# 12 DNP 3.0 # 12.1 Introduction DNP3 (Distributed Network Protocol) is a set of communications protocols used between components in process automation systems. Its main use is in utilities such as electric and water companies. It was developed for communications between various types of data acquisition and control equipment. It plays a crucial role in SCADA systems, where it is used by SCADA Master Stations (a.k.a. Control Centers), Remote Terminal Units (RTUs), and Intelligent Electronic Devices (IEDs). It is primarily used for communications between a master station and RTUs or IEDs. ICCP, the Inter­Control Center Communications Protocol (a part of IEC-60870­6), is used for inter­master station communications. Elseta’s DNP3 stack has both Master and Slave protocols implemented. Both of them can serve multiple serial (over physical RS­485 line), TCP or TLS (over TCP) connections with high efficiency. IEEE­1815 defines 4 subset levels (1­4) that consist of the objects and function codes that must be supported by the master and outstation. Levels 1­3 are supported fully and level 4 is supported partially. To get more information about how DNP3 works and what capabilities are supported one should get a copy of the protocol specification and/or check the Slave Interoperability List/Configuration guides for both Master and Slave protocols.

To set up TLS connection for both DNP3 Master and Slave, refer to sections Excel configuration and Certificates. All keys and certificates should be provided in the PEM format.

If no configuration is set up, DNP3 Master and Slave services are not started.

# 12.2 DNP 3.0 Master Default groups and variation sets are used to send commands. If slave devices support different groups and variations, they can be adjusted in Excel configuration. For more information check section [Excel configuration](https://wiki.elseta.com/books/manual/chapter/18-excel-configuration). #### Configuring data points To use DNP3 Master in WCC Lite, it has to be configured via an Excel configuration. This configuration contains two Excel sheets where parameters have to be filled in ­Devices and Signals. ##### DNP3 Master parameters for Devices tab
**Parameter** **Type** **Description** **Required** **Default Value** (when not specified) **Range**
TCP/ TLS SerialMinMax
namestring User-friendly device nameYesYes
descriptionstringDescription of a deviceNoNo
device\_aliasstringAlphanumeric string to identify a deviceYesYes
enablebooleanEnabling/disabling of a deviceNoNo101
protocolstringProtocol to be used (”dnp3 serial”/”dnp3 tcp” (case insensitive))YesYes DNP3 TCP, DNP3 serial
modestringChoosing between TCP, TLS and SERIAL modes. If the protocol provided DNP3 TCP mode defaults to tcp and if DNP3 serial is provided mode defaults to serialNoNoTCP (for DNP3 TCP) SERIAL (for DNP3 serial) TCP, TLS (for DNP3 TCP) SERIAL (for DNP3 serial)
hoststringThe IP address of the TCP slave deviceYes-
bind\_address stringThe IP address of the network adapter used to connect to the slave deviceNoNo0.0.0.0
portintegerTCP communication portNoNo20000
deviceintegerCommunication port (”PORT1” or ”PORT2”)-Yes
baudrateintegerCommunication speed, bauds/s-No9600300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600,115200
databitsintegerData bit count for communication-No869
stopbitsintegerStop bit count for communication-No112
paritystringCommunication parity option-Nononenone, even, odd
flowcontrolstringCommunication device flow control option. -Nononenone
tlsbooleanEnable/disable the use of TLS Yes (for TLS)-001
tls\_local\_certificatestringLocal certificate for TLS connectionYes (for TLS)-
tls\_peer\_certificatestringCertificate authority file for TLS connectionNo (for TLS)-
tls\_private\_keystringA file consisting of the private key for TLS connectionNo (for TLS)-
max\_rx\_frag\_sizeintegerMaximum size of a received fragment.NoNo204802048
destination\_addressintegerAddress of a master stationNoNo1065535
source\_addressintegerAddress of a slave (local) station.NoNo1065535
