This manual is designed for personnel with a need to understand the techniques required to use and apply IEC 61850 to substation automation, hydro power plants, wind turbines and distributed energy resources as productively and economically as possible.
This manual provides comprehensive coverage of IEC 61850 and will provide you with the tools and knowledge to tackle your next substation automation project with confidence.
Download Chapter List
Chapter 1: Introduction
1.1 Basic requirements of communication
Every data communication system requires the following:
In addition, the transmitter and receiver must be able to understand each other. This requires mutual agreement on a number of factors. The most important of these are:
The rules governing the transmission process are called the ‘protocols’
Note: The term ‘communication’ will exclusively refer to digital data communication for the rest of the text, unless otherwise stated.
Data byte representation
Synchronous and asynchronous transmissions are two different methods of transmission synchronization. Synchronous transmissions are synchronized by an external clock, while asynchronous transmissions are synchronized by special signals along the transmission medium.
Asynchronous transmission is used for low data-rate transmission and stand-alone equipment. The block length is only 8 data-bits, permitting different clocks with only approximate synchronism to be used. Very commonly, the 8 bits represent an ASCII character. For this reason, frame synchronisation is often referred to as character synchronisation in asynchronous systems.
Synchronous transmission is used for high data rate transmission. The timing is generated by sending a separate clock signal, or embedding the timing information into the transmission. This information is used to synchronise the receiver circuitry to the transmitter clock. Because the clocks are synchronised, much longer block lengths are possible.
The type of framing, character or block, is sometimes used to indicate whether a system uses asynchronous or synchronous transmission. This terminology does obscure the important difference between the different methods of timing control.
1.2 Communication topologies
1.2.1 Logical and physical topologies
A logical topology defines how the elements in the network communicate with each other, and how information is transmitted through a network. The different types of media-access methods, discussed later, determine how a node gets to transmit information along the network. In a bus topology, information is broadcast, and every node gets the same information within the amount of time it actually takes a signal to cover the entire length of cable. This time interval limits the maximum speed and size for the network. In a ring topology, each node hears from exactly one node and talks to exactly one other node. Information is passed sequentially, in an order determined by a predefined process. A polling or token mechanism is used to determine who has transmission rights, and a node can transmit only when it has this right.
A physical topology defines the wiring layout for a network. This specifies how the elements in the network are connected to each other electrically. This arrangement will determine what happens if a node on the network fails. Physical topologies fall into three main categories... bus, star, and ring topology. Combinations of these can be used to form hybrid topologies to overcome weaknesses or restrictions in one or other of these three component topologies.
1.2.2 Bus topology
A bus refers to both a physical and a logical topology. As a physical topology, a bus describes a network in which each node is connected to a common single communication channel or "bus". This bus is sometimes called a backbone, as it provides the spine for the network. Every node can hear each message packet as it goes past.
Logically, a passive bus is distinguished by the fact that packets are broadcast and every node gets the message at the same time. Transmitted packets travel in both directions along the bus, and need not go through the individual nodes, as in a point to point system. Rather, each node checks the destination address that is included in the message packet to determine whether that packet is intended for the specific node. When the signal reaches the end of the bus, an electrical terminator absorbs the packet energy to keep it from reflecting back again along the bus cable, possibly interfering with other messages already on the bus. Each end of a bus cable must be terminated, so that signals are removed from the bus when they reach the end.
In a bus topology, nodes should be far enough apart so that they do not interfere with each other. However, if the backbone bus cable is too long, it may be necessary to boost the signal strength using some form of amplification, or repeater. The maximum length of the bus is limited by the size of the time interval that constitutes "simultaneous" packet reception. Figure 1.2 illustrates the bus topology.
Bus topology advantages
Bus topologies offer the following advantages:
Bus topology disadvantages
These include the following:
1.2.3 Star topology
A star topology is a physical topology in which multiple nodes are connected to a central component, generally known as a hub. The hub of a star usually is just a wiring center; that is, a common termination point for the nodes, with a single connection continuing from the hub. In some cases, the hub may actually be a file server (a central computer that contains a centralized file and control system), with all its nodes attached directly to the server. As a wiring center a hub may, in turn, be connected to the file server or to another hub.
