DATA CONCENTRATOR - addgrup.com · IEC 61010-1 Safety requirements for electrical equipment for...

© 2017 All Rights Reserved www.addgrup.com

RTR8S.LX-X-X

DATA CONCENTRATOR

add new tech to your business!

Tec

hn

ica

l D

escr

ipti

on

http://www.addgrup.com/

RTR8A.L-X-X Data Concentrator Technical Description 1

Contents 1. Overview ................................................................................................................................................ 5

1.1. Purpose ............................................................................................................................................... 5

1.2. ADDAX.Net components .................................................................................................................. 5

2. Specifications ......................................................................................................................................... 7

2.1. DC Designation and Modifications .................................................................................................... 7

2.2. Technical specifications ..................................................................................................................... 8

2.3. Standards ............................................................................................................................................ 9

3. DC Design ............................................................................................................................................ 11

3.1. DC structure ..................................................................................................................................... 11

3.2. DC indication ................................................................................................................................... 11

3.3. External interfaces ............................................................................................................................ 12

4. Data Concentrator Functions ................................................................................................................ 14

4.1. Overview .......................................................................................................................................... 14

4.2. Main functions of DC ....................................................................................................................... 14

4.3. Concepts of communication ............................................................................................................. 15

4.3.1. Main features .................................................................................................................................... 15

4.3.2. PL LV communication details .......................................................................................................... 15

4.3.3. Addressing ........................................................................................................................................ 16

4.3.4. Data exchange .................................................................................................................................. 17

4.3.5. Device detection and registration ..................................................................................................... 17

4.3.5.1. PRIME network ........................................................................................................................ 17

4.3.5.2. G3-PLC network ...................................................................................................................... 18

4.3.6. Device unregistration ....................................................................................................................... 19

4.3.6.1. PRIME Network ....................................................................................................................... 19

4.3.6.2. G3-PLC Network ..................................................................................................................... 19

4.3.7. Reaching remote meters ................................................................................................................... 19

4.3.7.1. PRIME repetition mechanism .................................................................................................. 19

4.3.7.2. G3-PLC hopping process ......................................................................................................... 20

4.3.8. Time synchronization ....................................................................................................................... 21

4.4. Data collection .................................................................................................................................. 21

4.5. Parameterization ............................................................................................................................... 21

4.6. Data storage ...................................................................................................................................... 22

4.7. Firmware update ............................................................................................................................... 22

4.8. Security features ............................................................................................................................... 22

4.8.1. Storage of security materials ............................................................................................................ 22

4.8.2. Secure boot ....................................................................................................................................... 23

4.8.3. Software updates .............................................................................................................................. 23

4.8.4. Securing communication with HES ................................................................................................. 23

4.8.5. Securing communication with meters .............................................................................................. 23

4.8.6. Role-based secure DCU access ........................................................................................................ 23

4.8.7. Mitigation of Denial-of-Service attacks. .......................................................................................... 24

4.8.7.1. DLMS/COSEM DOS attack..................................................................................................... 24

4.8.7.2. P3.2 DOS attack ....................................................................................................................... 24

4.8.7.3. Wrong password connection attempts ...................................................................................... 24

RTR8S Router/Data Concentrator Technical Description 2

©ADD-GRUP Document version 1.1

4.9. Alarm handling ................................................................................................................................. 24

4.10. DC logging ....................................................................................................................................... 24

5. DC Maintenance ................................................................................................................................... 26

5.1. DC installation procedure ................................................................................................................. 26

6. Annex. References ................................................................................................................................ 29



Revision History Version Description Author Date Comments

1.0 Original document Keloglu Olga 22.05.2017

List of Figures Fig. 1 Architecture of the ADDAX metering system with (a) VPN tunnel between

DC and HES through GPRS, (b) private APN communication, and (c)

conventional communication through Ethernet

Fig.2 DC board assembly

Fig.3 Front panel of the DC (example).

Fig.4 PL LV protocol stack

Fig.5a Data exchange between HES and PRIME meter

Fig.5b Data exchange between HES and G3 meter

Fig.6 Source repetition mechanism

Fig.7 Functioning of the LOAD protocol

Fig.8a General form and overall dimensions of RTR8S

Fig.8b Mounting dimensions of RTR8S

Fig.9 Diagram of device connectors for RTR8S.LG (example).



Basic terms and abbreviations

IPSec a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used

during the session. IPsec can be used to protect data flows between a pair of hosts (e.g. computer users or servers), between a pair of security gateways (e.g. routers or firewalls), or between a security gateway and a host. IPSec can use preshared keys for authentication. Preshared means that the parties agree on a shared, secret key that is used for authentication in an IPSec policy.

Domain Name

System (DNS)

a system for converting host names and domain names into IP addresses on the Internet or on local networks that use the TCP/IP protocol.

