# 15 IEC 61850 # 15.1 Introduction IEC 61850 is an international standard defining communication protocols for intelligent electronic devices at electrical substations. It is a part of the International Electrotechnical Commission’s (IEC) Technical Committee 57 reference architecture for electric power systems. The abstract data models defined in IEC 61850 can be mapped to a number of protocols. Possible mappings in the standard can be MMS (Manufacturing Message Specification), GOOSE (Generic Object Oriented Substation Event), SMV (Sampled Measured Values). These protocols can run over TCP/IP networks or substation LANs using high speed switched Ethernet to obtain the necessary response times below four milliseconds for protective relaying.

As of version v1.5.0, WCC Lite supports MMS type messaging. Logging and groups setting services are not supported.

# 15.2 IEC 61850 Server WCC Lite can act as an IEC 61850 server to serve data to remote SCADA systems. For example, WCC Lite can be used to acquire data from various protocols (Modbus, IEC 60870-5-103, etc.), this data can be redirected and propagated further to a single or multiple IEC 61850 clients. IEC 61850 Server supports TCP and TLS connection types. TCP connection can be secured with password authentication. #### Commands WCC Lite **IEC 61850 Server** implementation defines four command types which are described by their control model: - **Case 1**: Direct control with normal security (direct-operate); - **Case 2**: SBO control with normal security (operate-once or operate-many); - **Case 3**: Direct control with enhanced security (direct-operate); - **Case 4**: SBO control with enhanced security (operate-once or operate-many). Normal security commands are considered for execution if the command signal is found in Excel configuration. There aren’t any additional checks in command execution in any master protocol. Enhanced security commands need feedback from the master protocol to either succeed or fail. If feedback is not received within the **command\_ack\_timeout\_ms** timeframe, the command is considered as failed. Command value attributes (e.g. stVal) must be updated separately (if they need to be updated).

When using SBO commands, select is not routed to the master protocol, and select logic is performed only in the IEC 61850 Server protocol.

#### Configuring data points To use the IEC 61850 Server in WCC Lite, it has to be configured via an Excel configuration, and the data model must be uploaded. This configuration contains two Excel sheets where parameters have to be filled in - Devices and Signals. If a few devices were to connect to a server using the same virtual port, all of the IP addresses have to be specified on the host field separated by space. That way all of the clients will be able to connect from different IP addresses but using the same port as long as they all have the same subnet address. ##### IEC 61850 Server parameters for Devices tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
name stringUser-friendly name for a deviceYes
descriptionstringDescription of a deviceNo
device\_aliasstringAlphanumeric string to identify a deviceYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringProtocol to be usedYes IEC 61850 Server
bind\_addressstring (IP address format)The IP address of an interface to use with the serverNo0.0.0.0
hoststring (IP address format)IP address list of allowed IPs (separated with spaces) Yes
portintegerTCP communication port No102
authstringAuthorization type Yes “NONE”, “PASSWORD”, “TLS”
passwordstringAuthorization password for server device Yes ( for PASSWORD)
tls\_local\_certificatestringLocal certificate for TLS connection Yes (for TLS)
tls\_peer\_certificatestringCertificate authority file for TLS connectionYes (for TLS)
tls\_private\_keystringA file consisting of the private key for TLS connectionYes (for TLS)
ied\_namestringName of an Intelligent Electronic DeviceYes
originatorstringOrigin identification for the deviceNo
model\_filenamestringThe filename of the server model, without the .server extensionYes
command\_ack\_timeout\_ms integerTimeframe (ms) in which enhanced-security commands must be acknowledged (Default: 3000) No3000
report\_buffered\_sizeintegerReport control blocks buffer size in bytes (Default: 65536) No65536
report\_unbuffered\_sizeintegerUnbuffered report control blocks buffer size in bytes (Default: 65513) No65513
##### IEC 61850 Server parameters for Signals tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestringUser-friendly signal nameYes
device\_aliasstringDevice alias from a Devices tabYes
signal\_aliasstringUnique alphanumeric name of the signal to be usedYes
enablebooleanEnabling/disabling of an individual signalNo101
