School of

Engineering

DATEN-KARUSSELL MIT
GEGENVERKEHR

Prof. Thomas Müller

Institute of Embedded Systems (InES)

© Slides by HSR project team Interoperability demo at CIGRE 2010

Zürcher Hochschule für Angewandte Wissenschaften School of
Engineering

School of Engineering
ƒ Gegründet 1874 als "Technikum Winterthur"
ƒ > 1‘300 Studierende in Bachelor Studiengängen
ƒ ca. 300 Diplomierte pro Jahr
ƒ 60 Studierende im MSE Master of Science in Engineering

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of

Institute of Embedded System (InES)

Engineering

Personal:
45 Mitarbeiter total
25 Assistenten und
wiss. Mitarbeiter

10 Dozenten, (davon 2 Teilzeit)

7 technische Mitarbeiter

1 Sekretärin

2 Praktikant / Lehrling

Finanzen 2009:
F&E: 2.8 Mio. CHF
Lehre: 1.9 Mio. CHF

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of
Engineering

Schwerpunkte am InES

Industrielle Echtzeit-Kommunikation:
ƒ Realtime Ethernet: Hans Doran
ƒ Zeitsynchronisation und Hochverfügbarkeit: Hans Weibel
ƒ System on Chip Design: Hans-Joachim Gelke
ƒ Wireless Communication: Marcel Meli
ƒ Entwicklungsmethoden: Hugo Fierz

© Slides by HSR project team Interoperability demo at CIGRE 2010

Tanks to the
HSR Project Team
for the slides
Prof. Dr. Hubert Kirrmann
ABB

Oliver Kleineberg
Hirschmann

Clemens Hoga
Siemens

Prof. Thomas Müller

ZHAW

CIGRE 2010, Paris

SIEMENS
 School of

Content Engineering

1. Short (!) Introduction

2. Standards (IEC 62439) and requirements (IEC 61850)
3. PRP (Parallel Redundancy)
4. HSR (High-availability seamless redundancy)
5. KTI Project
6. Conclusion

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of

Redundancy requirements
Engineering

ƒ IEC TC57 WG10 (POWER SYSTEM IED COMMUNICATION

AND ASSOCIATED DATA MODELS)
studied how long the substation automation application can
tolerate the loss of communication without causing a malfunction
of the protection system (next slide).
ƒ In substation automation, redundancy fulfilling the (n-1) criteria
(no single point of failure) is crucial
ƒ Substation automation systems require communication networks
that fulfill the (n-1) criteria as well
ƒ A most important criteria for redundancy is the recovery time:
How long does it take to restore service after a failure

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of
Recovery delay demands as shown in IEC 61850-5 ED2 Engineering

Communicating Service Application recovery Required

partners tolerated delay Communication
Recovery Time
SCADA to IED, client- IEC 61850-8-1 800 ms 400 ms
server

IED to IED interlocking IEC 61850-8-1 12 ms 4 ms

(with Tmin set to 4 ms)

IED to IED, reverse IEC 61850-8-1 12 ms 4 ms

blocking (with Tmin set to 4 ms)

Protection trip excluding IEC 61850-8-1 8 ms 4 ms

Bus Bar protection

Bus Bar protection IEC 61850-9-2 < 1 ms Bumpless

on station bus
Sampled Values IEC 61850-9-2 Less then two consecutive Bumpless
on process bus samples

To fulfill these requirements, IEC 61850-8-1 and -9-2 uses redundancy solutions
standardized for Industrial Ethernet by IEC 62439-3.
© Slides by HSR project team Interoperability demo at CIGRE 2010
IEC 62439: School of
Engineering

High Availability Automation Networks

ƒ Ethernet based high availability networks
ƒ Specifies relevant principles
ƒ Independent of application protocol
ƒ Can be used for any application
ƒ Industrial automation
ƒ Energy automation
ƒ Transportation
ƒ Medical

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of

Redundancy solutions Engineering

ƒ With small recovery time

ƒ RSTP (Rapid Spanning Tree Protocol)
IEEE 802.1D-2004
IEC 62439-1 Annex A (recovery time calculation methods)
ƒ MRP (Media Redundancy Protocol)
IEC 62439-2

ƒ With “zero” switchover time (seamless)

ƒ PRP (Parallel Redundancy Protocol)
IEC 62439-3 Clause 4
ƒ HSR (High-availability Seamless Redundancy)
IEC 62439-3 Clause 5

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of

RSTP Rapid Spanning Tree (IEEE 802.1D) Engineering

ƒ RSTP is a mature protocol widely used in offices, industry and substations.

