DATA CONCENTRATOR - addgrup.com · IEC 61010-1 Safety requirements for electrical equipment for...
Transcript of DATA CONCENTRATOR - addgrup.com · IEC 61010-1 Safety requirements for electrical equipment for...
© 2017 All Rights Reserved www.addgrup.com
RTR8S.LX-X-X
DATA CONCENTRATOR
add new tech to your business!
Tec
hn
ica
l D
escr
ipti
on
RTR8A.L-X-X Data Concentrator Technical Description 1
Contents 1. Overview ................................................................................................................................................ 5
1.1. Purpose ............................................................................................................................................... 5
1.2. ADDAX.Net components .................................................................................................................. 5
2. Specifications ......................................................................................................................................... 7
2.1. DC Designation and Modifications .................................................................................................... 7
2.2. Technical specifications ..................................................................................................................... 8
2.3. Standards ............................................................................................................................................ 9
3. DC Design ............................................................................................................................................ 11
3.1. DC structure ..................................................................................................................................... 11
3.2. DC indication ................................................................................................................................... 11
3.3. External interfaces ............................................................................................................................ 12
4. Data Concentrator Functions ................................................................................................................ 14
4.1. Overview .......................................................................................................................................... 14
4.2. Main functions of DC ....................................................................................................................... 14
4.3. Concepts of communication ............................................................................................................. 15
4.3.1. Main features .................................................................................................................................... 15
4.3.2. PL LV communication details .......................................................................................................... 15
4.3.3. Addressing ........................................................................................................................................ 16
4.3.4. Data exchange .................................................................................................................................. 17
4.3.5. Device detection and registration ..................................................................................................... 17
4.3.5.1. PRIME network ........................................................................................................................ 17
4.3.5.2. G3-PLC network ...................................................................................................................... 18
4.3.6. Device unregistration ....................................................................................................................... 19
4.3.6.1. PRIME Network ....................................................................................................................... 19
4.3.6.2. G3-PLC Network ..................................................................................................................... 19
4.3.7. Reaching remote meters ................................................................................................................... 19
4.3.7.1. PRIME repetition mechanism .................................................................................................. 19
4.3.7.2. G3-PLC hopping process ......................................................................................................... 20
4.3.8. Time synchronization ....................................................................................................................... 21
4.4. Data collection .................................................................................................................................. 21
4.5. Parameterization ............................................................................................................................... 21
4.6. Data storage ...................................................................................................................................... 22
4.7. Firmware update ............................................................................................................................... 22
4.8. Security features ............................................................................................................................... 22
4.8.1. Storage of security materials ............................................................................................................ 22
4.8.2. Secure boot ....................................................................................................................................... 23
4.8.3. Software updates .............................................................................................................................. 23
4.8.4. Securing communication with HES ................................................................................................. 23
4.8.5. Securing communication with meters .............................................................................................. 23
4.8.6. Role-based secure DCU access ........................................................................................................ 23
4.8.7. Mitigation of Denial-of-Service attacks. .......................................................................................... 24
4.8.7.1. DLMS/COSEM DOS attack..................................................................................................... 24
4.8.7.2. P3.2 DOS attack ....................................................................................................................... 24
4.8.7.3. Wrong password connection attempts ...................................................................................... 24
RTR8S Router/Data Concentrator Technical Description 2
©ADD-GRUP Document version 1.1
4.9. Alarm handling ................................................................................................................................. 24
4.10. DC logging ....................................................................................................................................... 24
5. DC Maintenance ................................................................................................................................... 26
5.1. DC installation procedure ................................................................................................................. 26
6. Annex. References ................................................................................................................................ 29
RTR8S Router/Data Concentrator Technical Description 3
©ADD-GRUP Document version 1.1
Revision History Version Description Author Date Comments
1.0 Original document Keloglu Olga 22.05.2017
List of Figures Fig. 1 Architecture of the ADDAX metering system with (a) VPN tunnel between
DC and HES through GPRS, (b) private APN communication, and (c)
conventional communication through Ethernet
Fig.2 DC board assembly
Fig.3 Front panel of the DC (example).
Fig.4 PL LV protocol stack
Fig.5a Data exchange between HES and PRIME meter
Fig.5b Data exchange between HES and G3 meter
Fig.6 Source repetition mechanism
Fig.7 Functioning of the LOAD protocol
Fig.8a General form and overall dimensions of RTR8S
Fig.8b Mounting dimensions of RTR8S
Fig.9 Diagram of device connectors for RTR8S.LG (example).
RTR8S Router/Data Concentrator Technical Description 4
©ADD-GRUP Document version 1.1
Basic terms and abbreviations
IPSec a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used
during the session. IPsec can be used to protect data flows between a pair of hosts (e.g. computer users or servers), between a pair of security gateways (e.g. routers or firewalls), or between a security gateway and a host. IPSec can use preshared keys for authentication. Preshared means that the parties agree on a shared, secret key that is used for authentication in an IPSec policy.
Domain Name
System (DNS)
a system for converting host names and domain names into IP addresses on the Internet or on local networks that use the TCP/IP protocol.