Dynamic Host

Configuration

Protocol (DHCP)

a function in software that automatically assigns temporary IP addresses to

client machines logging into an IP network. Residing in the router or a server, DHCP eliminates the need to manually assign permanent "static" IP addresses to devices.

Network Time

Protocol (NTP)

a protocol for synchronizing the clocks of computer systems over packet-switched, variable-latency data networks.

Access point

name (APN)

Identifies an IP packet data network (PDN), that a mobile data user wants to communicate with. In addition to identifying a PDN, an APN may also be used to define the type of service, (e.g. connection to wireless application protocol (WAP) server, multimedia messaging service (MMS)), that is provided by the PDN. APN is used in 3GPP data access networks, e.g. general packet radio

service (GPRS), evolved packet core (EPC).

Network Address

Translation (NAT)

the process of modifying network address information in datagram (IP) packet headers while in transit across a traffic routing device for the purpose

of remapping one IP address space into another

DC Data concentrator

HES Head-End System

LNID Local Node Identifier

PNPDU Promotion Needed PDU

BPDU Beacon PDU



1. Overview

This Technical Description provides an overview of the technical and functional characteristics

of RTR8S.LG-4-1 Data Concentrator (hereinafter DC), which supports both PRIME and G3-PLC

standards.

The DC being a network device provides 2-way data transmission between end-point devices

in electricity consumption network and the HES.

1.1. Purpose

The DC registers devices and coordinates the data exchange within the network. Thereby,

secured and robust delivery of address data is provided.

The data concentrators are used as main communication equipment of ADDAX metering

system. The data concentrator supports both communication and application specific

functions.

1.2. ADDAX.Net components

Figure 1 illustrates architecture of the overall ADDAX metering system. Main components of

the system are:

Head-End System (HES) – server with installed specialized software for collecting and

processing data.

Fig. 1 Architecture of the ADDAX metering system



Communication equipment - DC version 8 intended for data collection, storage,

network device control and some other application functions.

End point metering equipment - 1- phase and 3-phase electricity meters.

Balance meter - to create an accurate energy balance and detect the imbalance on the

distribution network, distinguish technical losses and fraud attempts.



2. Specifications

2.1. DC Designation and Modifications

ADDAX RTR 8 S . LX - X - X

ADD Data

Concentrator

System version

Slim

Communication type

Model (1-N)

Version (1-N)

Fig.2 DC designation

Model and version represents order index. The DC supports the following communication types:

L – PL LV

G – 2G (GSM/GPRS)

U – 3G (UMTS)

F – 4G

The DC supports the following extension ports:

Ethernet,

USB Host,

USB Device,

RS-485



2.2. Technical specifications

The DC technical specifications are presented in tables below.

Table 2.1. Technical specifications

Parameter Value

Nominal voltage

3230/400 V

Supply voltage 85-440 V

Frequency 50(60) Hz ± 2%

Clock accuracy (at 25°C), not more than 0.5 s /24 h

Maximum active consumed power 12 W

Average total consumed power 25 VA

Operation temperature range -40°C ... +70°C

Storage and transportation temperature -40°C ... +70°C

Mean lifetime, not less than 20 years

IP rating IP54

Mean time between failures

(at fault probability of 0.8)

24 000 hours

Dimensions 241x170x90 mm

Mass, not more than 1 kg

Table 2.2. DC Inherent power consumption per phase

active energy,

not more than (W)

total energy,

not more than (VA)

DC without communication overhead 2 10

including communication via PL 3 10

including communication via PL and

external modem 4 10

20%25%



2.3. Standards

Data Concentrator meets the requirements of the following international standards:

Safety

IEC 61010-1 Safety requirements for electrical equipment for measurement,

control and laboratory use, Part 1 general requirements.

IEC 60529 Degrees of protection provided by enclosures

IEC 60695-2-2 Fire hazard testing. Part 2-11: Glowing/hot-wire based test

methods-Glow-wire flammability test method for end-products

EMC and Immunity

IEC-55022 Limits and methods of measurement of radio disturbance

characteristics of information technology equipment

IEC 61000-4-1 Testing and measurement techniques - Overview of IEC 61000-4

series

IEC 61000-4-2 Testing and measurement techniques - Electrostatic discharge

immunity tests. Basic EMC publication

IEC 61000-4-3 Testing and measurement techniques - Radiated, radio-frequency,

electromagnetic field immunity test

IEC 61000-4-4 Testing and measurement techniques - Electrical fast

transient/burst immunity test. Basic EMC publication

IEC 61000-4-5 Testing and measurement techniques - Surge immunity test

IEC 61000-4-6 Testing and measurement techniques - Immunity to conducted

disturbances, induced by radio-frequency fields

IEC 61000-4-8 Testing and measurement techniques - Power frequency magnetic

field immunity test. Basic EMC publication

IEC 61000-4-11 Testing and measurement techniques Voltage dips, short

interruptions and voltage variations immunity tests. Basic EMC

publication

IEC 61000-4-12 Testing and measurement techniques - Oscillatory waves

immunity test. Basic EMC publication

IEC 61326-1 Electrical equipment for measurement, control and laboratory use

- EMC requirements IEC 60060, series High-voltage test

techniques

ETSI EN 300 220-

1:2000

Electromagnetic compatibility and Radio Spectrum Matters (ERM).

