Industrial automation and control systems are widely deployed. During an engineering phase, a design of a system is defined, and then the design is deployed during a commissioning phase. In the past, communication between devices or nodes of industrial automation and control systems was based on analog technology and point-to-point connections. Engineers are familiar with the analog technology, both during engineering and commissioning of the industrial automation and control systems, because requirements for such networks are more obvious. However, communication in industrial automation and control systems has become more based on digital communication technologies, such as Ethernet technology, for example. In particular, substation automation systems use Ethernet technology at the station level, at the bay level, as well as at the process level. Ethernet technology not only presents new challenges to the customers, but also to the engineers who design and commission the industrial automation and control system.
In the case of Ethernet technology, communication between devices or nodes of an industrial automation and control system, such as in big industrial systems, often needs to be segregated both physically and logically, wherein techniques such as VLAN (Virtual Local Area Network), multicasting, different conduits (such as firewalls or routers), subnets, etc., for example, are used to provide and guarantee for a proper segmentation, isolation and routing of traffic flow. During an engineering and design phase, as well as during a commissioning phase of a communication network, it is ensured that there is a data path (both physical and logical) between devices or nodes connected to the communication network and which are supposed to communicate with each other. Mistakes during the engineering and design phase as well as mistakes during the commissioning phase, such as wrong network configurations or network installations, may prevent required data paths to function properly, or may make them impossible. The combination of one or more network techniques such as VLAN, multicasting, sub netting, etc. in different sub networks make it difficult to detect, without sending a probe packet, if the required data paths between the devices or nodes connected to the network are working properly.
After receiving an order from a customer, design engineers design a corresponding industrial automation and control system and then generate a system description file. During the design, as well as when commissioning the system, it is necessary to validate the reachability between devices or nodes of the network, given the underlying physical and logical network architecture. In current practice, either reachability validation is manually done to ensure required reachability between devices or nodes of the network, or it is not done at all. In particular, during the engineering and design phase, the engineer has only a model of the network available and does not have the possibility to verify the model in a real deployed network of an industrial automation and control system. However, such reachability validation is important, as at the end of the design phase of the network, a real network is commissioned according to the designed system description file. In case of an error in the design phase, the process has to be reiterated, which is costly and time consuming. Hence, automatic validation of the dataflow during the design phase is important. Moreover, validation of the dataflow is also important during commissioning phase of the network, as well as when a network of an industrial control and automation system is to be expanded or refurbished.
In the context of the present disclosure, the term dataflow implies the flow of data from one device or node of the network of an industrial automation and control system to another device or node of this network. Reachability validation includes the following conditions of a designed or commissioned network: (1) reachability of another node of the network starting from a current node; (2) segregation of another node of the network starting from a current node, that is, the other node is not reachable starting from the current node; (3) in certain cases, a sink node may receive network traffic form different source nodes.
In “Reachability Monitoring and Verification in Enterprise Networks”, Zhang et al., SIGCOMM'08, algorithms are presented to monitor and verify all-pairs nodes. For each pair of source and destination zones, the hop-by-hop routing path is calculated. The pairs are sorted in ascent order according to the hop counts. The reachability of all pairs is then calculated according to the sorted order.