Dynamic Host
Configuration
Protocol (DHCP)
a function in software that automatically assigns temporary IP addresses to
client machines logging into an IP network. Residing in the router or a server, DHCP eliminates the need to manually assign permanent "static" IP addresses to devices.
Network Time
Protocol (NTP)
a protocol for synchronizing the clocks of computer systems over packet-switched, variable-latency data networks.
Access point
name (APN)
Identifies an IP packet data network (PDN), that a mobile data user wants to communicate with. In addition to identifying a PDN, an APN may also be used to define the type of service, (e.g. connection to wireless application protocol (WAP) server, multimedia messaging service (MMS)), that is provided by the PDN. APN is used in 3GPP data access networks, e.g. general packet radio
service (GPRS), evolved packet core (EPC).
Network Address
Translation (NAT)
the process of modifying network address information in datagram (IP) packet headers while in transit across a traffic routing device for the purpose
of remapping one IP address space into another
DC Data concentrator
HES Head-End System
LNID Local Node Identifier
PNPDU Promotion Needed PDU
BPDU Beacon PDU
RTR8S Router/Data Concentrator Technical Description 5
©ADD-GRUP Document version 1.1
1. Overview
This Technical Description provides an overview of the technical and functional characteristics
of RTR8S.LG-4-1 Data Concentrator (hereinafter DC), which supports both PRIME and G3-PLC
standards.
The DC being a network device provides 2-way data transmission between end-point devices
in electricity consumption network and the HES.
1.1. Purpose
The DC registers devices and coordinates the data exchange within the network. Thereby,
secured and robust delivery of address data is provided.
The data concentrators are used as main communication equipment of ADDAX metering
system. The data concentrator supports both communication and application specific
functions.
1.2. ADDAX.Net components
Figure 1 illustrates architecture of the overall ADDAX metering system. Main components of
the system are:
Head-End System (HES) – server with installed specialized software for collecting and
processing data.
Fig. 1 Architecture of the ADDAX metering system
RTR8S Router/Data Concentrator Technical Description 6
©ADD-GRUP Document version 1.1
Communication equipment - DC version 8 intended for data collection, storage,
network device control and some other application functions.
End point metering equipment - 1- phase and 3-phase electricity meters.
Balance meter - to create an accurate energy balance and detect the imbalance on the
distribution network, distinguish technical losses and fraud attempts.
RTR8S Router/Data Concentrator Technical Description 7
©ADD-GRUP Document version 1.1
2. Specifications
2.1. DC Designation and Modifications
ADDAX RTR 8 S . LX - X - X
ADD Data
Concentrator
System version
Slim
Communication type
Model (1-N)
Version (1-N)
Fig.2 DC designation
Model and version represents order index. The DC supports the following communication types:
L – PL LV
G – 2G (GSM/GPRS)
U – 3G (UMTS)
F – 4G
The DC supports the following extension ports:
Ethernet,
USB Host,
USB Device,
RS-485
RTR8S Router/Data Concentrator Technical Description 8
©ADD-GRUP Document version 1.1
2.2. Technical specifications
The DC technical specifications are presented in tables below.
Table 2.1. Technical specifications
Parameter Value
Nominal voltage
3230/400 V
Supply voltage 85-440 V
Frequency 50(60) Hz ± 2%
Clock accuracy (at 25°C), not more than 0.5 s /24 h
Maximum active consumed power 12 W
Average total consumed power 25 VA
Operation temperature range -40°C ... +70°C
Storage and transportation temperature -40°C ... +70°C
Mean lifetime, not less than 20 years
IP rating IP54
Mean time between failures
(at fault probability of 0.8)
24 000 hours
Dimensions 241x170x90 mm
Mass, not more than 1 kg
Table 2.2. DC Inherent power consumption per phase
active energy,
not more than (W)
total energy,
not more than (VA)
DC without communication overhead 2 10
including communication via PL 3 10
including communication via PL and
external modem 4 10
20%25%
RTR8S Router/Data Concentrator Technical Description 9
©ADD-GRUP Document version 1.1
2.3. Standards
Data Concentrator meets the requirements of the following international standards:
Safety
IEC 61010-1 Safety requirements for electrical equipment for measurement,
control and laboratory use, Part 1 general requirements.
IEC 60529 Degrees of protection provided by enclosures
IEC 60695-2-2 Fire hazard testing. Part 2-11: Glowing/hot-wire based test
methods-Glow-wire flammability test method for end-products
EMC and Immunity
IEC-55022 Limits and methods of measurement of radio disturbance
characteristics of information technology equipment
IEC 61000-4-1 Testing and measurement techniques - Overview of IEC 61000-4
series
IEC 61000-4-2 Testing and measurement techniques - Electrostatic discharge
immunity tests. Basic EMC publication
IEC 61000-4-3 Testing and measurement techniques - Radiated, radio-frequency,
electromagnetic field immunity test
IEC 61000-4-4 Testing and measurement techniques - Electrical fast
transient/burst immunity test. Basic EMC publication
IEC 61000-4-5 Testing and measurement techniques - Surge immunity test
IEC 61000-4-6 Testing and measurement techniques - Immunity to conducted
disturbances, induced by radio-frequency fields
IEC 61000-4-8 Testing and measurement techniques - Power frequency magnetic
field immunity test. Basic EMC publication
IEC 61000-4-11 Testing and measurement techniques Voltage dips, short
interruptions and voltage variations immunity tests. Basic EMC
publication
IEC 61000-4-12 Testing and measurement techniques - Oscillatory waves
immunity test. Basic EMC publication
IEC 61326-1 Electrical equipment for measurement, control and laboratory use
- EMC requirements IEC 60060, series High-voltage test
techniques
ETSI EN 300 220-
1:2000
Electromagnetic compatibility and Radio Spectrum Matters (ERM).