Radio Equipment to be used in the 25 MHz to 1000 MHz frequency

range with power levels ranging up to 500 mW. Part 1: Technical

characteristics and test methods

Environmental conditions

IEC 60721 Classification of environmental conditions. Limit range of

operation: from -30о С to +50о С. Limit range for transportation

and storage: from -40о С to + 60о С

IEC 60068 Environmental Testing:



IEC 60068-2-1:1990 Part 2:Tests-Test A: Cold

IEC 60068-2-2:1974 Part 2: Tests – Test B: Dry heat

IEC 60068-2-6:1995 Part 2: Tests – Test Fc: Vibration (Sinusoidal)

IEC 60068-2-11:1981 Part 2: Tests – Test Ka: Salt mist

IEC 60068-2-27:1987 Part 2: Tests – Test Ea and guidance: Shock

IEC 60068-2-75:1997 Part 2: Tests - Test Eh: Hammer test

Marking

IEC 62052-11:2003 Electricity metering equipment. General requirements, tests and

test conditions

PRIME specifications ITU-T G.9904. Narrowband orthogonal frequency division

multiplexing power line communication transceivers for PRIME

networks

G3-PLC specifications ITU-T G.9903-201402. Narrowband orthogonal frequency division multiplexing power line communication transceivers for G3-PLC networks



3. DC Design

3.1. DC structure

DCM has a modular structure and comprises the following main units:

Microcontroller (СPU) board with a replaceable battery, which maintains real time

clock and control of opening sensors in case of power outages. Battery ensures time

stamping of opening sensors triggering. Battery lifetime – not less than 20 years.

Base Supply Unit - Ensures device operation in normal conditions.

Backup supply unit – comprises capacitor bank. Reserve supply unit supports the

following features.

o for the whole system sustains the operation for 10 s on power off that allows

processor to store all the necessary data and shut down in a proper way;

o connection option to an external uninterruptible power supply (UPS).

PL LV – modem – ensures communication over PL LV. It is integrated on the same

board with the base supply unit.

3GPP modem and external antenna.

3.2. DC indication

The DC state is indicated by a number of light emitting diodes (LEDs) as follows:

Indicator LED Indication State

Indicator of power

supply

Power Not lit No power supply

Lit There is power supply

CPU indicators CPU on Not lit Controller is turned off

Lit Controller operates

Blinking Failure

Eth Link Not lit No connection to Ethernet

Lit There is connection to Ethernet

Indicator of

backup supply

UPS Not lit External supply unit is not connected

Lit External supply unit is connected

LV indicators LV1 Not Lit Modem is turned off or does not operate

Lit Modem is turned on

Cellular indicators 3GPP

(GSM etc.)

Not Lit Modem is turned off or does not operate

Lit Modem is turned on



Figure 3 shows the front panel of RTR8AS.LU as an example:

Fig. 3. Front panel of the DC.

3.3. External interfaces

The main set of external interfaces comprises:

Ethernet

10/100

Base-TX

Standard interface for Ethernet connection;

USB/A standard Full Speed Host Interface USB2.0 (12 Mbps), the socket is

located on the front bar of the main controller;

USB/B standard Full Speed Device Interface USB2.0 (12 Mbps), the socket is

located on the front bar of the main controller;

RS-485 isolated serial interface for external devices connection (e.g. external

modem, meter etc.)

Interface

for UPS

Interface for external UPS (12..24V) connection.

PL LV PLC data transmission over 0,4 kV power lines based on OFDM/G3-PLC

modulation technics. This interface is connected to the three-phase

electricity distribution network with voltages of 85-440 V through the R7PLP

board connector on the front bar of the circuit board of the three-phase

Power Line LV modem. The socket connection of the 3-phase network is

presented in Fig. 8



3GPP wireless data transmission in 2G/3G/4G networks, features SIM card slots

and socket for connecting an external antenna. Supports automatic switching

between 2G/3G/4G communications in order to provide communication on a

better signal:

2G bands

UMTS 800 MHz;

GSM 850 MHz EGSM 900 MHz DCS 1800 MHz PCS 1900 MHz

Data rates: 118.4 kbps uplink and 236.8 kbps downlink

3G bands

B1 (2100 MHz)

B2 (1900 MHz) B6 (800 MHz) B8 (900 MHz)

3G data transfer rates: 384 kbps uplink /downlink 3.5G data transfer rates: 5.76 Mbps uplink and 7.2 Mbps downlink

4G bands

B1 (2100 MHz); B3 (1800 MHz)

Data rates: 50 Mbps uplink and 100 Mbps downlink



4. Data Concentrator Functions

4.1. Overview

DC provides a link between a Head-End System (HES)/Backend systems and end-point

devices, (such as meter, remote display etc.), collects metering data, sends them to HES,

stores the data, and performs a number of application functions. DC is usually placed in a low

voltage substation.

