be used to populate the Fledge's DataPoint Asset Name attribute.
Attributes definition
| Attribute | Description | Expected values | Mandatory |
|---|---|---|---|
| name | this identifies the exchanged data configuration | Yes | |
| version | this is the version number of the configuration | x.y where x represents a major version and y a minor change | Yes |
| datapoints | array of datapoints that needs to be managed by the instance of the gateway | Yes | |
| datapoints.label | label of the datapoint | Yes | |
| datapoints.pivot_id | unique identifier of the datapoint, this is used to create a pivot object | Yes | |
| datapoints.pivot_type | type of Common Data Class (CDC), this is used to create a pivot object | SpsTyp, DpsTyp, MvTyp, SpcTyp, DpcTyp, etc... | Yes |
| datapoints.protocols | array of protocols that needs to be managed for a datapoint | Yes | |
| datapoint.protocols.name | name of the protocol | iec104, tase2, hnz, 61850, opcua, etc... | Yes |
| datapoint.protocols.address | address of the datapoint in the given protocol | Yes | |
| datapoint.protocols.typeid | type id of the datapoint in the given protocol | Yes |
Configuration JSON structure
...
| Code Block | ||
|---|---|---|
| ||
{
"protocol_stack":{
"name":"iec104client",
"version":"1.0",
"transport_layer":{
"connectionredundancy_groups":[
{
"pathconnections":[
{
"srv_ip":"192.168.0.10",
"clt_ip":"",
port":2404,
"conn":true,
"portstart":2404true
},
{
"srv_ip":"192.168.0.11",
"clt_ipport":""2404,
"portconn":2404true,
}
"start":false
],
"tls":false}
},
],
"k_value":12,
"wrg_valuename":8"red-group-1",
"t0_timeouttls":10,false
"t1_timeout":15 },
"t2_timeout":10,
{
"t3_timeout":20,
"conn_allconnections":true,[
"start_all":false,
"conn_passv":false{
},
"application_layer":{
"origsrv_addrip":"192.168.0.12",
"ca_asdu_size":2,
"ioaddr_sizeport":32404,
"startup_time":180,
"asdu_sizeconn":0false,
"gi_time":60,
"gi_cyclestart":false,
"gi_all_ca":false,
"gi_repeat_count":2},
"disc_qual":"NT",
"send_iv_time":0,{
"tsiv":"REMOVE",
"utcsrv_time":false,
ip":"192.168.0.13",
"comm_wttagport":false2404,
"comm_parallel":0,
"exec_cycl_testconn":false,
"startup_state":true,
"reversestart":false,
"time_sync":false
}
}
} |
IEC 104 datapoint representation
This is the Datapoint representation of an IEC 104 ASDU.
| Code Block | ||
|---|---|---|
| ||
{ "data_object":{ "do_type":"type_id", "do_ca":"ca", ], "dorg_oaname":"oared-group-2", "do_cottls":"cot",false "do_test":"istest", "do_negative":"isnegative",} "do_ioa":"ioa" ], "dok_value":"value"12, "dow_qualityvalue":"quality_desc"8, "dot0_tstimeout":"time_marker"10, "do_ts_qual":"isinvalid", t1_timeout":15, "t2_timeout":10, "t3_timeout":20, "do_ts_sum_time":"isSummerTime" } } |
Path exploration
| draw.io Diagram | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
In redundant network configuration or generally in cases where several communication paths exist between one client and one server, the path checking exploration mechanism allows the client to try all the paths one by one without making any difference between them. The client uses the first available path. On disconnection this procedure starts again from the beginning.
TLS configuration
The CS 104 standard can also be used with TLS to realize secure and authenticated connections.
3 parameters are needed to set up the TLS secured connection:
- private key file
- server certificate
- root certificate (CA)
Fledge's certificate store allows certificates to be stored and used by the south plugins.
| Code Block | ||
|---|---|---|
| ||
{
"tls_conf:": {
"private_key": "server-key.pem",
"server_cert": "server.cer",
"ca_cert": "root.cer"
}
} |
IEC 104 north plugin (server/slave)
IEC 104 redundancy server modes
Multiple redundancy groups
The MZ Automation lib60870 server provides 3 different modes regarding the support of redundant connections and events queue handling:
- The default mode (CS104_MODE_SINGLE_REDUNDANCY_GROUP) allows only a single active client connection.
- The second mode (CS104_MODE_CONNECTION_IS_REDUNDANCY_GROUP) allows multiple active client connections.
- The third mode (CS104_MODE_MULTIPLE_REDUNDANCY_GROUPS) allows multiple active client connections while preserving events when no client is connected.
In the case of this design, the south plugin will be implemented with CS104_MODE_MULTIPLE_REDUNDANCY_GROUPS server mode.
This mode allows multiple active client connections while preserving events when no client is connected. In this mode clients can be assigned to specific redundancy groups. The assignment is based on the IP address of the client. A redundancy group can have multiple simultaneous connections but only one of these connections can be active. The number of activated connections is restricted by the number of redundancy groups. Each redundancy group has a dedicated event queue.