All signals, instructions, and data going to and from each node must pass through the hub to which the node is connected. The telephone system is doubtless the best known example of a star topology, with lines to individual customers coming from a central telephone exchange location. There are not many LAN implementations that use a logical star topology. The low impedance ARCnet networks are probably the best examples. However, you will see that the physical layout of many other LANs look like a star topology even though they are considered to be something else. An example of a star topology is shown in Figure 1.3.
Star topology advantages
Star topology disadvantages
1.2.4 Ring topology
A ring topology is both a logical and a physical topology. As a logical topology, a ring is distinguished by the fact that message packets are transmitted sequentially from node to node, in a predefined order, and as such it is an example of a point-to-point system. Nodes are arranged in a closed loop, so that the initiating node is the last one to receive a packet. As a physical topology, a ring describes a network in which each node is connected to exactly two other nodes, see Figure 1.4
Information traverses a one-way path, so that a node receives packets from exactly one node and transmits them to exactly one other node. A message packet travels around the ring until it returns to the node that originally sent it. In a ring topology, each node can act as a repeater, boosting the signal before sending it on. Each node checks whether the message packet's destination node matches its address. When the packet reaches its destination, the destination node accepts the message, and then sends it back to the sender, to acknowledge receipt.
As you will see later in this chapter, since ring topologies use token passing to control access to the network, the token is returned to sender with the acknowledgment. The sender then releases the token to the next node on the network. If this node has nothing to say, the node passes the token on to the next node, and so on. When the token reaches a node with a packet to send, that node sends its packet. Physical ring networks are rare, because this topology has considerable disadvantages compared to a more practical star-wired ring hybrid.
Ring topology advantages
Ring topology disadvantages
1.3 Communication techniques
Communication techniques are divided into two types: master-slave communication and peer-to-peer communication.
1.3.1 Master-slave communication
This is the simplest, most common, but also least flexible communication technique. Centralized control over the communication network is executed by the ‘master’, normally a SCADA master. The rest of the devices on the communication network are the ‘slaves’, and may only communicate on the network when requested or permitted by the master, and only with the master.
Master-slave communications usually result in inefficient use of communication bandwidth, and relatively slow speed of communication; although many systems allow priorities to be assigned to send/gather data more quickly to/from certain specified sites.
Deterministic response times are obtained with this technique. It can be used on any topology.
1.3.2 Peer-to-peer communication
The peer-to-peer communication technique allows all devices on the network to initiate communications with any other device on the network.
Although there is not a master and slave configuration, some techniques require a bus administrator to assume a certain amount of communication control over the network. One of the remote stations will then perform this role. Other techniques do not require a centralized communication controller and each device on the network will perform its own communication control. This demands far more complex protocols, but more flexibility, efficient use of bandwidth and hence far higher speeds of communication are obtained.
Although it is not functioning as a master, a SCADA system will normally receive the majority of the network data, and remote control commands will usually be initiated by the SCADA system. Although supervisory control and data acquisition are lost if the SCADA system should go down, network communications can still be retained (which is not the case in master-slave techniques).
1.4 Media access control methods
‘Rules’ are needed for data communications, otherwise there will be chaos, and no communication can exist. These rules govern the way stations will get access to the network, thus the term ‘media access control’.
1.4.1 Conventional polling
Conventional polling is the most common and simplest form of data communication. A master station requests data from each slave station in a predetermined sequence. If a slave does not respond in a defined time, the master retries (the number of retries depending on the programming), and marks the slave as non-responding if still no response is received.
Polling is illustrated in Figure 1.5.
Priorities may be assigned to slaves, meaning these stations will be polled at a higher rate than the normal stations. (Naturally, making all stations priority stations will defeat the purpose.) A priority message sent from the master station can override the standard polling sequence.