4.2. Main functions of DC

DC represents a device, which operates as a router and Data Concentrator. Main functions of

DC are listed in the table below in brief:

Network device

control

Detection of new/lost devices, deleting devices, data exchange

Time synchronization Synchronization of DC clock time with system time by NTP server

Continuous remote meter clock synchronization.

Data collection Collection of metering data, alarms, events of each metering point

(to which it is connected).

Data requests on schedule, storage of collected data.

Logging of DC events DC registers its own events that can be sent to a remote server if

the delivery option is enabled.

Support of remote

software upgrade for

end devices

The firmware image and the list of devices to be upgraded are

transmitted from HES to DC. Then, DC transmits this image to

corresponding device or group of devices

Data storage in

nonvolatile memory

Long‐term data storage for DC. The storage period depends on the

number of connected meters and the volume of subscribed data.

For details see section 5.5

Provides secure data

transmission

Meter – DC data exchange security is based on DLMS/COSEM

encryption and authentication;

Support of static and

dynamic IP addresses

The user can select either static or dynamic DC IP addressing.

Support of end‐point

devices

The number of supported devices depends on the collected data

volume and the state of the network. The concentrator can collect

daily data from up to 1024 meters in case of stable

communication.

Allows support of meters from different manufacturers which

feature the same standards



4.3. Concepts of communication

4.3.1. Main features

DC main communications channels are:

Downstream communications - via built-in LV PLC modem. The DCM transmits

data requests, commands etc.

Upstream – via extension modem, e.g. 2G/3G/4G. The DCM transmits collected

metering data, alarm notifications, etc. to the HES.

10/100 BASE-T Ethernet IEEE 802.3 standard compliant interface for all DC

types intended for LAN exchange

RS-485 isolated serial interface for external devices connection in compliance

with TIA/EIA-485 standard

4.3.2. PL LV communication details

PL LV is the main communication channel between the DC and end-point devices.

The DC supports the following protocols for PLC:

PRIME - Compliant with PRIME specification: current firmware version meets

PRIME specification v.1.3.6. The DC hardware implementation allows extension

to the PRIME v1.4 specifications.

G3-PLC - Compliant with G3 Alliance G3-PLC specification.

The PL modem supports standard communication protocols presented below:



Application

Network

Transport

Data Link

Physical

IEC 62056-53 (COSEM)

Adaptation 6LoWPAN

MACIEEE 802.15.4-

2006

PHY OFDM CPL

IEC 62056-53 (COSEM)

Convergence sublayer

IEC 61334-4-32

MAC PRIME

PHY PRIME

OSI model G3 Protocol stack PRIME Protocol stack

IP v.6

UDP

Fig.4. PL LV protocol stack

Key parameters of supported PLC technologies are summarized in the table:

G3-PLC PRIME

frequency range 35–91 kHz 42–89 kHz

sampling frequency fs 400 kHz 250 kHz

No of carriers 36 97

subcarrier spacing 1.5625 kHz 488 Hz

FFT size

length of cyclic prefix

windowing

256

30

yes

512

48

no

max. data rate 33.4 kbps 128.6 kbps

used data rate Automatic tone

mapping

21 kbps

Forward Error

Correction

Reed Solomon code,

convolutional code,

repetition code

convolutional code

interleaving per data packet per OFDM symbol

modulation ROBO, DBPSK,

DQPSK, D8PSK

DBPSK, DQPSK,

D8PSK

4.3.3. Addressing

The DC supports the following addressing of devices:

Unicast, when the request is sent to the specified meter.



Broadcast, when the request is sent to all meters without obligatory confirmation from

the meters. The broadcast commands are widely used for the Demand Side

Management (DSM) purposes. For example, "Emergency" signal is sent to all meters

supported by the DC using broadcast communication.

4.3.4. Data exchange

The data exchange between the PLC meter and HES is carried out through the chain HES

data concentrator-meter.

The data exchange between DC and a meter includes the following stages:

DC request data from the meters according to the schedule

In case of alarm situation the meter sends Event Notification to DC asynchronously.

4.3.5. Device detection and registration

4.3.5.1. PRIME network

The major elements of PRIME network structure are as follows:

• Base Node: acts as a master Node that provides all Subnet elements with

connectivity. It manages the Subnet resources and connections. There is only one

Base Node in a Subnet.

• Service Node: act as slave nodes in the Subnet. They are initially in a Disconnected

functional state (see below) and follow the Registration process to become part of the

Subnet.