It can be set with the CS104_Slave_setServerMode function:
| Code Block | ||
|---|---|---|
| ||
CS104_Slave_setServerMode(slave, CS104_MODE_MULTIPLE_REDUNDANCY_GROUPS); |
Multiple redundancy groups example
conn_all":true,
"start_all":false,
"conn_passv":false
},
"application_layer":{
"orig_addr":0,
"ca_asdu_size":2,
"ioaddr_size":3,
"startup_time":180,
"asdu_size":0,
"gi_time":60,
"gi_cycle":false,
"gi_all_ca":false,
"gi_repeat_count":2,
"disc_qual":"NT",
"send_iv_time":0,
"tsiv":"REMOVE",
"utc_time":false,
"comm_wttag":false,
"comm_parallel":0,
"exec_cycl_test":false,
"startup_state":true,
"reverse":false,
"time_sync":false
}
}
} |
IEC 104 datapoint representation
This is the Datapoint representation of an IEC 104 ASDU.
| Code Block | ||
|---|---|---|
| ||
{
"data_object":{
"do_type":"type_id",
"do_ca":"ca",
"do_oa":"oa",
"do_cot":"cot",
"do_test":"istest",
"do_negative":"isnegative",
"do_ioa":"ioa",
"do_value":"value",
"do_quality":"quality_desc",
"do_ts":"time_marker",
"do_ts_qual":"isinvalid",
"do_ts_sum_time":"isSummerTime"
}
} |
Path exploration
| draw.io Diagram | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||
| draw.io Diagram | ||||||||||||||||
|
In this example, 2 control centers, center A and B, are establishing communication with the server.
Both centers have an active and a stand-by gateway for failover management.
Center A has two simultaneous connections, one active and one stand-by, assigned to redundancy group 1.
Center B has only one active connection, assigned to redundancy group 2.
IEC 104 Protocol stack configuration
The IEC 104 protocol stack configuration specifies communication parameters and is a collection of entries containing information about OSI Transport and OSI Application layers objects.
Each entry is comprised of attributes that describe the object. All the configuration data are structured using JSON.
Each entry shall be mapped with the corresponding configuration function in the chosen implementation protocol library.
Attributes definition
...
maximum ASDU size in transmission direction, if set to "0" => maximum possible value is automatically used.
...
ignore, process, default = ignore
ignore: the time stamp quality 'not synchronized' will be ignored and the time stamp will be processed on regular basis. IV-bit will remain 0
process: the time stamp will be send with IV-bit set to 1
...
redundant network configuration or generally in cases where several communication paths exist between one client and one server, the path checking exploration mechanism allows the client to try all the paths one by one without making any difference between them. The client uses the first available path. On disconnection this procedure starts again from the beginning.
TLS configuration
The CS 104 standard can also be used with TLS to realize secure and authenticated connections.
3 parameters are needed to set up the TLS secured connection:
- private key file
- server certificate
- root certificate (CA)
Fledge's certificate store allows certificates to be stored and used by the south plugins.
| Code Block | ||
|---|---|---|
| ||
{
"tls_conf:": {
"private_key": "server-key.pem",
"server_cert": "server.cer",
"ca_cert": "root.cer"
}
} |
IEC 104 north plugin (server/slave)
IEC 104 redundancy server modes
Multiple redundancy groups
The MZ Automation lib60870 server provides 3 different modes regarding the support of redundant connections and events queue handling:
- The default mode (CS104_MODE_SINGLE_REDUNDANCY_GROUP) allows only a single active client connection.
- The second mode (CS104_MODE_CONNECTION_IS_REDUNDANCY_GROUP) allows multiple active client connections.
- The third mode (CS104_MODE_MULTIPLE_REDUNDANCY_GROUPS) allows multiple active client connections while preserving events when no client is connected.
In the case of this design, the south plugin will be implemented with CS104_MODE_MULTIPLE_REDUNDANCY_GROUPS server mode.
This mode allows multiple active client connections while preserving events when no client is connected. In this mode clients can be assigned to specific redundancy groups. The assignment is based on the IP address of the client. A redundancy group can have multiple simultaneous connections but only one of these connections can be active. The number of activated connections is restricted by the number of redundancy groups. Each redundancy group has a dedicated event queue.
It can be set with the CS104_Slave_setServerMode function:
| Code Block | ||
|---|---|---|
| ||
CS104_Slave_setServerMode(slave, CS104_MODE_MULTIPLE_REDUNDANCY_GROUPS); |
Multiple redundancy groups example
| draw.io Diagram | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
In this example, 2 control centers, center A and B, are establishing communication with the server.
Both centers have an active and a stand-by gateway for failover management.
Center A has two simultaneous connections, one active and one stand-by, assigned to redundancy group 1.
Center B has only one active connection, assigned to redundancy group 2.
IEC 104 Protocol stack configuration
The IEC 104 protocol stack configuration specifies communication parameters and is a collection of entries containing information about OSI Transport and OSI Application layers objects.
Each entry is comprised of attributes that describe the object. All the configuration data are structured using JSON.
Each entry shall be mapped with the corresponding configuration function in the chosen implementation protocol library.
