...
| Attribute | Description | Expected values | Mandatory |
|---|---|---|---|
| name | this identifies the protocol stack | iec104client, iec104server, tase2client, tase2server, 61850client, 61850server, etc... | Yes |
| version | version number of the configuration file | 2 digits x.y => x = major change, y = minor change | Yes |
| redundancy_groups | array of redundancy groups | Yes | |
| redundancy_groups.connections | array of connections of a given redundancy group | Yes | |
| redundancy_groups.connections.srv_ip | IP address to remote IEC 104 server | IP address | Yes |
| redundancy_groups.connections.port | port number to remote IEC 104 server | default = 2404 | No |
| redundancy_groups.connections.conn | establish connection at startup | TRUE, FALSE, default = TRUE | No |
| redundancy_groups.connections.start | start data transfer at startup | TRUE, FALSE, default = TRUE | No |
| redundancy_groups.k_value | Maximum number of outstanding (unacknowledged) APDU's at a given time | default = 12 | No |
| redundancy_groups.connections.w_value | Acknowledge the reception latest after this number of APDU's | default = 8 | No |
| redundancy_groups.connections.t0_timeout | time out of connection establishment | default = 10 | No |
| redundancy_groups.connections.t1_timeout | time out for send or test APDU's | default = 15 | No |
| redundancy_groups.connections.t2_timeout | time out for acknowledges in case of no data messages (t2 < t1) | default = 10 | No |
| redundancy_groups.connections.t3_timeout | time out for sending test frames | default = 20 | No |
| redundancy_groups.rg_name | this identifies the redundancy group | Yes | |
| redundancy_groups.tls | activation of TLS (see tls configuration chapter for details) | TRUE, FALSE, default = FALSE | No |
| connorig_all | establish all paths within one connection at the same time (=TRUE) or only one (=FALSE) | TRUE, FALSE, default = FALSE | No |
| start_all | start communication on all established paths at the same time (=TRUE) or on only one (=FALSE) | TRUE, FALSE, default = FALSE | No |
| conn_passv | establish connection even in passive mode (=TRUE) or not (=FALSE) | TRUE, FALSE, default = FALSE | No |
| orig_addr | Originator Address | default = 0 | No |
| ca_asdu_size | size of "Common Address of ASDU" | default = 2 (byte) | No |
| addr | Originator Address | default = 0 | No |
| ca_asdu_size | size of "Common Address of ASDU" | default = 2 (byte) | No |
| ioaddr_size | size of 'Information Object Address' | default = 3 (byte) | No |
| startup_time | time to wait for startup completion | default = 180 (seconds) | No |
| asdu_size | maximum ASDU size in transmission direction, if set to "0" => maximum possible value is automatically used. | default = 0 (byte) | No |
| gi_time | time to wait for General Interrogation (GI) completion | default = 0 (seconds) | No |
| gi_cycle | send General Interrogation (GI) cyclically | TRUE, FALSE, default = FALSE | No |
| gi_all_ca | send a separate GI request to every CA; otherwise a broadcast GI request is used | TRUE, FALSE, default = FALSE | No |
| gi_repeat_count | repeat GI for this number of times in case it is incomplete | default = 2 | No |
| disc_qual | information object quality in case of interrupted connection | IV = Invalid, NT = Not Topical, default = NT | No |
| send_iv_time | time delay before infos are sent as invalid (0 = deactivated) | default = 0 | No |
| tsiv | specifies what to do with a time stamp marked as 'invalid' | remove, process, default = remove remove: the time stamp will be removed from the information object process: the time stamp will be processed on regular basis and additionally marked as 'not synchronized' | No |
| utc_time | UTC timezone (=TRUE) or local timezone (=FALSE) for time conversion | TRUE, FALSE, default = FALSE | No |
| comm_wttag | use commands with time tag (=TRUE) or without time tag (=FALSE) | TRUE, FALSE, default = FALSE | No |
| comm_parallel | maximum number of commands to be executed at in parallel (0 = unlimited) | default = 0 | No |
| exec_cycl_test | execute cyclical test requests (C_TS_NA_1/C_TS_TA_1) in monitoring direction (=TRUE) or not (=FALSE) | TRUE, FALSE, default = FALSE | No |
| startup_state | startup in active mode (=TRUE) or in passive mode (=FALSE) | TRUE, FALSE, default = TRUE | No |
| reverse | allow transmission of information objects in reverse direction (=TRUE) or only in standard direction (=FALSE) | TRUE, FALSE, default = FALSE | No |
| time_sync | perform time synchronization (=TRUE) | TRUE, FALSE, default = FALSE | No |
...