The three functional states of a Service Node are Disconnected, Terminal and Switch:

• Disconnected: This is the initial functional state for all Service Nodes. Its main

function is to search for a subnet within its reach and try to register on it;

• Terminal: This Service node is able to establish connections and communicate data,

but it is not able to switch any data from other Nodes;

• Switch: This Service Node is able to perform all Terminal functions. Additionally, it is

able to forward data to and from other Nodes in the same Subnetwork.

The process of the meters detection and registration comprises the following steps:

1. Base node (Data Concentrator) periodically sends beacon PDUs (BPDU) in the

network.

2. If the newly installed meter receives BPDU, it will send a request for registration. DC

starts registration process by assigning an address (LNID) to the meter. The meter

acknowledges registration.

3. If the new meter doesn’t receive BPDUs, it will broadcast Promotion needed PDU

(PNPDU) packets. Any other meters of the network can receive PNPDU and send

messages to the Base Node to request promotion. As a response the Base Node

promotes the meter to a switch, which can send its own beacons. In this case a new

meter can be registered through its switch (other meters).

4. Base Node (DC) maintains the list of registered devices and their actual state. After

the meter registration it is possible to start application level communication with it.

5. To maintain the network the Base Node periodically exchanges unicast “keep alive”

packets with all registered meters.



4.3.5.2. G3-PLC network

Main components of the system (according to ITU-T G.9903)

Personal area network (PAN)

The network comprises one or more domains called PAN.

Coordinator

One of the domain nodes is assigned as a Domain Master also called PAN-Coordinator.

The coordinator controls operation of all other nodes and performs admission,

resignation and other domain-wide management operations, in addition to

connectivity to other domains or WAN.

Node

Each domain comprises the number of nodes, registered in it. Each node is identifies

by PAN ID and short address (16 bit ID).

Each node in the network (meters and DCs) has a neighbour table and a routing table

The neighbour table of a node specifies which neighbors this node has in the

network and what PHY parameters (e.g. modulation, tone map, etc.) should be

used to communicate with that node. The neighbour table is actualized each

time any frame is received from a neighbour device and each time a tone map

response command is received, A tone map request and response are used to

identify the optimal tones and modulation scheme to be used in the link with

another meter

The routing table of a node specifies short address of the node which is the

next hop towards a destination.

The process of the meters detection and registration comprises the following steps:

1. Discovery phase by MAC layer beaconing. A newly installed meter sends 1-hop beacon

request in the network by broadcasting. The meter starts discovery attempts in case

when it has not been assigned a short address and it has no neighbour index and it is

not connected.

2. Meters in the neighborhood send beacon reply.

3. Next Access control phase follows using 6LoWPAN Bootstrapping Protocol (LBP). The

Bootstrap Protocol includes strong authentication, distribution of security keys and

transmission of the initial configuration.

4. Among the meters which replied on the beacon request the meter selects the helping

meter (LOWPAN Bootstrapping Agent - LBA) with optimized route and sends a request

to join the network via LBA to reach a concentrator. The LBP dialogue is engaged with

the first on the list. If this fails, it proceeds to the next on the list, and so on.

5. The LBA meter relays the joining frame to the data concentrator (LOWPAN

Bootstrapping Server - LBS) based on its routing and neighbour table information.

(The LBA is supposed to be fully bootstrapped with the full capability to directly

transmit to the LBS in a secure way). The LBS receives the joining frame and

compares the EUI 64 address with the access control list.

The meter and the data concentrator exchange authentication request and response

using EAP-PSK (Extensible authentication protocol–pre-shared key). During

authentication phase the LBS sends GMK keys (ciphered using a key created from the



PSK and device challenge) to the bootstrapping device LBВ (LOWPAN Bootstrapping

Device - LBD).

6. The LBS sends an accepted message if authentication succeeded or decline message if

authentication is failed. After receiving success message LBD activates GMK.

7. During initial configuration phase the LBS sends the second accepted message with

embedded 16-bit short address and various specific parameters. At reception of this

message, the LBD must set-up an optimized route to the LBS, using LOAD protocol

(see Fig.7).

8. After the network joining phase a direct IPv6/UDP connection between the Data

concentrator and the meter has been established. The meter and the data

concentrator are now ready to exchange information.

9. To maintain the network the LBS periodically sends packets to its connecting meters.

When the meter doesn’t receive such periodical messages, it assumes it has lost its

connection with the LBS. In this case the meter will start the network joining phase

and start beaconing.

4.3.6. Device unregistration

4.3.6.1. PRIME Network

If after a number of attempts from DC the meter doesn’t answer to keep-alive packets, the

meter is unregistered and deleted from the DC list of registered devices.

4.3.6.2. G3-PLC Network

If the meter doesn’t respond to periodical messages from DC, the meter is considered

unregistered from the network and is deleted from the DC neighbour and routing tables.

