IEC6850-90-1 describes two approaches in order to transmit data of critical protection services over wide area networks WAN. The tunneling approach assumes that the Ethernet packets containing the protection data are transmit in wire speed, in their native Ethernet format and without or with only minor changes to the packets. This approach is suitable for binary distance protection data typically coded as GOOSE messages in IEC68150, as well as for differential protection data coded as sampled values SV.
EP-2-432-133-A describes extended functionality to the GOOSE tunneling approach as described in the technical paper IEC6850-90-1, which includes: event recorder/command counter for configurable binary events in the tunneled GOOSE messages, and constant supervision of a communication channel between two communication edge devices of the service and notification of the connected service end devices in case the channel quality does not meet the requirements for reliable communication.
US 2012/0233296 describes a gateway intelligent electronic device IED for a Substation Automation SA system, where the gateway IED comprises a communication interface configured to communicate according to IEC 61850, and it can provide via a substation communication network a routing function with firewall and access control for direct access to the concerned protection IEDs.
US 2005/0114648 relates the field of information technology in general and describes an implementation of a dual mode firewall that acts as a bridge for Layer 2 traffic and acts as a router for Layer 3 traffic. Accordingly, the network devices can provide both the transparent forwarding of Layer 2 traffic and Layer 3 routing capabilities, as well as the implementation of security policies at Layer 2 or 3.
US 2011/307114 in reference to the standard describes for time-critical event-based messages, i.e. IEC 61850-8-1, specifies the GOOSE directly on the Ethernet link Layer of the communication stack. For very fast periodically changing signals at the process level such as measured analogue voltages or currents IEC 61850-9-2 specifies the Sampled Value SV service. Next to the functional shortcomings of the current approaches, there also technical challenges currently not solved by the tunneling approach.
According to the current version of the standard IEC61850, Edition 2, the GOOSE and SV messages are plain OSI Layer 2 Ethernet Messages without Layer 3 IP extension.
This stands in contrast to the typical design of Ethernet based communication infrastructure in utility applications, where the interface between a Layer 2 substation LAN and wide area communication network is always a Layer 3 router and a firewall operating on Layer 3 IP, see FIG. 1. Architecture of the WAN is manifold. Today Layer 2 Ethernet implemented on physical SDH technology is the typical case. In future, MPLS networks, also called Layer 2.5 networks are expected to take the dominant role. Note that also MPLS is a Layer below IP and therefore not IP aware.
The combination of router and firewall is a preferred interface solution from a security aspect as well as from traffic scaling perspective. The router can be configured such that only traffic intended for inter substation communication is transmit to the WAN. However, from performance perspective, Layer 3 switching or routing which is considerably slower than Layer 2 operations, is sufficient for the Ethernet based applications currently found in substations, i.e. Voice over IP, SCADA traffic according to IEC60870-5-104 or Modbus protocol or office IT services provided to the substations.
For IEC61850 based protection services, GOOSE and SV, the architecture as indicated in FIG. 1 has some limitations, e.g. the Layer 2 services without IP extensions are not able to pass the Layer 3 router, the performance of the Layer 3 switching or routing is considered as not sufficient fast in order to meet the tight timing constraints of protection services that is typically 4 to 10 ms end to end, and routing of Layer 2 messages in a packet switched WAN needs special attention.