This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
8/10/2019 Midge App En
http://slidepdf.com/reader/full/midge-app-en 1/35
Application notes
.
M!DGE/MG102i.
version 2.0
5/30/2013
www.racom.euRACOM s.r.o. • Mirova 1283 • 592 31 Nove Mesto na Morave • Czech Republic
How to handle SCADA applications which use serial interface over a GPRS/EDGE/UMTS mobile net-
work, employing M!DGE/MG102 routers.
In recent years, world of communication is ruled by the Internet Protocol stack and RS232(485...) –based interfaces – are generally considered obsolete. Typical SCADA device life cycle is nevertheless
long enough to guarantee demand for good old serial interfaces for several years from now. Common
RS232 to TCP (UDP) converters can help in some cases by creating the required number of transparent
peer-to-peer connections from all remote serial ports to the corresponding (physical or virtual) ports in
the data centre. However such solution requires a special routing arrangement in the centre, hence it
is not always feasible. A typical SCADA Front End Processor (the central interface of the application
to the communication network) uses a proprietary protocol over a single RS232 interface. Each message
coming out from the FEP is addressed and should be delivered to the designated remote serial port.
Certainly a transparent broadcasting to all remotes could do the job, making the service provider happy
(assuming the resulting bills are paid). Obviously the proper solution is to transmitt the message to the
destination addresss only.
A SCADA serial protocol typically uses simple 8 or 16 bit addressing. The mobile network address
scheme is an IP network, where the range is defined by the service provider (sometimes including in-
dividual addresses, even in the case of a private APN). Consequently a mechanism of translation
between the SCADA and the IP addresses is required. To make things worse, IP addresses may be
assigned to GPRS (EDGE, UMTS, etc.) devices dynamically upon each connection.
This application note describes how to efficiently solve this problem using RACOM made routers.
Three basic situations are described:
a. The mobile network uses static IP addressing and the interfacing device to the SCADA centre isa GPRS router. Such scenario is suitable for small networks with tens of remote stations.
b. The mobile network uses static IP addressing and the SCADA centre is connected to the network
through a special IP gateway. This model can be used for networks with tens to hundreds remotes.
c. The mobile network uses dynamic addressing for remote locations and a static address in the
centre. Typically an IP gateway to mobile network is used in the centre and VPN tunnelling is
employed. This design can be used for network of any size and it should be always used for large
networks with hundreds or more remotes.
All three scenarios require a special device in the centre to do the address translation for outgoing
messages (the SCADA protocol address to the IP address/port pair). RACOM RipEX radio modem is
used in the following examples, as it is the straighforward and most economical choice for the task.
Moreover it opens the possibility to combine GPRS and private radios in one SCADA network (seeSection 1.4, “Hybrid GSM/Radio networks”).
When the IP addresses are assigned to remote M!DGE/MG102 routers dynamically, the simple static
routing can not be used. Whenever a remote router establishes the connection to the GSM network,
it receives a new IP address. In order to faciliate two way communication between remote and central
serial ports, the M!DGE/MG102 routers support two standard types of VPN tunnels (http://en.wikipe-dia.org/wiki/Virtual_private_network) - IPsec (http://en.wikipedia.org/wiki/IPsec) and OpenVPN (ht-
tp://en.wikipedia.org/wiki/OpenVPN). Upon every connection to the network, a remote router creates
a tunnel to the VPN concentrator in the centre (remeber a static IP address in the centre is always re-
quired). Every time a tunnel is established, the routes to IP addresses/networks connected through it
are added to the routing tables in the centre. The additional advantage of VPN tunnels is higher security
of data transfered through the public network.
The VPN concetrator in small networks with several remotes can run in the central GSM/UMTS router
(with static IP address assigned), in large networks a specialized IP router (e.g. Cisco) is needed and
a leased line connection to the operator's gateway is used (similarly to the arrangement described in
the paragraph Section 1.2, “Static addressing with a IP gateway to mobile operator centre” above).
Fig. 1.3: Typical layout of a GSM/UMTS network with VPN tunnels
1.3.1. VPN concentrator
IP Sec
IPsec can be used in a network of any size. A dedicated router (or several routers) serve(s) as the VPN
concentrator. The choice of vendor and type depends on the SLA requirements and the size of the
network - RACOM has positive experience with Cisco routers (IOS or ASA based), however routersfrom other vendors (e.g. Juniper, Netgear, WatchGuard or others) can certainly be used.
Finally you have to set the route to the central LAN to the respective interface (e.g. TUN1 as in our
example):
Important
Time synchronisation of server and all clients is required - without the time synchronisationthe OpenVPN tunnel can not be established. You can use the central M!DGE as an NTP
For detail information se Section 1.1, “Static Addressing with M!DGE/MG102 router in the centre”.
2.4.2. Point to point communication
When a simple point-to-point link between two serial port SCADA devices is needed, no extra equipment(RipEX) is necessary. M!DGE routers at both ends of the link use the same configuration as the remote
ones in point-to-multipoint scenario above. The Com servers are used for serial data to UDP datagram
conversion. At least one of the M!DGEs has to have a static IP address, while the other can have a
dynamically assigned one - a VPN tunnel has to be used then Section 2.1.2, “Central M!DGE – VPN
2.5. GPRS and VHF/UHF radio data network combination
The picture above describes an arrangement, where part of the remote sites is connected over a private
UHF/VHF radio network (e.g. sites requiring 99.9% availability) and the remaining sites are connected
over a GPRS public network (e.g. distant, isolated locations where it would be uneconomical to extend
the radio coverage to). The M!DGE part functionality and settings are the same as described in theSection 2.4.1, “Point to multipoint communication”. Then the RipEX serving as the master of the radio
part interfaces the SCADA centre, performs the serial data conversion (when needed) and then decides
whether a UDP datagram enters the GSM or the UHF/VHF radio network. Please check the RipEX
manual for detailed information about the radio network settings.