Polling can be used on virtually all physical media and any topology. The polling rate is dependent on the master and deterministic response times are obtained.
Polling result in inefficient use of bandwidth and relatively slow response times are characteristic of polling techniques.
No peer-to-peer communications are possible with polling.
(Note: Also commonly called ‘cyclic polling’)
Advantages of polling
Disadvantages of polling
1.4.2 Polling by exception
While maintaining most of the characteristics of conventional polling, this technique consists of the master requesting only event changes from the slave stations. If no changes have occurred during the polling cycle, no data will be returned to the master. This is a much more efficient data gathering technique for stations that have large amounts of data that varies infrequently.
Note that the protocol used in communicating between master and slave stations must support polling by exception, and both master and slave must understand the concept of events versus static data. Events are timetagged at the time of their occurrence, which is quite an improvement over conventional polling where the time of an event occurrence may be inaccurate by as much as the polling cycle time.
1.4.3 Time-division-multiplex media access
With time-division-multiplexing (TDM), each station has its own time slot, during which the station may send and receives data. This can be illustrated as in Figure 1.6. The time slot is fixed, independent of the network load. Deterministic response times are achieved, as there can be no collisions on the network.
A bus administrator is required to ensure that all stations comply with the network ‘rules’, also called centralised transport media arbitration.
TDM can be used on a ring or bus topology.
Illustration of TDM
Advantages of TDM
Disadvantages of TDM
1.4.4 Token passing media access
The principle of this technique is illustrated in Figure 1.6. A token circulates around the ring. Any station that has something to report may take the token as it passes by, and that station then has exclusive access to the communication network. Once the station has completed its transmission, the token is released and circulates around the network again. This technique generally, but not necessarily, operates on a report-by-exception principle.
Semi-deterministic response times are obtained, as there can be no data collisions, but it cannot be pre-determined when a station is going to use the token or simply pass it on.
A centralized bus administrator is required to control the network communications.
Protocols that use this principle are either token ring or token bus protocols. Token ring protocols use a physical ring and messages pass through each station as it circulates around the ring. With token bus protocols, the token still circulates in a logical ring, but the physical network is a bus topology, with the result that failure of one station will not necessarily affect the network.
Illustration of token passing
Advantages of token passing
Disadvantages of token passing
1.4.5 CSMA/CD (carrier sense multiple access with collision detection)
With this technique, each station listens to the communication bus (multiple access), and sends when it has detected that the bus is idle (‘carrier sense’). If a collision occurs with another station, the transmission will be stopped, and after a random period the station will retry (collision detection).
All stations must be capable of supporting collision detection, collision avoidance, and recovery schemes. Methods for these vary considerably and thus have become a major issue in compatibility between different systems.
This technique is very efficient in maximizing the use of available bandwidth, and offer very flexible configuration options. It was designed to be used in a bus topology.
Response times are undeterministic, as network data load cannot be predetermined.
Ethernet communications are based on this technique.
CSMA/CD is illustrated in Figure 1.8.
Illustration of CSMA/CD
Advantages of CSMA/CD
Disadvantages of CSMA/CD
1.5 The OSI model
The Open System Interconnection (OSI) model was developed by the International Standards Organisation (ISO) to provide a universally applicable structure for communication applications The OSI model consists of a seven-layer stack onto which the message (raw data) is modulated. The way in which the seven layers is applied (not all seven layers necessarily need to be used) actually defines the communication protocol. The OSI stack is illustrated in Figure 1.9.
Construction of OSI seven-layer stack
The concepts of the OSI layers are as follows. Each layer:
The functions of each layer are subsequently discussed, referring to Figure 1.8.
This layer provides the mechanical characteristics of the physical interface (the medium, e.g., copper, fiber optic, and the connectors), as well as the electrical characteristics (level and frequency of electrical/optical pulses).
Furthermore, the functional and procedural characteristics to activate, maintain, and deactivate the connection are defined.
Data link layer
The data link layer provides the synchronization (start/stop, length) and error control (detection and correction) for the information transmitted over the physical link. The information provided by the physical layer is used in defining this layer.
