In power utility networks, the move is away from the legacy communications infrastructure and toward Ethernet transport and Internet Protocol (IP) or packet-based networks. This is part of the smart grid evolution, with these new networks providing functionality such as IP-based supervisory control and data acquisition (SCADA) systems, advanced substation automation and high-resolution video surveillance.
Offering high capacity and low operational expense, packet transport is a fit for the type of communications traffic generated by the advanced grid applications of intelligent power networks. As more utilities begin this network transformation, they face a decision about which packet technology to use.
Individuals in charge of the distribution network tend to favor routable IP/multi-protocol labeling system (MPLS) because it simplifies the addition of new devices to the network. Operations engineers like Layer 2 technology for its management features, such as bandwidth control, operations, administration and maintenance, and its security.
Many utilities are cautious with this transformation to IP. They want to be assured of the same reliability level they have become accustomed to in their legacy networks. There are utility applications such as SCADA and Generic Object-Oriented Substation Event (GOOSE) messages that require dependable service assurance tools to ensure low end-to-end delay, high availability and resiliency. Packet technologies, including Ethernet, have advanced to where they can now guarantee the necessary performance levels.
During this transition, the new equipment and legacy infrastructure and substation devices must coexist, and this means two types of communications traffic are being transmitted over the utility network: Ethernet and IP-based data and signals as well as time-division multiplexed (TDM) traffic from existing equipment.
Because of the nature of the new networks, traffic generated by the legacy equipment requires a special delivery method, such as pseudowire emulation. This method creates a virtual tunnel through the packet network for the legacy traffic. Other methods are anticipated in the future, but pseudowire is currently the prevailing solution.
As the pseudowire traffic moves through the packet network along with native packet-based traffic, certain Ethernet performance management tools are required. These tools help enable robust performance guarantees, reliability and service management.
In addition, Ethernet advancements enable sophisticated mechanisms, providing substation applications such as SCADA and GOOSE messaging. By managing bandwidth consumption and transmission priorities with class of service-based granularity, for example, the desired performance is assured. This involves tools such as classification of traffic flows by type and required class of service; metering and policing of flows to regulate traffic based on pre-defined bandwidth profiles; scheduling the order various flows are forwarded; traffic shaping to smooth out "bursts"; and packet editing, to ensure data integrity and proper handling.
These and other tools, now a standard part of carrier-grade Ethernet, give utilities many ways to test, monitor and troubleshoot the operation of their communications links. The end-to-end visibility and proactive monitoring these remotely managed tools provide help utility network operators anticipate and proactively prevent service degradation. The result is a reduction in truck rolls and on-site technician calls, lower operational costs, and essentially fail-safe operation of what are mission-critical networks for utilities.
The Synchronization Challenge
One issue with packet networks is that they were not designed with built-in synchronization mechanisms. As a result, to guarantee a stable network with predictable performance, they require complementary clock transfer solutions. International Electrotechnical Commission (IEC) standard 61850 focuses on utility networks' needs in timing and synchronization over packet. This allows legacy equipment support and applications that are delay-sensitive, such as protection, SCADA and power quality measurements (synchrophasors).
While installation of global positioning system (GPS) at each node or service point has been a common solution, GPS is expensive and susceptible to jamming with low-cost, readily available equipment. This could leave a utility's network vulnerable. As alternatives, there are several methods of synchronization. One, known as Synchronous Ethernet or Sync-E, uses Ethernet network attributes for accuracy. Another, Adaptive Clock Recovery, distributes frequency over a packet switched network, relying on packet arrival times as a guide. In addition, there is Precision Time Protocol, which time-stamps information to deliver frequency and time of day data, assuring proper synchrophasors operation and avoiding cascading blackouts.
In their migration, utility network operators have many packet-based options: Ethernet, IP, MPLS, MPLS Traffic Engineering (TE), MPLS Transport Profile (TP), and circuit switching based on optical transport networks. Each technology performs the basic task of transporting information from place to place, but Table 1 summarizes their strengths and weaknesses.
A utility's technology decision is affected by many factors, including the number of connected sites, their size, and the ability of the chosen solution to ensure consistent performance across the various access media at each site.
For many utilities, there is significant interest in Ethernet access with an MPLS core. Its advantages include a lower cost per port, rich management tools and advanced protection mechanisms. This approach also allows utility network operators to continue using their existing access media—regardless of whether that is copper, fiber or wireless.
|The paths are shown of the Ethernet traffic and the equipment involved in aggregating the traffic for transmission through the network.|
The smart grid migration brings with it a large increase in interconnected devices. Because most of these are located in consumer neighborhoods and homes with unrestricted access, this means many potentially vulnerable entry points to disrupt the grid. To counter this risk, a multi-layered security strategy is required.
The first level involves authentication of the devices connecting to the network. Here, Ethernet offers several mechanisms to protect against attacks. Among them is an authentication protocol for point-to-point links that enable dynamic management of access authorization based on user identities or, alternatively, rules that limit access to devices that have specific IP or media access control (MAC) addresses.
Additional options include an IPsec gateway that can form a virtual private network or a MACsec technique for source authentication, integrity protection, and confidentiality without the need for a security gateway. Another approach is routing encapsulation tunneling for transparently connecting sites and forming a single Ethernet network without the need for IP addressing and routing logic. Using IPSec with generic routing encapsulation (GRE) enables the preservation of service-defining virtual network information.
Another technique is locating a Secure Shell server to limit remote access for operations and maintenance. This allows remote users, such as field technicians, to log in over an encrypted communications channel. Compared with a basic virtual private network connection, this provides a more controlled environment with limited access rights.
|Legacy traffic is encapsulated as it moves through the packet network, emerging on the other side in its original form.|
Utility operators can also deploy Ethernet switches with an integrated firewall on each port. This delivers a distributed and network-based security solution equivalent to the use of personal firewalls on each system or device within the network. This enables validation of the application logic communication flow among all network devices and establishment of specific allowed functions. It amounts to white-listing a known and finite list of applications for a given user as opposed to the more cumbersome black-listing approach.
As utilities in the U.S. and worldwide are discovering, Ethernet is a technology that has proven itself capable of meeting the exacting requirements of critical applications. Combining Ethernet in the access and aggregation portion of the network with an MPLS core can meet these requirements and the needs of various functions within the utility.
About the author: Kobi Gol is business development and solution manager for Utilities, Transportation and Migration at RAD Data Communications.