# 12 DNP 3.0 # 12.1 Introduction DNP3 (Distributed Network Protocol) is a set of communications protocols used between components in process automation systems. Its main use is in utilities such as electric and water companies. It was developed for communications between various types of data acquisition and control equipment. It plays a crucial role in SCADA systems, where it is used by SCADA Master Stations (a.k.a. Control Centers), Remote Terminal Units (RTUs), and Intelligent Electronic Devices (IEDs). It is primarily used for communications between a master station and RTUs or IEDs. ICCP, the Inter­Control Center Communications Protocol (a part of IEC-60870­6), is used for inter­master station communications. Elseta’s DNP3 stack has both Master and Slave protocols implemented. Both of them are able to serve multiple serial (over physical RS­485 line), TCP or TLS (over TCP) connections with high efficiency. IEEE­1815 defines 4 subset levels (1­4) that consist of the objects and function codes that must be supported by the master and outstation. Levels 1­3 are supported fully and level 4 is supported partially. To get more information about how DNP3 works and what capabilities are supported one should get a copy of protocol specification and/or check Slave Interoperability List/Configuration guides for both Master and Slave protocols.

To set up TLS connection for both DNP3 Master and Slave, refer to sections Excel configuration and Certificates. All keys and certificates should be provided in the PEM format.

If no configuration is set up, DNP3 Master and Slave services are not started.

# 12.2 DNP 3.0 Master Default group and variation sets are used to send commands. If slave devices support different groups and variations, they can be adjusted in Excel configuration. For more information check section Excel configuration. #### Configuring datapoints To use DNP3 Master in WCC Lite, it has to be configured via an Excel configuration. This configuration contains two Excel sheets where parameters have to be filled in ­Devices and Signals. ##### DNP3 Master parameters for Devices tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
namestring User-friendly device nameYes
descriptionstringDescription of a deviceNo
device\_aliasstringAlphanumeric string to identify a deviceYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringProtocol to be used (”dnp3 serial”/”dnp3 tcp” (case insensitive))Yes
modestringChoosing between TCP, TLS and SERIAL modes. If protocol provided DNP3 TCP mode defaults to tcp and if DNP3 serial is provided mode defaults to serialNoTCP or SERIALTCP, SERIAL
ipstringIP address of TCP slave deviceYes (for TCP).
bind\_address stringIP address of network adapter used to connect to slave deviceNo (for TCP)0.0.0.0
portintegerTCP communication portNo (for TCP)20000
deviceintegerCommunication port (”PORT1” or ”PORT2”)Yes (for SERIAL)
baudrateintegerCommunication speed, bauds/sNo (for SERIAL)9600300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600,115200
databitsintegerData bit count for communicationNo (for SERIAL)869
stopbitsintegerStop bit count for communicationNo (for SERIAL)102
paritystringCommunication parity optionNo (for SERIAL)nonenone, even, odd
flowcontrolstringCommunication device flow control option. No (for SERIAL)nonenone
tlsbooleanEnable/disable use of TLS Yes (for TLS)001
tls\_local\_certificatestringLocal certificate for TLS connectionYes (for TLS)
tls\_peer\_certificatestringCertificate authority file for TLS connectionNo (for TLS)
tls\_private\_keystringFile consisting of private key for TLS connectionNo (for TLS)
max\_rx\_frag\_sizeintegerMaximum size of a received fragment.No204802048
destination\_addressintegerAddress of a master stationNo1065535
source\_addressintegerAddress of a slave (local) station.No1065535
unsol\_disableboolDisables unsolicited messages on startup. Overrides **unsol\_classes** parameter. No001
unsol\_classesstringDefines which classes will have unsolicited actions on startup. Can be overriden with **unsol\_disable**. (Example: "1,3,2")Nono class13
groups\_scan\_maskintegerBitmask for enabling separate group scans with x06 qualifier (all objects). The parameter value is converted into a binary number where each bit stands for a separate group. Bits indexes and the groups that they represent: 0 -­ Binary, 1 ­- Double­bit Binary, 2 ­- Binary Output Status, 3 ­- Counter, 4 ­- Frozen Counter, 5 ­- Analog, 6 ­- Analog Output Status, 7 ­- Octet String (Example: 115 (0111 0011) will trigger data polls for signals whose types are - Binary, Double-­bit Binary, Frozen Counter, Analog, Analog Output Status)No007
