4. cisco da and ami v01

8/12/2019 4. Cisco DA and AMI v01

http://slidepdf.com/reader/full/4-cisco-da-and-ami-v01 1/45

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1



Cisco Confidential 1© 2010 Cisco and/or its affiliates. All rights reserved.


Paulo Pereira, [email protected]

Connected Energy Networks EMEAR




• FAN Overview

• Distribution Automation Use Cases

• FAN Technologies

• Network Services

• Products and Roadmap




AMI DA

RFMesh

PLCMesh

FLIRFSIR

FaultLocationIsolation

Restoration

Volt/VArRegulation

DERDistributed

EnergyResources

RemoteWorkforce Management

Remote Asset

Management

DistributedIntelligence

IEEE802.15.4g

IEEE 1901.2 IEC 61850, IEC 60870, DNP3, Modbus, etc

FAN Gateway Services(legacy devices)

Time Distribution Services

Security and Security Management

Communications Network Management

DIG 1.0 DIG Next release DIG Future




• FAN Overview

• Distribution Automation Use CasesRaw TCP Socket

Protocol TranslationIEC 61850 in Multi-Services FAN11kV Grid Reinforcement







Proprietaryprotocols over

Serial

Standardprotocols over

Serial

Standardsprotocols over

TCP/IPIEC 61850

IEC 60870-5-101

Vendor’sdependent IEC 60870-5-104,

DNP3/IP, Modbus/TCP,etc

MMSDNP3, Modbus, etc

IP Interfaces

GOOSE/SV

GOOSE/SV over IP/UDPfuture IEC 61850-8-1 and61850-9-2 profiles (**)

Ethernet Layer-2switching (*)

Secure IP infrastructure (Data Integrity, Confidentiality and Privacy)

Traffic tunneledover IP

Raw TCP Socket

ProtocolTranslation

IEC 60870-5-101 toIEC 60870-5-104

SerialPPP/CHAP

L2 over IP WANi.e. L2TPv3 (*)

Ethernet

(*) future SW support on CGR 1000 (**) standards evolution)


http://slidepdf.com/reader/full/4-cisco-da-and-ami-v01 7/45© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

• A mean to transport streams of characters from one serial

interface to another over the IP network for utility applicationRaw socket transport supports point to multi-points connection over async serial

line

TCP over IP transportation – Raw Socket Transport has built-in auto TCPconnection retry mechanism.

Packetization and sending data on a specific packet length, a specific characteror upon a timeout.

• Each serial interface can be configured as server, client, or thecombination of both

CGR 1000 – Total number of supported TCP session: 32 x 2 Serial Interface• Interoperable with competitor devices equipped with raw socket

transport feature, such as ruggedcom, SEL, and checkpoint.



CGR 2010 – Server! ! !

interface Serial1/1 no shutdown encapsulation raw-socket

!! ! !

line tty 1 raw-socket tcp server 5000 Master_IPv4_addressraw-socket packet-timer 3raw-socket tcp idle-timeout 5

! ! !

IP WANSCADA

CGR 2010(Server) CGR 1120

Client

RTU #1

RTU #2

CGR1120 Client! ! !

interface Serial1/1 no shutdown encapsulation raw-socket

!interface Serial1/2 no shutdown encapsulation raw-socket

line tty 1 raw-socket tcp client Master_IPv4_address 5000 10.0.0.2 9000raw-socket packet-length 32raw-socket tcp idle-timeout 5

line tty 2 raw-socket tcp client Master_IPv4_address 5000 10.0.0.2 9001raw-socket packet-length 32raw-socket tcp idle-timeout 5

Server – listening port, acceptingIncoming TCP connection

Client – requesting port, placing

Outgoing TCP connection

• Packet-length – the number of bytes receivedfrom serial interface to trigger transportation

• Packet-timer (aka idle timer) – the delay fromthe last received byte to trigger transportation

• Special character – the character use to triggertransportation, it will also be used as a delimiter



• Enabling the integration of IEC 60870-5-101 devices in multi-services FAN, through IEC60870-5-101 to 104 protocol translation performed on CGR 1000

Support T101 Balanced and Unbalanced Link Transmission Procedure

• CGR 1000 receives information and events from RTUs through T101 protocol over its Serialinterfaces, then send them to SCADA Control Center through T104 protocol

• Data/events are stored locally in SCADA information database, before sending. In case of link failure, up

to 100 events for each control center can be stored .