unsol\_classesstringDefines which classes will have unsolicited actions on startup. (Example: "1,3,2")NoNono class13
unsol\_disableboolDisables unsolicited messages on startup. The parameter is going to be ignored if the unsol\_classes parameter has any values assigned.NoNo001
groups\_scan\_maskintegerBitmask for enabling separate group scans with x06 qualifier (all objects). The parameter value is converted into a binary number where each bit stands for a separate group. Bits indexes and the groups that they represent: 0 -­ Binary, 1 ­- Double­bit Binary, 2 ­- Binary Output Status, 3 ­- Counter, 4 ­- Frozen Counter, 5 ­- Analog, 6 ­- Analog Output Status, 7 ­- Octet String (Example: 115 (0111 0011) will trigger data polls for signals whose types are - Binary, Double­bit Binary, Frozen Counter, Analog, Analog Output Status)NoNo00255
groups\_scan\_intervalinteger, string The time between separate groups scans intervals in seconds. Set to 0 to disable.NoNo00
exception\_scan\_intervalinteger, string The time between exception scan (classes 1,2,3) intervals in seconds. Set to 0 to disable.NoNo00
integrity\_scan\_intervalinteger, string Time between integrity scan (classes 0,1,2,3) intervals in seconds (general interrogation). Set to 0 to disable.NoNo00
timesync\_modestringWill override the master default setting for choosing the time sync procedureNoNoNON-LAN (for Serial) LAN (for tcp) LAN, NON-LAN
time\_sync\_interval\_sec integer, string Periodic time sync interval in seconds. If > 0 ­- time syncs are forced and periodic. If = 0 ­- time syncs react to IIN bits from the slave. If < 0 -­ time syncs are disabled. NoNo
select\_msintegerSelect command timeout. Valid for all signals.NoNo10000
timeout\_msintegerResponse timeout in millisecondsNo No2000
keep\_alive\_timeoutintegerThe time interval for sending a keep-alive packet in seconds.No-60
use\_local\_timebooleanif enabled (1) communication uses system time instead of UTC.NoNo001
##### DNP3 Master parameters for the Signals tab
**Parameter** **Type** **Description** **Required** **Default Value** (when not specified) **Range**
TCPRTUMinMax
signal\_namestringUser-friendly signal nameYesYes
device\_aliasstringDevice alias from a Devices tabYesYes
signal\_alias
string
Unique alphanumeric name of the signal to be usedYesYes
enablebooleanEnabling/disabling a deviceNoNo101
indexintegerIndex of a signal.YesYes 065535
logbooleanEnable logging in the event logNoNo001
signal\_typestringDNP3 signal type. (case insensitive) YesYes ”binary”, ”doublebitbinary”, ”binaryoutputstatus”, ”binaryoutputcommand”, ”counter”, ”frozencounter”, ” analogue”, ”analogoutputstatus”, ”analogoutputcommand”, ”timeandinterval”, ”octetstring”
command\_variationintegerDNP3 command variation. *Supported variations depend on signal type and are provided in the table below* NoNo104
static\_variationintegerDNP3 command variation (). Supported variations depend on signal type and are provided in the table below.NoNo 0, 1, 2, 3, 4, 5, 6, 9, 10
event\_variationintegerDNP3 command variation. Supported variations depend on signal type and are provided in the table below.No No 08
control\_code
string
DNP3 control model code of CROB signal. TripClose and Pulse control model requires **PulseOn/off** times to be set NoNo LATCH, PULSE, TRIPCLOSE
pulse\_on\_time\_msintegerPulse ON time in milliseconds, when using Pulse or TripClose control models must be setYes (for binary PULSE and TRIPCLOSE command codes)Yes (for binary PULSE and TRIPCLOSE command codes)
pulse\_off\_time\_msintegerPulse OFF time in milliseconds, when using Pulse or TripClose control models must be setYes (for binary PULSE and TRIPCLOSE command codes)Yes (for binary PULSE and TRIPCLOSE command codes)
class\_numintegerClass assignment of the signal.NoNo003
operate\_typeintegerDefault command behaviour. If selected: ”­**-1**” ­- DirectOperateNoAck (FC=6), **”0”** - DirectOperate (FC=5), "**1"** - SelectBeforeOperate (FC=3). NoNo1-11