This layer provides the means to route messages across networks and the ability to fragment large messages into frames that can be carried by the underlying network.
The transport layer provides end-to-end control and information interchange with the level of reliability that is required for the application (e.g., confirming connections, sequencing, etc.) This layer functions to liaise between the end-user(s) and the network.
This layer supports the dialog requirements on the bus, determining who is allowed to talk, handling start/stop talking commands and communication relationships. In this context, application processes (AP) are defined, rather than physical stations.
The presentation layer provides the interpretation and meaning of the information exchanged, in other words the coding or ‘language’ of the information.
This layer directly serves the end-user, the AP, by providing the information to support the AP and manage the communication. This layer thus specifically defines the information and its context to the AP.
The specific application can be said to be directly on top of the application layer.
1.5.1 Communication using the stack
Figure 1.10 illustrates the way each layer of the OSI stack will add information to the raw data at the sender’s end, and strip away the added information at the receiver’s end to again arrive at the raw data, which is the actual required message.
Movement of data through the stack
A basic example will illustrate the process. (Note that this example is not the absolute rule, as every protocol will differ to a certain extent in the specific application of the layers. The example does illustrate the process, however.)
A voltage value needs to be sent over a network. The value will be encoded into digital format by an analogue-to-digital converter, which is not part of the communications network. The AP in this instance is voltage measurement.
As Figure 1.10 shows, data will move down the OSI stack, each layer adding information to it. The application layer will add meaning to the digital data, which is only a value, by defining it as voltage, the type of voltage (e.g., line-to-line voltage), unit (V, mV, kV), etc. The presentation layer will then code this information into the appropriate language used, e.g., ASCII format. The session layer will initiate the transmission of this information onto the network, and the transport layer will control the transmission, ensuring reliability of the information and security of the transmission.
The network layer adds the routing and address information. The data link layer provides the synchronisation and error control bits, and the physical layer ensures that the complete frame at this stage is converted into the physical medium required for transmission, e.g., light pulses for a fibre-optic cable.
This information, which consists of a frame of digital bits, is now transmitted over the physical transmission media. The receiver receives this data and, in a process reversed to the one above, the ‘superficial’ information is stripped away until only the application data remain.
The critical importance that the sender and receiver process the data in exactly the same way can clearly be seen; otherwise the receiver will incorrectly interpret the information, or not even receive the information at all.
It will be noted that the full seven-layer stack is actually only required for network communications. For point-to-point type connections or for more basic networks using a communication technique where a master or bus administrator is present, the full seven stacks are not required. The enhanced protocol architecture (EPA) has been developed for this purpose, using a three-layer stack. The three layers basically correspond to layer 1, 2 and 7 of the seven-layer model (i.e., physical, data link and application layers). Some of the features of the presentation layer still required will then be added to the application layer, and network features required will be added to the data link layer.
This specific process by which the layers are added to the raw data actually defines the communication protocol. There are literally thousands of different ways of doing this, and thousands of different protocols have been used throughout the world at some stage or other. Initially protocols have not been clearly defined according to the OSI stack, and were developed according to the requirements of the specific manufacturer’s equipment. Proprietary protocols were at the order of the day, and different manufacturers’ equipment could as a rule not communicate to one another. Fortunately, certain protocols became widely accepted, and some manufacturers standardized on specific universally used protocols, e.g., MODBUS, DNP3.0 etc.
1.6 Communication Protocols
Some of the more popular and widely used communication protocols are listed in Table 1.1, with specific reference to protocols used in substations at present.
Protocols used in substations
Originally used by
Cyclic polling (+)
Ethernet + TCP/IP
1.7 Distributed Network Protocol 3.0 (DNP3)
DNP 3.0 is a specialised SCADA protocol initially developed by Harris Controls for electrical power utilities. It has since become an open protocol widely used for many power, gas, water, waste water and security applications around the world.
