Attribute	Description	Expected values	Mandatory
name	this identifies the protocol stack	iec104client, iec104server, tase2client, tase2server, 61850client, 61850server, etc...	Yes
version	version number of the configuration file	2 digits x.y => x = major change, y = minor change	Yes
redundancy_groups	array of redundancy groups		Yes
redundancy_groups.connections	array of connections of a given redundancy group		Yes
redundancy_groups.connections.clt_ip	IEC 104 client address	IP address	Yes
redundancy_groups.rg_name	this identifies the redundancy group	Any non empty string	Yes
srv_ip	Server IP address	IP address, machine's default IP for a given interface, default = 0.0.0.0	No
port	This defines the TCP/IP port to be used by the server.	default = 2404	No
tls	activation of TLS (see tls configuration chapter for details)	TRUE, FALSE, default = FALSE	No
k_value	Maximum number of outstanding (unacknowledged) APDU's at a given time	default = 12, range : 1 to 32767	No
w_value	Acknowledge the reception latest after this number of APDU's	default = 8, range : 1 to 32767	No
t0_timeout	time out of connection establishment	default = 30 seconds, range : 1 to 255	No
t1_timeout	time out for send or test APDU's	default = 15 seconds, range : 1 to 255	No
t2_timeout	time out for acknowledges in case of no data messages (t2 < t1)	default = 10 seconds, range : 1 to 255	No
t3_timeout	time out for sending test frames	default = 20 seconds, range : 1 to 172800	No
ca_asdu_size	size of "Common Address of ASDU"	default = 2 (byte), enum: 1 or 2	No
ioaddr_size	size of 'Information Object Address'	default = 3 (byte), enum: 1, 2 or 3	No
mode	"accept_always": accept connection or maintain connection with center independently from the south asset connection status "accept_if_south_connx_started": accept connection or maintain connection with center only if south asset connection is established and running	default = "accept_always", enum: "accept_always" or "accept_if_south_connx_started"
ca_asdu_size	size of "Common Address of ASDU"	default = 2 (byte), enum: 1 or 2	No
ioaddr_size	size of 'Information Object Address'	default = 3 (byte), enum: 1, 2 or 3	No
asdu_size	maximum ASDU size in transmission direction,	asdu_size	maximum ASDU size in transmission direction, if set to "0" => maximum possible value is automatically used.	default = 0 (byte), range : 0 to 255	No
asdu_queue_size	minimum number of ASDUs that can be stored in the asdu buffer	default = 100	No
time_sync	If set on "TRUE" this parameter allows to synchronize the clock of the local computer by the server. If set on "FALSE", the clock is not synchronized.	TRUE, FALSE, default = FALSE	No
cmd_exec_timeout	Defines the command execution monitoring timeout in seconds.	default = 20 seconds, range : 1 to 3 600	No
cmd_recv_timeout	This parameter defines the highest allowable deviation of received command time tag and local clock in seconds. If the difference is too big, command is ignored.	default = 0 (disabled), range : 0 to 3 600	No
accept_cmd_with_time	If set to 0, then accept no commands with timestamp, if set to 1 accept only commands with timestamp, if set to 2, then accept both	default =1, enum: 0, 1 or 2	No
filter_list	List of Authorized Originators (array) → only commands from authorized originator addresses are accepted.	default = empty	No
filter_list.orig_addr	Originator address	enum: 0, 1, ..., N
cmd_dest	Defines the destination service on which to execute the command	default = broadcast	No

Configuration JSON structure

south_monitoring	connection loss and gi failure handling feature		Yes
south_monitoring.assets	array of assets name used to monitor the connection and gi status information from the south	default = [CONSTAT-1, CONSTAT-2]	No

Configuration JSON structure

Code Block

language	py

{
   "protocol_stack":{

Code Block

language	js

{
   "protocol_stack":{
      "name":"iec104server",
      "version":"1.0",
      "transport_layer":{
         "redundancy_groups":[
            {
               "connections":[
                  {
                     "clt_ip":"192.168.0.10"
                  },
                  {
                     "clt_ip":"192.168.0.11"
                  },
                  {
                     "clt_ip":"10.152.1.10"
                  },
                  {
                     "clt_ip":"10.152.1.11"
                  }
               ],
               "rg_name":"red-group-1"
            },
            {
               "connections":[
                  {
                     "clt_ip":"192.168.0.10"
                  },
                  {
                     "clt_ip":"192.168.0.11"
                  },
                  {
                     "clt_ip":"192.168.0.12"
                  },
                  {
                     "clt_ip":"192.168.0.14"
                  },
                  {
                     "clt_ip":"10.152.1.10"
                  },
                  {
                     "clt_ip":"10.152.1.11"
                  },
                  {
                     "clt_ip":"10.152.1.12"
                  },
                  {
                     "clt_ip":"10.152.1.13"
                  }
               ],
               "rg_name":"red-group-2"
            },
            ],{
               "srv_rg_name":"catch-all"
            }
         ],
         "srv_ip":"0.0.0.0",
         "port":2404,
         "tls":false,
         "k_value":12,
         "w_value":8,
         "t0_timeout":30,
         "t1_timeout":15,
         "t2_timeout":10,
         "t3_timeout":20,
         },"mode":"accept_always"
      },
      "application_layer":{
         "ca_asdu_size":2,
         "ioaddr_size":3,
         "asdu_size":0,
         "asdu_queue_size":100,
         "time_sync":false,
         "cmd_exec_timeout":20,
         "cmd_recv_timeout":0,
         "cmd_dest":"broadcast",
         "accept_cmd_with_time":1,
         "filter_orig":false,
         "filter_list":[
            {
               "orig_addr":1
            },
            {
               "orig_addr":2
            }
         ]
      },
   }
}