logbooleanAllow signal to be logged. If the **log is 0 signal** will not be logged. If the **log is more than 0** signal will be loggedNo0
number\_typestringNumber format type (BOOLEAN, FLOAT, INT16, etc.)Yes BOOLEAN, INT8, INT16, INT32, INT64, INT128, INT8U, INT24U, INT32U, FLOAT32, FLOAT64, ENUMERATED, OCTET STRING 64, OCTET STRING 6, OCTET STRING 8, VISIBLE STRING 32, VISIBLE STRING 64, VISIBLE STRING 65, VISIBLE STRING 129, VISIBLE STRING 255, UNICODE STRING 255, TIMESTAMP, QUALITY, CHECK, CODEDENUM, GENERIC BITSTRING, CONSTRUCTED, ENTRY TIME, PHYCOMADDR, CURRENCY, OPTFLDS, TRGOPS
ld\_instancestringAn instance of a logical deviceYes
ln\_classstringLogical node class typeYes
ln\_instanceintegerAn instance of a logical node No
ln\_prefixstringPrefix of logical node stringNo
cdcstringCommon Data Class (CDC) nameYes SPS, DPS, INS, ENS, ACT, ACD, MV, CMV, SAV, SPC, DPC, INC, ENC, BSC, ISC, APC, BAC
data\_objectstringName of a data object in the datasetYes
da\_valuestringName of a data attribute value nodeYes
da\_fcstringFunctional constrain for data objectYes ST, MX, CO, SP
control\_modelstring Model of output control Yes (for commands) read-onlyread-only, direct-with-normal-security, sbo-with-normal-security, direct-with-enhanced-security, sbo-with-enhanced-security
##### Device status signals
IEC 61850 has an additional signal which can be configured to show communication status. It is used to indicate if the client device has disconnected from the server (WCC Lite). To configure such a signal for the IEC 61850 protocol, job\_todo and tag\_job\_todo fields with string values are required. For the IEC 61850 server required parameters for the status signal will be **signal\_name** **device\_alias, signal\_alias, number\_type, job\_todo,** and **tag\_job\_todo**. Job\_todo value must be *device\_status* and for tag\_job\_todo there are 4 variations: communication\_status, device\_running, device\_error, uknown\_error. Each signal has 4 possible values and is based on the same logic. If the signal returns the value of 0, it means an unknown error has appeared, 1 – device or protocol connection is on and working properly, 2 – device is off or protocol is disconnected, 3 – error or service is down. #### Converting and uploading data model To use the IEC61850 Server protocol in WCC Lite, the user must upload a data model in a specific format (file extension .server). These data models can be converted from SCL files (.icd, .cid, or .scd files). To convert a data model, the user must use WCC Excel Utility. There’s a separate tab for this operation as shown in the picture below. [![image-1670582144161.png](https://wiki.elseta.com/uploads/images/gallery/2022-12/scaled-1680-/image-1670582144161.png)](https://wiki.elseta.com/uploads/images/gallery/2022-12/image-1670582144161.png) The converted file can be uploaded in the WCC Lite web interface, Protocol Hub section. The current model can be also downloaded on the same page as shown in the picture below. [![image-1670583136986.png](https://wiki.elseta.com/uploads/images/gallery/2022-12/scaled-1680-/image-1670583136986.png)](https://wiki.elseta.com/uploads/images/gallery/2022-12/image-1670583136986.png) #### Debugging an IEC 61850 server application If the configuration for the IEC 61850 Server is set up, a handler for the protocol will start automatically. If the configuration is missing or contains errors, the protocol will not start. It is done intentionally to decrease unnecessary memory usage.

If the IEC 61850 Server does not work properly (e.g. no communication between devices, data is corrupted, etc.), a user can launch a debug session from the command line interface and find out why the link is not functioning properly.

To launch a debugging session, a user should stop `iec61850-server` process and run` iec61850-server` command with respective flags as you can see below:

``` iec61850-server ``` ```iec61850-server -h [--help] Show help message -c [--config] arg Configuration file location -V [--version] Show version -d [--debug] arg Set Debug level -r [--redis] Show Redis messages -C [--commands] Show command messages -R [--readyfile] arg Ready notification file ``` # 15.3 IEC 61850 Client WCC Lite can be used as a master station to collect data from IEC 61850 compatible server devices such as protection relays. As relays require fast, secure and responsive interfaces, WCC Lite can be considered as a valid option. For additional security a user can use encrypted transmission (TLS) or set up a password.

As TCP (TLS) connection can encounter issues and break, automatic reconnection is implemented. After every failed reconnection attempt the fallback delay is doubled starting from 1 second up until 32 seconds. After that connection reestablishment will be attempted every 32 seconds until a successful connection.