Radio Equipment to be used in the 25 MHz to 1000 MHz frequency
range with power levels ranging up to 500 mW. Part 1: Technical
characteristics and test methods
Environmental conditions
IEC 60721 Classification of environmental conditions. Limit range of
operation: from -30о С to +50о С. Limit range for transportation
and storage: from -40о С to + 60о С
IEC 60068 Environmental Testing:
RTR8S Router/Data Concentrator Technical Description 10
©ADD-GRUP Document version 1.1
IEC 60068-2-1:1990 Part 2:Tests-Test A: Cold
IEC 60068-2-2:1974 Part 2: Tests – Test B: Dry heat
IEC 60068-2-6:1995 Part 2: Tests – Test Fc: Vibration (Sinusoidal)
IEC 60068-2-11:1981 Part 2: Tests – Test Ka: Salt mist
IEC 60068-2-27:1987 Part 2: Tests – Test Ea and guidance: Shock
IEC 60068-2-75:1997 Part 2: Tests - Test Eh: Hammer test
Marking
IEC 62052-11:2003 Electricity metering equipment. General requirements, tests and
test conditions
PRIME specifications ITU-T G.9904. Narrowband orthogonal frequency division
multiplexing power line communication transceivers for PRIME
networks
G3-PLC specifications ITU-T G.9903-201402. Narrowband orthogonal frequency division multiplexing power line communication transceivers for G3-PLC networks
RTR8S Router/Data Concentrator Technical Description 11
©ADD-GRUP Document version 1.1
3. DC Design
3.1. DC structure
DCM has a modular structure and comprises the following main units:
Microcontroller (СPU) board with a replaceable battery, which maintains real time
clock and control of opening sensors in case of power outages. Battery ensures time
stamping of opening sensors triggering. Battery lifetime – not less than 20 years.
Base Supply Unit - Ensures device operation in normal conditions.
Backup supply unit – comprises capacitor bank. Reserve supply unit supports the
following features.
o for the whole system sustains the operation for 10 s on power off that allows
processor to store all the necessary data and shut down in a proper way;
o connection option to an external uninterruptible power supply (UPS).
PL LV – modem – ensures communication over PL LV. It is integrated on the same
board with the base supply unit.
3GPP modem and external antenna.
3.2. DC indication
The DC state is indicated by a number of light emitting diodes (LEDs) as follows:
Indicator LED Indication State
Indicator of power
supply
Power Not lit No power supply
Lit There is power supply
CPU indicators CPU on Not lit Controller is turned off
Lit Controller operates
Blinking Failure
Eth Link Not lit No connection to Ethernet
Lit There is connection to Ethernet
Indicator of
backup supply
UPS Not lit External supply unit is not connected
Lit External supply unit is connected
LV indicators LV1 Not Lit Modem is turned off or does not operate
Lit Modem is turned on
Cellular indicators 3GPP
(GSM etc.)
Not Lit Modem is turned off or does not operate
Lit Modem is turned on
RTR8S Router/Data Concentrator Technical Description 12
©ADD-GRUP Document version 1.1
Figure 3 shows the front panel of RTR8AS.LU as an example:
Fig. 3. Front panel of the DC.
3.3. External interfaces
The main set of external interfaces comprises:
Ethernet
10/100
Base-TX
Standard interface for Ethernet connection;
USB/A standard Full Speed Host Interface USB2.0 (12 Mbps), the socket is
located on the front bar of the main controller;
USB/B standard Full Speed Device Interface USB2.0 (12 Mbps), the socket is
located on the front bar of the main controller;
RS-485 isolated serial interface for external devices connection (e.g. external
modem, meter etc.)
Interface
for UPS
Interface for external UPS (12..24V) connection.
PL LV PLC data transmission over 0,4 kV power lines based on OFDM/G3-PLC
modulation technics. This interface is connected to the three-phase
electricity distribution network with voltages of 85-440 V through the R7PLP
board connector on the front bar of the circuit board of the three-phase
Power Line LV modem. The socket connection of the 3-phase network is
presented in Fig. 8
RTR8S Router/Data Concentrator Technical Description 13
©ADD-GRUP Document version 1.1
3GPP wireless data transmission in 2G/3G/4G networks, features SIM card slots
and socket for connecting an external antenna. Supports automatic switching
between 2G/3G/4G communications in order to provide communication on a
better signal:
2G bands
UMTS 800 MHz;
GSM 850 MHz EGSM 900 MHz DCS 1800 MHz PCS 1900 MHz
Data rates: 118.4 kbps uplink and 236.8 kbps downlink
3G bands
B1 (2100 MHz)
B2 (1900 MHz) B6 (800 MHz) B8 (900 MHz)
3G data transfer rates: 384 kbps uplink /downlink 3.5G data transfer rates: 5.76 Mbps uplink and 7.2 Mbps downlink
4G bands
B1 (2100 MHz); B3 (1800 MHz)
Data rates: 50 Mbps uplink and 100 Mbps downlink
RTR8S Router/Data Concentrator Technical Description 14
©ADD-GRUP Document version 1.1
4. Data Concentrator Functions
4.1. Overview
DC provides a link between a Head-End System (HES)/Backend systems and end-point
devices, (such as meter, remote display etc.), collects metering data, sends them to HES,
stores the data, and performs a number of application functions. DC is usually placed in a low
voltage substation.