• CGR 1000 receives commands from SCADA Control Centers through T104 TCP protocol,then sends commands through T101 protocol to RTUs

• High availability – up to 2 active T104 control centers can gather information and controlRTUs through a CGR 1000 – Any event sent from RTU will get sent to both control centers.

• Time synchronization – RTUs get their clock information from CGR 1000 (NTPv4), whichsends system clock information into T101 clock sync frame to all connected RTUs

• IEC 60870-5-101 file transfer support• Scada master application downloading image or configuration file to RTU

• Scada master application retrieving event log file from RTU



IP WAN

ASR 1K orCGR 2010

CGR 1120

RTU #1

RTU #2

SCADAMaster 1

SCADAMaster 2

Active IEC60870-5-104Masters

104 Configuration

Channel (x 2)Router as 104 Slave

Map TCP port to match SCADA master

Session (x 2) Attach to Channel

Sector (x 2) Attach to Session

ASDU Address as on SCADA MasterMap 104 Sector to 101 Sector

101 Configuration

ChannelRouter as 101 Master

Bind to serial port

Session Attach to Channel

Link Address as on RTU Session

Sector Attach to Session

ASDU Address as on RTU Sector

T101

T101

T104

T104

T104

T104

SCADAdatabase



• IEC 61850 MMS devices can beconnected to Ethernet Layer-3 interfaceson CGR 1000, then traffic is routedbetween any interface

• IEC 61850 GOOSE/SV devices will benefitfrom future Ethernet Layer-2 switchingCGR 1000 feature set tor local traffic

IEEE 802.1Q VLANs, IEEE 802.1p CoS, ! • IEC 61850 GOOSE/SV traffic between

remote FAN locations and NOC requiresBridging between Ethernet Layer-2 andWAN interfaces

Ethernet – WiMAX bridging (Ethernet CS)

Ethernet – L2TPv3 tunnel

• IEC 61850 GOOSE/SV over WANrequires characterization of latencyvalidating proper application’s support

QOS and network design rules will help

Future releases

IP Infrastructure

SCADA SCADA



• Maximizing network capacity usage bymonitoring assets temperature andload, then using this to calculate real-time asset capacity

Technique 1 -Dynamic Asset Rating

• Changing the configuration of thenetwork to improve the flow of powervia re-routing of load through areas ofspare capacity to accommodate peaks

Technique 2 –

Automatic LoadTransfer

! "#$%&%'%() (+,-./0 1#2#1%,3 45#)+ 63&.(%,./%() #55+,5 ,+&2+/#,4/+ #(7 8.#79,:+( 45%() ,:%5 ,. calculate real-timeasset capacity

Technique 3 – MeshedNetworks

! ;5%() power stored in batteries on thenetwork, to alleviate the problem byreducing the Network peak loadrequirements

Technique 4 – EnergyStorage

Transformer Overhead LinesUnderground

Lines

Overhead Lines

UndergroundSimple & Complex

Topologies

Simple RingComplex Mesh

Feeder

SecondarySubstation (11kv

to 450v)



• Current Asset rating50% redundancy is built into many of todays electricity networks to ensurecontinued operation during a failure.Many/most Medium 11kV network as not monitoredSome assets are under utilised, some are over utilised

Today static ratings are used for certain periodsRenewable generation is demanding increased capacity

• Dynamic Asset RatingMonitor of voltage and current as well as environmental measurements is keyCorrectly rate assets based on measurements

Rate the assets and system based on current grid and environmentalconditionsControl renewable generation to maximise asset usage (dynamic Line rating)Control plant (transformer pre loading) to maximise asset life




• LocationsControl, CentrePrimary SubstationSecondary Substation (Line)

• Devices

DMS (Control Centre)RTUDynamic Asset RelayLine Power Sensors

• CommunicationRTU polled valuesThreshold AlertsReal time Ampacity readingsTransformer Control Signals (Cooling)

"




Transformer Environmentaland CT/VT

Sensors

DistributionManagement System

(DMS)

RTU(SCADA / 61850)

Ability to remotely monitor transmission line conditions (with line condition sensors that detect conductortemperature, line sag and wind speed / direction) to increase line capacity loading and control stability.