groups\_scan\_intervalinteger, string Time between separate groups scans intervals in seconds. Set to 0 to disable.No00
exception\_scan\_intervalinteger, string Time between exception scan (classes 1,2,3) intervals in seconds. Set to 0 to disable.No00
integrity\_scan\_intervalinteger, string Time between integrity scan (classes 0,1,2,3) intervals in seconds (general interrogation). Set to 0 to disable.No00
timesync\_modestringWill override masters default setting for choosing timesync procedureNoNON-LAN(for Serial) LAN (for tcp) LAN, NON-LAN
time\_sync\_interval\_sec integer, string Periodic time sync interval in seconds. If 0 < ­- time syncs are forced and periodic. If = 0 ­- time syncs react to IIN bits from slave. If < 0 -­ time syncs are disabled. No00
select\_msintegerSelect command timeout. Valid for all signals.No10000
timeout\_msintegerResponse timeout in millisecondsNo 2000
keep\_alive\_timeoutintegerTime interval for sending a keep alive packet in milliseconds.No60
##### DNP3 Master parameters for Signals tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestringUser-friendly signal nameYes
device\_aliasstringDevice alias from a Devices tabYes
signal\_alias Unique alphanumeric name of the signal to be usedYes
enablebooleanEnabling/disabling a deviceNo101
indexintegerIndex of a signal.Yes 065535
logbooleanEnable logging in the event logNo00
signal\_typestringDNP3 signal type. (case insensitive) Yes ”BINARY”, ”ANALOG”, ”DOUBLEBITBINARY” ”BINARYOUTPUTSTATUS”, ”COUNTER”, ”FROZENCOUNTER”, ”ANALOGOUTPUTSTATUS, ”OCTETSTRING”, ”TIMEANDINTERVAL”, ”BINARYOUTPUTCOMMAND”, ”ANALOGOUTPUTCOMMAND”
command\_variationintegerDNP3 command variation. *Supported variations depend on signal type and are provided in the table below* No004
static\_variationintegerDNP3 command variation (). Supported variations depend on signal type and are provided in the table below.No 0, 1, 2, 3, 4, 5, 6, 9, 10
event\_variationintegerDNP3 command variation. Supported variations depend on signal type and are provided in the table below.No 08
control\_codeintegerDNP3 control model code of CROB signal. TripClose and Pulse control model requires **PulseOn/off** times to be set No LATCH, PULSE, TRIPCLOSE
pulse\_on\_time\_msintegerPulse ON time in milliseconds, when using Pulse or TripClose control models must be setNo
pulse\_off\_time\_msintegerPulse OFF time in milliseconds, when using Pulse or TripClose control models must be setNo
class\_numintegerClass assignment of this signal.No003
operate\_typeinteger No1-11
job\_todostringThe device status signal can be configured by providing one of the given values. No COMMUNICATION\_STATUS, DEVICE\_RUNNING, DEVICE\_ERROR, UNKNOWN\_ERROR
##### Device status signals To configure any device status signal for the DNP3 protocol additional job\_todo column is required. For DNP3 master required parameters for status signal will be: **signal\_name,** **device\_alias, signal\_alias, index, signal\_type**, **event\_variation** (1,2 or 3) and **job\_todo**. There are 4 possible signals: communication\_status, device\_running, device\_error, uknown\_error. Each signal has 4 possible values and is based on the same logic. If the signal returns the value of 0, it means an unknown error has appeared, 1 – device or protocol connection is on and working properly, 2 – device is off or protocol is disconnected, 3 – error or service is down. ##### Command variations
Signal TypeAvailable Command VariationDefault Command Variation
Binary Output Command (Group12)0, 11
Analog Output Command (Group41)0, 1, 2, 3, 41
##### Static and Event variations
Signal TypeAvailable VariationsDefault Variations
BinaryStatic variation (Group1) 1, 2 Event variation (Group2) 1, 2, 3Static variation 2 Event variation 1
Double BinaryStatic variation (Group3) 2 Event variation (Group4) 1, 2, 3Static variation 2 Event variation 1
Binary Output StatusStatic variation (Group10) 1, 2 Event variation (Group11) 1, 2Static variation 2 Event variation 1
CounterStatic variation (Group20) 1, 2, 5, 6 Event variation (Group22) 1, 2, 5, 6Static variation 1 Event variation 1
Frozen CounterStatic variations (Group21) 1, 2, 5, 6, 9,10 Event variation (Group23) 1, 2, 5, 6Static variation 1 Event variation 1
AnalogStatic variation (Group30) 1, 2, 3, 4, 5, 6 Event variation (Group32) 1, 2, 3, 4, 5, 6, 7, 8Static variation 1 Event variation 1
Analog Output StatusStatic variation (Group40) 1, 2, 3, 4 Event variation (Group42) 1, 2, 3, 4, 5, 6, 7, 8Static variation 1 Event variation 1
Time and IntervalStatic variation (Group50) 1Static variation 1
Octet StringStatic variation (Group110) 0 Event variation (Group111) 0Static variation 0 Event variation 0
