The communication protocols used in industrial control system ICS vary greatly between industries, regions and vendors.
1 Electricity industry
1.1 IEC 60870-5
IEC 60870-5 is probably the most popular international protocol for substation automation. In the United States, it is the functional equivalent of DNP3, which uses portions of IEC 60870-5 to provide the basis for the data link layer. A number of companion standards have been developed, including the following:
IEC 60870-5-101: for power systems related to remote control and remote protection, a communication transport protocol with monitoring and control functions IEC 60870-5-103: a transport protocol to achieve interoperability between safety protection devices and substation control system equipment IEC 60870-5-104: is an extension of IEC 60870-5-101. Includes variations on transport, network, link and physical layer services, and suites for connectivity to TCP/IP and other transports (ISDN, X.25 Frame Relay, etc.) IEC 60870-5 Typical communication media include Ethernet and serial, with typical ports being 2404/UDP and 2404/TCP.
1.2 Distributed Network Protocol 3.0 (DNP3)
DNP3 is widely used in North America, primarily as a replacement for the IEC 60870-5 family of protocols. It is a serial protocol developed in the early 1990s, but versions of the UDP/IP and TCP/IP variants also exist today.There are many similarities between DNP3 and IEC 60870-5, as several members of the IEC 60870-5 development committee left during the development process to create what would later become known as DNP3.As a result, the data links between DNP3 and IEC 60870-5 are very similar in the data link layer, but the upper layers of the protocols are more different.
DNP3 is primarily used in the North American power industry, but the protocol has also penetrated the water and wastewater industry. According to a survey by Newton-Evans Research, more than half of North American electric utilities used UDP/IP or TCP/IP variant versions of the DNP3 protocol in 2008.
Researchers are currently developing security extensions to DNP3 that are expected to provide link encryption and key management services.
Typical communication media for the DNP3 protocol include Ethernet and serial connections, and ports typically used by DNP3 are 20000/UDP, 20000/TCP, 19999/UDP and 19999/TCP.
1.3 Foundation Fieldbus (FOUNDATION Fieldbus)
The Foundation Fieldbus protocol is the main fieldbus protocol in different industrial processes. It is primarily used for process/factory automation and has been deployed in a variety of installations including power plant/generator control and control of semiconductor manufacturing.Fieldbus communication media include twisted pair and fiber optics. Typical ports include 1089/UDP, 1089/TCP, 1090/UDP, 1090/TCP, 1091/UDP and 1091/TCP.
A public list of the Foundation's fieldbus protocol-supported devices is available on the Fieldbus Foundation Web site. Members of the Fieldbus Foundation include more than 350 leading control system and instrumentation vendors, as well as a number of end users.
1.4 Intercontrol Center Communication Protocol (ICCP)
ICCP (IEC 60870-6/TASE.2) is used for communication between control centers, primarily in the power industry. In the U.S., ICCP networks are often used for utility company coordination-usually utilities with transmission operations, such as transmission, distribution, and power plants in different regions, where connecting service providers in these different regions can be used to coordinate the input and output of power between different regions.ICCP typically uses port 102/TCP.
1.5 Modbus Protocol
Modbus is the most popular control protocol in all fields due to its simplicity of use, free downloadability, and royalty-free deployment.
Intelligent devices such as PLCs and relays often use the Modbus protocol or its variants to communicate with simple devices such as remote RTUs. In addition to the Modbus standard protocol, Modbus + is one of the most prevalent variants.A list of Modbus members (companies and developers belonging to the Modbus Developers Group) is available on the Modbus website. This list includes a brief description of the individual members and the products manufactured by each member. A list of Modbus suppliers, a list of Modbus equipment, and a list of companies offering Modbus system integration services are also provided.
There are a number of Modbus variants, Modbus RTU is an open standard, binary encoded protocol that allows communication over a serial connection, Modbus ASCII is an open standard, ASCII encoded protocol that supports serial connections, and Modbus/TCP is an open standard that encapsulates the Modbus RTU payload in a TCP packet and provides a function code for the Modbus RTU payload. Modbus/TCP is an open standard that encapsulates the Modbus RTU payload in a TCP packet with some limitations on the function codes.Modbus/UDP varies by vendor, but most commonly Modbus/TCP is transmitted over UDP.Modbus + is an extended high-speed (1Mbps) version that uses token passing technology for transmission media access control, but Modbus + is a Modicon proprietary protocol. Enron (or Daniels) Modbus is the standard Modbus protocol with vendor extensions that treat 32-bit values as one register instead of two.JBus is a version of the Modbus protocol with smaller addressing variations.