Control commands might disable / enable devices on given ratings

Type: PolledBandwidth: Low

Latency: non criticalResilience: medium

Jitter: non criticalSecurity: Low

Report Status

Type: EventBandwidth: Low

Latency: med criticalResilience: High


Report Fault Event

Type: ControlBandwidth: Low

Latency: med criticalResilience: medium

Jitter: non criticalSecurity: Medium

Control Commands

Dynamic Asset Relay(SCADA / 61850)

Type: Real timeBandwidth: Medium

Latency: med criticalResilience: Low


Real Time Ampacity

H a r d w i r e d H a r d w i r e d




Operational ControlCentre

RTU(FTP, SSH, SNTP)

Ability to remotely monitor transmission line conditions (with line condition sensors that detect conductortemperature, line sag and wind speed / direction) to increase line capacity loading and control stability.

Control commands might disable / enable devices on given ratings

Type: Ad HocBandwidth: Medium

Latency: non criticalResilience: Low

Jitter: non critical

Database Uploads

Type: Ad HocBandwidth: High

Latency: non criticalResilience: Medium


Firmware downloads

Type: Ad HocBandwidth: Low

Latency: non criticalResilience: medium


Device Configuration

Dynamic Asset Relay(FTP, SSH, SNTP)

Type: Polled

Bandwidth: LowLatency: med critical

Resilience: MediumJitter: med critical

Time Synchronisation

SNTP or IEEE 1588Clock Source




• FAN Overview • FAN Technologies

IEEE 802.15.4g/e RFIEEE P1901.2 NB-PLC

6LoWPANIPv6 BasicsRPLConnected Grid Mesh

• Distribution Automation in Multi-Services FAN• Network Services





IPv6/IPv4

UDP/TCP

IEEE 802.15.4e MAC enhancements

IPv6 RPL

Web Services, EXI, SOAP,RestFul,HTTPS/CoAP

• Open Standards – at all levels to ensure interoperability and reduce technology risk for utilities

• Future proofing – common application layer services over various wired and wireless communicationtechnologies

802.1x / EAP-TLS & IEEE 802.11i based Access Control

PhysicalLayer

IEEE 802.15.42.4GHz , 915, 868 MHz

DSSS , FSK, OFDM

IEEE P1901.2NB-PLCOFDM

IEEE 802.11Wi-Fi

2.4, 5 GHz, Sub-GHz

IEEE 802.3EthernetUTP, FO

2G, 3G, LTECellular

IEEE 802.16WiMAX

1.x, 3.xGHz

DataLink

Layer

IEEE 802.15.4including FHSS

IEEE P1901.2802.15.4 frame

format

IEEE 802.11Wi-Fi

IEEE 802.3Ethernet

2G, 3G, LTECellular

IEEE 802.16WiMAX

6LoWPAN (RFC 6282) IPv6 over Ethernet (RFC 2464) IPv6 over PPP(RFC 5072)

IP or EthernetConvergence SubL.

NetworkLayer

TransportLayer

ApplicationLayer

Addressing, Routing, Multicast,QoS, Security

Security (DTLS/TLS)

DNS, NTP, IPfix/Netflow, SSHRADIUS, AAA, LDAP, SNMP, ! (RFC 6272 IP in Smart Grid)

MeteringIEC 61968 CIM, ANSI C12.22,DLMS/COSEM, !

SCADAIEC 61850, 60870DNP3/IP, Modbus/TCP, !

LLC

MAC

Mgmt




IEEE 802.11 WirelessLAN (WLAN)

IEEE 802.15Personal AreaNetwork (PAN)

IEEE 802.16 WirelessBroadband Access

IEEE 802.22 WirelessRegional Area

Networks

WiFi802.11a/b/g/n

802.11ah (sub-GHz)

802.15.1 Bluetooth

802.15.4 Low RateWPAN

(2003-2006- 2011 )

802.15.4e-2012MAC Enhancement

802.15.4f PHY for RFID

802.15.4g-2012amendment Smart

Utility Networks

802.15.4c Sub-GHzPHY for China

15.4m Study GroupTV White Space

amendment

802.15.6 Body AreaNetworking

802.15.7 Visible LightCommunications




USA Canada

Chile Colombo Mexico

Argentina Uruguay

Venezuela 902-928MHz

4 W *

Source: CEPT - DKE 731.09r1 JSC

860 870 880 890 900 910 920 930 940 950 MHz850

Singapore2 W **

Singapore0.5 W **

S.A. 4 W **

China

2 W **

Thailand

2 W *

Europe IndiaHong-Kong

Iran UAE 2 W **

Malaysia

2 W **

Israel

2 W *

* e.i.r.p.** e.r.p.

