Process control or industrial automation systems are used to protect, control and monitor industrial processes in industrial plants; e.g., for manufacturing goods, transforming substances, or generating power, as well as to monitor and control extended primary systems like electric power, water or gas supply systems or telecommunication systems, including their respective substations. An industrial automation system can have a large number of process controllers distributed in an industrial plant or over an extended primary system, and communicatively interconnected via a communication system.
Substations in high and medium-voltage power networks include primary devices such as electrical cables, lines, bus bars, switches, power transformers and instrument transformers, which can be arranged in switch yards and/or bays. These primary devices are operated in an automated way via a Substation Automation (SA) system. The SA system comprises secondary devices, so-called Intelligent Electronic Devices (IED), responsible for protection, control and monitoring of the primary devices. The IEDs may be assigned to hierarchical levels, such as the station level, the bay level, and the process level, where the process level is separated from the bay level by a so-called process interface. The station level of the SA system includes an Operator Work Station (OWS) with a Human-Machine Interface (HMI) and a gateway to a Network Control Centre (NCC). IEDs on the bay level, which may also be referred to as bay units, in turn are connected to each other as well as to the IEDs on the station level via an inter-bay or station bus serving the purpose of exchanging commands and status information.
IEDs on the process-level can include (i) electronic sensors for voltage (VT), current (CT) and gas density measurements, (ii) contact probes for sensing switch and transformer tap changer positions, and/or (iii) intelligent actuators (I/O) for changing transformer tap positions, or for controlling switchgear like circuit breakers or disconnectors. Exemplary process-level IEDs such as non-conventional current or voltage transformers include an Analogue-to-Digital (A/D) converter for sampling of analogue signals. Process-level IEDs are connected to the bay units via a process bus, which can be considered as the process interface replacing the conventional hard-wired process interface. The latter connects a current or voltage transformer in the switchyard to the bay level equipment via dedicated copper wires, in which case the analogue signals of the instrument transformers are sampled by the bay units.
A communication standard for communication between the secondary devices of a substation has been introduced by the International Electrotechnical Committee (IEC) as part of the standard IEC 61850 entitled “communication networks and systems in substations”. For non-time critical messages, IEC 61850-8-1 specifies the Manufacturing Message Specification (MMS, ISO/IEC 9506) protocol based on a reduced Open Systems Interconnection (OSI) protocol stack with the Transmission Control Protocol (TCP) and Internet Protocol (IP) in the transport and network layer, respectively, and Ethernet as physical media. For time-critical event-based messages, IEC 61850-8-1 specifies the Generic Object Oriented Substation Events (GOOSE) directly on the Ethernet link layer of the communication stack. For very fast periodically changing signals at the process level such as measured analogue voltages or currents IEC 61850-9-2 specifies the Sampled Value (SV) service, which like GOOSE builds directly on the Ethernet link layer. Hence, the standard defines a format to publish, as multicast messages on an industrial Ethernet, event-based messages and digitized measurement data from current or voltage sensors on the process level. SV and GOOSE messages are transmitted over a process bus, which may, for example, in cost-effective medium or low voltage substations, extend to neighbouring bays (e.g., beyond the bay to which the sensor is assigned). In the latter case, the process bus transmits, in addition to the process data, command and/or status related messages otherwise exchanged via a dedicated station bus. In the following, the distinction between process and station bus in SA systems is done away with.
SA systems based on IEC61850 are configured and described by way of a standardized configuration representation or formal system description called Substation Configuration Description (SCD). An SCD file includes the logical data flow between the IEDs on the basis of message types or data sets (e.g., for every message source, a list of destination or receiver IEDs, the message size in terms of data set definitions, as well as the message sending rates for all periodic traffic like GOOSE, SV and Integrity reports). The SCD file likewise includes the relation between the IEDs as well as the functionality which the IEDs execute on behalf of the substation process or switch yard. In addition to SA systems for substations in high and medium-voltage power networks, other process control systems (e.g., for hydro power plants, wind power systems, and Distributed Energy Resources (DER)), may likewise be described by a formal system description at least partly identical to IEC61850.