#### Acquiring data via report control blocks As per IEC 61850 standard, the report control block controls the procedures that are required for reporting values of data objects from one or more logical nodes to one client. Automatic reporting enables data servers (slave devices) to only send data on its (or its quality) change, thus saving network bandwidth. Instances of report control blocks are configured in the server at configuration time. Report control blocks send information that is defined in their respective datasets. Dataset is a set of data elements grouped to represent some data group. For example, it is a common practice to group measurements and events into different groups. A server restricts access to an instance of a report control block to one client at a time. That client exclusively shall own that instance and shall receive reports from that instance of report control blocks. There are two classes of report control blocks defined, each with a slightly different behavior: - buffered-report-control-block (BRCB) - internal events (caused by trigger options data-change, quality-change, and data-update) issue immediate sending of reports or buffer the events (to some practical limit) for transmission, such that values of data object are not lost due to transport flow control constraints or loss of connection. BRCB provides the sequence-of-events (SOE) functionality; - unbuffered-report-control-block (URCB) - internal events (caused by trigger options data-change, quality-change, and data-update) issue immediate sending of reports on a best efforts basis. If no association exists, or if the transport data flow is not fast enough to support it, events may be lost. Buffered report control blocks are therefore useful to keep event data, for example, keeping the last known state of a relay switch where a loss of information might lead to a confusion and even financial losses. Unbuffered report control blocks are particularly useful for data which is useful only momentarily, e.g. measurements of voltages, current or power. This information can change frequently and old measurements might not reflect the real state of a substation. To allow multiple clients to receive the same values of data object, multiple instances of the report control classes shall be made available. Buffered report control blocks are usually configured to be used by a specific client implementing a well-defined functionality, for example, a SCADA master. The client may know the ObjectReference of the BRCB by configuration or by the use of a naming convention. Parsing of report control blocks is based on types of Common Data Class (CDC). Some of these types can have more than one data point of interest. Table below shows what data attributes are supported from various Common Data Classes. To select which data attribute should be used a `da_value` column should be filled with a data attribute name. Common Data Classes consist of data attributes with different Functional Constraints therefore to get the status points of interest correctly the user must fill in a correct value in `da_fc` column. IEC 61850 Client supported data attributes:
Common Data ClassFunction ConstraintData attributes
SPS DPS INS ENS STstVal
ACTSTgeneral phsA phsB phsC neut
ACDSTgeneral dirGeneral phsA dirPhsA phsB dirPhsB phsC dirPhsC neut dirNeut
MVMXinstMag mag
CMVMXinstCVal cVal
SAVMXinstMag
SPC DPC INC ENC STstVal
BSC ISC STvalWTr
APC BAC MXmxVal
Some of data attributes are structures themselves, for example, `mag` attribute is a struct that can hold integer or float values. To select a fitting attribute the user should extend `da_value` parameter with additional attributes, for example, if float magnitude value is to be selected from MV Common Data Class, `da_value` column should be filled with `mag.f` value; if the user intends `cVal` magnitude value in float format from CMV Common Data Class, `da_value` should be filled with `cVal.mag.f` value. See IEC 61850-7-3 for more information about Common Data Classes. To ensure the integrity of configuration, WCC Lite has additional checks implemented at configuration time. If report control block (or its dataset) with a predefined ObjectReference doesn’t exist, it is considered that IEC 61850 Client has not been configured properly or configuration has been changed in either of IEC 61850 devices and cannot be matched, therefore should be considered invalid. Controlling remote equipment via commands The control model provides a specific way to change the state of internal and external processes by a client. The control model can only be applied to data object instances of a controllable Common Data Class (CDC) and whose ctlModel DataAttribute is not set to status - only. Such data objects can be referred to as control objects. If controls are enabled in a IEC 61850 Server device the user can configure controls by filling control\_model column in Excel configuration with a control model (*direct-with-normal-security, sbo-with-normal-security, direct-with-enhanced-security, sbo-with-enhanced-security*) as well as setting functional constraint in `da_fc` column to CO. Depending on the application, different behaviors of a control object shall be