ƒ RSTP can provide a predictable delay under a second in restricted topologies
(especially rings with a limited number of switches) as specified in IEC 62439-1.
ƒ RSTP does not cover edge port failures and it provides only a small availability
increase.

root port
{forwarding}
designated port alternate port
{forwarding} station bus {blocked}

P1 P2 P1 P2 root port P1 P2 edge port

{forwarding}

C C C

MU MU MU MU MU MU

bay bay bay

© Slides by HSR project team Interoperability demo at CIGRE 2010
 School of

Media Redundancy Protocol (IEC 62439-2) Engineering

Redundancy for Ring Topology with

guaranteed Switch Over Time

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of

Seamless redundancy principles (example PRP) Engineering

ƒ Apply two interfaces

ƒ Send same information
twice on different paths
ƒ Prevent duplication;
discard the second
message
ƒ Loop suppression

DAN Dual Attached Node, ƒ Keep redundancy

SAN Single Attached Node invisible to the application
RedBox Redundancy Box
VDAN Virtual Dual Attached Node

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of
PRP Parallel Redundancy Protocol Engineering

(IEC 62439-3 Clause 4)

ƒ PRP provides (n-1) redundancy (no single point of failure) and

availability increase is high.

ƒ PRP requires the full duplication of the network, but only of those
parts that require seamless redundancy.

ƒ PRP allows to attach standard Ethernet devices to one of the

LANs. Therefore, networks with redundant and non-redundant
parts can be built.

ƒ PRP can be easily implemented in software by a dedicated driver

that manages two standard Ethernet ports.

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of

PRP principle DANP = Doubly Attached Node using PRP

Engineering

“A” frames DANP

“B” frames DANP
standard frames

switch switch

local area network local area network

A B
switch switch switch switch

DANP DANP DANP DANP DANP SAN SAN

Two Ethernet networks (LANs) of similar topology operate in parallel.

The LANs shall not be connected to each other to ensure fail-independence.
Each node is a doubly attached node with PRP (=DANP) which has an interface for each LAN
and sends a frame simultaneously on both LANs.
A receiver receives in normal operation both frames and discards the duplicate.
In case of failure, a receiver keeps on with the frames it receives from the healthy port.
When traffic is reestablished, the receiver resumes processing frames from both channels.
© Slides by HSR project team Interoperability demo at CIGRE 2010
 School of

PRP normal operation Engineering

application application

IED IED
Redundancy Redundancy
Manager device interface Manager

A B AA B
Network A
Network B
Redbox (Redundancy Manager in a Box)

IED

© Slides by HSR project team Interoperability demo at CIGRE 2010

PRP normal operation (with long delay on School of
Engineering

Network B)

application application

IED IED
Redundancy Redundancy
Manager device interface Manager

A B AA B
Network A
Network B
Redbox (Redundancy Manager in a Box)

IED

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of

PRP operation with fault Engineering

application application

IED IED
Redundancy Redundancy
Manager device interface Manager

A B A B

Network A
Network B
Redbox

IED

© Slides by HSR project team Interoperability demo at CIGRE 2010

HSR High-availability seamless redundancy IEC School of
Engineering

62439-3 Clause 5

ƒ Provides (n-1) redundancy for all network components (no single

point of failure)
ƒ Provides seamless redundancy for station bus and process bus
ƒ Allows to build rings without using switches
ƒ Cost-effective solution
ƒ Requires dedicated hardware in the nodes to keep the forwarding
delay low.

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of
Engineering
HSR principle (Multicast)
source destinations
“A” frames
„C“-frame node „D“-frame node node
“B” frames
standard frames
removal from the ring
„A“-frame „B“-frame
(HSR tagged) (HSR tagged)

B A

node node node node node

destinations

Nodes are arranged as a ring, each node has two identical interfaces, port A and port B.
For each frame to send (“C”-frame), the source node sends two copies over port A and B.
Each node relays a frame it receives from port A to port B and vice-versa, except if it already forwarded it.
The destination nodes consumes the first frame of a pair and discards the duplicate.
In case of interruption of the ring, frames still continue to be received over the intact path.

