Patent Application
20140304403
The present disclosure relates to a unit for validating a communication network of an industrial automation and control system and to a method of validating a communication network of an industrial automation and control system.
Industrial automation and control systems are used to control industrial plants (e.g., for manufacturing goods, generating power, processing substances, producing electric power, etc). Ethernet has become widely used as a communication technology in industrial automation and control systems. However, the use of Ethernet presents new challenges to commissioning engineers, such as to make sure that the network is performing as expected. When only analogue communication technologies were involved, network connections could be easily verified using a multi-meter. In present communication technologies, such as Ethernet, when nodes or network controls (e.g., e.g. network switches) are not correctly configured, diagnosing the problem can be a difficult, time consuming, and cumbersome task, as current engineering tools do not provide automatic validation and troubleshooting of Ethernet configurations. Consequently, the commissioning process of such industrial automation and control systems may be time consuming and expensive.
After receipt of the order of a customer, an engineering team for designing industrial automation and control systems may design the requested system and produce, for example, a system description file. In case of electrical substation automation systems, for example, a system description file according to the IEC 61850 standard may be produced, which is the SCD file (SCD: Substation Configuration Description) that contains the information on the entities in the substation automation system as well as on the logical data flow in the substation automation system. In general process automation systems or industrial automation and control systems, the system description file may be the system planner file.
On the basis of the system description file, the commissioning engineers deploy the industrial automation and control system. One particular aspect is to deploy the physical communication network of the industrial automation and control system, which implies, among others, the installation of network cables, network controls, and end nodes in order to form the commissioned network architecture.
In current practice, no validation process whatsoever is made to automatically validate the commissioned network architecture. No state-of-the art solution exists in the realm of industrial automation and control systems which automatically validates the commissioned network. Hence, there is currently no automated solution to test whether the commissioned network is correctly deployed or whether the network contains errors, and as a consequence, in case of a wrongly deployed network, errors may be noticed only during testing or operation of the industrial automation and control system, which may give rise to significant production delays, downtimes or even security risks.
A unit for validating a communication network of an industrial automation and control system is disclosed, comprising: a planner module configured to store plan data defining a designed communication network of an industrial automation and control system; a collector module configured to collect effective data defining a deployed communication network of the industrial automation and control system; and a difference detector configured to detect differences between the designed communication network and the deployed communication network using the plan data and the effective data.
A method of validating a communication network of an industrial automation and control system is also disclosed, comprising: storing plan data defining a designed communication network of an industrial automation and control system; collecting effective data defining a deployed communication network of the industrial automation and control system; and detecting differences between the designed communication network and the deployed communication network using the plan data and the effective data.
A computer program product is also disclosed comprising a non-transitory computer-readable medium having stored thereon computer program code which will, upon execution, direct a processor of a computer to: store plan data of a designed communication network of an industrial automation and control system; collect effective data of a deployed communication network of the industrial automation and control system; and detect differences between the designed communication network and the deployed communication network using the plan data and the effective data.
Features disclosed herein will be explained in more detail, by way of exemplary embodiments, with reference to the drawings in which:
A unit is disclosed for validating a communication network of an industrial automation and control system, as is a method of validating a communication network of an industrial automation and control system. For example, a unit is disclosed for validating a communication network of an industrial automation and control system, as is a method of validating a communication network of an industrial automation and control system, wherein it can be effectively validated that the communication network of the industrial automation and control system has been deployed to a high degree of correctness.
According to the present disclosure, a unit or tool can be provided for validating a communication network of an industrial automation and control system, which includes: a planner module configured to store plan or configuration data defining a designed communication network of an industrial automation and control system, a collector module configured to collect effective data defining or representing a deployed communication network of the industrial automation and control system, and a difference detector configured to detect or identify differences between the designed communication network and the deployed communication network using the plan data and the effective data. The validation unit may be included into existing commissioning tools for commissioning industrial automation and controls systems, for example into an testing tool used for engineering and commissioning of substation automation systems. For example, the validation unit may include programmed software modules comprising computer code for directing a processor of a computer to perform the required functions. Accordingly, a notebook or laptop computer including the validation unit may be plugged to one of the devices or components of the deployed communication network, for example to a switch, of the industrial automation and control system and validation of the deployed communication network may be performed by collecting effective data of the deployed communication network and comparing the effective data with plan data. Hence, a validation unit as disclosed herein can provide for automatic, reliable and fast validation of a deployed communication network, such that production delay, downtimes and security risks can be minimized.