| Code Block | ||
|---|---|---|
| ||
{
"protocol_stack":{
"name":"iec104client",
"version":"1.0",
"transport_layer":{
"redundancy_groups":[
{
"connections":[
{
"srv_ip":"192.168.0.10",
"port":2404,
"conn":true,
"start":true,
"k_value":12},
"w_value":8,{
"t0srv_timeoutip":10"192.168.0.11",
"t1_timeout":15port":2404,
"t2_timeoutconn":10true,
"t3_timeoutstart":20false
},
{],
"srv_ip":"192.168.0.11"rg_name":"red-group-1",
"port"tls":2404false,
"connk_value":true12,
"startw_value":false8,
"kt0_valuetimeout":1210,
"wt1_valuetimeout":815,
"t0t2_timeout":10,
"t1t3_timeout":15,20
},
"t2_timeout":10,
{
"t3_timeoutconnections":20[
}{
] "srv_ip":"192.168.0.12",
"rg_name":"red-group-1",
"port":2404,
"tlsconn":false,
},
"start":false
{
"connections":[},
{
"srv_ip":"192.168.0.1213",
"port":2404,
"conn":false,
"start":false,
"k_value":12,}
"w_value":8],
"t0_timeout":10"rg_name":"red-group-2",
"t1_timeout"tls":15false,
"t2k_timeoutvalue":1012,
"t3w_timeoutvalue":208,
}"t0_timeout":10,
{
"t1_timeout":15,
"srvt2_iptimeout":"192.168.0.13"10,
"portt3_timeout":2404,20
}
"conn":false,]
},
"application_layer":{
"startorig_addr":false0,
"ca_asdu_size":2,
"kioaddr_valuesize":123,
"startup_time":180,
"wasdu_valuesize":80,
"gi_time":60,
"t0gi_timeoutcycle":10false,
"gi_all_ca":false,
"t1gi_repeat_timeoutcount":152,
"disc_qual":"NT",
"t2send_iv_timeouttime":100,
"tsiv":"REMOVE",
"t3_timeout"utc_time":20false,
"comm_wttag":false,
}"comm_parallel":0,
],
"exec_cycl_test":false,
"rgstartup_namestate":"red-group-2"true,
"tlsreverse":false,
}"time_sync":false
}
]}
} |
IEC 104 datapoint representation
This is the Datapoint representation of an IEC 104 ASDU.
| Code Block | ||
|---|---|---|
| ||
{ "data_object":{ }, "applicationdo_layertype":{ "type_id", "origdo_addrca":0"ca", "cado_asdu_sizeoa":2"oa", "ioaddrdo_sizecot":3"cot", "startupdo_timetest":180"istest", "asdudo_sizenegative":0"isnegative", "gido_timeioa":60"ioa", "gido_cyclevalue":false"value", "gi_all_ca":falsedo_quality":"quality_desc", "gi_repeat_count":2do_ts":"time_marker", "disc"do_ts_qual":"NTisinvalid", "senddo_iv_time":0, "tsiv":"REMOVE", "utcts_sum_time":false, "comm_wttag":false,"isSummerTime" "comm_parallel":0, "exec_cycl_test":false, "startup_state":true, "reverse":false, "time_sync":false } } } |
IEC 104 datapoint representation
This is the Datapoint representation of an IEC 104 ASDU.
| Code Block | ||
|---|---|---|
| ||
{
"data_object":{
"do_type":"type_id",
"do_ca":"ca",
"do_oa":"oa",
"do_cot":"cot",
"do_test":"istest",
"do_negative":"isnegative",
"do_ioa":"ioa",
"do_value":"value",
"do_quality":"quality_desc",
"do_ts":"time_marker",
"do_ts_qual":"isinvalid",
"do_ts_sum_time":"isSummerTime"
}
} |
Path exploration
...
In redundant network configuration or generally in cases where several communication paths exist between one client and one server, the path checking exploration mechanism allows the client to try all the paths one by one without making any difference between them. The client uses the first available path. On disconnection this procedure starts again from the beginning.
TLS configuration
The CS 104 standard can also be used with TLS to realize secure and authenticated connections.