#### Debugging the DNP3 Master service If configuration for DNP3 devices is set up, handler for protocol will start automatically. If configuration is missing or contains errors, protocol will not start. It is done intentionally decrease unnecessary memory usage. DNP3 protocol runs a service called **dnp3-­master**. If DNP3 does not work properly (e.g. no communication between devices, data is corrupted, etc.), a user can launch a debug session from command line interface and find out why link is not functioning properly. To launch a debugging session, a user should stop **dnp3-­master** process and run **dnp3-m­aster** command with respective flags as in the table given below. Procedure for DNP3 Master protocol service debugging: - **Step 1**: Service must be stopped by entering the following command into the wcclite: **/etc/init.d/dnp3-­master stop** - **Step 2**: After service is stopped it must be started with the preferred configuration file (JSON files found in /etc/ folder) and a debug level 7: **dnp3­-master ­-c /etc/dnp3-­master/dnp3­master.json ­-d7**Additional output forming options described in the table below. - **Step 3**: Once the problem is diagnosed normal operations can be resumed with the following command: **/etc/init.d/dnp3-­master start** dnp3­-master command line debugging options
Option Description
­-h \[ –help \] Display help information
­-V \[ –version \] Show version
-p \[ –port \]­Show output for one port only
­-d <debug level>Set debugging level
-­c \[ –config \] Config path
-­a \[ –app \]Show application layer data
–l \[ –link \] Show link layer data
–t \[ –transport \] Show transport layer data
-­r \[ –redis \] Show Redis messages
-­R \[ –readyfile \] Ready notification file
# 12.3 DNP 3.0 Slave Default group and variation sets are used to send static and event values. If master devices support different groups and variations, they can be adjusted in Excel configuration. Wcc­-Lite supported variations are provided in *Static and Event variations* and *Command variations.* ##### DNP3 Slave parameters for Devices tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
namestring User-friendly device nameYes
descriptionstringDescription of a deviceNo
device\_aliasstringAlphanumeric string to identify a deviceYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringProtocol to be used.Yes dnp3 tcp slave dnp3 serial slave
modestringChoosing between TCP, TLS and SERIAL modes. If protocol provided DNP3 TCP mode defaults to tcp and if DNP3 serial is provided mode defaults to SERIALNoTCP or SERIALTCP, SERIAL, TLS
hoststringIP address of TCP slave deviceYes (for TCP).
bind\_address stringIP address of network adapter used to connect to slave deviceNo (for TCP)0.0.0.0
portintegerTCP communication portNo (for TCP)20000
deviceintegerCommunication port (”PORT1” or ”PORT2”)Yes (for SERIAL)
baudrateintegerCommunication speed, bauds/sNo (for SERIAL)9600300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600,115200
databitsintegerData bit count for communicationNo (for SERIAL)869
stopbitsintegerStop bit count for communicationNo (for SERIAL)102
paritystringCommunication parity optionNo (for SERIAL)nonenone, even, odd
flowcontrolstringCommunication device flow control option. No (for SERIAL)nonenone
tlsbooleanEnable/disable use of TLS Yes (for TLS)001
tls\_local\_certificatestringLocal certificate for TLS connectionYes (for TLS)
tls\_peer\_certificatestringCertificate authority file for TLS connectionNo (for TLS)
tls\_private\_keystringFile consisting of private key for TLS connectionNo (for TLS)
max\_tx\_frag\_sizeintegerMaximum size of a received fragment.No204802048
destination\_addressintegerAddress of a master stationNo1065535
source\_addressintegerAddress of a slave (local) station.No1065535
unsol\_classesstringDefines which classes will have unsolicited actions on startup. Can be overriden with **unsol\_disable**. (Example: "1,3,2")Nono class13
time\_sync\_interval\_sec integer, string Periodic time sync interval in seconds. If 0 < ­- time syncs are forced and periodic. If = 0 ­- time syncs react to IIN bits from slave. If < 0 -­ time syncs are disabled. No00
select\_msintegerSelect command timeout. Valid for all signals.No10000
timeout\_msintegerResponse timeout in millisecondsNo 2000
keep\_alive\_timeoutintegerTime interval for sending a keep alive packet in milliseconds.No60
##### DNP3 Slave parameters for Signals tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestringUser-friendly signal nameYes
device\_aliasstringDevice alias from a Devices tabYes
signal\_alias Unique alphanumeric name of the signal to be usedYes