Brazil902-907.5,

915-928 MHz

4 W *

840

China 2 W **

Japan (2012)915-930MHz

4 W*

0.5 / 0.02 W *licensed/

unlicensed

E.U CEPT new frequency bandsdiscussion (870-876MHz and

915-921MHz)

• Allocated Frequency bands• Licensed/unlicensed (ISM)• Transmit power• Time transmitting

Korea917-923.5MHz

4 W *

Australia915-928MHz

Hong-Kong920-924 MHz




• MAC layer: IEEE 802.15.4 compliant + 802.15.4eextensions

• 15.4g: frame size larger than 127 bytes• 15.4e: EB and EBR for network discovery• 15.4e: Enhanced ACK for security and information carrying• 15.4e: Information Elements (RSSI, Time synchronization)

• Novel channel hopping scheme• Per-node hopping sequence for maximum channel diversity

• Overlaid hopping sequence for multicasts

• PHY layer – IEEE 802.15.4g compliant• Operating Band: 902-928 MHz• Number of Channels: 64

•

Channel Spacing: 400 kHz• Modulation Method: Binary FSK• Baud Rate: 150 kbaud/sec• Bit Rate: 75 kbits/sec after overhead from Convolutional FEC• Output Power: 30 dBm• Regional filtering for countries only supporting a subset of 902-928MHz• Transmit power set-up for local regulations

Adaptation: 6lowpan (RFC 6282)

IPv6

UDP/TCP

PHY: IEEE 802.15.4gMR-FSK

MAC: IEEE 802.15.4eFHSS

Routing: RPL

Mgmt: CSMP

CoAP

802.1x / EAP-TLSbased Access Control Solution

Applications

Cisco Developer Network – IP Enabled Grid Devices : HW ref. model + SW SDK librarySmall footprint open standards IPv6-based communication stack




In Home

NarrowBand(NB-PLC)

Backhaul(B-PLC)

HomePlug Alliance

IEEE P1901 OFDM orWavelet

2-30MHz >100Mb/s

ITU G.9960G.9961

OFDM 2-30MHz >100Mb/s

HPGreenPHY

P1901certificationprofile

OFDM 2-30MHz Up to 3.8Mb/s

IEC 61334Prime (Iberdrola)

G3 (ERDF)SITRED (ENEL)

LonWorks (Echelon)

IEEE P1901.2 10-490kHz

ITU G.9955G.9956

Includes power lines, phone lines andcoaxial cables

G.9903 Was G3-PLC annexes

G.9904 Was Prime annexes

SAEISO

J2931/315118

Electric vehicles leveraging PLCstandards

Proprietary

IEEE P1901 Profile to address the first-mile/last-mile connection (<1500 m to thepremise)

IEEE P1901.2 MV communications

StandardsProprietary




• IEEE P1901.2 – Open standard for NarrowBand PLC! PHY & MAC layers definition – upper layers are open to IPv6-based standards

solution and evolution! Worldwide regions support – covers the full Low-frequency (below 500 KHz) PLC

communication spectrum! Use-cases extend beyond AMI - EV to charging station, street lighting, power

plugs, solar panels/inverters ! Enable MV/LV crossing – To be demonstrated! Aligned with IEEE 802.15.4g/e RF Mesh profile – 6LoWPAN (RFC 6282) as

adaptation layer and RPL (RFC 6550) for routing at Network layer – ease the mixof PHY/MAC technologies

• Chipsets vendors advertising IEEE P1901.2 PLC support on new generationchipsets, as PRIME and G3-PLC (different firmware), now available

• CGR 1000 NB-PLC interface

CGR 1120 – 3 phases, CGR 1240 – 1 phase




• Application Layer• Use case application from Vendor adopting the SDK• Management is part of the SDK libraries (CoAP/CSMP), including

firmware upgrade

• IPv6 protocol suite• DHCPv6 (RFC 3315) for Address auto-configuration

• RPL (RFC 6206, 6550, 6551, 6553, 6554, 6719) for IPv6 routing• IP QoS – 4 priority queues

• IEEE 802.1x and 802.11i based security

• 6LoWPAN Header Compression (RFC 6282)