TLS configuration

The CS 104 standard can also be used with TLS to realize secure and authenticated connections.

Parameters are needed to set up the TLS secured connection:

...

   "south_monitoring":[
         {
            "asset":"CONSTAT-1"
         },
         {
            "asset":"CONSTAT-2"
         }
      ]
   }
}

TLS configuration

The CS 104 standard can also be used with TLS to realize secure and authenticated connections.

Parameters are needed to set up the TLS secured connection:

Attribute	Description	Expected values	Mandatory
private_key	server private key	valid private key	YES
own_cert	server certificate	valid certificate	YES
ca_certs	allows to specify the ca certificates if not included in the owner certificate	list of valid certificates	NO
remote_certs	allows to specify the clients certificates, so if specified, only these certificates are accepted	list of valid certificates	NO

Fledge's certificate store allows certificates to be stored and used by the south plugins.

Code Block

language	py

{
   "private_key":"iec104_server.key",
   "own_cert":"iec104_server.cer",
   "ca_certs":[
      {
         "cert_file":"iec104_ca.cer"
      },
      {
         "cert_file":"iec104_ca2.cer"
      }
   ],
   "remote_certs":[
      {
         "cert_file":"iec104_client.cer"
      }
   ]
}

IEC 104 datapoint representation

This is the Datapoint representation of an IEC 104 ASDU for a command.

Warning
The current implementation does not use a json structure, so the order of parameters is mandatory.

Order	Attribute JSON (not currently used)	Description	Expected values	Mandatory
0	co_type	Type of ASDU		YES
1	co_ca	Common Address of ASDU		YES
2	co_ioa	Information object address		YES
3	co_cot	Cause of Transmission		YES
4	co_negative	is negative command ?	0 or 1 = negative	YES
5	co_se	Select or Execute	0 = Direct execute or 1 = Select before Execute	YES
6	co_test	is test command ?	0 or 1 = test	YES
7	co_ts	timestamp		YES
8	co_value	Value		YES
9	co_qu	is pulse defined ?	0 or 1 = pulse defined	NO

Below is an example of an instance of an Operation object :

Code Block

language	py

operation: {
    type: "IEC104Command",
    nbParams=9,
    names=[
        "co_type",

Fledge's certificate store allows certificates to be stored and used by the south plugins.

Code Block

language	js

{
   "private_key":"iec104_server.key",
   "own_cert":"iec104_server.cer",
   "ca_certs":[
      {
         "cert_file":"iec104_ca.cer"
co_ca",
        }"co_ioa",
        {"co_cot",
         "certco_file":"iec104_ca2.cer"negative",
      }  "co_se",
   ],
     "remoteco_certstest":[,
        {
 "co_ts",
        "cert_file":"iec104_client.cerco_value"
      }],
   ]
}

IEC 104 datapoint representation

This is the Datapoint representation of an IEC 104 ASDU for a command.

Code Block

language	js

{
   "command_object":{
 parameters=[
        "co_type":"type_idC_SC_TA_1",
       "co_ca":"ca "21441",
        "co_oa":"oa"74",
        "co_cot":"cot"7",
        "co_test":"istest0",
      "co_ioa":"ioa  "0",
        "co_value":"value0",
        "co_qu":"pulse1701426945586",
        "co_se":"Select/Execute",
	  "co_ts":"time_marker"
   }1"
    ],
    cmdDest="hnzsouth_s1"
}

Page tree

Versions Compared

Old Version 14

New Version Current

Key

Configuration JSON structure

Configuration JSON structure

TLS configuration

TLS configuration

IEC 104 datapoint representation

IEC 104 datapoint representation

Page tree

Page History

Versions Compared

Old Version 14

New Version Current

Key

Configuration JSON structure

Configuration JSON structure

TLS configuration

TLS configuration

IEC 104 datapoint representation

IEC 104 datapoint representation