Networks are expanding outside traditional office buildings and into industrial fixed and mobile use cases. This results in more devices being connected to the Internet and data centers as well as increased security exposure. IoT has moved traditional networking far beyond the carpeted spaces and into industries like Fleets, Oil & Gas, Energy & Water Utilities, Remote Condition Monitoring and Control — basically anything that can establish a wide area connection. Moreover, these industrial networks are increasingly being considered critical infrastructure. In response to this expansion, Cisco has on-going innovations advancing the ways networks operate – and at the forefront of these trends is the way that SD-WAN solutions enable and support industrial use cases.
Cisco Catalyst SD-WAN today is already an industry-leading wide area network solution offering a software-defined WAN solution that enables enterprises and organizations to connect users to their applications securely. It provides a software overlay that runs over standard network transports, including MPLS, broadband, and Internet, to deliver applications and services. The overlay network supports on-premises solutions but also extends the organization’s network to Infrastructure as a Service (IaaS) and multi-cloud environments, thereby accelerating their shift to the cloud.
Most utilities are used to building large networks utilizing technologies such as Internet Protocol Security (IPsec) and Dynamic Multipoint Virtual Private Network (DMVPN) to encrypt critical communications, Multiprotocol Label Switching (MPLS) for the underlying transport network, and public or private cellular for remote sites with no other WAN connectivity. Catalyst SD-WAN brings these technologies together and enables automation to greatly simplify deployments.
- Secure Zero Touch deployment of field gateways (i.e., no field staff required to configure a gateway)
- Simple provisioning of end-to-end service VPNs to segment traffic (SCADA, CCTV, PMU, IP Telephony, etc.)
- Templated configurations making it easy to change configurations at scale and push it to gateways in the field.
- Application of unified security policies across a diverse range of remote sites and equipment
- Managing multiple backhaul connectivity options at the gateway including private MPLS for critical SCADA traffic and cellular for backup and even internet-based connections for non-critical traffic, where appropriate
- Lifecycle management of gateways (e.g., firmware updates, alarm monitoring and statistics)
Cisco SD-WAN Validated Design for Distribution Automation (DA)
SD-WAN has origins as an enterprise solution using fixed edge routers of various performance capabilities and predictable enterprise traffic patterns. Utility networks present new challenges with especially when applied to Distribution network use cases:
- Connectivity to legacy serial devices not supporting Ethernet/IP
communications (g., Modbus RTU, DNP3 over serial, IEC101 or vendor proprietary)
- Mobility needs for mobile assets to ensure resilient wide area connectivity
- New WAN interfaces including dual 4G or 5G cellular, DSL, fiber or Ethernet
- The use of NAT to allow fixed privately addressed equipment to communicate
- Requirement to encrypt SCADA traffic across the wide area network
- Applicable to both distribution substations and field area networks
- Segregation of services via VPNs in flexible topologies (Hub & Spoke, or Meshed [Fully or Partial])
- Intelligent traffic steering across multiple backhaul interfaces when needed (critical vs. non-critical traffic)
Key use Distribution Network use cases that the Cisco SD-WAN solution can address are:
Cisco IoT Solutions have introduced a new Cisco Validated Design to address an SD-WAN architecture for Distribution Automation use cases. Leveraging the Cisco Catalyst IR1100 Rugged Series Routers as an SD-WAN router with flexible modular backhaul capabilities (DSL, Fiber, Ethernet, 4/5G, 450MHz LTE) and operating as an SD-WAN controlled edge router.
Along the distribution network feeders, the IR1101 should be positioned as a Distribution Automation gateway. It can be easily mounted within a DA device cabinet (e.g. Recloser, Cap bank controller etc) and can be powered by the same DC supply (flexible 9-36VDC input). It also has extended environmental capabilities to cope with the variations in temperature, humidity, and vibration.
The new SD-WAN for Utility Distributed Automation Design Guide builds on other existing documents that describe in detail Cisco’s SD-WAN architecture and industrial IoT hardware offerings and shows how they can be combined to provide a scalable, secure network. The new Design Guide is focused on areas that are unique or at least emphasized by DA use cases in general. This document also has detailed configuration examples for many of the DA features.
Readers should already have some familiarity with Cisco SD-WAN and Industrial IoT. Prior to reading this document, it is recommended to be familiar with the following resources:
- Cisco SD-WAN Small Branch Design Case Study – This document provides a great overview of general SD-WAN concepts in the context of a “small branch” which has many commonalities with a typical industrial IoT deployment.
- Cisco Catalyst IR1101 Rugged Series Router Data Sheet – Datasheet for the IR1101 router which is designed for distribution network applications and certified for substation use (IEC61850-3 and IEEE 1613).