• MAC layer: IEEE P1901.2 + IEEE 802.15.4e extensions• 15.4e: EB and EBR for network discovery• 15.4e: Enhanced ACK for security and information carrying• 15.4e: Information Elements (RSSI, Time synchronization)

• PHY layer – IEEE P1901.2 compliant• Phase 1 – CENELEC A band mandatory, B/C/D optional• Phase 2 – all World regions

Adaptation: 6lowpan (RFC 6282)

IPv6

TCP/UDP

PHY: IEEE P1901.2

MAC: P1901.2 + 802.15.4e extensions

Routing: RPL

Mgmt: CSMP

CoAP

Cisco Developer Network – IP Enabled Grid Devices : HW ref. model + SW SDK librarySmall footprint open standards IPv6-based communication stack

802.1x / EAP-TLSbased Access Control Solution

Applications




IP Services IPv6 Benefits

Addressing 128 bits, multiple scopes (global, private,link-local, ! )

Large address space, public orprivate infrastructure

Address Auto-configuration

Stateless, DHCPv6, renumbering, DHCPv6Prefix Delegation

Zero-touch configuration

Data Link Adaptationlayers

Ethernet, WiFi, ATM, FR, PPP, Sonet/SDH,6LoWPAN (802.15.4g, 1901.2), !

Media Diversity

Routing RIP, OSPF, IS-IS, E-IGRP, MP-BGP, RPL Reachability

IP Network &transport layer

Security

IPsec, TLS/DTLS, Filtering (ACL, firewall) Security, Data Integrity

Multicast MLD/PIM/Multicast MP-BGP,Scope Identifier

Software upgrade,Demand/Response, Dynamic

pricingQoS IPv6 QoS Differentiated Service Multi-Services network, SLA

Time Distribution NTP version 4 Secured Time Synchronization

Management DNS, IPfix/PSAMP, SNMP, CoAP ! Push/Pull Mgmt model, scalableend-points mgmt




• IETF 6LoWPAN WG – IPv6 over Low Power Personal Area NetworksInitially specified as an Adaptation layer for IPv6 over IEEE 802.15.4RFC 4919 – Overview, Assumptions, Problem Statement, and GoalsLeveraged by IEEE P1901.2 NB-PLC, Bluetooth Low Energy, etc

• RFC 4944 provisioned 3 functions inherent to an IEEE 802.15.4 subnet: IPv6Header Compression, L2 Fragmentation and L2 Mesh

• IPv6 Header Compression – defined in RFC 6282 (deprecating RFC 4944Header Compression scheme)

Does not rely on per-flow stateStateless compression (compact forms for redundant and commonly used values)Context compression (compact forms for IPv6 prefixes)

• Layer-2 Fragmentation as on IPv6, fragmentation is handled by source anddestination nodes or by Layer-2 adaptation layer.

• Layer-2 Mesh – just provisioning the function as the definition of Layer-2Mesh specifications is outside the scope of 6LoWPAN WG

• Neighbor Discovery Optimization for IPv6 over 6LoWPAN in RFC 6775




• RPL is a new Distance Vector routing protocol standardized by the IETF,specifically designed for Low Power and Lossy Networks (LLNs)

IETF RoLL WG defined a collection of RFCs to cover all identified use cases Adapted to nodes running over LLNs with little CPU and memory resources, lowbandwidth network interface, potentially battery powered

• RPL runs over IPv6-only as “Route Over”, guaranteeing the use of a variety ofdata links and route re-distribution with other IPv6 routing protocols

New routing metrics: Energy, latency, link reliability, node state, link color,!

• Support of various traffic flows

Multi-Point to Point – ie: meters to Head-end servers – upstream routePoint-to-MultiPoint – ie: Head-end servers to meters – downstream routePoint-to-Point – ie: Sensor to Actuator Utility

Facilities

IP WANRPL

Domain




1. Factory Configuration

2. Network DiscoveryBeaconing done every time the node boots, andcontinuously thereafter

3. CG-Mesh Access Controla) IEEE 802.1x Authentication (and RADIUS)b) IEEE 802.11 Key Deployment (CG-Mesh-

Security)Last 2 steps done at boot unless node alreadycached GTK (“warm start”)