In an exemplary embodiment, the collector module can be configured to collect the effective data by sending request messages to one or more network devices or network components of the deployed communication network of the industrial automation and control system. The request messages may be sent according to the plan data, which may include, for example, all network addresses of network components of the designed communication network. Hence, the collector module may, for example, send request messages to each of the network components.
The network components may be configured to send configuration messages in response to such request messages to the validation unit, wherein, for example, the configuration messages may include installed network connectivity indicative of physical and/or logical connections of the network components. Hence, the collector module may receive the configuration of network components of the deployed communication network and may generate effective data of the deployed communication network of the industrial automation and control system. In other words, a model may be built by communicating with all network components of the communication network using for example a standardized protocol, e.g. SNMP or IEC 61850 communication, which is supported by all network components and with which the network related information can be accessed.
The network communication model may be stored in a machine readable format as effective data, wherein all the physical connectivity, as well logical connectivity and all relevant network related configuration information are included. The logical connectivity may include VLAN (virtual local area network) filters, multicasting filters, etc. To obtain VLAN settings and multicast filters, each network component, for example each network switch or control, may be contacted to obtain the VLAN configuration settings of every port of the network component, for example from a Q-BRIDGE-MIB. MIBs (Management Information Base) are databases which include stored management information of managed devices. The database may have a tree-like structure, wherein each leaf is identified by a unique OID (Object Identifier). For instance, to get the VLAN identifier, by use of the SNMP protocol, the switch may be contacted to receive the value of the MIB object dot1qVlanIndex, which MIB object has the identifier 1.3.6.1.2.1.17.7.1.4.2.1.2.
In an exemplary embodiment, the collector module can be configured to detect and/or identify network devices, by broadcasting ping-type messages and evaluating the responses. For this purpose, the collector module may automatically choose and configure a network address which is not in use in the network by listening to LLDP packet from the switch to which it is connected to, by using the management address in the LLDP packet together with a known subnet mask of the network and by using ARP request to verify whether the chosen network address is not in use in the network. Such detection mechanism can be particularly helpful in case the deployed network components deviate in number and identification from those according to plan data.
Switches and controls of the deployed communication network of the industrial automation and control system may be configured to respond to the sender of a broadcast message with their network identity information, for instance their network address. Hence, the collector module may use the network identity information from the responses to the broadcast message for obtaining the configuration and for generating effective data of all components of the deployed communication network of the industrial automation and control system, by sending request messages as above. Furthermore the detection mechanism may be extended to sub networks of the network which are generally not reached by the broadcast detection messages mentioned. For this purpose, sub networks are identified from the management address entries in LLDP MIB of the border network devices.
In an exemplary embodiment, the collector module can be configured to collect the effective data using at least one of: Link Layer Discovery Protocol (LLDP), Simple Network Management Protocol (SNMP), an IEC 61850 data object, and an address forwarding table (AFT). These protocols and standards are widely available in known state-of-the-art network components. For example, LLDP is a vendor neutral protocol for advertising device identity and capabilities of network devices and facilitates the process of obtaining information about neighbouring devices; and SNMP is a protocol to query configuration data of network components.
End nodes, for example intelligent electronic devices (IED), laptops, printers, etc. may not have LLDP enabled. Thus, in order to map out the topology to the end nodes, address forwarding tables AFT may be inferred. For example, the AFT of a switch may include MAC addresses (MAC: Medium Access Control) along with port numbers through which packets destined for that address have to be forwarded.