In communication systems technology, within Local Area Networks (LAN) constructed by connecting a plurality of computers or other intelligent devices together, a concept called “virtual LAN” (VLAN) employs functionality for arbitrarily and logically grouping terminals or nodes which are connected to switches of the network. Ethernet VLANs according to IEEE 802.1Q allow restricting access to the terminals connected to an Ethernet network within a VLAN as well as restricting the data flow of multicast Ethernet messages to predefined parts of the Ethernet network where receiver terminals are connected which belong to the same VLAN.
In state of the art Ethernet switch-based networks as used for office and commercial applications, VLAN definitions are handled within the Ethernet switches, therefore the latter have to be configured or otherwise made aware of the relevant VLANs. Specifically, for each port of a switch, the switch has to know if a particular incoming VLAN (multicast) message shall be forwarded to this port or not (e.g., if this port also belongs as output port to the VLAN of the incoming message). Furthermore, in state of the art Ethernet switch-based networks it is assumed that any single connected terminal or end node belongs to one specific VLAN only. This terminal can then only talk to other terminals belonging to the same VLAN. When configuring the switches, the ports to these communicating terminals are therefore called access ports, and these access ports are only allowed to belong to one VLAN, while the other ports internal to the communication system, called trunk ports, belong to several VLANs. It is, for example, also assumed that all IEDs are spontaneously sending data within their VLAN.
Contrary thereto, in a process control real time application an IED can send different real time messages for different purposes within different VLANs. Therefore, here the concept of access ports cannot be applied; however the concept of an edge port (e.g., a port which has not to be considered by the RSTP loop avoidance algorithm in physically meshed networks), is still valid for the IEDs (in this notation, an edge port connected to an IED that is assigned to one single VLAN corresponds to an access port). This can complicate the configuration of VLANs on the switches. Further on, sometimes the receivers of messages of a VLAN do not send messages within the same VLAN they receive (e.g., they do not send any VLAN messages, or send within another VLAN), which prohibits automatic VLAN detection by the switches.
Another mechanism to restrict the flow of multicast messages within a switched Ethernet network employs different multicast addresses for different message sources, and relies on the Ethernet switches supporting message filtering based on multicast addresses. Here a management protocol exists which allows the switches to automatically manage any multicast data flow in an optimal way, if the receivers subscribe to the needed multicast addresses at their connection or edge port to the switch network. This approach does not involve manual configuration of switches; however its effectiveness to restrict the message flow depends on the assignment of multicast addresses to the message sources which is done manually during engineering/configuration in the case of GOOSE and SV messages.
For large process control systems with increased real time critical communication needs due to multicast communication traversing the entire system and including vertical communication to station level, the communication network load can be important within the control system as well as at the receiving application IEDs. This is the case for example, with GOOSE and SV messages according to IEC 61850, which are based on Ethernet multicast messages, and station level IEDs such as Operator Work Station and gateway which are not adapted to handle more than 200 to 1000 messages per second.
In this context, a straightforward method to obtain an optimal data flow in the sense that only the needed messages are routed to a receiver assigns to each message source its own (multicast or VLAN or both) identification. However, for a process control system with around 300 IEDs each having at least two different GOOSE message sources this amounts to at least 600 different message sources and identifications, while the recommended identification range for GOOSE multicast addresses only allows 512 different identifications. Additionally, the more addresses the switches have to consider for the filtering, the more memory and CPU resources they need, and the more work is involved to configure them and keep them consistent.
The patent application EP 2157732 discloses a way to automatically generate VLAN configuration data for a switch in the communication network of a Process Control (PC) or Substation Automation (SA) system. For each sender IED and for each message configured to be transmitted by the sender IED, the receiver IEDs to which the message is destined as well as a Virtual Local Area Network Identifier VLAN ID are retrieved from a standardized configuration representation of the system. For each receiver IED, the VLAN IDs of all the messages destined to this receiver IED are then assigned to an edge port of a switch to which this receiver IED is connected.