4.2. Main functions of DC
DC represents a device, which operates as a router and Data Concentrator. Main functions of
DC are listed in the table below in brief:
Network device
control
Detection of new/lost devices, deleting devices, data exchange
Time synchronization Synchronization of DC clock time with system time by NTP server
Continuous remote meter clock synchronization.
Data collection Collection of metering data, alarms, events of each metering point
(to which it is connected).
Data requests on schedule, storage of collected data.
Logging of DC events DC registers its own events that can be sent to a remote server if
the delivery option is enabled.
Support of remote
software upgrade for
end devices
The firmware image and the list of devices to be upgraded are
transmitted from HES to DC. Then, DC transmits this image to
corresponding device or group of devices
Data storage in
nonvolatile memory
Long‐term data storage for DC. The storage period depends on the
number of connected meters and the volume of subscribed data.
For details see section 5.5
Provides secure data
transmission
Meter – DC data exchange security is based on DLMS/COSEM
encryption and authentication;
Support of static and
dynamic IP addresses
The user can select either static or dynamic DC IP addressing.
Support of end‐point
devices
The number of supported devices depends on the collected data
volume and the state of the network. The concentrator can collect
daily data from up to 1024 meters in case of stable
communication.
Allows support of meters from different manufacturers which
feature the same standards
RTR8S Router/Data Concentrator Technical Description 15
©ADD-GRUP Document version 1.1
4.3. Concepts of communication
4.3.1. Main features
DC main communications channels are:
Downstream communications - via built-in LV PLC modem. The DCM transmits
data requests, commands etc.
Upstream – via extension modem, e.g. 2G/3G/4G. The DCM transmits collected
metering data, alarm notifications, etc. to the HES.
10/100 BASE-T Ethernet IEEE 802.3 standard compliant interface for all DC
types intended for LAN exchange
RS-485 isolated serial interface for external devices connection in compliance
with TIA/EIA-485 standard
4.3.2. PL LV communication details
PL LV is the main communication channel between the DC and end-point devices.
The DC supports the following protocols for PLC:
PRIME - Compliant with PRIME specification: current firmware version meets
PRIME specification v.1.3.6. The DC hardware implementation allows extension
to the PRIME v1.4 specifications.
G3-PLC - Compliant with G3 Alliance G3-PLC specification.
The PL modem supports standard communication protocols presented below:
RTR8S Router/Data Concentrator Technical Description 16
©ADD-GRUP Document version 1.1
Application
Network
Transport
Data Link
Physical
IEC 62056-53 (COSEM)
Adaptation 6LoWPAN
MACIEEE 802.15.4-
2006
PHY OFDM CPL
IEC 62056-53 (COSEM)
Convergence sublayer
IEC 61334-4-32
MAC PRIME
PHY PRIME
OSI model G3 Protocol stack PRIME Protocol stack
IP v.6
UDP
Fig.4. PL LV protocol stack
Key parameters of supported PLC technologies are summarized in the table:
G3-PLC PRIME
frequency range 35–91 kHz 42–89 kHz
sampling frequency fs 400 kHz 250 kHz
No of carriers 36 97
subcarrier spacing 1.5625 kHz 488 Hz
FFT size
length of cyclic prefix
windowing
256
30
yes
512
48
no
max. data rate 33.4 kbps 128.6 kbps
used data rate Automatic tone
mapping
21 kbps
Forward Error
Correction
Reed Solomon code,
convolutional code,
repetition code
convolutional code
interleaving per data packet per OFDM symbol
modulation ROBO, DBPSK,
DQPSK, D8PSK
DBPSK, DQPSK,
D8PSK
4.3.3. Addressing
The DC supports the following addressing of devices:
Unicast, when the request is sent to the specified meter.
RTR8S Router/Data Concentrator Technical Description 17
©ADD-GRUP Document version 1.1
Broadcast, when the request is sent to all meters without obligatory confirmation from
the meters. The broadcast commands are widely used for the Demand Side
Management (DSM) purposes. For example, "Emergency" signal is sent to all meters
supported by the DC using broadcast communication.
4.3.4. Data exchange
The data exchange between the PLC meter and HES is carried out through the chain HES
data concentrator-meter.
The data exchange between DC and a meter includes the following stages:
DC request data from the meters according to the schedule
In case of alarm situation the meter sends Event Notification to DC asynchronously.