3 parameters are needed to set up the TLS secured connection:
- private key file
- server certificate
- root certificate (CA)
Fledge's certificate store allows certificates to be stored and used by the south plugins.
| Code Block | ||
|---|---|---|
| ||
{
"tls_conf:": {
"private_key": "server-key.pem",
"server_cert": "server.cer",
"ca_cert": "root.cer"
}
} |
IEC 104 north plugin (server/slave)
IEC 104 redundancy server modes
Multiple redundancy groups
The MZ Automation lib60870 server provides 3 different modes regarding the support of redundant connections and events queue handling:
- The default mode (CS104_MODE_SINGLE_REDUNDANCY_GROUP) allows only a single active client connection.
- The second mode (CS104_MODE_CONNECTION_IS_REDUNDANCY_GROUP) allows multiple active client connections.
- The third mode (CS104_MODE_MULTIPLE_REDUNDANCY_GROUPS) allows multiple active client connections while preserving events when no client is connected.
In the case of this design, the south plugin will be implemented with CS104_MODE_MULTIPLE_REDUNDANCY_GROUPS server mode.
This mode allows multiple active client connections while preserving events when no client is connected. In this mode clients can be assigned to specific redundancy groups. The assignment is based on the IP address of the client. A redundancy group can have multiple simultaneous connections but only one of these connections can be active. The number of activated connections is restricted by the number of redundancy groups. Each redundancy group has a dedicated event queue.
It can be set with the CS104_Slave_setServerMode function:
| Code Block | ||
|---|---|---|
| ||
CS104_Slave_setServerMode(slave, CS104_MODE_MULTIPLE_REDUNDANCY_GROUPS); |
Multiple redundancy groups example
...
}
} |
Path exploration
| draw.io Diagram | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
In redundant network configuration or generally in cases where several communication paths exist between one client and one server, the path checking exploration mechanism allows the client to try all the paths one by one without making any difference between them. The client uses the first available path. On disconnection this procedure starts again from the beginning.
TLS configuration
The CS 104 standard can also be used with TLS to realize secure and authenticated connections.
3 parameters are needed to set up the TLS secured connection:
- private key file
- server certificate
- root certificate (CA)
Fledge's certificate store allows certificates to be stored and used by the south plugins.
| Code Block | ||
|---|---|---|
| ||
{
"tls_conf:": {
"private_key": "server-key.pem",
"server_cert": "server.cer",
"ca_cert": "root.cer"
}
} |
IEC 104 north plugin (server/slave)
IEC 104 redundancy server modes
Multiple redundancy groups
The MZ Automation lib60870 server provides 3 different modes regarding the support of redundant connections and events queue handling:
- The default mode (CS104_MODE_SINGLE_REDUNDANCY_GROUP) allows only a single active client connection.
- The second mode (CS104_MODE_CONNECTION_IS_REDUNDANCY_GROUP) allows multiple active client connections.
- The third mode (CS104_MODE_MULTIPLE_REDUNDANCY_GROUPS) allows multiple active client connections while preserving events when no client is connected.
In the case of this design, the south plugin will be implemented with CS104_MODE_MULTIPLE_REDUNDANCY_GROUPS server mode.
This mode allows multiple active client connections while preserving events when no client is connected. In this mode clients can be assigned to specific redundancy groups. The assignment is based on the IP address of the client. A redundancy group can have multiple simultaneous connections but only one of these connections can be active. The number of activated connections is restricted by the number of redundancy groups. Each redundancy group has a dedicated event queue.
It can be set with the CS104_Slave_setServerMode function:
| Code Block | ||
|---|---|---|
| ||
CS104_Slave_setServerMode(slave, CS104_MODE_MULTIPLE_REDUNDANCY_GROUPS); |
Multiple redundancy groups example
| draw.io Diagram | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
In this example, 2 control centers, center A and B, are establishing communication with the server.
Both centers have an active and a stand-by gateway for failover management.
Center A has two simultaneous connections, one active and one stand-by, assigned to redundancy group 1.
Center B has only one active connection, assigned to redundancy group 2.
IEC 104 Protocol stack configuration
The IEC 104 protocol stack configuration specifies communication parameters and is a collection of entries containing information about OSI Transport and OSI Application layers objects.
Each entry is comprised of attributes that describe the object. All the configuration data are structured using JSON.
Each entry shall be mapped with the corresponding configuration function in the chosen implementation protocol library.