4.3.7. Reaching remote meters

4.3.7.1. PRIME repetition mechanism

Direct connection between DC and remote meters may become impossible if the PL-trunk is

too noisy or too long. In this case, the data exchange in the PL-trunk is enabled by using the

repetition mechanism. Thus, access levels arrange all meters in trunk. The meters of zero

access level are those with which the DC is connected directly. The meters are of the first

level if their connection with DC is realized through meters of zero level and so on. The

frames repetition is carried out by the meters of the “visible” levels.

The repetition function means that each meter is a natural message repeater. This avoids

using specific equipment to re-amplify the message. The best communication path is

automatically found on the network. It automatically adjusts to the transmission conditions

(interference, change of impedance on the network, etc.).

To ensure signal reliable transfer on long distances the source repetition mechanisms is used.

As an example PRIME source repetition is described below.



Meters are searching for a subnet within their reach and trying to register on it. (see fig. 6).

Base Node

S=(0,0)

Switch Node

T=(0,3)

S=(1,0)

Terminal Node

T=(0,1)Switch Node

T=(0,4)

S=(2,0)

Terminal Node

T=(0,2)

Terminal Node

T=(1,1)

Terminal Node

T=(1,2)

Terminal Node

T=(2,1)

A

C DB

HGF

E

Level 0

Level 1

Fig.6. PRIME Source repetition mechanism

Only Nodes B, C, D and E are able to register with Base Node A directly and get their node

IDs;

Nodes F, G and H cannot connect directly to the Base Node but as a result of their broadcast

requests, Nodes B and D were promoted to the switch state and received a corresponding

address, switch identifier S, equal to (1,0) and (2,0) respectively;

Nodes F, G, and H are now connected to Base Node A through Switch Nodes B and D and can

be registered with it.

The number of repetition levels is not limited.

4.3.7.2. G3-PLC hopping process

When meters are too far away from the concentrator, they communicate with the DC using a

hopping process through one or more other meters. Any meter can act as a router

(forwarder) to establish a route between two meters that are not neighbors. In the G3-PLC

specifications, neighbors are meters that are reachable directly without hopping. The process

of finding routes in the network is done automatically, by choosing the route with lowest cost.

The optimum route in the PLC LAN between two meters (nodes A and B in fig.7) is calculated

based on the LOAD protocol (see Annex, [5]):

Node A starts by broadcasting an RREQ message carrying a nil total cost.

All the network nodes (x=C, D, E and F) capable of propagating this message start by

adding their short address on 16 bits and incrementing the total cost of the route by

the cost of the segment A - x. If node x already has a route to B, it propagates the

RREQ message along that route. If not, the message is broadcast again.

Node B of the destination thus receives several RREQ messages which have followed

different routes whose path is stored in the body of the message. It chooses the route

corresponding to the lowest cost and sends back an RREP message that will follow the

reverse route to A.

On reception of RREP, each node marks the route to B in its routing table.



B C

E

A

D

F

B C

E

A

D

F

RR

EQ

RREQ

RREQRR

EQ

RREPRREP

REQUEST RESPONSE

Fig.7. Functioning of the LOAD protocol

To maintain the better quality of transmission between two nodes in the network the adaptive

tone mapping procedure, which is specific for G3-PLC, is used.

Adaptive selection of the usable tones and optimum modulation and code rate ensures

reliable communication over the power line channel. The modulation and coding selection is

based on the estimated SNR (signal-noise ratio) per subcarriers.

4.3.8. Time synchronization

The DC clock is periodically synchronized with a remote NTP server, every 3 hours by default.

The DC periodically synchronizes the meter clock. DC requests the meter time (once per

day). If the meter current time value differs from the DС time for more than stated limit, DC

synchronizes the meter clock. Every time deviation detected at synchronization is logged.

4.4. Data collection

The DC enables collection of metering data, alarms, events of each metering point assigned

to it:

Data requests on schedule.

On-demand request.

Rules of device data collection are defined automatically though can be

redefined from the HES.

If the meter didn’t transmit data to DC for any reason, e.g. through poor communication, DC

will request data continuously until the meter send data or “no data’ answer.

The System validates the meter values on collecting. All invalid data are discarded.

4.5. Parameterization

The DC features the following parameterization possibilities:

Remote configuring from the HES of slave devices (meters) dependent on the

meter functions: data to be reported, device objects, etc. and rules for data

collection.

Configuring revoked meter list.



The most parameters of DC are set up during production; however, some

parameters can be changed on demand directly before installation of DC.

Web interface is used as a parameterization tool. Detailed description of DC v.8

configuring using a Web-interface is presented in Appendix, [2].

Local parameterization is based on USB-interface by using the following two

methods:

Setting DC-PC connection via USB NULL modem cable. (See instructions

described in Annex [6])

Obtaining the 2nd standard Ethernet interface via USB-Ethernet adapter.