enablebooleanEnabling/disabling of a deviceNo101
indexintegerIndex of a signal.Yes 065535
logboleanEnable logging in event logNo00
deadbanddoubleDeadband for Analog, Analog Output Status, Counter, Frozen Counter signals.No0
signal\_typestringDNP3 signal type. (case insensitive) Yes ”BINARY”, ”ANALOG”, ”DOUBLEBITBINARY” ”BINARYOUTPUTSTATUS”, ”COUNTER”, ”FROZENCOUNTER”, ”ANALOGOUTPUTSTATUS, ”OCTETSTRING”, ”TIMEANDINTERVAL”, ”BINARYOUTPUTCOMMAND”, ”ANALOGOUTPUTCOMMAND”
command\_variationintegerDNP3 command variation. *Supported variations depend on signal type and are provided in table below* No004
static\_variationintegerOverride default signal’s static variation. Valid for Status mode signals.No 0, 1, 2, 3, 4, 5, 6, 9, 10
event\_variationintegerOverride default signal’s event variation. Valid for Status mode signals. No 08
control\_codeintegerDNP3 control model code of CROB signal. TripClose and Pulse controlmodel requires **PulseOn/off** times to be set No LATCH, PULSE, TRIPCLOSE
pulse\_on\_time\_msintegerPulse ON time in milliseconds, when using Pulse or TripClose control models must be setNo
pulse\_off\_time\_msintegerPulse OFF time in milliseconds, when using Pulse or TripClose control models must be setNo
class\_numintegerClass assignment of this signal.No003
operate\_typeintegerDefault command behaviour. IF selected ”­**-1**” ­- DirectOperateNoAck, **”0”** - DirectOperate, "**1" -**­ SelectBeforeOperate. No1-11
job\_todostringDevice status signal can be configured by providing one of the given values. No COMMUNICATION\_STATUS, DEVICE\_RUNNING, DEVICE\_ERROR, UNKNOWN\_ERROR
##### Command variations
Signal TypeAvailable Command VariationDefault Command Variation
Binary Output Command (Group12)0, 11
Analog Output Command (Group41)0, 1, 2, 3, 41
##### Static and Event variations
Signal TypeAvailable VariationsDefault Variations
BinaryStatic variation (Group1) 1, 2 Event variation (Group2) 1, 2, 3Static variation 2 Event variation 1
Double BinaryStatic variation (Group3) 1, 2 Event variation (Group4) 1, 2, 3Static variation 2 Event variation 1
Binary Output StatusStatic variation (Group10) 2 Event variation (Group11) 1, 2Static variation 2 Event variation 1
CounterStatic variation (Group20) 1, 2, 5, 6 Event variation (Group22) 1, 2, 5, 6Static variation 1 Event variation 1
Frozen CounterStatic variations (Group21) 1, 2, 5, 6, 9,10 Event variation (Group23) 1, 2, 5, 6Static variation 1 Event variation 1
AnalogStatic variation (Group30) 1, 2, 3, 4, 5, 6 Event variation (Group32) 1, 2, 3, 4, 5, 6, 7, 8Static variation 1 Event variation 1
Analog Output StatusStatic variation (Group40) 1, 2, 3, 4 Event variation (Group42) 1, 2, 3, 4, 5, 6, 7, 8Static variation 1 Event variation 1
Time and IntervalStatic variation (Group50) 1Static variation 1
Octet StringStatic variation (Group110) 0 Event variation (Group111) 0Static variation 0 Event variation 0
#### Debugging the DNP3 Slave service If configuration for DNP3 devices is set up, handler for protocol will start automatically. If configuration is missing or contains errors, protocol will not start. It is done intentionally decrease unnecessary memory usage. DNP3 protocol runs a service called **dnp3-­slave** . If DNP3 does not work properly (e.g. no communication between devices, data is corrupted, etc.), a user can launch a debug session from command line interface and find out why link is not functioning properly. To launch a debugging session, a user should stop **dnp3-­slave** process and run **dnp3-slave** command with respective flags as in the table given below. Procedure for DNP3 Master protocol service debugging: - **Step 1**: Service must be stopped by entering the following command into the wcclite: **/etc/init.d/dnp3-­slave stop** - **Step 2**: After service is stopped it must be started with the preferred configuration file (JSON files found in /etc/ folder) and a debug level 7: **dnp3­-slave ­-c /etc/dnp3-­slave/dnp3­slave.json ­-d7** Additional output forming options described in the table below. - **Step 3**: Once the problem is diagnosed normal operations can be resumed with the following command: **/etc/init.d/dnp3-­slave start** dnp3­-slave command line debugging options
Option Description
­-h \[ –help \] Display help information
­-V \[ –version \] Show version
-p \[ –port \]­Show output for one port only
­-d <debug level>Set debugging level
-­c \[ –config \] Config path
-­a \[ –app \]Show application layer data
–l \[ –link \] Show link layer data
–t \[ –transport \] Show transport layer data
-­r \[ –redis \] Show Redis messages
-­R \[ –readyfile \] Ready notification file