Also done on migration to a new PAN, unless nodealready has cached GTK

4. Route DiscoveryRPL Default Route Selection (DIO)

5. IPv6 Address assignment – DHCPv6

6. Route RegistrationRPL Tree Formation (DAO)

7. CG-NMS Registration (CoAP/CSMP)

UtilityFacilities

IP WAN3 5 7




• Executive Overview


• Distribution Automation in Multi-Services FAN

• Network ServicesNetwork Management Services

Secure Zero Touch Router Deployment

Security Management Overview• Products and Roadmap




IETF CoRE WG

CoAP Overview• A specialized web transfer protocol for use

with constrained nodes (microcontrollers,Limited RAM and ROM) and constrainednetworks (e.g. LLNs) with low data rate

HTTP-like GET/POST for resource objects overUDP4-byte binary protocol header, then options and data

• Request/Response

• Small Message Overhead

• Supports Multicast

• Supports Asynchronous Messaging

• May also work in proxy mode (HTTP-CoAP)Not supported on CG-NMS or CGR 1000

Client Server Client Server | | | | | CON tid=47 | | CON tid=53 | | GET /foo | | GET /baz | +---------------->| +---------------->| | | | | | ACK tid=47 | | ACK tid=53 | | 200 "<temp... | | 404 "Not... | |<----------------+ |<----------------+ | | | |

IP WAN

Cisco CG-NMSServer, DB

CG-NMS communicates with CGEusing CoAP over IPv6




CSMP Overview – a CoAP-based protocol and data model forremote management of embedded networking devices running inlarge-scale constrained networks

CG-NMS uses CSMP (CoAP Simple Management Protocol) overUDP port 61624 over IPv6 to directly communicate with CGEs

CG-NMS CSMP functions• Registration – CGEs contact CG-NMS after joining network

• Provisioning – CGEs retrieve configuration from CG-NMS after registration

• Metrics – CGEs periodically push network performance and routing informationto CG-NMS after configuration

•

Configuration – CG-NMS can push new configuration and group info to CGEs• Firmware Update – CG-NMS can push new communication module firmware to

CGEs

All CSMP Messages from CG-NMS to CGEs are Signed by CG-NMS andVerified by CGEs

AMI Operations




RF Mesh (or PLC)Neighborhood Area Network

Cisco ConnectedGrid Endpoints

Head-end Tunnel’saggregation routers

Public or PrivateWAN Backhaul

CGR 1240 CGR 1120

GISInternetservice

SCADA servers, Historian, etc

Head-End System, OutageReporting System, Meter Data

Management, etc.

AMI Operations

DA Operations

CG-NMSOracle Database

Web UI Module

CSMPprotocolModule

SOAP APIModule

North bound APIsand Syslogs

CGE DeviceModule

CGR1000protocolModule

CGR 1000Device Module

NetconfprotocolModule

ASR 1000Device Module

Inventory Properties Metrics Events Rules !

!




Public or PrivateIP WAN

AAA Server CA Server

RA Server

Cisco CG-NMSServer, DBIPAM (DNS/DHCP)Directory Services

TunnelProvisioningService (TPS)

ASR 10002

2. CGR1000 enrolls certificates through SCEP. After a successful authentication, CGR 1000can communicate with the TPS

3. CGR1000 communicates with TPS using Callhome configuration over HTTPS. TPSterminates the connection and forwards the request to CG-NMS over another HTTPSconnection

2

3

3





AAA Server CA Server

RA Server



ASR 1000

7

7. CGR1000 opens new HTTPS connection to registration service in CG-NMS, sendsdiscovery information over the IPsec tunnel

8. CG-NMS downloads CGR 1000 configuration and stop registration

8





AAA Server Certificate

Authority Server

RegistrationAuthority Server



ASR 1000

Securehandheld with

utility technician

• Mesh Access Controlusing 802.1x, EAP-TLS, certificates

• Link-Layer encryptionwith AES-128

• IPSec encryption over WANbackhaul with traffic segmented

• IP ACL

• IEC 62351-8 (RBAC)• HSM HW

• IEEE 802.1AR• X.509 Cert

FW and IPS

Vulnerability management – CERT, PSIRTCisco Secure Development Lifecycle (CSDL)

Devices protection (HW & SW)Electronic Security Perimeter network design




• FAN Overview


• Distribution Automation in Multi-Services FAN






Resiliency• IEC 61850-3 & IEEE1613 compliant• Natural cooling convection

• Chassis-Integrated Heat sink• No moving parts• Automatic failover from DC to AC(indoor model), from AC to battery