In an exemplary embodiment, the difference detector is configured to build a comprehensive, or enhanced, network communication model of the designed communication network and a comprehensive network communication model of the effective communication network, wherein differences between the designed communication network and the deployed communication network are detected using the comprehensive network communication models. For example, the engineered respectively the designed communication network of an industrial automation and control system may be represented in the form of a machine readable system configuration. However, other expert/implicit information concerning the communication network may exist, which is not explicitly written in the configuration file, but which is applied when commissioning or deploying the communication network. Such expert/implicit information may indicate, for example, that ingress filters are turned off by default in all switches, that all switch ports not connected to end nodes are disabled, that a community string (a kind of pre-defined passphrase) is used to interrogate the switch using SNMPv2, or that the station computer can access all intelligent electronic devices (IED) of the communication network.
From such expert/implicit knowledge, a comprehensive communication model [C′] of the engineered/designed communication network can be built and stored in a machine readable format that includes all physical connectivity, logical connectivity (logical flow) and all relevant network related configuration information. Accordingly, a comprehensive network communication model [C] is determined from the deployed communication network. For example, the deployed network is only correct in case [C]==[C′].
In an exemplary embodiment, the difference detector can be configured to build a comprehensive network communication model of the deployed communication network and to transform the model into a system description file, wherein differences between the designed communication network and the deployed communication network are detected using this system description file. The comprehensive network communication model [C] of the deployed communication network may be built, as described herein, by collecting effective data of the deployed communication network. Thereafter, the model may be transformed to the system description file [S], which may be compared to the system description file [S′] of the engineered/designed communication network. The transformation may include a pattern matching, which can be seen as an expert knowledge corresponding to the expert knowledge described earlier. For example, the deployed network is only correct in case [S]==[S′]. For example, the comparison of information as described herein may include content comparison, string comparison, etc.
In another exemplary embodiment, the validation unit can include a notification module configured to generate one or more notification messages in case the difference detector detects one or more differences between the designed communication network and the deployed communication network. For example, the notification module may be configured to display differences between the designed communication network and the deployed communication network on a screen of a laptop computer. Alternatively, the notification module may be configured to transmit differences between the designed communication network and the deployed communication network to remote systems.
In addition to the unit for validating a communication network of an industrial automation and control system, a method is disclosed of validating a communication network of an industrial automation and control system, as is a computer program product which includes a computer-readable medium having stored thereon computer program code which directs a processor of a computer.
A method of validating a communication network of an industrial automation and control system, as disclosed herein, can include: storing plan data defining a designed communication network of an industrial automation and control system, collecting effective data defining a deployed communication network of the industrial automation and control system, and detecting differences between the designed communication network and the deployed communication network using the plan data and the effective data. In an exemplary variant, effective data can be collected by sending request messages to one or more network devices of the deployed communication network of the industrial automation and control system. In another exemplary variant, effective data can be collected using one or more response messages generated in response to one or more broadcast messages sent to the deployed communication network of the industrial automation and control system. In an exemplary variant, effective data can be collected using at least one of: Link Layer Discovery Protocol (LLDP), Simple Network Management Protocol (SNMP), an IEC 61850 data object, and an address forwarding table (AFT). In an exemplary variant, a comprehensive network communication model of the designed communication network and a comprehensive network communication model of the effective communication network can be built, wherein differences between the designed communication network and the deployed communication network are detected using the comprehensive network communication models. In an exemplary variant, a comprehensive network communication model of the deployed communication network can be built and transformed into a system description file, wherein differences between the designed communication network and the deployed communication network are detected using the system description file. In an exemplary variant, one or more notification messages can be generated in case the difference detector detects one or more differences between the designed communication network and the deployed communication network.
A computer program product as disclosed herein can include a computer-readable medium having stored thereon computer program code which will direct a processor of a computer to: store plan data of a designed communication network of an industrial automation and control system, collect effective data of a deployed communication network of the industrial automation and control system, and detect differences between the designed communication network and the deployed communication network using the plan data and the effective data.
