...
Attribute | Description | Expected values | Mandatory | ||
---|---|---|---|---|---|
name | this identifies the protocol stack | iec104client, iec104server, tase2client, tase2server, 61850client, 61850server, etc... | Yes | ||
version | version number of the configuration file | 2 digits x.y => x = major change, y = minor change | Yes | ||
redundancy_groups | array of redundancy groups | Yes | |||
redundancy_groups.connections | array of connections of a given redundancy group | Yes | |||
redundancy_groups.connections.clt_ip | address to local IEC 104 client address | IP address | Yes | ||
redundancy_groups.rg_name | this identifies the redundancy group | Any non empty string | Yes | ||
srv_ip | Server IP address | IP address, machine's default IP for a given interface, default = 0.0.0.0 | No | ||
port | This defines the TCP/IP port to be used by the server. | default = 2404 | No | ||
tls | activation of TLS (see tls configuration chapter for details) | TRUE, FALSE, default = FALSE | No | ||
k_value | Maximum number of outstanding (unacknowledged) APDU's at a given time | default = 12, range : 1 to 32767 | No | ||
w_value | Acknowledge the reception latest after this number of APDU's | default = 8, range : 1 to 32767 | No | ||
t0_timeout | time out of connection establishment | default = 30 seconds, range : 1 to 255 | No | ||
t1_timeout | time out for send or test APDU's | default = 15 seconds, range : 1 to 255 | No | ||
t2_timeout | time out for acknowledges in case of no data messages (t2 < t1) | default = 10 seconds, range : 1 to 255 | No | ||
t3_timeout | time out for sending test frames | default = 20 seconds, range : 1 to 172800 | No | ||
ca_asdu_size | size of "Common Address of ASDU" | default = 2 (byte), enum: 1 or 2 | No | ||
ioaddr_size | size of 'Information Object Address' | default = 3 (byte), enum: 1, 2 or 3 | No | ||
asdu_size | maximum ASDU size in transmission direction, if set to "0" => maximum possible value is automatically used. | default = 0 (byte), range : 0 to 255 | No | ||
asdu_queue_size | minimum number of ASDUs that can be stored in the asdu buffer | default = 100 | No | ||
time_sync | If set on "TRUE" this parameter allows to synchronize the clock of the local computer by the server. If set on "FALSE", the clock is not synchronized. | TRUE, FALSE, default = FALSE | No | ||
cmd_exec_timeout | Defines the command execution monitoring timeout in seconds. | default = 20 seconds, range : 1 to 3 600 | No | ||
cmd_recv_timeout | This parameter defines the highest allowable deviation of received command time tag and local clock in seconds. If the difference is too big, command is ignored. | default = 0 (disabled), range : 0 to 3 600 | No | ||
mode | "accept_always": accept connection or maintain connection with center independently from the south asset connection status "accept_if_south_connx_started": accept connection or maintain connection with center only if south asset connection is established and running | default = "accept_always", enum: "accept_always" or "accept_if_south_connx_started" | |||
ca_asdu_size | size of "Common Address of ASDU" | default = 2 (byte), enum: 1 or 2 | No | ||
ioaddr_size | size of 'Information Object Address' | default = 3 (byte), enum: 1, 2 or 3 | No | ||
asdu_size | maximum ASDU size in transmission direction, if set to "0" => maximum possible value is automatically used. | default = 0 (byte), range : 0 to 255 | No | ||
asdu_queue_size | minimum number of ASDUs that can be stored in the asdu buffer | default = 100 | No | ||
time_sync | If set on "TRUE" this parameter allows to synchronize the clock of the local computer by the server. If set on "FALSE", the clock is not synchronized. | TRUE, FALSE, default = FALSE | No | ||
cmd_exec_timeout | Defines the command execution monitoring timeout in seconds. | default = 20 seconds, range : 1 to 3 600 | No | ||
cmd_recv_timeout | This parameter defines the highest allowable deviation of received command time tag and local clock in seconds. If the difference is too big, command is ignored. | default = 0 (disabled), range : 0 to 3 600 | No | ||
accept_cmd_with_time | If set to 0, then accept no | accept_cmd_with_time | If set to 0, then accept no commands with timestamp, if set to 1 accept only commands with timestamp, if set to 2, then accept both | default =1, enum: 0, 1 or 2 | No |
filter_list | List of Authorized Originators (array) → only commands from authorized originator addresses are accepted. | default = empty | No | ||
filter_list.orig_addr | Originator address | enum: 0, 1, ..., N | |||