Typical communication media for Modbus include Ethernet and serial ports (RS485 two-wire is very common).Modbus usually communicates on port 502/TCP.
2 Oil and gas industry
There are no obvious mainstream proprietary protocols for the oil and gas industry. The industry uses a variety of protocols such as DNP3, IEC 60870-5 and Modbus.Section 1 discusses these protocols in more depth. A variety of fieldbus protocols, such as the Foundation fieldbus protocol Feildbus, can also be found in many oil and gas facilities as well.
Communications in the oil and gas industry are often transmitted wirelessly to provide flow and pressure data to PLCs via RTUs and sensors. PLCs run safety and protection systems and well control systems. etc.
2.1 DNP3 and IEC 60870-5
A discussion of DNP3 and IEC 60870-5 is given in the Power Industry section of Section 5.2. A list of oil and gas companies using DNP3 and IEC 60870-5 is available on the Triangle Microworks Inc. website, where a white paper on the protocols can also be found.
Typical communication media include Ethernet and serial connections.DNP3 typically uses ports 20000/UDP, 20000/TCP, 19999/UDP and 19999/TCP, while IEC 60870-5 typically uses 2404/UDP and 2404/TCP.
2.2 Modbus Protocol
Modbus is a popular control protocol in the oil and gas sector as described in the description of Modbus in Section 5.2. Also the Foundation Fieldbus protocol is popular in the petrochemical field.
Typical communication media include Ethernet and serial ports (RS485 two-wire is very common.) Modbus usually runs on port 502/TCP.
3 Water treatment industry
3.1 DNP3 Protocol
As described in the description of DNP3 in Section 5.2, this protocol is also popular in the water treatment sector. Typical communication media include Ethernet and serial connections.DNP3 typically uses ports 20000/UDP, 20000/TCP, 19999/UDP and 19999/TCP.
3.2 Modbus Protocol
As mentioned above in the description of Modbus in the section on the power industry, Modbus is the more popular control protocol in the water treatment industry. Typical communication media include Ethernet and serial buses.Modbus usually runs on port 502/TCP.
4 Building automation field
In the field of building automation, LonWorks (also known as LonTalk or ANSI/CEA 709.1B) is the dominant communication protocol, followed by DyNet, and a number of other communication protocols. Typical communication media include power line carrier, twisted pair/Ethernet, fiber optics, and RF. major communication ports include 2540/UDP, 2540/TCP, 2541/UDP, and 2541/TCP.
4.1 LonWorks (LonTalk, or ANSI/CEA 709.1-B)
The American company Echelon has developed a network platform based on the LonWorks protocol, also called the LonWorks platform. The platform is used in many industries including semiconductor manufacturing, lighting control systems, energy management systems, HVAC systems, security systems, home automation, consumer appliance control, public street lighting/monitoring/control, and gas station control.Typical applications for LonWorks are used as a thermostat that communicates with PCs and PLCs via the LonTalk protocol to coordinate the air conditioning and ventilation system (HVAC) inside a building. air conditioning and ventilation systems (HVAC).
ISO and IEC have granted LonWorks platform compatibility standard numbers ISO/IEC 14908-1, -2, -3, and -4 (ANSI/CEA-852).LonWorks also forms part of IEEE 1473-L (train networking, Locomotive networking) as well as several other application-specific areas of application. China has approved LonWorks as a national control standard (GB/Z 20177.1-2006) and as a standard for buildings and smart communities (GB/T 20299.4-2006). The European Equipment Manufacturers Council has also adopted LonWorks as part of its Control and Monitoring of Domestic Appliances - Application Interoperability Specification standard.
4.2 DyNet
DyNet is a proprietary protocol developed by Dynalite (now owned by Philips Electronics).DyNet devices include their own programmable controllers and communicate via a point-to-point model.
Typical communication media for DyNet include RS-485 serial bus, RS-232 serial bus, Ethernet and infrared.
4.3 Other Protocols
There are many other protocols used for building automation systems. The most popular include INSTEON, X10, ZigBee, X-Wave and KNX/Konnex.
