Download - Wireless V
30.04.2013
Lukas Krammer
Institute of Automation
Automation Systems Group
Vienna University of Technology
Vienna, Austria
https://www.auto.tuwien.ac.at
Wireless in Automation WirelessHART, ISA100
Wireless in Automation Wireless in Automation
WirelessHART
ISA 100
ISA 100.11a
Outline
Wireless in Automation Wireless in Automation
Role of WirelessHART
Application layer
…
Network layer
Data link layer
Physical layer
6LoWPAN
Today Today!
Wireless in Automation Wireless in Automation
Idea of HART
Extending the analogue 4-20mA current loops with a digital interface
Backward-compatible to analogue signal exchange
WirelessHART adds additional Physical Layer (PHY) and Data Link Layer (DLL) to the HART communication stack
Transport Layer and Application Layer (AL) are compatible to both media
AL based on HART Commands (Master-Slave)
WirelessHART
Wireless in Automation Wireless in Automation
Highway Addressable Remote Transducer (HART) developed in the 1980ies
First standard specified in 1989 by the HART Communication Foundation (HCF)
Since 2007 part of IEC 61158 (Fieldbus)
HART was extended by a wireless interface in 2007
In 2010 WirelessHART was standardized by the International Electrotechnical Commision (IEC) IEC 62591
WirelessHART: History
Wireless in Automation Wireless in Automation
Reliability
Channel hopping (16 channels)
Blacklisting of (bad) frequencies
Time synchronization (via ACK packets)
TDMA medium access
Mesh networking
Frequent route changes of packets
Security
“Always-on” Encryption, verification, authentication
AES 128-based
Key hierarchies and key management by security manager
WirelessHART: Design Goals
Wireless in Automation Wireless in Automation
Wireless protocol for industrial automation
Extension to wired HART protocol
Partially based on IEEE 802.15.4-2006 (PHY)
Deterministic communication ( TDMA)
Maintained by the HART Communication Foundation
Important product manufacturer
ABB
Siemens
Emerson
WirelessHART: Features
Wireless in Automation Wireless in Automation
WirelessHART: Network Elements I
Field Devices
Routing capabilities mandatory
Send and receive data
Adapter
Connection to an existing wired HART network
Gateway
Connects HART network to the plant automation network
Depends on the specific protocol (e.g., Industrial Ethernet)
Not necessarily wireless
Unique clock source
Wireless in Automation Wireless in Automation
WirelessHART: Network Elements II
Access Points
Provide access to the wireless network
Connected with the Gateway
Not necessarily by WirelessHART (e.g., Ethernet, WiFi)
Network Manager
Exactly one Network Manager in the network
Network configuration
Scheduling, Routing
Security Manager
Management and distribution of keys
Handheld
Wireless in Automation Wireless in Automation
Only mesh topology
Gateway, Network Manager and Security Manager possibly in one device
WirelessHART: Topology
Wireless in Automation Wireless in Automation
Wireless HART: Protocol Stack
Wireless in Automation Wireless in Automation
Partially based on IEEE 802.15.4-2006
Only 2.4GHz frequency band (15 channels)
Transmit power up to 10dBm (10mW)
Channel hopping
Physical channel is changed for each transmission
Clear channel assessment
Checks if the channel is “free” before sending
WirelessHART: Physical Layer
Wireless in Automation Wireless in Automation
Time diversity
Time Division Multiple Access (TDMA)
Fixed timeslots
Deterministic communication
Frequency diversity
Channel hopping
Channel blacklisting
Based on Superframes
Increases Availability and Reliability
WirelessHART: DLL: Medium Access Control
Wireless in Automation Wireless in Automation
Channel selection based on
Absolute Slot Number (ASN)
Unique, monotonically increasing slot number
Number of active channels
Blacklisting #active channels <= #physical channels
Channel offset
Logical channel number
Active Channel = (ChannelOffset + ASN) mod #active channels
WirelessHART: DLL: Medium Access Control
Wireless in Automation Wireless in Automation
Superframes and Slots
Each slot has a fixed length of 10 ms
Each superframe has a predefined length
Multiple distinct superframes possible
All superframes are repeated periodically
Slot_number = ASN mod #slots_in_superframe
Communication links
Tupel: (superframe, slot #, channel offset)
Distinction between broadcast, join, discovery
WirelessHART: DLL: Medium Access Control
Wireless in Automation Wireless in Automation
WirelessHART: DLL: Medium Access Control
Channel
Time
11
12
26
Superframe x Superframe y
...
... ...
...