job\_todostringThe device status signal can be configured by providing one of the given values. NoNo communication\_status, device\_running, device\_error, unknown\_error
##### Device status signals To configure any device status signal for the DNP3 protocol additional job\_todo column is required. For DNP3 master required parameters for status signal will be: **signal\_name,** **device\_alias, signal\_alias, index, signal\_type**, **event\_variation** (1,2 or 3) and **job\_todo**. There are 4 possible signals: communication\_status, device\_running, device\_error, uknown\_error. Each signal has 4 possible values and is based on the same logic. If the signal returns the value of 0, it means an unknown error has appeared, 1 – device or protocol connection is on and working properly, 2 – device is off or protocol is disconnected, 3 – error or service is down. ##### Command variations
Signal TypeAvailable Command VariationDefault Command Variation
Binary Output Command (Group12)0, 11
Analog Output Command (Group41)0, 1, 2, 3, 41
##### Static and Event variations
Signal TypeAvailable VariationsDefault Variations
BinaryStatic variation (Group1) 1, 2 Event variation (Group2) 1, 2, 3Static variation 2 Event variation 1
Double BinaryStatic variation (Group3) 2 Event variation (Group4) 1, 2, 3Static variation 2 Event variation 1
Binary Output StatusStatic variation (Group10) 1, 2 Event variation (Group11) 1, 2Static variation 2 Event variation 1
CounterStatic variation (Group20) 1, 2, 5, 6 Event variation (Group22) 1, 2, 5, 6Static variation 1 Event variation 1
Frozen CounterStatic variations (Group21) 1, 2, 5, 6, 9,10 Event variation (Group23) 1, 2, 5, 6Static variation 1 Event variation 1
AnalogStatic variation (Group30) 1, 2, 3, 4, 5, 6 Event variation (Group32) 1, 2, 3, 4, 5, 6, 7, 8Static variation 1 Event variation 1
Analog Output StatusStatic variation (Group40) 1, 2, 3, 4 Event variation (Group42) 1, 2, 3, 4, 5, 6, 7, 8Static variation 1 Event variation 1
Time and IntervalStatic variation (Group50) 1Static variation 1
Octet StringStatic variation (Group110) 0 Event variation (Group111) 0Static variation 0 Event variation 0
#### Debugging the DNP3 Master service If the configuration for DNP3 devices is set up, a handler for the protocol will start automatically. If the configuration is missing or contains errors, the protocol will not start. It is done intentionally to decrease unnecessary memory usage. DNP3 protocol runs a service called **dnp3-­master**. If DNP3 does not work properly (e.g. no communication between devices, data is corrupted, etc.), a user can launch a debug session from the command line interface and find out why the link is not functioning properly. To launch a debugging session, a user should stop the **dnp3-­master** process and run the **dnp3-m­aster** command with respective flags as in the table given below. Procedure for DNP3 Master protocol service debugging: - **Step 1**: Service must be stopped by entering the following command into the wcclite: ``` /etc/init.d/dnp3-master stop ``` - **Step 2**: After the service is stopped it must be started with the preferred configuration file (JSON files found in the /etc/ folder) and a debug level 7: ``` dnp3-master -c /etc/dnp3-master/dnp3master.json -d7 ``` Additional output forming options described in the table below. - **Step 3**: Once the problem is diagnosed normal operations can be resumed with the following command: ``` /etc/init.d/dnp3-master start ``` dnp3­-master command line debugging options
Option Description
­-h \[ –help \] Display help information
­-V \[ –version \] Show version
­-d <debug level>Set debugging level
-­c \[ –config \] Config path
-­r \[ –redis \] Show Redis messages
# 12.3 DNP 3.0 Slave Default group and variation sets are used to send static and event values. If master devices support different groups and variations, they can be adjusted in Excel configuration. WCC Lite-supported variations are provided in *Static and Event variations* and *Command variations.* ##### DNP3 Slave parameters for Devices tab
**Parameter** **Type** **Description** **Required** **Default Value** (when not specified) **Range**
TCP/ TLS RTUMinMax