5 Process automation (manufacturing) field
The process automation field is dominated by fieldbus protocols, including PROFINET, the Foundation fieldbus protocol Fieldbus and the Common Industrial Protocol CIP and its derivatives.IEC 61158 and IEC 61784 contain detailed descriptions of each of the major fieldbus protocols and their variants.
5.1 DF1 Protocol
DF1 is a serial communication protocol defined in parts D1 and F1 of the ANSI X3.28 protocol. The protocol was originally developed by Allen-Bradley (now owned by Rockwell Automation) and is commonly used as a means of transmitting Programmable Controller Communication Commands (PCCC) to Allen-Bradley PLCs.
5.2 Foundation Fieldbus Protocol Fieldbus
The Foundation Fieldbus Protocol Fieldbus is suitable for basic and advanced modulating control applications, as well as most of the discrete control scenarios associated with these functions. The Foundation Fieldbus protocol Fieldbus has two implementations running at different speeds and on different transmission media: H1 is the most common implementation, which typically connects the field devices and runs at 31.25 Kbps; HSE (High Speed Ethernet) connects the host computer, the I/O subsystems, the gateway, and the field devices, and operates at a speed of 100 Mbps. foundation fieldbus protocol Fieldbus has been adopted as a fieldbus standard in IEC 61804.
5.3 Process fieldbus protocol Profibus
Profibus was developed by the German education and research department BMBF. It is available in two variants, of which the more common variant is the Decentralized Peripheral (DP) protocol, which is typically used for communication between centralized controllers and sensors/actuators, and the other variant is the Process Automation (PA) protocol, which is used for the process control system PCS to monitor and control measuring devices.The PA variant is designed and intended for use in explosive or hazardous areas and uses a physical transmission link in accordance with IEC 61158-2.PA Same basic communication protocol as DP, but PA operates at a speed of 31.25 Kpbs. DP and PA networks can be connected via a coupler, with DP used as the backbone. profibus fieldbus protocols are included in the IEC 61158 and IEC 61784 standards.
5.4 Profinet IO Protocol
The PROFINET concept has two perspectives: PROFINET CBA and PROFINET IO, both of which can communicate on the same bus system. They can be operated individually or in combination, and the PROFINET IO subsystem can be used as a PROFINET CBA system from the other perspective.PROFINET IO was developed for real-time (RT) and isochronous (IRT) communication with distributed peripheral devices, with a cycle time of 10 milliseconds for real-time communication RT, and a cycle time of 1 ms or less for isochronous communication IRT drives. PROFINET CBA is suitable for component-based communication via TCP/IP and for real-time communication in modular system engineering. Both communication communication modes can be used in parallel. the PROFINET CBA has a reaction time range of 100 ms.
The PROFINET fieldbus protocol is included in the IEC 61158 and IEC 61784 standards.
5.5 CC-Link protocol
CC-Link is a fieldbus protocol developed by Mitsubishi Electric in Japan and widely adopted by other Japanese suppliers. Currently, the total number of devices using CC-Link exceeds 6 million, covering more than 1,000 different devices. Industrial Ethernet using the CC-Link protocol can be easily integrated with conventional IT networks.
There are four CC-Link formats:
CC-Link CC-Link LT (lightweight version for devices with low communication requirements) CC-Link Safety (high-reliability version, compliant with IEC 61508 SIL3 and ISO 13849-1 Cat 4) CC-Link IE (Industrial Ethernet version) Typical CC-Link communication media include twisted-pair and fiber optics. Typical CC-Link communication media include twisted pair cables and fiber optics, the CC-Link Partner Association provides a list of partners.
5.6 Common Industrial Protocol (CIP)
The Common Industrial Protocol (CIP) attempts to provide a unified communications architecture for the entire manufacturing industry.CIP is a unified application layer protocol for protocols such as EtherNet/IP, DeviceNet, CompoNet, and ControlNet.CIP consists of a complete set of messages and services used to collect control, safety, synchronization, motion, configuration, and other information for manufacturing automation applications. CIP contains a set of messages and services for collecting control, safety, synchronization, motion, configuration, and other information from manufacturing automation applications. The protocol is managed by the Open DeviceNet Vendors Association (ODVA).
5.7 ControlNet Protocol
ControlNet is a CIP implementation developed by Allen-Bradley that has built-in support for fully redundant link cables, and all communications are tightly scheduled for a high degree of determinism.