Link: (superframe, slot-number, channel-offset)
Wireless in Automation Wireless in Automation
Slots and superframes are assigned by the Network Manager
Slots can be shared channel access via CSMA/CA is used
Slots at the same time possible slot with the lowest ID is elected
Designated superframes
Management superframe (6400 slot)
Slots for keep-alive
Slots for join request/response
Slots for ad-hoc request/response
Specical purpose slots (e.g., blocktransfers, handhelds)
Gateway superframe (40 slots)
WirelessHART: DLL: Scheduling
Wireless in Automation Wireless in Automation
Distinction between two types of traffic
Periodic transfer
Sporadic transfer
A data transfer requires
One slot for the first transmission
One slot for a possible retry (different channel)
One slot on another path for a second retry
WirelessHART: DLL: Data Transfer
Wireless in Automation Wireless in Automation
Similar to IEEE 802.15.4
Unique 64 Bit IEEE extended address (IEEE EUI 64)
2 Byte short address (unique within the network)
2 Byte network ID
WirelessHART: DLL: Addressing
Wireless in Automation Wireless in Automation
Data receive service
Indication
Data transfer service
Request, indication, confirmation
Event service
Connect, disconnect
Management service
Set, Get parameters
Security
Only Authentication (no encryption)
QoS Priorites
WirelessHART: DLL: Services
Wireless in Automation Wireless in Automation
Discovery
Advertisement
Keep-alive
Also used for time synchronization
Time synchronization
Gateway acts as ultimate time source
Gateway synchronizes with Access Point(s)
Not specified in the standard
Difficult if APs are not directly reachable
Tree based clock adjustment
Time difference between keep alive message and ackn.
WirelessHART: DLL: Maintenance
Wireless in Automation Wireless in Automation
NL Responsible for
Routing
Block data transfer
Acknowledged Broadcasts
End-to-end acknowledgement
End-to-end security
TL Point of convergence between HART and WirelessHART
WirelessHART: Network and Transport Layer
Wireless in Automation Wireless in Automation
Defined by Network Manager
Different routing mechanisms
Source routing
Route is determined in the data packet
Used to exchange data between Field Devices
Exceptional case
If a node on the route fails message is lost
WirelessHART: NL/TL: Routing I
Wireless in Automation Wireless in Automation
Graph routing
Normal routing technique
Only for hierarchical data exchange
Gateway Field Device, Field Device Gateway
Field Device Field Device
Network Manager defines graphs
Graphs uniquely identified by Graph ID
Redundant paths
Multiple graphs in a network
One graph per final destination
Each node has its local view of the graph (final destination, outgoing edges)
WirelessHART: NL/TL: Routing II
Wireless in Automation Wireless in Automation
Superframe routing
Similar to graph routing
Superframes defined by the network manager
Destination address belongs to a specific superframe
Membership of a node to a specific superframe is defined by the network manager
If a node receivers a message in the specific superframe message is forwarded in the same superframe
Implicit graph routing
Superframe ID instead of Graph ID
WirelessHART: NL/TL: Routing III
Wireless in Automation Wireless in Automation
Proxy routing
Neighbors are used as proxy for routing
Messages are routed from/to the proxy by graph or source routing
Additional field in the packet header specifies real originator/receiver
Used for advertisement messages of new devices
Broadcast routing
Special graph
One source
At least one path from the source to any other node
WirelessHART: NL/TL: Routing IV
Wireless in Automation Wireless in Automation
Compliant with wired HART (HART command structure)
Different categories
Universal commands (mandatory)
Every HART/WirelessHART device must support these commands
Wireless commands (mandatory for wireless devices)
Specific commands for managing wireless networks
Common practice commands (optional)
Standardized device-independent commands
Device family commands
Device-specific commands (outside HART spec.)
WirelessHART: Application Layer
Wireless in Automation Wireless in Automation
Security is mandatory
Uses CCM* mode in combination with AES-128 (similar to ZigBee)
End-to-end security and/or hop-to-hop security
Key generation and management by “plant wide” security manager
Not defined by specification
Key distribution by security manager
WirelessHART: Security
Wireless in Automation Wireless in Automation
Join key
Used to join a WirelessHART network
Initial secret i.e., distributed during configuration
Session key
Used for end-to-end communication between two devices
Network key
Used for hop-to-hop security
WirelessHART: Security
Wireless in Automation Wireless in Automation
WirelessHART: An Example
Set network ID
Set network password
Set security level
define join process
define network and session security
Enter Join password
Enter Network ID
Update rate
Configure as needed
NM
In the Shop
System
Wireless in Automation Wireless in Automation
WirelessHART: An Example
NM
System
Initiate Join
Request
Wireless in Automation Wireless in Automation
WirelessHART: An Example
NM
System
Wireless in Automation Wireless in Automation
WirelessHART: An Example
NM
System
Point to Point Topology
The Network Manager provides new schedule and routing information to
all devices as new devices join the network
Wireless in Automation Wireless in Automation
WirelessHART: An Example
NM
System
The Network Manager provides new schedule
and routing information to all devices as new
devices join the network
Mesh Topology Point to Point Topology
Wireless in Automation Wireless in Automation
Role of ISA 100
Application layer
…
Network layer
Data link layer
Physical layer
6LoWPAN
ISA100.11a
Wireless in Automation Wireless in Automation
International Society of Automation (ISA)
ISA 100 committee
400+ automation professionals
250+ companies
Goal: Establish standards and related information for wireless industrial systems
Family of several complementary standards
ISA 100
Wireless in Automation Wireless in Automation
Single application layer for tunneling and native ISA
Support of multiple existing application protocols
HART, Fieldbus Foundation, Devicenet, Profibus, ...