DNP3 uses the Application, Data Link and Physical layers, but adds some Transport functions. These are often referred to as the pseudo-transport layer, and are sometimes depicted as corresponding to the transport and network layers in a limited manner. This relationship is shown in the following drawing.
Relationship of EPA model to OSI 7 layer model
1.7.1 Application layer
The user data is the data arising from the user application. The user application can be visualized as a layer above the application layer, and could for example be a Human Machine Interface (HMI) program such as ‘Citect’ or ‘Intellution Fix’, or it could be an embedded program, such as a C+ application program. The data could be alarm and event data, digital status data, or even a data file such as a configuration file being passed from a master station to an RTU or an IED. On the other hand, in the case of many types of command being issued by a master station, there may be no data at all. A key point is that this data can be of any size. The total data size is not limited by the protocol.
The application layer initially forms the data into manageable sized blocks. These are called application service data units or ASDUs. The application layer then creates the application protocol data unit APDU by combining a header with the ASDU data. The application header is referred to as the application protocol control information, or APCI. This is either 2 bytes or 4 bytes in length, depending on whether the message is a request or a response. In the case of a command or other user request requiring no additional data, there is only a header, and no ASDU.
Depending on the total size of the data to be transmitted (the size of the ASDU), one or more APDUs are created. In the case that multiple APDUs are required, these are each termed Fragments. Whilst the number of fragments required representing an ASDU not limited, the size of each fragment is limited to a maximum of 2048 bytes.
1.7.2 Application message formats
Application messages are of two types, request and response. Each of these appears as one or more APDUs. Each APDU is made up of a header, which is termed the Application Protocol Control Information, and optional data, the ASDU.
Application message format
The request and response headers differ by one field. The response header includes an additional two-byte field designated Internal Indications (IIN). The content of the ASDU is not depicted in this drawing, but it is made up of data objects, each with an object header. These will be presented in detail later. For now the ASDU may be thought of merely as data.
1.7.3 Application control field
The application control field is the first byte of the control information, or APCI. It is used to control the communication flow. It has three bits or flags, plus a sequence number that is used to sequentially number fragments.
Application control field
Flow control is implemented by:
Using the following rules:
These are further detailed in the following subsections.
Identical sequence numbers
1.7.4 Application function codes
The function code is the second byte of the application protocol control information. It follows the application control byte in both request headers from master stations, and response headers from outstations. The function code indicates what function is required to be performed.
Overview of function codes
Many of the functions need to identify specific data on which they operate. They do this with data object references that are included in the data within the ASDU, which follows the APCI header. In this section only the function codes themselves will be examined, with the referencing of the data objects being presented in following sections. In the function descriptions these data objects are referred to as ‘specified data objects’.
Request function codes
Transfer functions are those concerned with transferring defined data objects. These are the functions that acquire data from the outstation, or write control information to it.
The control functions are used to operate or change control points in an outstation. These may be control relay outputs, i.e. digital points, or analog setpoint values. These may be operated directly, with or without acknowledgment, or with the select before operate sequence.
The select before operate sequence is a security feature that is well known in the electrical supply industry. It provides an additional level of security to ensure against miss-operation arising from a corrupted message, or a human error such as selecting the wrong device from a group of similar devices shown on an HMI screen.
Select before operate sequence requires the following to occur:
Freeze functions are typically used for the following:
The application control functions are coded in order of decreasing effect. The cold restart is a complete restart of the outstation, as if it had been de-powered and then repowered up. The warm restart may be used to reset the DNP3 application, but not necessarily do reset other application programs. Typically the warm restart is used to initialize its configuration and clear events stored in its buffers. Once either a cold or warm restart has been initiated, the master station should not attempt to communicate with the outstation until the restart time interval returned in the outstation’s response has elapsed.
The ‘initialize data to defaults’ could for example set up standard set points, and clear counters. The specific data objects to be initialized are identified in the request, but not the default values themselves. These are stored locally in the outstation, as fixed read-only data, or as parameters in non-volatile memory, for example.
