The Cisco Substation Automation solution enables utilities to support new business models, expand capacity, integrate renewable energy sources, reduce operational costs, reduce risks to grid operations, and meet regulatory requirements. The solution supports more than just the core supervisory control and data acquisition (SCADA) systems, adding key use cases involving protection of key assets and power management. Its technology upgrades and network management capabilities reduce operational costs by reducing the network footprint and automating key tasks. The network infrastructure can support more devices and handle more bandwidth with more resiliency and new capabilities for the network, such as time synchronization and hosting applications. The Substation Automation solution builds on the visibility and security of our Grid Security solution to meet the needs of a wide range of transmission and distribution substations. The updated solution helps utilities overcome the following business and operational challenges:
- Growing number of process and station bus devices driving higher bandwidth requirements
- Limited space and power in substations for equipment
- Need to reduce cybersecurity risks by providing visibility into and segmentation of substation devices and traffic flows.
- Lack of networking skills in grid operations teams
- Requirements to Integrate and monitor legacy devices
- Regulatory requirements, especially NERC-CIP and NIS2
- Need to scale to support more substations
The Substation Automation solution helps utilities overcome these challenges and lays the foundation for more reliable, sustainable, efficient grid operations at a lower cost. Key features of this solution include:
- More ports and faster speeds: Introduction of the IEC 61850-3 and IEEE 1613 compliant Cisco Catalyst IE9300 Rugged Series Switches with 28 Gigabit Ethernet fiber ports for secure, reliable, low-latency station and process bus communication
- Higher port density via stackable switching
- Greater reliability: Support for a range of resiliency and synchronization protocols
- Multifunctional router: Introduction of IEC 61850-3 and IEEE 1613 substation certified Cisco Catalyst IR8340 Rugged Series Router and Cisco Catalyst IR1100 Rugged Series Routers for a combination of scalable WAN connectivity, firewall security, and application hosting
- Reliability: Support for a range of resiliency and synchronization protocols
- Greater security: Enable highly secure WAN with advanced firewalling, URL filtering, intrusion prevention (IDS/IPS), malware protection, IPsec/MACsec encryption, and DNS security. Enforce network access control using Cisco Trustsec and IEEE 802.1x. Gain visibility of substation assets, their communication activities and your security posture with Cisco Cyber Vision. Control remote access into assets with Cisco Secure Equipment Access. All built into Cisco networking equipment that have secure boot, signed firmware, and SUDI.
- Flexibility: Highly modular platforms to support switching, routing, synchronization, and edge compute needs
- Availability: Support for IEC62439-3 lossless network topologies and protocols (such as High-Availability Seamless Redundancy [HSR] and Parallel Redundancy Protocol [PRP])
- Precision: Support for substation-wide time synchronization (for example, the 2017 IEEE Precision Time Protocol – Power Profile or IEC61850-9-3 PUP)
- Critical functions: Support for substation communications such as IEC 61850, Modbus, IEC 60870-5-104 (IEC 104) and Distributed Network Protocol 3 (DNP3)
- Simplicity: Range of management options, including Cisco Catalyst Center for substation switching and Cisco SD-WAN Manager for SD-WAN routing capabilities
Evolution to segment routing and Ethernet VPN (EVPN) for substation WAN connectivity
Prior to segment routing, multi-protocol label switching (MPLS) packets were forwarded using label switching instead of IP-based routing, which means the routers forwarded traffic based on the label and not the destination address. This required only the “edge” routers to perform an IP lookup, while intermediate “core” routers performed only a label lookup.
Unfortunately, MPLS didn’t remove complexity from an existing network. In fact, it added more complexity through additional protocols and each MPLS node requiring the state to be synchronized across the entire network. As the size of networks grew, so did the state and complexity, making it more difficult to operate and manage.
Segment routing relies on a small number of extensions to Cisco Intermediate System-to-Intermediate System (IS-IS) and Open Shortest Path First (OSPF) protocols. It can operate with an MPLS or an IPv6 data plane, and it integrates with the rich multi service capabilities of MPLS, including Layer 3 VPN (L3VPN), Virtual Private Wire Service (VPWS), Virtual Private LAN Service (VPLS), and EVPN.
Segment routing can be directly applied to the MPLS architectures with no change in the forwarding plane. Segment routing utilizes the network bandwidth more effectively than traditional MPLS networks and offers lower latency.
EVPN is the next generation L2VPN technology, it provides layer-2 as well as layer-3 VPN services in a scalable and simplified manner. The evolution of EVPN started due to the need of a scalable solution to bridge various layer-2 domains and overcome the limitations faced by VPLS such as scalability, multi-homing, and per-flow load balancing.
Use cases considered in the new Cisco Validated Designs
We have 3 categories of services to consider for the transport network:
- Layer 3 IP based Substation to Datacenter: IP based Scada data, IP based CCTV, enterprise data and IP telephony.
- Layer 2 Non routable Substation to Substation: Layer 2 ethernet based multicast protocols (such as IEC61850 GOOSE & SV), Virtual machine migrations (for virtualised applications) and third party Scada traffic.
- Layer 2 Substation to Substation for Traditional Teleprotection: Power Protection services, which are low latency point to point using specific utility protocols and strict engineered paths across the network.
Cisco partners with Schweitzer Engineering Laboratories to provide the Teleprotection services and interfaces within the substation, which are via the SEL ICON platform. This platform provides the interfaces required for substation protection devices while providing an Ethernet based uplink to the Cisco Converged Transport network (NCS). SEL expertise in grid automation is coupled with Cisco’s Industrial substation and converged transport network products provides a best of breed end to end solution.
- Cisco Catalyst IR8300 Rugged Series Router
- Cisco Catalyst IE9300 Rugged Series Switches
- Cisco Network Convergence System (NCS) 540 Series
- SEL ICON Integrated Communications Optical Network Platform