Attributes definition
| Attribute | Description | Expected values | Mandatory |
|---|---|---|---|
| name | this identifies the protocol stack | iec104client, iec104server, tase2client, tase2server, 61850client, 61850server, etc... | Yes |
| version | version number of the configuration file | 2 digits x.y => x = major change, y = minor change | Yes |
| redundancy_groups | array of redundancy groups | Yes | |
| redundancy_groups.connections | array of connections of a given redundancy group | Yes | |
| redundancy_groups.connections.clt_ip | address to local IEC 104 client | IP address | Yes |
| redundancy_groups.rg_name | this identifies the redundancy group | Yes | |
| bind_on_ip | bind on a dedicated local IP address | TRUE, FALSE, default = FALSE | No |
| srv_ip | Server IP address | IP address, machine's default IP for a given interface | No |
| port | This defines the TCP/IP port to be used by the server. | default = 2404 | No |
| tls | activation of TLS (see tls configuration chapter for details) | TRUE, FALSE, default = FALSE | No |
| k_value | Maximum number of outstanding (unacknowledged) APDU's at a given time | default = 12 | No |
| w_value | Acknowledge the reception latest after this number of APDU's | default = 8 | No |
| t0_timeout | time out of connection establishment | default = 10 | No |
| t1_timeout | time out |
In this example, 2 control centers, center A and B, are establishing communication with the server.
Both centers have an active and a stand-by gateway for failover management.
Center A has two simultaneous connections, one active and one stand-by, assigned to redundancy group 1.
Center B has only one active connection, assigned to redundancy group 2.
IEC 104 Protocol stack configuration
The IEC 104 protocol stack configuration specifies communication parameters and is a collection of entries containing information about OSI Transport and OSI Application layers objects.
Each entry is comprised of attributes that describe the object. All the configuration data are structured using JSON.
Each entry shall be mapped with the corresponding configuration function in the chosen implementation protocol library.
Attributes definition
| Attribute | Description | Expected values | Mandatory |
|---|---|---|---|
| name | this identifies the protocol stack | iec104client, iec104server, tase2client, tase2server, 61850client, 61850server, etc... | Yes |
| version | version number of the configuration file | 2 digits x.y => x = major change, y = minor change | Yes |
| bind_on_ip | bind on a dedicated local IP address | TRUE, FALSE, default = FALSE | No |
| srv_ip | Server IP address | IP address, machine's default IP for a given interface | No |
| port | This defines the TCP/IP port to be used by the server. | default = 2404 | No |
| tls | activation of TLS (see tls configuration chapter for details) | TRUE, FALSE, default = FALSE | No |
| k_value | Maximum number of outstanding (unacknowledged) APDU's at a given time | default = 12 | No |
| w_value | Acknowledge the reception latest after this number of APDU's | default = 8 | No |
| t0_timeout | time out of connection establishment | default = 10 | No |
| t1_timeout | time out for send or test APDU's | default = 15 | No |
| t2_timeout | time out for acknowledges in case of no data messages (t2 < t1) | default = 10 | No |
| t3_timeout | time out for sending test frames | default = 20 | No |
| orig_addr | Originator Address | default = 0 | No |
| ca_asdu_size | size of "Common Address of ASDU" | default = 2 (byte) | No |
| ioaddr_size | size of 'Information Object Address' | default = 3 (byte) | No |
| asdu_size | maximum ASDU size in transmission direction, if set to "0" => maximum possible value is automatically used. | default = 0 (byte) | No |
| time_sync | If set on "TRUE" this parameter allows to synchronize the clock of the local computer by the server. If set on "FALSE", the clock is not synchronized. | TRUE, FALSE, default = FALSE | No |
| comm_exec_timeout | Defines the command execution monitoring timeout in milliseconds. The default setting is 20 seconds. | default = 20 seconds (20 000 ms) | No |