The ControlNet physical layer is either RG-6 coaxial cable or fiber optic using BNC connectors. controlNet uses Manchester encoding with a bus speed of 5 Mbps. the link layer operates on a cycle called the Network Update Time (NUT). each NUT has two phases, the first phase is reserved for regular traffic transmissions to guarantee transmission opportunities, and the second phase is used for unscheduled traffic transmissions without any guarantees. any guaranteed unscheduled traffic transmission.The maximum frame size for ControlNet is 510 bytes.
5.8 DeviceNet Protocol
DeviceNet is another CIP implementation developed by Allen-Bradley.DeviceNet sits on top of the Controller Area Network (CAN) physical layer and utilizes ControlNet technology, which is less costly and more robust than the traditional RS-485-based protocol.
DeviceNet's baud rates are 125 Kbps, 250 Kbps, and 500 Kbps, and the length of the backbone is inversely proportional to the bus speed, i.e., 500 meters, 250 meters, and 125 meters, respectively. Most deployments use master/slave mode, but point-to-point transfers can also be used. Multiple masters coexist on a single logical network.DeviceNet has been carefully designed to operate stably in complex electromagnetic environments.
5.9 EtherNet/IP protocol
EtherNet/IP is an implementation of the CIP protocol developed by Rockwell Automation. The application layer of the protocol is CIP. EtherNet/IP is an application layer protocol built on top of the standard TCP/IP stack, which treats all devices on the network as a unified set of "objects", utilizing the existing Ethernet infrastructure at the bottom (regardless of speed). The entire EtherNet/IP stack can be implemented in software on a general-purpose processor without the need for an ASIC or Field Programmable Gate Array (FPGA).EtherNet/IP utilizes 44818/TCP for explicit messaging and 2222/UDP for implicit messaging.
5.10 EtherCAT Protocol
EtherCAT (Ethernet for Control Automation Technology) is an Ethernet protocol for control automation technology with an Ethertype of 0x88A4, which makes IP routable by inserting frame data into UDP packets. etherCAT does not use a per-cycle-per-node model. Instead of processing one frame per node per cycle (update time), EtherCAT uses an "on-the-fly" mode. Instead of simply receiving Ethernet frames from the devices, EtherCAT reads the data sent to the devices as it passes through them, interprets and copies it as process data at each node, and similarly inserts the input data as it passes through. data as the datagram passes. Many nodes can be addressed with a single frame.
EtherCAT networks can be integrated via gateways with CANopen, DeviceNet, PROFIBUS and other protocols. the EtherCAT Technology Group is an international organization of users and suppliers; as of August 2009, it consists of more than 1,100 companies from 47 countries. etherCAT is included as a fieldbus protocol in IEC 61158 and IEC 61788, and in the IEC 61158 and IEC 61789 protocols. EtherCAT as a fieldbus protocol is included in the IEC 61158 and IEC 61784 standards. etherCAT uses ports 34980/UDP and 34980/TCP for routing between Ethernet LANs.
5.11 EGD Protocol (Ethernet Global Data)
The Ethernet Global Data (EGD) protocol is a communication mechanism that enables a CPU to share a portion of its internal memory with one or more other CPUs at a regularly scheduled cycle rate. Certain GE Fanuc PLCs use the EGD protocol.
5.12 FINS Protocol
FINS is a protocol developed by Omron (a Japanese control company) and used in its newer PLCs. It usually runs on IP-enabled systems using port 9600/UDP.
5.13 Host Link Protocol
Host Link is a protocol developed by Omron for its older PLC series, however, many newer Omron PLCs can still communicate using the HostLink protocol. It is an RS-232 bus protocol based on ASCII code.
5.14 SERCOS Protocol (Serial Real-Time Communication System)
SERCOS has strict real-time requirements and is particularly suitable for motion control in areas such as metal cutting and forming, machine assembly, packaging, robotics, printing and material handling. The protocol is managed by SERCOS International and the current version is SERCOS III. SERCOS is defined in detail in the IEC 61158 and IEC 61784 standards.
5.15 SRTP (Service Request Transfer Protocol)
SRTP is a protocol for command and data communication to the PLC via the PC. It is used by GE Fanuc PLCs as an application layer communication protocol.
5.16 Sinec H1 Protocol
Sinec H1 is a transport layer protocol developed by Siemens on which different application layer protocols can run. The large bandwidth characteristics of this protocol make it ideal for the transmission of large data volumes.