4.3.5. Device detection and registration
4.3.5.1. PRIME network
The major elements of PRIME network structure are as follows:
• Base Node: acts as a master Node that provides all Subnet elements with
connectivity. It manages the Subnet resources and connections. There is only one
Base Node in a Subnet.
• Service Node: act as slave nodes in the Subnet. They are initially in a Disconnected
functional state (see below) and follow the Registration process to become part of the
Subnet.
The three functional states of a Service Node are Disconnected, Terminal and Switch:
• Disconnected: This is the initial functional state for all Service Nodes. Its main
function is to search for a subnet within its reach and try to register on it;
• Terminal: This Service node is able to establish connections and communicate data,
but it is not able to switch any data from other Nodes;
• Switch: This Service Node is able to perform all Terminal functions. Additionally, it is
able to forward data to and from other Nodes in the same Subnetwork.
The process of the meters detection and registration comprises the following steps:
1. Base node (Data Concentrator) periodically sends beacon PDUs (BPDU) in the
network.
2. If the newly installed meter receives BPDU, it will send a request for registration. DC
starts registration process by assigning an address (LNID) to the meter. The meter
acknowledges registration.
3. If the new meter doesn’t receive BPDUs, it will broadcast Promotion needed PDU
(PNPDU) packets. Any other meters of the network can receive PNPDU and send
messages to the Base Node to request promotion. As a response the Base Node
promotes the meter to a switch, which can send its own beacons. In this case a new
meter can be registered through its switch (other meters).
4. Base Node (DC) maintains the list of registered devices and their actual state. After
the meter registration it is possible to start application level communication with it.
5. To maintain the network the Base Node periodically exchanges unicast “keep alive”
packets with all registered meters.
RTR8S Router/Data Concentrator Technical Description 18
©ADD-GRUP Document version 1.1
4.3.5.2. G3-PLC network
Main components of the system (according to ITU-T G.9903)
Personal area network (PAN)
The network comprises one or more domains called PAN.
Coordinator
One of the domain nodes is assigned as a Domain Master also called PAN-Coordinator.
The coordinator controls operation of all other nodes and performs admission,
resignation and other domain-wide management operations, in addition to
connectivity to other domains or WAN.
Node
Each domain comprises the number of nodes, registered in it. Each node is identifies
by PAN ID and short address (16 bit ID).
Each node in the network (meters and DCs) has a neighbour table and a routing table
The neighbour table of a node specifies which neighbors this node has in the
network and what PHY parameters (e.g. modulation, tone map, etc.) should be
used to communicate with that node. The neighbour table is actualized each
time any frame is received from a neighbour device and each time a tone map
response command is received, A tone map request and response are used to
identify the optimal tones and modulation scheme to be used in the link with
another meter
The routing table of a node specifies short address of the node which is the
next hop towards a destination.
The process of the meters detection and registration comprises the following steps:
1. Discovery phase by MAC layer beaconing. A newly installed meter sends 1-hop beacon
request in the network by broadcasting. The meter starts discovery attempts in case
when it has not been assigned a short address and it has no neighbour index and it is
not connected.
2. Meters in the neighborhood send beacon reply.
3. Next Access control phase follows using 6LoWPAN Bootstrapping Protocol (LBP). The
Bootstrap Protocol includes strong authentication, distribution of security keys and
transmission of the initial configuration.
4. Among the meters which replied on the beacon request the meter selects the helping
meter (LOWPAN Bootstrapping Agent - LBA) with optimized route and sends a request
to join the network via LBA to reach a concentrator. The LBP dialogue is engaged with
the first on the list. If this fails, it proceeds to the next on the list, and so on.
5. The LBA meter relays the joining frame to the data concentrator (LOWPAN
Bootstrapping Server - LBS) based on its routing and neighbour table information.
(The LBA is supposed to be fully bootstrapped with the full capability to directly
transmit to the LBS in a secure way). The LBS receives the joining frame and
compares the EUI 64 address with the access control list.
The meter and the data concentrator exchange authentication request and response
using EAP-PSK (Extensible authentication protocol–pre-shared key). During
authentication phase the LBS sends GMK keys (ciphered using a key created from the
RTR8S Router/Data Concentrator Technical Description 19
©ADD-GRUP Document version 1.1
PSK and device challenge) to the bootstrapping device LBВ (LOWPAN Bootstrapping
Device - LBD).
6. The LBS sends an accepted message if authentication succeeded or decline message if
authentication is failed. After receiving success message LBD activates GMK.
7. During initial configuration phase the LBS sends the second accepted message with
embedded 16-bit short address and various specific parameters. At reception of this
message, the LBD must set-up an optimized route to the LBS, using LOAD protocol
(see Fig.7).
8. After the network joining phase a direct IPv6/UDP connection between the Data
concentrator and the meter has been established. The meter and the data
concentrator are now ready to exchange information.
9. To maintain the network the LBS periodically sends packets to its connecting meters.
When the meter doesn’t receive such periodical messages, it assumes it has lost its
connection with the LBS. In this case the meter will start the network joining phase
and start beaconing.
4.3.6. Device unregistration
4.3.6.1. PRIME Network
If after a number of attempts from DC the meter doesn’t answer to keep-alive packets, the
meter is unregistered and deleted from the DC list of registered devices.