namestring User-friendly device nameYesYes
descriptionstringDescription of a deviceNoNo
device\_aliasstringAlphanumeric string to identify a deviceYesYes
enablebooleanEnabling/disabling of a deviceNoNo101
protocolstringProtocol to be used.YesYes dnp3 tcp slave dnp3 serial slave
modestringChoosing between TCP, TLS and SERIAL modes. If the protocol is provided DNP3 TCP mode defaults to tcp and if DNP3 serial is provided mode defaults to SERIALNoNoTCP or SERIALTCP, SERIAL, TLS
hoststringThe IP address of the TCP slave deviceYes-
bind\_address stringThe IP address of the network adapter used to connect to the slave deviceNo -0.0.0.0
portintegerTCP communication portNo -20000
devicestringCommunication port (”PORT1” or ”PORT2”)-Yes
baudrateintegerCommunication speed, bauds/s-No9600300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600,115200
databitsintegerData bit count for communication-No869
stopbitsintegerStop bit count for communication-No112
paritystringCommunication parity option-Nononenone, even, odd
flowcontrolstringCommunication device flow control option. -Nononenone
tlsbooleanEnable/disable the use of TLS Yes (for TLS)-001
tls\_local\_certificatestringLocal certificate for TLS connectionYes (for TLS)-
tls\_peer\_certificatestringCertificate authority file for TLS connectionNo (for TLS)-
tls\_private\_keystringA file consisting of the private key for TLS connectionNo (for TLS)-
max\_tx\_frag\_sizeintegerMaximum size of a received fragment.NoNo204802048
destination\_addressintegerAddress of a master stationNoNo1065535
source\_addressintegerAddress of a slave (local) station.NoNo1065535
unsol\_classesstringDefines which classes will have unsolicited actions on startup. (Example: "1,3,2")NoNono class13
time\_sync\_interval\_sec integer, string Periodic time sync interval in seconds. If 0 < ­- time syncs are forced and periodic. If = 0 ­- time syncs react to IIN bits from the slave. If < 0 -­ time syncs are disabled. NoNo00
select\_msintegerSelect command timeout. Valid for all signals.NoNo10000
timeout\_msintegerResponse timeout in millisecondsNo No2000
keep\_alive\_timeoutintegerThe time interval for sending a keep-alive packet in seconds.NoNo60
##### DNP3 Slave parameters for Signals tab
**Parameter** **Type** **Description** **Required** **Default Value** (when not specified) **Range**
TCPRTUMinMax
signal\_namestringUser-friendly signal nameYesYes
device\_aliasstringDevice alias from a Devices tabYesYes
signal\_alias
string
Unique alphanumeric name of the signal to be usedYesYes
enablebooleanEnabling/disabling of a deviceNoNo101
indexintegerIndex of a signal.YesYes 065535
logbooleanEnable logging in the event logNoNo00
deadbandinteger, stringDeadband for Analog, Analog Output Status, Counter, and Frozen Counter signals.NoNo0
signal\_typestringDNP3 signal type. (case insensitive) YesYes ”binary”, ”doublebitbinary”, ”binaryoutputstatus”, ”binaryoutputcommand”, ”counter”, ”frozencounter”, ”analog”, ”analogoutputstatus”, ”analogoutputcommand”, ”timeandinterval”, ”octetstring”
command\_variationintegerDNP3 command variation. *Supported variations depend on signal type and are provided in the table below* NoNo104
static\_variationintegerOverride default signal’s static variation. Valid for Status mode signals.NoNo 0, 1, 2, 3, 4, 5, 6, 9, 10
event\_variationintegerOverride default signal’s event variation. Valid for Status mode signals. No No 08
control\_code
string
DNP3 control model code of CROB signal. TripClose and Pulse control model requires **PulseOn/off** times to be set. NoNo LATCH, PULSE, TRIPCLOSE
pulse\_on\_time\_msintegerPulse ON time in milliseconds, when using Pulse or TripClose control models must be set.Yes (for binary PULSE and TRIPCLOSE command codes)Yes (for binary PULSE and TRIPCLOSE command codes)
pulse\_off\_time\_msintegerPulse OFF time in milliseconds, when using Pulse or TripClose control models must be set.Yes (for binary PULSE and TRIPCLOSE command codes)Yes (for binary PULSE and TRIPCLOSE command codes)