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of

HSR normal operation Engineering

application application

IED IED

Redundancy Redundancy
Manager
device interface Manager

Redbox

Redundancy Redundancy
Manager Manager
IED
IED IED

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of

HSR operation with fault Engineering

application application

IED IED

Redundancy Redundancy
Manager
device interface Manager

Redbox

Redundancy Redundancy
Manager Manager
IED
IED IED

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of

HSR: rings of rings: three levels Engineering

workstation printer
GPS
HSR
standard Ethernet

quadbox

maintenance laptop

ƒ no RSTP protocol any more (but can be used)

ƒ note that level 3 is singly attached (only one quadbox)
© Slides by HSR project team Interoperability demo at CIGRE 2010
PRP and HSR are complementary and School of
Engineering

can be connected

© Slides by HSR project team Interoperability demo at CIGRE 2010

PRP and HSR are complementary and School of
Engineering

can be connected
end end
node PRP nodes node

A B A B

PRP LAN A LAN B

interlink A interlink B
end
node
RedBoxPH B
RedBoxPH A
A B A B A B

HSR

B A B A B A B A

end end end end

node node node node

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of

PRP/HSR in Parallel and Ring Redundancy Engineering

application

SC

Redundancy
Manager

IED

Station Bus
PRP or
HSR in parallel mode IED
IED
IED

IED Process Bus

HSR

IED

IED IED
application
© Slides by HSR project team Interoperability demo at CIGRE 2010
 School of

PRP/HSR in Parallel and Ring Redundancy Engineering

application

SC

Redundancy
Manager

IED

Station Bus
PRP or Failure in
HSR in parallel mode IED
IED
IED
parallel string

IED Process Bus

HSR

IED

IED IED
application
© Slides by HSR project team Interoperability demo at CIGRE 2010
 School of

KTI Project Engineering

HSR is being evaluated and HSR components (FPGA based) are being
developed as the open source in a research project financed by the Swiss
Federal Government (KTI), with participation of:
ƒ Zurich University of Applied Sciences /
Institute of Embedded Systems (InES)
ƒ ABB
ƒ Siemens
ƒ Hirschmann

The IP (HVDL Code and C-Source Code)

of this implementation will be available
ƒ at 2Q2010

ƒ to fair and reasonable terms

The IP will be maintained and supported

by ZHAW at the Institute of Embedded Systems
© Slides by HSR project team Interoperability demo at CIGRE 2010
 School of

InES Communication Module Engineering

Field Programmable Gate Array

(FPGA) based SoC-Design

• Cyclone III, 40k Logic Cells

• Softcore Processor NIOS II running
Linux Operating System
• 4 Ethernet Connections 100 B-TX
• Fast Frame Buffer (256k x 36 Bit)
• 4 M Byte Parallel Flash
• 16 M Byte Serial Flash
• 16 M Byte SDRAM
• 24V Power Supply
• Extendable by Piggyback Board

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of

Interoperability Demo at CIGRE Paris Engineering

August 25th-26th 2010

ABB

Tx-Fx
fault generator
Flexibilis

ZHAW

Tx-Fx
RuggedCom

Hirschmann

Siemens

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of

Interoperability Demo at CIGRE Paris Engineering

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of

Interoperability Demo at CIGRE Paris Engineering

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of

Interoperability Demo at CIGRE Paris Engineering

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of

Summary Engineering

IEC 61850 specifies several redundancy methods

PRP seamless, for high-end substations, combines topologies

redundant and not redundant, easily to implement in software
SW-Drivers available from at least two suppliers (ZHAW, NetModule);
RedBox IP (VHDL and Code) for FPGA-Implementation from ZHAW.
HSR seamless, for voltage levels and process bus, rings and rings of rings
Requires nodes with dedicated hardware, but after this initial investment,
provides a cost-effective redundancy.
Allows ring and parallel topologies, but not mixing redundant and non-
redundant devices on the same network (RedBox is required).
Several companies are developing components with the support of the KTI
project of ZHAW.

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of

KTI-Studien und Projekte Engineering

ƒ Voraussetzungen:
ƒ innovativer / technischer Fortschritt (hohes Risiko)
ƒ mindestens ein Wirtschaftspartner
ƒ wirtschaftliche Bedeutung in der Schweiz
ƒ Projektplan: Wer, Was, Wann
ƒ Nutzungsvertrag
ƒ Aufwendungen der Hochschulen werden durch KTI finanziert
ƒ Anteil bei Machbarkeitsstudien bis zu 80%
ƒ Anteil bei Projekten bis 50%

© Slides by HSR project team Interoperability demo at CIGRE 2010

 School of
Engineering

InES – Institute of Embedded Systems

Technikumstrasse 9, Postfach
CH-8401 Winterthur

Tel: +41 (58) 934 75 25

http://ines.zhaw.ch
mail-to: info.ines@zhaw.ch

© Slides by HSR project team Interoperability demo at CIGRE 2010