| comm_recv_timeout | This parameter defines the highest allowable deviation of received command time tag and local clock. If the difference is too big, command is ignored. | default = 0 (disabled) | No |
| tsiv | specifies what to do with a time stamp marked as 'invalid' | ignore, process, default = ignore ignore: the time stamp quality 'not synchronized' will be ignored and the time stamp will be processed on regular basis. IV-bit will remain 0 process: the time stamp will be send with IV-bit set to 1 | No |
| reset | reset/restart the system on C_RP_NA_1 ASDU (=TRUE) or not (=FALSE) | TRUE, FALSE, default = FALSE | No | filter_orig | accept commands only originated from an authorized originator (=TRUE) or accept all originators (=FALSE) | TRUE, FALSE, default = FALSE | filter_list | List of Authorized Originators | No |
Configuration JSON structure
| _asdu_size | size of "Common Address of ASDU" | default = 2 (byte) | No |
| ioaddr_size | size of 'Information Object Address' | default = 3 (byte) | No |
| asdu_size | maximum ASDU size in transmission direction, if set to "0" => maximum possible value is automatically used. | default = 0 (byte) | No |
| time_sync | If set on "TRUE" this parameter allows to synchronize the clock of the local computer by the server. If set on "FALSE", the clock is not synchronized. | TRUE, FALSE, default = FALSE | No |
| comm_exec_timeout | Defines the command execution monitoring timeout in milliseconds. The default setting is 20 seconds. | default = 20 seconds (20 000 ms) | No |
| comm_recv_timeout | This parameter defines the highest allowable deviation of received command time tag and local clock. If the difference is too big, command is ignored. | default = 0 (disabled) | No |
| tsiv | specifies what to do with a time stamp marked as 'invalid' | ignore, process, default = ignore ignore: the time stamp quality 'not synchronized' will be ignored and the time stamp will be processed on regular basis. IV-bit will remain 0 process: the time stamp will be send with IV-bit set to 1 | No |
| reset | reset/restart the system on C_RP_NA_1 ASDU (=TRUE) or not (=FALSE) | TRUE, FALSE, default = FALSE | No |
| filter_orig | accept commands only originated from an authorized originator (=TRUE) or accept all originators (=FALSE) | TRUE, FALSE, default = FALSE | |
| filter_list | List of Authorized Originators | No |
Configuration JSON structure
| Code Block | ||
|---|---|---|
| ||
{
"protocol_stack":{
"name":"iec104server",
"version":"1.0",
"transport_layer":{
| ||
| Code Block | ||
| ||
{ "protocol_stack":{ "name":"iec104server", "version":"1.0", "transport_layer":{ "redundancy_groups":[ { "connections":[ { "clt_ip":"192.168.0.10", "port":2403 }, { "clt_ip":"192.168.0.11", "port":2404 }, { "clt_ip":"10.152.1.10", "port":2405 }, { "clt_ip":"10.152.1.11", "port":2406 } ], "rg_name":"red-group-1", "tls":false, "k_value":12, "w_value":8, "t0redundancy_timeoutgroups":10,[ "t1_timeout":15,{ "t2_timeoutconnections":10,[ "t3_timeout":20 { }, "clt_ip":"192.168.0.10" { "connections":[}, { "clt_ip":"192.168.0.1011", "port":2403}, },{ { "clt_ip":"10.152.1.10" "clt_ip":"192.168.0.11"}, { "port":2404 },"clt_ip":"10.152.1.11" {} ], "cltrg_ipname":"192.168.0.12",red-group-1" }, "port":2405 { },"connections":[ { "clt_ip":"192.168.0.1410", "port":2406}, },{ { "clt_ip":"192.168.0.11" "clt_ip":"10.152.1.10"}, { "port":2403 },"clt_ip":"192.168.0.12" {}, "clt_ip":"10.152.1.11",{ "portclt_ip":2404"192.168.0.14" }, { "clt_ip":"10.152.1.12",10" }, { "portclt_ip":2405"10.152.1.11" }, { "clt_ip":"10.152.1.1312", }, "port":2406 { } ], "rgclt_nameip":"red-group-2", 10.152.1.13" "tls":false,} "k_value":12,], "rg_name":"red-group-2" } "w_value":8, ], "t0bind_on_timeoutip":10false, "t1srv_timeoutip":15"0.0.0.0", "port":2404, "t2_timeout "tls":10false, "t3k_timeoutvalue":2012, }"w_value":8, ]"t0_timeout":10, "bindt1_on_iptimeout":false15, "srvt2_iptimeout":"0.0.0.0"10, "portt3_timeout":240420 }, "application_layer":{ "orig_addr":"0", "ca_asdu_size":2, "ioaddr_size":3, "asdu_size":0, "time_sync":false, "comm_exec_timeout":20000, "comm_recv_timeout":5000, "tsiv":"IGNORE", "reset":false, "filter_orig":false, "filter_list":[ { "orig_addr":1 }, { "orig_addr":2 } ] } } } |
...