Attributes definition
| Attribute | Description | Expected values | Mandatory |
|---|---|---|---|
| name | this identifies the protocol stack | iec104client, iec104server, tase2client, tase2server, 61850client, 61850server, etc... | Yes |
| version | version number of the configuration file | 2 digits x.y => x = major change, y = minor change | Yes |
| bind_on_ip | bind on a dedicated local IP address | TRUE, FALSE, default = FALSE | No |
| srv_ip | Server IP address | IP address, machine's default IP for a given interface | No |
| port | This defines the TCP/IP port to be used by the server. | default = 2404 | No |
| tls | activation of TLS (see tls configuration chapter for details) | TRUE, FALSE, default = FALSE | No |
| k_value | Maximum number of outstanding (unacknowledged) APDU's at a given time | default = 12 | No |
| w_value | Acknowledge the reception latest after this number of APDU's | default = 8 | No |
| t0_timeout | time out of connection establishment | default = 10 | No |
| t1_timeout | time out for send or test APDU's | default = 15 | No |
| t2_timeout | time out for acknowledges in case of no data messages (t2 < t1) | default = 10 | No |
| t3_timeout | time out for sending test frames | default = 20 | No |
| orig_addr | Originator Address | default = 0 | No |
| ca_asdu_size | size of "Common Address of ASDU" | default = 2 (byte) | No |
| ioaddr_size | size of 'Information Object Address' | default = 3 (byte) | No |
| asdu_size | maximum ASDU size in transmission direction, if set to "0" => maximum possible value is automatically used. | default = 0 (byte) | No |
| time_sync | If set on "TRUE" this parameter allows to synchronize the clock of the local computer by the server. If set on "FALSE", the clock is not synchronized. | TRUE, FALSE, default = FALSE | No |
| comm_exec_timeout | Defines the command execution monitoring timeout in milliseconds. The default setting is 20 seconds. | default = 20 seconds (20 000 ms) | No |
| comm_recv_timeout | This parameter defines the highest allowable deviation of received command time tag and local clock. If the difference is too big, command is ignored. | default = 0 (disabled) | No |
| tsiv | specifies what to do with a time stamp marked as 'invalid' | ignore, process, default = ignore ignore: the time stamp quality 'not synchronized' will be ignored and the time stamp will be processed on regular basis. IV-bit will remain 0 process: the time stamp will be send with IV-bit set to 1 | No |
| reset | reset/restart the system on C_RP_NA_1 ASDU (=TRUE) or not (=FALSE) | TRUE, FALSE, default = FALSE | No |
| filter_orig | accept commands only originated from an authorized originator (=TRUE) or accept all originators (=FALSE) | TRUE, FALSE, default = FALSE | |
| filter_list | List of Authorized Originators | No |
Configuration JSON structure
| Code Block | ||
|---|---|---|
| ||
{
"protocol_stack":{
"name":"iec104server",
"version":"1.0",
"transport_layer":{
"redundancy_groups":[
{
"connections":[
{
"clt_ip":"192.168.0.10",
"port":2403
},
{
"clt_ip":"192.168.0.11",
"port":2404
},
{
"clt_ip":"10.152.1.10",
"port":2405
},
{
"clt_ip":"10.152.1.11",
"port":2406
}
],
"rg_name":"red-group-1",
"tls":false,
"k_value":12,
"w_value":8,
"t0_timeout":10,
"t1_timeout":15,
"t2_timeout":10,
"t3_timeout":20
},
{
"connections":[
{
"clt_ip":"192.168.0.10",
"port":2403
},
{
"clt_ip":"192.168.0.11",
"port":2404
},
{
"clt_ip":"192.168.0.12",
"port":2405
},
{
"clt_ip":"192.168.0.14",
"port":2406
},
{
"clt_ip":"10.152.1.10",
"port":2403
},
{
"clt_ip":"10.152.1.11",
"port":2404
},
{
"clt_ip":"10.152.1.12",
"port":2405
},
{
"clt_ip":"10.152.1.13",
"port":2406
}
],
"rg_name":"red-group-2",
"tls":false,
"k_value":12,
"w_value":8, |
...
Configuration JSON structure
| Code Block | ||
|---|---|---|
| ||
{ "protocol_stack":{ "name":"iec104server", "version":"1.0", "transport_layer":{ "bind_on_ip":false, "t0_timeout":10, "srvt1_iptimeout":"0.0.0.0"15, "portt2_timeout":240410, "tls":false, "kt3_valuetimeout":12,20 "w_value":8, } "t0_timeout":10], "t1bind_on_timeoutip":15false, "t2srv_timeoutip":10"0.0.0.0", "t3_timeoutport":202404 }, "application_layer":{ "orig_addr":"0", "ca_asdu_size":2, "ioaddr_size":3, "asdu_size":0, "time_sync":false, "comm_exec_timeout":20000, "comm_recv_timeout":5000, "tsiv":"IGNORE", "reset":false, "filter_orig":false, "filter_list":[ { "orig_addr":1 }, { "orig_addr":2 } ] } } } |
IEC 104 datapoint representation
...