The configuration referred to by these functions is the state of the parameters and settings that collectively determine the behavior of the outstation. It is not referring to a complete program or ‘configuration’ download. The save configuration function causes storing in a specified non-volatile memory location the settings that define the system’s configuration.
The enable and disable of unsolicited messages allows for a live change to this configuration aspect.
The assign class function allows for live assignment of data objects to classes. These are discussed later in the text. The effect of classes is to provide a broad means of referencing data, for example by allowing a read of all data in a particular class.
The delay measurement function is used immediately prior to performing a time setting by writing to the outstation clock. It is used over asynchronous serial links, for which the message transmission time is significant in comparison to the one-millisecond clock resolution. The outstation measures the time in milliseconds that it takes to turnaround the message, that is, the time from message receipt to sending the response to the master. The master station subtracts this time from the turnaround time it sees, to determine the time the messages spent in the communication system. It then divides that time by two to obtain an approximation of the one-way message delay from master station to outstation.
The record current Time function is used when performing a time setting over a LAN. In this case the transmission occurs essentially instantaneously, so no turnaround time measurement is needed. Both the master station and the outstation record the current values of their own clocks at the time this message is sent. Subsequently, the master sends its recorded time to the outstation, which calculates the time error from the difference between the recorded values.
The response function codes apply for all messages from outstations, i.e. stations that are not designated as master stations. The only response these messages require (of the master station) is an optional confirmation on receipt by the master station.
1.7.5 Internal indications
The internal indications (IIN) field is a two-byte field that follows the function code in all responses. It is by using the internal indications that the outstation status is reported to the master following a request. Each bit in the field has a specific meaning, in accordance with the table. An outstation would have defined flags within its dynamic memory to correspond to the IIN field bits. These flags would then be copied in each response message. Descriptions of the detailed meaning of each bit are included in the following table.
1.7.6 The object header
In DNP3, the data is always comprised of two parts, object headers, and data objects. The object headers identify the data object types, and specific instances of those data that are being referenced by the message. These data may not necessarily be contained in the message; for example, a read request carries only the references identifying which data is required. The response to the read request will contain both the data identification and the data itself. The position of the object headers and data objects within the application protocol data unit, or message frame, is shown in the following drawing.
The object header
The ASDU is made up of one or more object header and data object fields, up to a maximum frame size of 2048 bytes including the frame header (the APCI).
The object header is between three and eleven bytes in length, and is made up of the object, qualifier and range fields. The object field is further subdivided into two bytes, which are the object group and object variation respectively. The range is between 0 and 8 bytes.
1.7.7 DNP Objects
The format of the object data is specified in the DNP Object Library. This specifies how many bits or bytes make up each object which belong to groups and have variations whether it has a time stamp etc.
A list of the object groups is shown in the table below. Full details of these and the object variations for each group is described in the DNP Object Library.
It can be seen from the table that the object groups are organized into decade ranges. Within each decade, there may be more than one object group. Each of these groups has its variations, making altogether a substantial number of individual objects.
Object variation zero
Object variation zero (0) is not used within any group, because this is reserved for a special purpose. When a master station specifies object variation zero in a request message, this defined to mean all variations of that particular object group. This allows the master station to obtain all object variations without identifying each one.
1.7.8 The qualifier and range fields
In the following sub-sections the operation of the qualifier and range fields are presented. After looking at the structure of these fields, and the meaning of the codes they contain, the different means of referencing data are presented. In the discussion, use is made of referencing ‘modes’. It is noted that the mode labels used here are not included within the DNP3 documentation, but are applied here to assist understanding of this complicated area.
It is noted that the reader may find point referencing in DNP3 somewhat difficult to grasp. This arises from the flexibility of referencing that has been provided for by the protocol. At the same time, it may be observed that although a number of different referencing modes and variations for each are defined in DNP3, in practice only a small number are generally used.
