101/103/104 examples of typical statute Application Problems

Address: http://hi.baidu.com/timse/blog/item/71cf1b46cefd49006b63e594.html

In recent years, the author has encountered some application problems. Although these problems are not big, they usually affect the important interoperability and interconnection of the Protocol. Here, we share the typical situations we have encountered with a large number of netizens, hoping to help you develop and research the Statute in the future.
The three standards 101, 103 and 104 of the IEC60870-5 series have been applied in China for many years, but in the test of multiple such specification products, we found that there are still many protocol implementation problems that can cause interoperability barriers. The typical situation is as follows:

1. Physical Interface:
103 one of the physical interfaces prescribed by the statute is the RS-485. But the interfaces of different manufacturers are still somewhat different, such as two-line 485 interfaces (TX + and RX +) and four-line 485 interfaces (TX +, RX +, TX-, RX -), some provide the DB9 connector, and others provide the Ethernet interface, that is, the 103 protocol for Ethernet transmission. To some extent, these interface types Reduce the original design intention of the Protocol-the plug-and-play feature. For example, the DB9 connector and the pins used as the sender and receiver are all customized by the manufacturer. The manufacturers involved in the interconnection need to weld their connectors on site. If they are not careful, it will leave hidden risks for future communication operations.

2. Clock Synchronization:
The 101, 103, and 104 protocols all provide corresponding clock synchronization functions. In the Protocol test of this function, we found that 90% of the manufacturers did not strictly implement the application-layer response in the protocol, most of them responded in the form of a message mirror image, but not the standard: the Response Message time must be the local time corresponding to the Command sent by the control station. In addition, the software design of some manufacturers still lacks the rationality check of the time when the school command is run, that is, in our negative test stage, if you receive a clock calibration command with an invalid time (for example, the value of on the 32th day of the 13th month), or change it to the value of on the 1st day of the month with some slight processing, or, you can directly modify the local clock without processing. This test is intended to simulate the impact of the ubiquitous interference environment (such as electromagnetic interference) on the coding of communication lines to test the fault tolerance capability of the device. If the manufacturer's developers do not pay attention to this detail during product R & D, if such a situation occurs at the site, it will cause a series of problems that are not conducive to the correctness of communication, for example, events and alarm time scales are not reasonable and valid.

3. Command Transmission:
Remote control process, as one of the main functions of the IEC60870-5 series protocol, is the focus of the protocol test. Most tested manufacturers can complete the command transmission function, but there is no detail for the following situations:
A) Remote Control of uncontrollable points. This situation may occur when the information point table configuration of the control station and the control station does not match. Therefore, the control station (device) should be able to judge the type and status of the control point, if the information point is not configured on the device or the address does not belong to the control point, the corresponding compliant response should be made to the control station, for example, the transport reason COT = 47 (unknown information object address) or COT = 7 (P/N-bit = 1, Negative confirmation) can be adopted in the 101 protocol ). During the test, it is inappropriate for some manufacturers to make sure they do not respond or make sure they do not actually handle the issue. The consequence of this operation is that the monitoring master station or the scheduling station mistakenly re-issue the command because of a transmission channel problem, or simply think that the on-site device is faulty, resulting in unnecessary trouble.
B) another remote control command occurs when the remote control command is executed. This situation is related to the software design of the control station and the operator's operation habits. On the one hand, the control station allows the operator to remotely control multiple points on the same device at the same time due to multi-task execution; on the other hand, the control station (device) due to channel delay (such as Ethernet) the operator may not be able to wait until a certain point of control command is issued, and then click again to send the control command. The above conditions may cause the device to receive two or more remote control commands in a short period of time. In Protocol 103, the device strictly stipulates the handling method: before the previous command is recognized, when receiving the Command Message from the control station, the device should accept the new control command. During the test, we found that many manufacturers did not handle the opposite of the standard (deny and approve the old command), or simply did not respond to the new command. This not only violates the standard, but also causes some interoperability problems due to incomplete response processes.
C) latency between command selection and execution. In the 104 and 101 protocol tests, we found that some controlled sites cannot set the timeout time, which is very insecure when the channel is unstable. For example, if a command is successfully selected on the control station and an execution command is issued, when the transmission delay of the network or channel is reached, because the transfer time has exceeded the super time set by the control station for the command process, the control station canceled, but the control station still executed the command. The results of such execution are not as expected by the control site, so it is likely to cause some risks during field operation.

4. Usage of quality description:
One of the notable features of the IEC60870-5 series specification is the use of quality descriptions, but in testing we found that quality descriptions often lead to barriers to communication and interconnection. Quality descriptions mainly include invalid (IV), NT (current value), OV (overflow), SB (substitution), BL (locking), etc, it is usually used for additional quality information of information objects such as telemetry, remote communication, and remote pulse. For example, in the 101 protocol, SB = 1 (alternative) can be used to describe the information generated during the installation and debugging; NT = 1 (non-current value) is available for information that fails to be refreshed for a long time) description; the device can set the corresponding information object value to IV = 1 (invalid) when the information source is abnormal.
In the interoperability test, some control stations do not judge the quality description of the information sent from the controlled station, resulting in data classification and processing defects. Some control stations are in the debugging status or fault state, quality descriptions are not used in related telemetry, remote signals, events, and other information. As a result, the on-site status cannot be truthfully reflected on the control station, which affects the real-time and accuracy of system monitoring.
Similarly, the IV (invalid) position in the time scale has not received much attention from many manufacturers. Because the event information, control information (104 protocol), and clock synchronization commands all carry time scales, the processing of this bit is also crucial. 101 The statute clearly defines "if the clock is not synchronized within a specific time period, the IV bit is set to 1 )", 103 It is also stipulated that "the relay protection equipment has not been synchronized for more than 23 hours after the last synchronization", and "The third octal Group of the time information is invalid (IV) location 1 ". Unfortunately, no manufacturer has applied the quality description provided by this statute to practice.