Remote parameterization using external modem via WAN.

DHCP support (client-server) for automatic configuring.

Possibility of enabling/disabling the concentrator application.

4.6. Data storage

The DC stores data in non-volatile memory. Data storage supports up to 75 000 000 objects

that allows, for example, storage of the following data (calculated for 1000 meters):

15 minutes load profile for 10 objects – 63 days;

Daily load profile for 20 objects – 63 days;

Monthly profile – 400 days.

The storage time of a particular data type can be adjusted (for each type of subscribed data

separately).

4.7. Firmware update

Updating meters:

Firmware update of the meters is based on Image Transfer mechanism (DLMS

UA 1000-1 Ed. 12).

Remote update of meters from the HES via DC can be performed for a separate

device by unicast command or a group of devices by broadcast.

P3.2 protocol or WEB interface can be used as updating tool

Updating DCs:

Remote DC firmware update by using Internet browser or SIMS Client

Automatic update. A script is started every day, which checks updates list and

install the necessary updates from the stated URL at scheduled time.

4.8. Security features

The DCU security architecture is based on using a dedicated Hardware Security Module

(HSM). The HSM conforms to Global Platform v.2.1.1 specification.

4.8.1. Storage of security materials

The HSM is used to store the security material of the Data Concentrator (for example, Master

Keys).

Each Data Concentrator unit is personalized during manufacturing with unique set of keys.



To secure the channel between the HSM and the Data Concentrator application the Password

Authenticated Connection Establishment (PACE) protocol is used.

The security material is retrieved by the DCU application and is used to cypher the sensitive

data, like symmetric keys and passwords used to access the meters.

The private keys used to access the DC via WAN interfaces are also encrypted using this

security material.

4.8.2. Secure boot[1]

The HSM allows setting a root of trust and enable the secure boot feature. After power-on-

reset the execution begins with ROM code. The ROM code authenticates the boot image

before loading and running it.

4.8.3. Software updates

The software update files are encrypted and authenticated using a manufacturer signed

certificate, so both image integrity and authenticity are verified.

4.8.4. Securing communication with HES

HTTP secured with TLS 1.0 – TLS 1.2 or SSL 3.0 (HTTPS) secures the HTTP protocol which is

transport for SOAP messages exchanged with Web Services. TLS/SSL provides socket-layer

security, encrypting all communication over a particular TCP connection by using X.509

certificates. Secured SSH protocol is also used, which supports up-to-date algorithms for

authentication, encryption and keys transferring.

Following protocols are supported: IP, TCP, UDP, 802.1Q VLAN, 802.1p QoS, 802.1d STP,

DHCP, ICMP, TFTP (client), FTP (client), HTTP, HTTPS, SNMP V3, SSH, NTP.

The Data Concentrator supports IKE policies for IPSec VPN creation. Following encryption

algorithms are supported: DES, 3DES, AES-CBC-128, AES-CBC-192, AES-CBC-256. Following

authentication algorithms are supported: SHA1, MD5, SHA256, SHA384, SHA512.[2]

4.8.5. Securing communication with meters

To ensure secure communication the DCU uses encryption/decryption of all input and output

information. DCU security architecture is based on the DLMS UA 1000-2 Ed.8.0 concepts.

AES-GCM-128 (Galois/Counter Mode with AES-128) Security Suite ID: 0 is used.

4.8.6. Role-based secure DCU access

Only authorized personnel can access the DC. By default, role-based DCU access is limited to

one user:

Admin user has limited functionality, including parameters setting and firmware

change.

Guest user with limited read only functionality may be enabled on request.

[1] Secure boot is supported only in specific part numbers.

[2] Cisco solutions – DMVPN, mGRE – are currently not supported. IPSec VPN is proposed instead, as a solution supported by a wider range of telecommunication devices.



4.8.7. Mitigation of Denial-of-Service attacks.

4.8.7.1. DLMS/COSEM DOS attack

Too high frame counter value received from meter. When too high frame counter value

is received from meter, DCU immediately closes the application association with the meter,

and writes the “(14) Invalid FC received for client <client> and <key_type>” event in

security event log. Event message contains also the meter logical device name and the

timestamp. Event message may be sent as an alarm to HES.

4.8.7.2. P3.2 DOS attack

High volume of P3.2 resources. Mitigation is performed at two layers:

(1) The firewall in DCU allows a limited number of TCP connections to P3.2 web services, and

a limited number of new TCP connections per second.

(2) For each invocation of WS-ResourceTransfer/CREATE operation, DCU checks the actual

count of existing resources. If limit of resources is exceeded, the CREATE operation fails.

When last available resource is created, DCU writes the “(26) The maximum count of P32

resources was reached. Details: <details>” event in security event log. Event message may

be sent as an alarm to HES. Existing resources, created under DOS attack, will be removed

automatically after configured timeout.