used. Therefore, different state machines are defined. Four cases are defined: - **Case 1**: Direct control with normal security (direct-operate); - **Case 2**: SBO control with normal security (operate-once or operate-many); - **Case 3**: Direct control with enhanced security (direct-operate); - **Case 4**: SBO control with enhanced security (operate-once or operate-many). IEC 61850 standard enables the user to plan command transmission in advance - set the timer when the command should be issued. However, as this possibility is rarely used in practice, it is not implemented as of version v1.8 All issued commands are executed immediately. For more information on control class model, please consult IEC 61850-7-2 standard. If ctlModel is read-only, messages from internal database will be ignored for this point, otherwise a subscribe callback will be launched to handle commands as soon as they are sent. If CDC of a signal does not have means of control, ctlModel parameter is ignored. Originator identification can be attached to a station so that replies to command requests could be forwarded to only one device. To use this functionality a user should select an origin identifier by filling value in Excel configuration, originator column. Originator category is always enforced to tell that remote control command is issued. #### Configuring datapoints To use IEC 61850 Client in WCC Lite, it has to be configured via an Excel configuration. This configuration contains two Excel sheets where parameters have to be filled in - Devices and Signals tables. ##### Table IEC 61850 Client parameters for *Devices* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
name stringUser-friendly name for a deviceYes
descriptionstringDescription of a deviceNo
device\_aliasstringAlphanumeric string to identify a deviceYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringProtocol to be usedYes IEC 61850 Client
hoststring (IP address format)IP address of server device Yes
portintegerTCP communication port Yes102
authstringAuthorization type Yes none, password, tls
passwordstringAuthorization password for server device Yes (for PASSWORD)
tls\_local\_certificatestringLocal certificate for TLS connection Yes (for TLS)
tls\_peer\_certificatestringCertificate authority file for TLS connectionYes (for TLS)
tls\_private\_keystringFile consisting of private key for TLS connectionYes (for TLS)
ied\_namestringName of an Intelligent Electronic DeviceYes
originatorstringOrigin identifier for device No
model\_filenamestringFilename of client model uploaded to WCC (must contain .client extension) Yes
##### Table IEC 61850 Client parameters for *Signals* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestringUser-friendly signal nameYes
device\_aliasstringDevice alias from a Devices tabYes
signal\_aliasstringUnique alphanumeric name of the signal to be usedYes
enablebooleanEnabling/disabling of an individual signalNo101
logbooleanAllow signal to be logged. If **log is 0 signal** will not be logged. If **log is more than 0** signal will be loggedNo0
number\_typestringNumber format type Yes
BOOLEAN, INT8, INT16, INT32, INT64, INT128, INT8U, INT24U, INT32U, FLOAT32, FLOAT64, ENUMERATED, OCTETSTRING6, OCTETSTRING8, OCTETSTRING64, VISIBLESTRING32, VISIBLESTRING64, VISIBLESTRING65, VISIBLESTRING129, VISIBLESTRING255, UNICODESTRING255, TIMESTAMP, QUALITY, CHECK, CODEDENUM, GENERICBITSTRING, CONSTRUCTED, ENTRYTIME, PHYCOMADDR, CURRENCY, OPTFLDS, TRGOPS
ld\_instancestringInstance of a logical deviceYes
ln\_classstringLogical node class typeYes
ln\_instanceintegerInstance of a logical node No
ln\_prefixstring, integerPrefix of logical node stringNo
cdcstringCommon Data Class (CDC) nameYes SPS, DPS, INS, ENS, ACT, ACD, SEC, BCR, HST, VSS, MV, CMV, SAV, WYE, DEL, SEQ, HMV, HWYE, HDEL, SPC, DPC, INC, ENC, BSC, ISC, APC, BAC, SPG, ING, ENG, ORG, TSG, CUG, VSG, ASG, CURVE, CSG, DPL, LPL, CSD, UNDEF
data\_objectstringName of data object in datasetYes
da\_valuestringName of a data attribute value nodeYes
da\_fcstringFunctional constrain for data objectYes ST,MX, CO, SP, SE
control\_modelstring Model of output control No read-onlyread-only, direct-with-normal-security, sbo-with-normal-security, direct-with-enhanced-security, sbo-with-enhanced-security
dataset string Full object reference of a dataset Yes
report\_control\_block string Full object reference of a report control block Yes
intgPd integer Integrity period in milliseconds No 0

It should be noted that ACT and ACD messages can only be parsed from report if either only ‘general’ attribute or all attributes attached to all three phases and neutral can be found in report