class\_numintegerClass assignment of this signal.NoNo003
operate\_typeintegerDefault command behaviour. If selected: ”­**-1**” ­- DirectOperateNoAck (FC=6), **”0”** - DirectOperate (FC=5), "**1"** -­ SelectBeforeOperate (FC=3). NoNo1-11
job\_todostringThe device status signal can be configured by providing one of the given values. NoNo communication\_status, device\_running, device\_error, unknown\_error
##### Device status signals
To configure any device status signal for DNP3 protocol additional job\_todo column is required. For DNP3 slave required parameters for status signal will be: **signal\_name, device\_alias, signal\_alias, index, signal\_type**, **event\_variation** (1,2 or 3) and **job\_todo**. There are 4 possible signals: communication\_status, device\_running, device\_error, uknown\_error. Each signal has 4 possible values and is based on the same logic. If the signal returns the value of 0, it means an unknown error has appeared, 1 – device or protocol connection is on and working properly, 2 – device is off or protocol is disconnected, 3 – error or service is down. ##### Command variations
Signal TypeAvailable Command VariationDefault Command Variation
Binary Output Command (Group12)0, 11
Analog Output Command (Group41)0, 1, 2, 3, 41
##### Static and Event variations
Signal TypeAvailable VariationsDefault Variations
BinaryStatic variation (Group1) 1, 2 Event variation (Group2) 1, 2, 3Static variation 2 Event variation 1
Double BinaryStatic variation (Group3) 2 Event variation (Group4) 1, 2, 3Static variation 2 Event variation 1
Binary Output StatusStatic variation (Group10) 2 Event variation (Group11) 1, 2Static variation 2 Event variation 1
CounterStatic variation (Group20) 1, 2, 5, 6 Event variation (Group22) 1, 2, 5, 6Static variation 1 Event variation 1
Frozen CounterStatic variations (Group21) 1, 2, 5, 6, 9,10 Event variation (Group23) 1, 2, 5, 6Static variation 1 Event variation 1
AnalogStatic variation (Group30) 1, 2, 3, 4, 5, 6 Event variation (Group32) 1, 2, 3, 4, 5, 6, 7, 8Static variation 1 Event variation 1
Analog Output StatusStatic variation (Group40) 1, 2, 3, 4 Event variation (Group42) 1, 2, 3, 4, 5, 6, 7, 8Static variation 1 Event variation 1
Time and IntervalStatic variation (Group50) 1Static variation 1
Octet StringStatic variation (Group110) 0 Event variation (Group111) 0Static variation 0 Event variation 0
#### Debugging the DNP3 Slave service If the configuration for DNP3 devices is set up, a handler for the protocol will start automatically. If the configuration is missing or contains errors, the protocol will not start. It is done intentionally to decrease unnecessary memory usage. DNP3 protocol runs a service called **dnp3-­slave**. If DNP3 does not work properly (e.g. no communication between devices, data is corrupted, etc.), a user can launch a debug session from the command line interface and find out why the link is not functioning properly. To launch a debugging session, a user should stop the **dnp3-­slave** process and run the **dnp3-slave** command with respective flags as in the table given below. Procedure for DNP3 Master protocol service debugging: - **Step 1**: Service must be stopped by entering the following command into the wcclite: ``` /etc/init.d/dnp3-slave stop ``` - **Step 2**: After the service is stopped it must be started with the preferred configuration file (JSON files found in the /etc/ folder) and a debug level 7: ``` dnp3-slave -c /etc/dnp3-slave/dnp3slave.json -d7 ``` Additional output forming options described in the table below. - **Step 3**: Once the problem is diagnosed normal operations can be resumed with the following command: ``` /etc/init.d/dnp3-slave start ``` dnp3­-slave command line debugging options
Option Description
­-h \[ –help \] Display help information
­-V \[ –version \] Show version
­-d <debug level>Set debugging level
-­c \[ –config \] Config path
-­r \[ –redis \] Show Redis messages