The planner module 11 is configured to store plan data of a designed communication network of an industrial automation and control system, which may include, for example, a planner file or a table according to Table 1 below.
The collector module 12 is configured to collect effective data of a deployed communication network of the industrial automation and control system, wherein, for example, the collected effective data may be arranged according to Table 2 below.
The difference detector 13 is configured to detect differences between the designed communication network and the deployed communication network using plan data and the deployed network configuration data, wherein, for example, the differences are marked with underline or strike-through attributes according to Table 2 below.
As indicated in
As indicated in
In
In Table 1, the data of the designed communication network is shown, which may be equal to or form the basis of the plan data.
Based on to the information provided in Table 1, for example on the basis of corresponding plan data, commissioning engineers may deploy a network for a substation automation system.
According to an exemplary embodiment, a collector module is configured to collect the effective data of the deployed communication network of the substation automation system. The collector module retrieves all the network related information (physical, logical, settings, etc.) from the deployed network. Upon receipt of this information, the network related information may be structured in a well-defined model, which is then compared to the designed model according to the designed communication network. For example, a method for validation or verification may include the step of whether every physical and logical network communication and whether every network control settings are similar or equal to what has been designed by the design engineers.
For example, the commissioned/deployed communication network may be modelled according to a tabulated model shown in Table 2:
Accordingly a difference detector may be configured to detect differences between the data of Table 1, which corresponds to the designed network, and the data of Table 2, which corresponds to the deployed network. In Table 2 above, the errors which occurred during commissioning of the deployed communication network are marked by underlines, where additional communication network features were added, and by strike-through line, where desired communication network features are missing.
The validation unit 10 according to an exemplary embodiment disclosed herein can help the commissioning engineers in validating their deployed work against the engineered/designed network. When the deployed communication network is correctly validated, then confidence on the performance of the deployed communication network is increased. The validation helps the commissioning engineers in pinpointing the discrepancy between the deployed communication network and the designed communication network quickly. The ability to pinpoint the discrepancy may further be helpful in case of issues with a substation automation system, such that one can identify if a problem occurs due to a mistake in commissioning the communication network or due to another error source. In case of changes in the communication network or replacement of communication network components (cables, switches, etc.), the validation unit 10 can provide for fast and thorough testing.
In step S12, the deployed communication network is configured. In step S13, network related information is collected from the deployed communication network. In step S14, a comprehensive network model of the deployed communication network is built. In step S15, the comprehensive network model of the deployed communication network is stored in database DBDM.
In step S6, the comprehensive network model of the designed/engineered communication network from database DBED is compared to the comprehensive network model of the deployed communication network from database DBDM. In step S7, it is decided if a difference between the models can be detected. In step S8, when no difference between the models can be detected, for example a commissioning engineer is informed accordingly, for example by displaying a corresponding message on a screen of a computer that the deployed communication network does not have any errors. In step S9, when a difference between the models can be detected, the commissioning engineer may be informed about this fact by displaying a list with discrepancies between the designed communication network and the deployed communication network which are for example highlighted in order to maximize visibility of the faults in the deployed communication network.
Thus it will be appreciated by those skilled in the art that the present invention can be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The presently disclosed embodiments are therefore considered in all respects to be illustrative and not restricted. The scope of the invention is indicated by the appended claims rather than the foregoing description and all changes that come within the meaning and range and equivalence thereof are intended to be embraced therein.
| Number | Date | Country | Kind |
|---|---|---|---|
| 11194437.7 | Dec 2011 | EP | regional |
This application claims priority as a continuation application under 35 U.S.C. §120 to PCT/EP2012/076268, which was filed as an International Application on Dec. 20, 2012 designating the U.S., and which claims priority to European Application 11194437.7 filed in Europe on Dec. 20, 2011. The entire contents of these applications are hereby incorporated by reference in their entireties.
| Number | Date | Country | |
|---|---|---|---|
| Parent | PCT/EP2012/076268 | Dec 2012 | US |
| Child | 14309093 | US |