##### Device status signals
IEC 61850 has an additional signal which can be configured to show communication status. It is used to indicate if the server device has disconnected from client (WCC Lite). To configure such signal for IEC 61850 protocol, job\_todo and tag\_job\_todo fields with string values are required. For IEC 61850 client required parameters for status signal will be: **signal\_name,** **device\_alias, signal\_alias, number\_type, job\_todo** and **tag\_job\_todo**. Job\_todo value must be *device\_status* and for tag\_job\_todo there are 4 variations: communication\_status, device\_running, device\_error, uknown\_error. Each signal has 4 possible values and are based on the same logic. If signal returns value of 0, it means unknown error has appeared, 1 – device or protocol connection is on and working properly, 2 – device is off or protocol is disconnected, 3 – error or service is down. #### Configuration Configuration of IEC61850 Client for WCCLite is done via WCC Utility. Elseta WCC Utility has two IEC 61850 selections - IEC 61850 Config and IEC 61850 Excel: - **IEC 61850 Config** is used to create a configuration model file, which IEC 61850 Client service will use to parse reports from the server. - **IEC 61850 Excel** is used to generate excel configuration file which in turn will be used to generated configuration .json via excel-utility. [![image-1670584678497.png](https://wiki.elseta.com/uploads/images/gallery/2022-12/scaled-1680-/image-1670584678497.png)](https://wiki.elseta.com/uploads/images/gallery/2022-12/image-1670584678497.png) WCC Utility with IEC61850 selections ##### Generate model file To generate IEC 61850 Client model file select “Client” in drop down selection tab. Then select where to output the generated model and upload file with extensions .icd, .scd or .cid. [![image-1670585363191.png](https://wiki.elseta.com/uploads/images/gallery/2022-12/scaled-1680-/image-1670585363191.png)](https://wiki.elseta.com/uploads/images/gallery/2022-12/image-1670585363191.png) Generate IEC 61850 Client model file ##### Generate excel file To generate IEC 61850 Client excel file select “Client” in drop down selection tab. Then select where to output the generated model upload file with extensions .icd, .scd or .cid. [![image-1670585447382.png](https://wiki.elseta.com/uploads/images/gallery/2022-12/scaled-1680-/image-1670585447382.png)](https://wiki.elseta.com/uploads/images/gallery/2022-12/image-1670585447382.png) Generate IEC 61850 Client excel file After generating excel file additional configuration information must be written in the devices sheet: - A valid host ip address must be provided. - An authorization method must be provided (if it is a complex authorization method, additional parameters might be required). - Model filename must be provided. The model filename must be exactly the same as that was generated one step earlier (Model filename can include extension, but it is not mandatory). [![image-1676877418592.png](https://wiki.elseta.com/uploads/images/gallery/2023-02/scaled-1680-/image-1676877418592.png)](https://wiki.elseta.com/uploads/images/gallery/2023-02/image-1676877418592.png) Excel configuration (Devices sheet) In the signals sheet, signals which are not used or needed can be removed. Their information might be modified as well. [![image-1670586268060.png](https://wiki.elseta.com/uploads/images/gallery/2022-12/scaled-1680-/image-1670586268060.png)](https://wiki.elseta.com/uploads/images/gallery/2022-12/image-1670586268060.png)Signals sheet **Important!** Information such as ld\_instance and other data taken directly from SCD configuration files should not be modified, otherwise access to info of these reports can be broken. ##### Uploading configuration First upload the model configuration file. [![image-1689317512196.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689317512196.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689317512196.png) Uploading model configuration file After uploading the model configuration file it should appear under *the DOWNLOAD CONFIGURATION* tab. [![image-1689317540477.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689317540477.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689317540477.png) Uploaded IEC 6180 Client configuration file Then upload the excel configuration (same as with every other protocol). [![image-1670586406773.png](https://wiki.elseta.com/uploads/images/gallery/2022-12/scaled-1680-/image-1670586406773.png)](https://wiki.elseta.com/uploads/images/gallery/2022-12/image-1670586406773.png) Uploading excel configuration After successful configuration upload, both configurations should appear under *DOWNLOAD CONFIGURATION* tab. If any errors occur during excel upload, fix them along excel utility guidelines. [![image-1670586443301.png](https://wiki.elseta.com/uploads/images/gallery/2022-12/scaled-1680-/image-1670586443301.png)](https://wiki.elseta.com/uploads/images/gallery/2022-12/image-1670586443301.png) Uploaded configurations #### IEC 61850 Client command line debugging options `iec61850-client` ``` -h [ –help ] Show help message -c [–config] arg Configuration file location -V [–version] Show version -d [–debug] arg Set debugging level -r [–redis] Show Redis messages -C [–commands] Show command messages -D [–datasets] Show dataset messages –report Show report messages -R [–readyfile] arg Ready notification file ```

If IEC 61850 Client does not work properly (e.g. no communication between devices, data is corrupted, etc.), a user can launch a debug session from command line interface and find out why link is not functioning properly.

To launch a debugging session, a user should stop `iec61850-client` process by running `/etc/init.d/iec61850-client stop` and run `iec61850-client` command with respective flags as was shown above.