4.3.6.2. G3-PLC Network
If the meter doesn’t respond to periodical messages from DC, the meter is considered
unregistered from the network and is deleted from the DC neighbour and routing tables.
4.3.7. Reaching remote meters
4.3.7.1. PRIME repetition mechanism
Direct connection between DC and remote meters may become impossible if the PL-trunk is
too noisy or too long. In this case, the data exchange in the PL-trunk is enabled by using the
repetition mechanism. Thus, access levels arrange all meters in trunk. The meters of zero
access level are those with which the DC is connected directly. The meters are of the first
level if their connection with DC is realized through meters of zero level and so on. The
frames repetition is carried out by the meters of the “visible” levels.
The repetition function means that each meter is a natural message repeater. This avoids
using specific equipment to re-amplify the message. The best communication path is
automatically found on the network. It automatically adjusts to the transmission conditions
(interference, change of impedance on the network, etc.).
To ensure signal reliable transfer on long distances the source repetition mechanisms is used.
As an example PRIME source repetition is described below.
RTR8S Router/Data Concentrator Technical Description 20
©ADD-GRUP Document version 1.1
Meters are searching for a subnet within their reach and trying to register on it. (see fig. 6).
Base Node
S=(0,0)
Switch Node
T=(0,3)
S=(1,0)
Terminal Node
T=(0,1)Switch Node
T=(0,4)
S=(2,0)
Terminal Node
T=(0,2)
Terminal Node
T=(1,1)
Terminal Node
T=(1,2)
Terminal Node
T=(2,1)
A
C DB
HGF
E
Level 0
Level 1
Fig.6. PRIME Source repetition mechanism
Only Nodes B, C, D and E are able to register with Base Node A directly and get their node
IDs;
Nodes F, G and H cannot connect directly to the Base Node but as a result of their broadcast
requests, Nodes B and D were promoted to the switch state and received a corresponding
address, switch identifier S, equal to (1,0) and (2,0) respectively;
Nodes F, G, and H are now connected to Base Node A through Switch Nodes B and D and can
be registered with it.
The number of repetition levels is not limited.
4.3.7.2. G3-PLC hopping process
When meters are too far away from the concentrator, they communicate with the DC using a
hopping process through one or more other meters. Any meter can act as a router
(forwarder) to establish a route between two meters that are not neighbors. In the G3-PLC
specifications, neighbors are meters that are reachable directly without hopping. The process
of finding routes in the network is done automatically, by choosing the route with lowest cost.
The optimum route in the PLC LAN between two meters (nodes A and B in fig.7) is calculated
based on the LOAD protocol (see Annex, [5]):
Node A starts by broadcasting an RREQ message carrying a nil total cost.
All the network nodes (x=C, D, E and F) capable of propagating this message start by
adding their short address on 16 bits and incrementing the total cost of the route by
the cost of the segment A - x. If node x already has a route to B, it propagates the
RREQ message along that route. If not, the message is broadcast again.
Node B of the destination thus receives several RREQ messages which have followed
different routes whose path is stored in the body of the message. It chooses the route
corresponding to the lowest cost and sends back an RREP message that will follow the
reverse route to A.
On reception of RREP, each node marks the route to B in its routing table.
RTR8S Router/Data Concentrator Technical Description 21
©ADD-GRUP Document version 1.1
B C
E
A
D
F
B C
E
A
D
F
RR
EQ
RREQ
RREQRR
EQ
RREPRREP
REQUEST RESPONSE
Fig.7. Functioning of the LOAD protocol
To maintain the better quality of transmission between two nodes in the network the adaptive
tone mapping procedure, which is specific for G3-PLC, is used.
Adaptive selection of the usable tones and optimum modulation and code rate ensures
reliable communication over the power line channel. The modulation and coding selection is
based on the estimated SNR (signal-noise ratio) per subcarriers.
4.3.8. Time synchronization
The DC clock is periodically synchronized with a remote NTP server, every 3 hours by default.
The DC periodically synchronizes the meter clock. DC requests the meter time (once per
day). If the meter current time value differs from the DС time for more than stated limit, DC
synchronizes the meter clock. Every time deviation detected at synchronization is logged.
4.4. Data collection
The DC enables collection of metering data, alarms, events of each metering point assigned
to it:
Data requests on schedule.
On-demand request.
Rules of device data collection are defined automatically though can be
redefined from the HES.
If the meter didn’t transmit data to DC for any reason, e.g. through poor communication, DC
will request data continuously until the meter send data or “no data’ answer.
The System validates the meter values on collecting. All invalid data are discarded.
4.5. Parameterization
The DC features the following parameterization possibilities:
Remote configuring from the HES of slave devices (meters) dependent on the
meter functions: data to be reported, device objects, etc. and rules for data
collection.
Configuring revoked meter list.
RTR8S Router/Data Concentrator Technical Description 22
©ADD-GRUP Document version 1.1
The most parameters of DC are set up during production; however, some
parameters can be changed on demand directly before installation of DC.
Web interface is used as a parameterization tool. Detailed description of DC v.8
configuring using a Web-interface is presented in Appendix, [2].