WirelessHART, RFID, WiFi 802.11, UWB, ...
ISA 100.15
Wireless in Automation Wireless in Automation
Wireless sensor network for industrial applications
Similar to WirelessHART (concurrent technologies)
Based on IEEE 802.15.4-2006 (partially)
Supports deterministic communication (TDMA)
ISA 100.11a: Overview
Wireless in Automation Wireless in Automation
Input/Output device
Acts as sensor or actuator
No routing capabilities
Router
Capable for routing
Not necessarily equipped with I/Os
Backbone router
Routing to the backbone network
Gateway
Connection to the plant automation network
ISA 100.11a: Network Elements I
Wireless in Automation Wireless in Automation
System Manager
Controls the whole network
Manages network devices and communications
Security Manager
Provides secure operation
Manages key exchange and distribution
System Time Source
Acts as master clock
Every device has to be synchronized
ISA 100.11a: Network Elements II
Wireless in Automation Wireless in Automation
ISA 100.11a: Topology
Different topologies possible
Star, mesh, star-mesh
Gateway, System Manager and Security manager possibly in one device
Wireless in Automation Wireless in Automation
ISA 100.11a: Protocol Stack
Routing at data link layer (within the mesh)
Network layer influenced by 6loWPAN (IPv6)
Wireless in Automation Wireless in Automation
Partially based on IEEE 802.15.4-2006
Similar to WirelessHART
Only 2.4GHz frequency band (15 channels)
Channel hopping
Two different mechanisms
Clear channel assessment
Checks if the channel is “free” before sending
ISA 100.11a: Physical Layer
Wireless in Automation Wireless in Automation
Time diversity
Time Division Multiple Access (TDMA)
Timeslots with variable length
Deterministic communication possible
Frequency diversity
Channel hopping
Fixed channel patterns (e.g., 19, 12,20,24…)
Based on Superframes
Variable length of slots and superframes
ISA 100.11a: Data Link Layer
Wireless in Automation Wireless in Automation
Different types of channel hopping
Slotted hopping: one message per slot deterministic
Slow hopping: slot shared among a group of devices CSMA/CA channel access
Hybrid forms possible
ISA 100.11a: DLL: Channel Hopping
Wireless in Automation Wireless in Automation
Routing at DDL (!)
Only inside the mesh
Graph routing
Based on health reports of all devices
Managed by the System Manager
Redundant paths possible
Source routing
Routing mechanisms similar to WirelessHART
ISA 100.11a: DLL: Routing
Wireless in Automation Wireless in Automation
Influenced by the Internet Engineering Task Force (IETF) 6LoWPAN specification (RFC 4944)
Different addressing modes
128 Bit long address (IPv6)
16 Bit short address
NL handles translation between different addresses
Responsible for fragmenting and reassembling of packets
Routing to the backbone network (IPv6) is maintained at NL
Inter-networking routing (mesh-to-mesh routing)
ISA 100.11a: Network Layer
Wireless in Automation Wireless in Automation
Transparent transfer of data between end systems or hosts
Responsible for end-to-end error recovery
The functions offered by the transport layer
Reliable/unacknowledged service
Enhanced-secure/basic-secure service
Flow control
Segmentation / Reassembly
Management topics
Uses connectionless User Datagram Protocol (UDP)
Extended with optional compression
ISA 100.11a: Transport Layer
Wireless in Automation Wireless in Automation
Based on CCM* in conjunction with AES-128
Asymmetric encryption possible
Many security features are optional
Security at different levels
One-hop security at DDL
End-to-end security at NL
Advanced security mechanisms above IP-level
Keys managed by the Security Manager
ISA 100.11a: Security
Wireless in Automation Wireless in Automation
Different types of keys
Data link key
Used for message authentication (MAC/MIC) at DDL
No payload encryption
Master key
Shared between Security Manager and device
Session key
Used for normal data transmissions
ISA 100.11a: Security: Keys
Wireless in Automation Wireless in Automation
Next week
RFID, WISA, Z-Wave, EnOcean KNX-RF
Outlook