Purpose and structure
The qualifier and range fields follow the object field in the object header. These fields are used to identify the specific data points of each object group and variation that are being referred to. For example, this may simply be a range of consecutive points, in which case the start and stop point indexes will be included in the range field. Alternatively, a list of non-consecutive points may be required, and in this case the list of points must be provided separately. These cases, and others are all handled by the Qualifier and Range field values.
The qualifier and range fields are used both in request messages from master stations, and in response messages from outstations. For request messages, only identification of the data may be required. In response messages the data objects themselves may be included in the message.
The structure of the qualifier field is shown in the following diagram.
The qualifier field
The qualifier field is made up of two sub-fields. These are the qualifier code (or Q-code) and the index size (or I-size). The qualifier code value identifies the ways of referencing or identifying the data objects contained within messages. The index size sub-field specifies how many bits are used to reference the data (8, 16 or 32).
The range-index mode is indicated by Q-codes 0,1 and 2.
In this mode the range field contains two numbers. These are the start and stop index values for the data objects.
Index values imply that in the outstation there is an index giving a one-to-one correspondence between the value of the index, and the actual locations within the device memory of the data objects. The use of indexes simplifies referencing of data objects because regardless of the object’s size, each consecutive number represents successive data objects. If the start and stop numbers are I1 and I2, then there are a total of I2-I1+1 data objects being referenced.
In the diagrams following, Q-code 0 is used, defining the range-index mode with eight-bit indexes. These can reference a maximum of 256 data objects. In the request message only the header is present. In the response message, the data objects follow the message.
In the response message only, it is possible to prefix each data object returned with an object size identifier. When this is desired, the I-size field is used to specify the size of the object size fields. This would only be required if the object sizes were variable within an object variation group. When object size fields are not required, the I-size field is set to zero, meaning the objects are packed in sequence without size fields. The diagrams following show the structure of the messages for each of these cases.
1.7.9 The transport layer
The APDU from the application layer is interpreted purely as data to be transported by the transport layer. The transport layer breaks the message down into smaller units termed Transport Protocol Data Units or TPDUs. These are made up of a one-byte header, followed by a maximum of 249 bytes of data. So it will fit within one ‘Frame’ or LPDU at the Data Link layer.
The transport header
The single byte transport header contains two bits that identify the start and end of a sequence of frames (TPDUs), plus a six bit sequence counter, to allow reassembly of the message.
Transport header byte
The FIN and FIR bits identify whether this is a single frame message or where it fits into the message sequence.
1.7.10 The data link layer
This layer takes the TPDUs from the pseudo-transport layer and adds a 10-byte header to each. As the data link layer is also responsible for providing error detection and correction functions, error-checking codes are introduced here. A 16-bit cyclic redundancy code (CRC) is used. Each TPDU is converted to a frame of up to 292 bytes in length.
Data Link frame format
The frame format specifies a 10 byte header, followed optionally by up to 16 data blocks. The overall message size is limited to 292 bytes, which provides for a maximum data capacity of 250 bytes. Thus a fully packed frame will comprise the header plus 16 data blocks, with the last block containing 10 data bytes.
FT3 frame format
START: 2 bytes: 0564 (hex)
LENGTH: Count of user data in bytes, plus 5, not counting CRC bytes
This represents all data; excluding CRC codes following the LENGTH count byte. Its range is 0–255
CONTROL: Frame control byte. See later section.
DESTINATION: 2 byte destination address (LSB, MSB)
SOURCE: 2 byte source address (LSB, MSB)
CRC: 2 byte Cyclic Redundancy Check code.
USER DATA: Each block has 16 bytes of user data. Last block has 1-16 as required.
The control byte follows the start and length bytes in the frame format. It provides for control of data flow over the physical link, identifies the type, and indicates the direction. The interpretation of most of the control byte is dependent on whether the communication is a primary or a secondary message.
1 = A to B
0 = B to A
PRM Primary Message
1 = frame from primary (initiating station)
0 = frame from secondary (responding station)
FCB Frame Count Bit
FCV Frame Count Bit Valid
0 = ignore FCB
1 = FCV is valid
RES Reserved = 0
DFC Data Flow Control Bit. Set to 1 by secondary station if further send of user data will cause buffer overflow.