(outdoor model)• Extended Temperature RangeSupport

Multi-Services Field Area Routers• Indoor (CGR 1120) & outdoor(CGR 1240) ruggedized modular chassis• Dual-stack (IPv4/IPv6) routers• RF & NB-PLC Mesh support – AMIand DA use cases• Ethernet & Serial support – SCADAUse cases• Choice of WAN backhaul: WiMAX,Ethernet/Fiber, Cellular (3G, CDMA)• 3 rd party radio hosting readiness

(CGR 1240 only)

Pervasive Security• HW integrity: IEEE 802.1AR• X.509 Certificate-based identity• IEEE 802.1x & 802.11i Access Control• RF & PLC Mesh Security• WAN encryption through IPsec

Multi-Services Feature Set• Segmentation and Prioritizationof traffic – QoS• SCADA traffic – encapsulation andProtocol translation• Zero-touch provisioning for easingScalable field deployment• Comprehensive remote managementSolution• 3 rd party application integration readiness




SCADA Use Cases• Raw TCP Socket – Serial SCADAProtocols encapsulation over IPv4

•

IEC 60870-5-101 to 60870-5-104protocol translation• PPP/CHAP – IPv4 over SerialInterfaces connectivity• IEC 60870-5-104, DNP3/IP,ModBus/TCP or IEC 61850 MMS overEthernet L3 interfaces• IEC 61850 GOOSE/SV over EthernetL2 and WAN (L2TPv3) in future releases

Multi-Services Field Area Routers• IPv4/IPv6 Unicast & Multicast forwarding• IPv4/IPv6 QoS – traffic prioritization• Routing – OSPFv2/OSPFv3, Static

Routes, Object Tracking, PIMv6,MP-BGP (future)• DHCPv6 relay• NTPv4• VRF-Lite (future)

AMI Use cases• 6LoWPAN-based RF Mesh andNB-PLC Mesh support• IPv6 RPL routing for Mesh networks• Power Outage Notification• RPDON• ANSI C12.22 Relay (Itron non-IP Mesh)

Network & Security Management• NetConf, XML, CG-DM, SNMP, EEM

•

Smart Call Home• SSH, HTTPS, RADIUS, TACACS+• IPsec Tunnels over WAN• Role-based Access Management• 802.1x Supplicant + mesh enhancements for 802.1x• Mesh Access Control using certificates andgroup mesh keys• Router-based Access Lists (L3-L4 ACLs)• Wi-Fi Security using 802.1x, WPA2




• Dimensions: 30.48 cm (H) x 22.86 cm (W) x 21.59 cm (D) = 12”

(H) x 9.0”

(W) x 8.5”

(D)

• Antennas shown above are optional; can be deployed with external antennas

Ethernet Switch2GE WAN (Cu or

SFP), 4FE LAN

4 Module Slots

Integrated Antennas for RF Mesh, WiMAX, 3G, Wifi

AC Power Supply

2 RS 232 / RS485 Serial ports

BatteryBackup

GPS Antenna

<%=4%7 >%):,?@ABCD E7#2,+/

F4))+7%'+79 @ABC G,:+/(+,?FHIJKD 1.((+1,./




Functionality DescriptionForm Factor NEMA 4 / IP 67 Enclosure with pole mount brackets

Compliance IEEE 1613 and IEC 61850-3

Modular Architecture 4 communication module slots

On board Ethernet Interfaces 4 x 10/100 RJ-45 + 2 x 1G SFP ports

On board Serial ports 2 x DB-9 (RS232/RS422/RS485)

On Board WiFi 802.11b/g/n

On Board GPS Yes Self enclosed Unit Integrated Battery back up and Battery charging / management circuit

3rd party radio hosting Integrated mounting bracket, 12 VDC power output (12W)

Power Options 120-240 VAC, 12/24/48 VDC (future)

Digital Alarm (Input/Output) 2 Digital Inputs / 2 Digital Outputs

SD Flash Removable flash card for image, config storage

Real time clock Yes

USB ports Two type A USB host ports

Console/AUX port One RJ45 port

Temperature Range -40 ºC to +70 ºC (- 40 ºF to 158 ºF) with type test to 85C (16 hours)

IRIG-B timing output BNC connector



Thank you.

4. cisco da and ami v01

Documents