Local parameterization is based on USB-interface by using the following two
methods:
Setting DC-PC connection via USB NULL modem cable. (See instructions
described in Annex [6])
Obtaining the 2nd standard Ethernet interface via USB-Ethernet adapter.
Remote parameterization using external modem via WAN.
DHCP support (client-server) for automatic configuring.
Possibility of enabling/disabling the concentrator application.
4.6. Data storage
The DC stores data in non-volatile memory. Data storage supports up to 75 000 000 objects
that allows, for example, storage of the following data (calculated for 1000 meters):
15 minutes load profile for 10 objects – 63 days;
Daily load profile for 20 objects – 63 days;
Monthly profile – 400 days.
The storage time of a particular data type can be adjusted (for each type of subscribed data
separately).
4.7. Firmware update
Updating meters:
Firmware update of the meters is based on Image Transfer mechanism (DLMS
UA 1000-1 Ed. 12).
Remote update of meters from the HES via DC can be performed for a separate
device by unicast command or a group of devices by broadcast.
P3.2 protocol or WEB interface can be used as updating tool
Updating DCs:
Remote DC firmware update by using Internet browser or SIMS Client
Automatic update. A script is started every day, which checks updates list and
install the necessary updates from the stated URL at scheduled time.
4.8. Security features
The DCU security architecture is based on using a dedicated Hardware Security Module
(HSM). The HSM conforms to Global Platform v.2.1.1 specification.
4.8.1. Storage of security materials
The HSM is used to store the security material of the Data Concentrator (for example, Master
Keys).
Each Data Concentrator unit is personalized during manufacturing with unique set of keys.
RTR8S Router/Data Concentrator Technical Description 23
©ADD-GRUP Document version 1.1
To secure the channel between the HSM and the Data Concentrator application the Password
Authenticated Connection Establishment (PACE) protocol is used.
The security material is retrieved by the DCU application and is used to cypher the sensitive
data, like symmetric keys and passwords used to access the meters.
The private keys used to access the DC via WAN interfaces are also encrypted using this
security material.
4.8.2. Secure boot[1]
The HSM allows setting a root of trust and enable the secure boot feature. After power-on-
reset the execution begins with ROM code. The ROM code authenticates the boot image
before loading and running it.
4.8.3. Software updates
The software update files are encrypted and authenticated using a manufacturer signed
certificate, so both image integrity and authenticity are verified.
4.8.4. Securing communication with HES
HTTP secured with TLS 1.0 – TLS 1.2 or SSL 3.0 (HTTPS) secures the HTTP protocol which is
transport for SOAP messages exchanged with Web Services. TLS/SSL provides socket-layer
security, encrypting all communication over a particular TCP connection by using X.509
certificates. Secured SSH protocol is also used, which supports up-to-date algorithms for
authentication, encryption and keys transferring.
Following protocols are supported: IP, TCP, UDP, 802.1Q VLAN, 802.1p QoS, 802.1d STP,
DHCP, ICMP, TFTP (client), FTP (client), HTTP, HTTPS, SNMP V3, SSH, NTP.
The Data Concentrator supports IKE policies for IPSec VPN creation. Following encryption
algorithms are supported: DES, 3DES, AES-CBC-128, AES-CBC-192, AES-CBC-256. Following
authentication algorithms are supported: SHA1, MD5, SHA256, SHA384, SHA512.[2]
4.8.5. Securing communication with meters
To ensure secure communication the DCU uses encryption/decryption of all input and output
information. DCU security architecture is based on the DLMS UA 1000-2 Ed.8.0 concepts.
AES-GCM-128 (Galois/Counter Mode with AES-128) Security Suite ID: 0 is used.
4.8.6. Role-based secure DCU access
Only authorized personnel can access the DC. By default, role-based DCU access is limited to
one user:
Admin user has limited functionality, including parameters setting and firmware
change.
Guest user with limited read only functionality may be enabled on request.
[1] Secure boot is supported only in specific part numbers.
[2] Cisco solutions – DMVPN, mGRE – are currently not supported. IPSec VPN is proposed instead, as a solution supported by a wider range of telecommunication devices.
RTR8S Router/Data Concentrator Technical Description 24
©ADD-GRUP Document version 1.1
4.8.7. Mitigation of Denial-of-Service attacks.
4.8.7.1. DLMS/COSEM DOS attack
Too high frame counter value received from meter. When too high frame counter value
is received from meter, DCU immediately closes the application association with the meter,
and writes the “(14) Invalid FC received for client <client> and <key_type>” event in
security event log. Event message contains also the meter logical device name and the
timestamp. Event message may be sent as an alarm to HES.
4.8.7.2. P3.2 DOS attack
High volume of P3.2 resources. Mitigation is performed at two layers:
(1) The firewall in DCU allows a limited number of TCP connections to P3.2 web services, and
a limited number of new TCP connections per second.
(2) For each invocation of WS-ResourceTransfer/CREATE operation, DCU checks the actual
count of existing resources. If limit of resources is exceeded, the CREATE operation fails.
When last available resource is created, DCU writes the “(26) The maximum count of P32
resources was reached. Details: <details>” event in security event log. Event message may
be sent as an alarm to HES. Existing resources, created under DOS attack, will be removed
automatically after configured timeout.