cmd_dest | Defines the destination | cmd_dest | Defines the destination service on which to execute the command | default = broadcast | No |
Configuration JSON structure
south_monitoring | connection loss and gi failure handling feature | Yes | |
south_monitoring.assets | array of assets name used to monitor the connection and gi status information from the south | default = [CONSTAT-1, CONSTAT-2] | No |
Configuration JSON structure
Code Block | ||
---|---|---|
| ||
{
"protocol_stack":{ | ||
Code Block | ||
| ||
{ "protocol_stack":{ "name":"iec104server", "version":"1.0", "transport_layer":{ "redundancy_groups":[ { "connections":[ { "clt_ip":"192.168.0.10" }, { "clt_ip":"192.168.0.11" }, { "clt_ip":"10.152.1.10" }, { "clt_ip":"10.152.1.11" } ], "rg_name":"red-group-1" }, { "connections":[ { "clt_ip":"192.168.0.10" }, { "clt_ip":"192.168.0.11" }, { "clt_ip":"192.168.0.12" }, { "clt_ip":"192.168.0.14" }, { "clt_ip":"10.152.1.10" }, { "clt_ip":"10.152.1.11" }, { "clt_ip":"10.152.1.12" }, { "clt_ip":"10.152.1.13" } ], "rg_name":"red-group-2" }, ],{ "srv_ "rg_name":"catch-all" } ], "srv_ip":"0.0.0.0", "port":2404, "tls":false, "k_value":12, "w_value":8, "t0_timeout":30, "t1_timeout":15, "t2_timeout":10, "t3_timeout":20, }, "application_layermode":{ "accept_always" }, "application_layer":{ "ca_asdu_size":2, "ioaddr_size":3, "asdu_size":0, "asdu_queue_size":100, "time_sync":false, "cmd_exec_timeout":2000020, "cmd_recv_timeout":50000, "cmd_dest":"broadcast", "accept_cmd_with_time":1, "filter_orig":false, "filter_list":[ { "orig_addr":1 }, { "orig_addr":2 } ] }, } } |
TLS configuration
The CS 104 standard can also be used with TLS to realize secure and authenticated connections.
Parameters are needed to set up the TLS secured connection:
...
"south_monitoring":[
{
"asset":"CONSTAT-1"
},
{
"asset":"CONSTAT-2"
}
]
}
} |
TLS configuration
The CS 104 standard can also be used with TLS to realize secure and authenticated connections.
Parameters are needed to set up the TLS secured connection:
Attribute | Description | Expected values | Mandatory |
---|---|---|---|
private_key | server private key | valid private key | YES |
own_cert | server certificate | valid certificate | YES |
ca_certs | allows to specify the ca certificates if not included in the owner certificate | list of valid certificates | NO |
remote_certs | allows to specify the clients certificates, so if specified, only these certificates are accepted | list of valid certificates | NO |
Fledge's certificate store allows certificates to be stored and used by the south plugins.
Code Block | ||
---|---|---|
| ||
{
"private_key":"iec104_server.key",
"own_cert":"iec104_server.cer",
"ca_certs":[
{
"cert_file":"iec104_ca.cer"
},
{
"cert_file":"iec104_ca2.cer"
}
],
"remote_certs":[
{
"cert_file":"iec104_client.cer"
}
]
} |
IEC 104 datapoint representation
This is the Datapoint representation of an IEC 104 ASDU for a command.
Warning |
---|
The current implementation does not use a json structure, so the order of parameters is mandatory. |
Order | Attribute JSON (not currently used) | Description | Expected values | Mandatory |
---|---|---|---|---|
0 | co_type | Type of ASDU | YES | |
1 | co_ca | Common Address of ASDU | YES | |
2 | co_ioa | Information object address | YES | |
3 | co_cot | Cause of Transmission | YES | |
4 | co_negative | is negative command ? | 0 or 1 = negative | YES |
5 | co_se | Select or Execute | 0 = Direct execute or 1 = Select before Execute | YES |
6 | co_test | is test command ? | 0 or 1 = test | YES |
7 | co_ts | timestamp | YES | |
8 | co_value | Value | YES | |
9 | co_qu | is pulse defined ? | 0 or 1 = pulse defined | NO |
Below is an example of an instance of an Operation object :
Code Block | ||
---|---|---|
| ||
operation: {
type: "IEC104Command",
nbParams=9,
names=[
"co_type",
|
Fledge's certificate store allows certificates to be stored and used by the south plugins.
Code Block | ||
---|---|---|
| ||
{ "private_key":"iec104_server.key", "own_cert":"iec104_server.cer", "ca_certs":[ { "cert_file":"iec104_ca.cer" co_ca", }"co_ioa", {"co_cot", "certco_file":"iec104_ca2.cer"negative", } "co_se", ], "remoteco_certstest":[, { "co_ts", "cert_file":"iec104_client.cerco_value" }], ] } |
IEC 104 datapoint representation
This is the Datapoint representation of an IEC 104 ASDU for a command.
Code Block | ||
---|---|---|
| ||
{ "command_object":{ parameters=[ "co_type":"type_idC_SC_TA_1", "co_ca":"ca "21441", "co_oa":"oa"74", "co_cot":"cot"7", "co_test":"istest0", "co_ioa":"ioa "0", "co_value":"value0", "co_qu":"pulse1701426945586", "co_se":"Select/Execute", "co_ts":"time_marker" }1" ], cmdDest="hnzsouth_s1" } |