4.8.7.3. Wrong password connection attempts

After „N” number of consecutive failed login attempts the access to DCU (via Web-interface

or SSH port) is blocked for specified time “T” (in minutes) and an event to HES is generated.

Both parameters (N and T) are configurable. DCU can be unlocked if the timeout is expired or

DCU is reset via an available (unblocked) interface.

4.9. Alarm handling

The meter sends Event Notification to DC asynchronously as alarm occurs.

There is a dedicated controller for DC alarm tracking. The alarm controller allows detection of

DC cover and DC terminal block cover opening/closing and internal temperature

measurement.

Each change of opening sensor status is registered and time stamped. The battery presence

allows registration of opening sensors status change in energy saving mode.

4.10. DC logging

The DC registers events in different log files depending on events type.

Such events as the system start, power failure, interfaces restart, DC restart by

monitors, are stored in the System log.

Login attempts, password change are stored in the Security log.

Communication events, such as registration/unregistration of meters are recorded in

Communication log.

All the events are asynchronous and registered as they occur.

DC events can be read via Web-browser and exported in a file (see details in [2].

DC also enables debug log data collecting from DC over TCP/IP and UDP/IP protocols by

using special DCUSup.LoggerServer application. A number of log files is stored and available

for analysis. The DCUSup.LoggerServer application stores the logs in separate folders for

each DC IP address and each date.



The application works as a Windows service and continuously monitors TCP/IP and UDP/IP

ports (3000 and 6000 by default). Standard interfaces to manage the installation files can be

used.



5. DC Maintenance

5.1. DC installation procedure

In case of outdoor installation, the DC should be obligatory installed within protective box,

with the purpose to protect the DC from direct influence of moisture and solar radiation.

The DC is placed vertically in 3 fixing points in suitable to operation conditions place for

installation, reasoning from DC’s overall dimensions (see fig.8) and convenience of leading

communication channels to the DC.

Fig. 8a. General form and overall dimensions of RTR8S



Fig. 8b. Mounting dimensions of RTR8S

The device is equipped with an antenna and terminal blocks for connection with internal

interfaces. It is installed to selected point and connected according to the diagram placed on

the DC front panel (see fig. 9).

Fig. 9. Diagram of device connectors for RTR8S.LG-4-1 (example).

The device should be switched off before operations of DC connection or dismantle

intermediate automatic circuit breaker, through which DC is connected to the transformer

secondary busbar.

To Install the DC follow the next steps:

① Select suitable for operation conditions place for installation, reasoning from DC overall

dimensions and convenience of connection of communication channels (fig.8a).

② Mark out the place of installation according to mounting dimensions (see fig. 8b).

③ Drill three holes of 6,2 mm diameter in the respective points of the panel, intended for

DC fixing.



④ Make external visual inspection of the DC to be sure that there is no mechanical damage

and manufacturer seal is present (pos. 1, fig. 8).

⑤ Turn off screws for terminal block cover fastening and remove the cover (pos. 2, fig. 8).

⑥ Hang DC on fixing holder and fix it with the help of corresponding screws and female

screws.

⑦ Place fastening screws in mounting holes under the terminal block cover and screw it.

⑧ Remove isolation from LV, MV cable wires (7-8 mm) (if available).

⑨ Connect feeder wires to the LV connector, taking into consideration that admissible

cross-section of wires is 0,5-2,5 mm2 (fig. 9).

⑩ Install and fix a flexible three-phase four-wire network cable between automatic circuit

breaker and DC in order to interconnect both devices. Do not connect this cable to the

breaker or DC at this stage.

⑪ Connect GSM channel (if available): install SIM-card in the respective communication

compartment (fig. 9) and connect the antenna to respective GSM socket on the DC terminal

block panel (fig. 9).

⑫ Connect another communication channels in dependence of design version of the DC.

⑬ Replace terminal box cover and fix it with respective screws (pos.2, fig. 8).

⑭ Apply voltage.

⑮ Pay attention to LEDs’ indications in dependence of DC design version. In the operating

mode, LEDs should glow constantly.

⑯ After mounting is finished, the DC cover are sealed up by the representatives of power

supply organization (pos. 2 fig. 8).

⑰ The DC is ready to operate in regular mode.



6. Annex. References

1. Multipurpose line monitor RML v.7. Technical description and instruction manual

2. Configuring OFDM based DCU using a Web-browser. Instruction manual.

3. How to Update Group of Meters. Instructions Manual.

4. Event handling in ADDAX meters v7. General Description

5. G3-PLC Profile Specification

6. How to get access to DC Web-interface via USB. Instruction.

DATA CONCENTRATOR - addgrup.com · IEC 61010-1 Safety requirements for electrical equipment for...

Documents

Transcript of DATA CONCENTRATOR - addgrup.com · IEC 61010-1 Safety requirements for electrical equipment for...