4.8.7.3. Wrong password connection attempts
After „N” number of consecutive failed login attempts the access to DCU (via Web-interface
or SSH port) is blocked for specified time “T” (in minutes) and an event to HES is generated.
Both parameters (N and T) are configurable. DCU can be unlocked if the timeout is expired or
DCU is reset via an available (unblocked) interface.
4.9. Alarm handling
The meter sends Event Notification to DC asynchronously as alarm occurs.
There is a dedicated controller for DC alarm tracking. The alarm controller allows detection of
DC cover and DC terminal block cover opening/closing and internal temperature
measurement.
Each change of opening sensor status is registered and time stamped. The battery presence
allows registration of opening sensors status change in energy saving mode.
4.10. DC logging
The DC registers events in different log files depending on events type.
Such events as the system start, power failure, interfaces restart, DC restart by
monitors, are stored in the System log.
Login attempts, password change are stored in the Security log.
Communication events, such as registration/unregistration of meters are recorded in
Communication log.
All the events are asynchronous and registered as they occur.
DC events can be read via Web-browser and exported in a file (see details in [2].
DC also enables debug log data collecting from DC over TCP/IP and UDP/IP protocols by
using special DCUSup.LoggerServer application. A number of log files is stored and available
for analysis. The DCUSup.LoggerServer application stores the logs in separate folders for
each DC IP address and each date.
RTR8S Router/Data Concentrator Technical Description 25
©ADD-GRUP Document version 1.1
The application works as a Windows service and continuously monitors TCP/IP and UDP/IP
ports (3000 and 6000 by default). Standard interfaces to manage the installation files can be
used.
RTR8S Router/Data Concentrator Technical Description 26
©ADD-GRUP Document version 1.1
5. DC Maintenance
5.1. DC installation procedure
In case of outdoor installation, the DC should be obligatory installed within protective box,
with the purpose to protect the DC from direct influence of moisture and solar radiation.
The DC is placed vertically in 3 fixing points in suitable to operation conditions place for
installation, reasoning from DC’s overall dimensions (see fig.8) and convenience of leading
communication channels to the DC.
Fig. 8a. General form and overall dimensions of RTR8S
RTR8S Router/Data Concentrator Technical Description 27
©ADD-GRUP Document version 1.1
Fig. 8b. Mounting dimensions of RTR8S
The device is equipped with an antenna and terminal blocks for connection with internal
interfaces. It is installed to selected point and connected according to the diagram placed on
the DC front panel (see fig. 9).
Fig. 9. Diagram of device connectors for RTR8S.LG-4-1 (example).
The device should be switched off before operations of DC connection or dismantle
intermediate automatic circuit breaker, through which DC is connected to the transformer
secondary busbar.
To Install the DC follow the next steps:
① Select suitable for operation conditions place for installation, reasoning from DC overall
dimensions and convenience of connection of communication channels (fig.8a).
② Mark out the place of installation according to mounting dimensions (see fig. 8b).
③ Drill three holes of 6,2 mm diameter in the respective points of the panel, intended for
DC fixing.
RTR8S Router/Data Concentrator Technical Description 28
©ADD-GRUP Document version 1.1
④ Make external visual inspection of the DC to be sure that there is no mechanical damage
and manufacturer seal is present (pos. 1, fig. 8).
⑤ Turn off screws for terminal block cover fastening and remove the cover (pos. 2, fig. 8).
⑥ Hang DC on fixing holder and fix it with the help of corresponding screws and female
screws.
⑦ Place fastening screws in mounting holes under the terminal block cover and screw it.
⑧ Remove isolation from LV, MV cable wires (7-8 mm) (if available).
⑨ Connect feeder wires to the LV connector, taking into consideration that admissible
cross-section of wires is 0,5-2,5 mm2 (fig. 9).
⑩ Install and fix a flexible three-phase four-wire network cable between automatic circuit
breaker and DC in order to interconnect both devices. Do not connect this cable to the
breaker or DC at this stage.
⑪ Connect GSM channel (if available): install SIM-card in the respective communication
compartment (fig. 9) and connect the antenna to respective GSM socket on the DC terminal
block panel (fig. 9).
⑫ Connect another communication channels in dependence of design version of the DC.
⑬ Replace terminal box cover and fix it with respective screws (pos.2, fig. 8).
⑭ Apply voltage.
⑮ Pay attention to LEDs’ indications in dependence of DC design version. In the operating
mode, LEDs should glow constantly.
⑯ After mounting is finished, the DC cover are sealed up by the representatives of power
supply organization (pos. 2 fig. 8).
⑰ The DC is ready to operate in regular mode.
RTR8S Router/Data Concentrator Technical Description 29
©ADD-GRUP Document version 1.1
6. Annex. References
1. Multipurpose line monitor RML v.7. Technical description and instruction manual
2. Configuring OFDM based DCU using a Web-browser. Instruction manual.
3. How to Update Group of Meters. Instructions Manual.
4. Event handling in ADDAX meters v7. General Description
5. G3-PLC Profile Specification
6. How to get access to DC Web-interface via USB. Instruction.