FC Function Code
The DIR bit indicates the message direction between master and non-master stations. If a message is from a designated master station, this bit is set. Otherwise it is cleared.
The PRM bit is set if the frame is primary (initiating) or a secondary (responding). This is used directly in interpreting the function code. There are six valid function codes for primary frames, and five valid function codes for secondary frames.
Frame count bits
These are the frame count bit (FCB) and the frame count valid bit (FCV). These bits are only used for primary messages. The frame count bit is used to detect losses or duplication of frames to a secondary station. The frame count valid bit enables the use of the FCB. When the FCV bit is true, the FCB is toggled for each successful SEND–CONFIRM transaction between the same primary and secondary stations.
They work like this:
Data flow control bit
The data flow control bit (DFC) is included in secondary frames. The secondary station will set DFC = 1 if a further SEND of user data will cause its buffer to overflow. On receipt of a frame with DFC = 1 a primary station will cease to send data, but will request link status until DFC = 0.
Data link function codes
The tables below show the detailed meanings for different values of the function code byte. The meanings are different depending on whether the message is a primary or a secondary transmission.
The following shortened version of the function codes is included in the sequence diagrams. The codes are preceded with a P or and S, representing primary or secondary codes.
1.7.11 The physical layer
The physical layer converts each frame into a bit stream over the physical media. In the original DNP3 documentation, a bit-serial asynchronous physical layer is specified. It calls for 8 bit data, 1 start bit, 1 stop bit, no parity, and RS-232C voltage levels and control signals.
1.7.12 Summary of DNP3 message build-up
The build-up of DNP3 messages has been shown from a top-down perspective to have the following features:
1.7.13 DNP3 over a network
The idea of carrying DNP3 over a network environment involves encapsulation of the data frames from the DNP3 data link layer within the transport layer frames of the Internet protocol suite. That protocol stack then delivers the DNP3 data link layer frames to the destination location in place of the original DNP3 physical layer.
The following method has been recommended by the Technical Committee:
The resulting protocol stack is shown in the following diagram.
1.8 IEC 60870-5-101
The IEC 60870-5-101 protocol is defined with reference to layers 1,2 and 7 of the ISO 7-layer stack, also called the Enhanced Performance Architecture (EPA) model.
The protocol uses the octet representation of data. The frame is constructed as shown in Figure 1.20.
The ASDU is the data received from the application process. The ISO EPA model prescribes application protocol control information (APCI) to be added to the ASDU to form the application protocol data unit (APDU). However, this is not needed in the IEC 60870-5-101 protocol, hence the APDU is the same as the ASDU.
The data link layer adds the link protocol control information (LPCI) to the APDU to form the Link Protocol Data Unit (LPDU). This layer also prepares each data octet in the LPDU to be transmitted as an asynchronous serial character having one start bit (value=0), eight data bits (the data octet), one even parity bit and one stop bit (value=1).
Referring to Figure 1.20:
S = Start character
L = Length character
C = Link control character
A = Link address field
CS = Check sum character
E = End character
For up to 1.2 kb/s frequency shift keying (FSK) modulation is used, which is symmetrical and memory-less. It is suitable for most voice frequency analogue channels on base band transmission line, power line carrier, and radio communications media.
For speeds in excess of 1.2 kb/s, synchronous modems may be used.
Faster transmission, up to 19.2 kb/s, is also possible on directly connected data circuits using digital signal multiplexers.
1.8.2 Frame integrity
The LPDU frame provides a very high data integrity (IEC Integrity Class I2). There must be at least four bit errors in a received frame before an undetectable frame error is possible.
The parity check ensures that at least two bit errors in the contents of any character are required to cause an undetectable character error.
The sum check ensures that at least two characters with undetected errors are required to cause an undetectable check sum error. Thus a total of four bit errors are required to produce a received frame with a possible undetectable error.
1.8.3 Physical configuration
The protocol may be implemented in two physical configurations: