CN103457791A - Self-diagnosis method of network sampling and control link of intelligent substation - Google Patents
Self-diagnosis method of network sampling and control link of intelligent substation Download PDFInfo
- Publication number
- CN103457791A CN103457791A CN2013103615978A CN201310361597A CN103457791A CN 103457791 A CN103457791 A CN 103457791A CN 2013103615978 A CN2013103615978 A CN 2013103615978A CN 201310361597 A CN201310361597 A CN 201310361597A CN 103457791 A CN103457791 A CN 103457791A
- Authority
- CN
- China
- Prior art keywords
- network
- message
- failure
- fault
- sampling
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0213—Standardised network management protocols, e.g. simple network management protocol [SNMP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0677—Localisation of faults
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Maintenance And Management Of Digital Transmission (AREA)
Abstract
The invention provides a self-diagnosis method of a network sampling and control link of an intelligent substation. The method comprises the following steps of conducting IEC61850 communication protocol analysis; controlling an active diagnostic test of the link, and then finding out network faults; conducting network fault diagnosis based on an SNMP; conducting network fault management. The invention provides the self-diagnosis method of the network sampling and control link of the intelligent substation. The self-diagnosis method can timely find out various network faults of network operation, conduct positioning and eliminating on the faults, conduct management and recording on the network fault information, further ensure the reliability and safety of the application of network sampling and network control in the substation, and improve the intelligent level of the substation.
Description
Technical field
The invention belongs to the power automation technical field, be specifically related to the self-diagnosing method of a kind of intelligent substation network sampling and control link.
Background technology
The use of IEC61850 standard has promoted the development of process layer bussing technique, and the promotion substation network communication is the Ethernet transmission from serial ports connection, Evolution of Fieldbus, greatly improved the integral level of the automation of transformation substations, because sampling and control information can effectively reduce the cable connection of transformer station's complexity after by Internet Transmission, not only be conducive to simplify full station structure, can also effectively reduce the construction cost of transformer station simultaneously, the even more important development that can promote the senior application function of transformer station, further improve the aggregate level of transformer station.
In May, 2009, proposition along with State Grid Corporation of China's intelligent grid development construction plan, the target of transformer station's development is from now on turned in the development of intelligent substation into, the embodiment of intelligent substation level mainly concentrates on based on transformer station and entirely stands in the senior application of data sharing, the key that realizes this problem is the networking that transformer station entirely stands and communicates by letter, digitlization in full station data, realize the Network Transmitting of data on informationalized basis, and the communications security of raising electric substation automation system, reliability, improve level of integrated system, make system compact, integrated, and to strengthen its senior application function and primary equipment intellectuality be to build " amphitypy one is changed " (resource-conserving, environmentally friendly, industrialization) important content of intelligent substation.Hence one can see that, and the reliability of intelligent substation network service directly has influence on the overall its construction level of intelligent substation, and then have influence on the construction of whole intelligent grid.
The reliability service of transformer station's network is the key point of Internet Transmission at application in substations, although the pilot in early stage digital transformer substation network sampling and the network technology that trips, but due to the detection and the fault diagnosis technology that lack transformer station's network operation state, brought potential safety hazard to the operation of the transformer station that adopts process-level network, for further improving the operation and maintenance level of intelligent substation, improve the reliability of transformer station's network operation, carry out real-time diagnosis and supervision in the urgent need to multi-Substation network operation state, find in time fault, the location fault is out of order side by side.
Summary of the invention
In order to overcome above-mentioned the deficiencies in the prior art, the invention provides the self-diagnosing method of a kind of intelligent substation network sampling and control link, the disparate networks fault of discovering network operation is in time also located and is got rid of, and network failure information is managed and record, further ensure network sampling and network control reliability and the fail safe at application in substations, improve the intelligent level of transformer station.
In order to realize the foregoing invention purpose, the present invention takes following technical scheme:
The self-diagnosing method of a kind of intelligent substation network sampling and control link is provided, comprises the following steps:
Step 1: carry out the IEC61850 Protocol Analysis;
Step 2: the active diagnosing test of control link, and then discovering network fault;
Step 3: based on SNMP, carry out network fault diagnosis;
Step 4: carry out the management of network failure.
In described step 1, carry out the IEC61850 Protocol Analysis and comprise basic network protocal analysis, high-level network protocol analysis and network traffic analysis; Specific as follows:
1) in the basic network protocal analysis, after the capture-data bag, packet is successively sealed off, obtain the information of different levels IEC61850 communication protocol, by IEC61850 communication protocol field decoding, identify improper IEC61850 communication protocol application, the packet of forging and wrong parameter setting;
2) during high-level network protocol is analyzed, according to frame statistics dissimilar in the byte number of the distribution situation of the relation of the feature of packet, surrounding time stamp, different I EC61850 communication protocol, network message flow, network utilization, IEC61850 communication protocol, every kind of IEC61850 communication protocol and the precedence relation of message, judge whether network data flow has problems, in time the discovering network fault;
3) in network traffic analysis, by packet, distribute and traffic statistics data definite threshold interval, once surpass threshold value send the network failure alarm.
The basic network protocal analysis is analyzed mainly for form, grammer and the content of GOOSE message and SV message, belongs to the analysis of single message content.
The high-level network protocol dissecting needle carries out comprehensive compare of analysis to GOOSE message and SV message, belongs to the globality analysis of GOOSE network and SV network;
1), by the analysis-by-synthesis of GOOSE message, the Network Abnormal that can find comprises that GOOSE APPID is not unique, GOOSE message incorrect order, the frame losing of GOOSE message and GOOSE message repeat;
2) by the analysis of SV message, the Network Abnormal that can find comprises that full station SV APPID is not unique, SV message incorrect order, SV data exception, the sampling interval is unstable and merge cells between asynchronous sampling.
In network traffic analysis, after network message is sampled, and carry out analytic statistics, choose the network traffics index and carry out the exception of network traffic detection, by the statistics to intelligent substation normal operation lower network flow indicator, determine the network traffics threshold value, the network traffics threshold then setting network message flow value and statistics obtained, according to the amplitude of networking flow difference, carry out the network failure warning.Described network traffics index comprises that flux of multicast, vlan traffic, network receive flow and network transmitted traffic.
Described step 2 comprises the following steps:
Step 2-1: GOOSE message and SV message in intelligent substation are set, use the network message generator to send respectively GOOSE message and SV message to GOOSE network and SV network, check GOOSE message and SV message network delay and packet loss separately, and judge whether configuration, physical link and the performance of the network equipment exist extremely;
Step 2-2: the presence of timed sending ICMP bag detection network equipment, check the ICMP error message returned, thus the discovering network fault;
Step 2-3: gather and resolve the daily record of the network equipment, in time the discovering network fault.
In described step 2-3, gather and analyze the log information of the network equipment that comprises router, switch and fire compartment wall, in time the discovering network fault; The analytic process of the network equipment is divided into log information collection, log information filtration, journal format conversion, daily record parsing and alarm;
The daily record of the network equipment can be divided into admin log, system journal and security log by content and type; Described admin log recording user log-in events, user exit event and revise the system configuration event; Cpu busy percentage, memory usage, network interface abnormal state event, network interface recovering state event, power failure event, fan failure event and device temperature anomalous event are recorded in described system journal; Described security log record does not meet Access Events and the assault of security strategy.
In described step 3, based on SNMP, carry out network fault diagnosis, to obtain network failure information, specifically comprise the following steps:
Step 3-1: utilize GetRequest message, GetNextRequest message and the GetResponse message of SNMP regularly to read managed object SNMP MIB storehouse, obtain network topology, control link Interface status, port network flow and device resource service condition, find in time to comprise that network configuration is abnormal, control link is obstructed, exception of network traffic and device resource configure network failure on the low side;
Step 3-2: resolve the SNMP Trap message that the network equipment initiatively sends, obtain the cold start-up, warm start, communication link failure and the communication link that comprise communication equipment and recover normal network failure information;
Step 3-3: by SNMP generating network topology, and compare with the network topology of design, find to comprise in time the network failure of network equipment wiring error and communication link fails.
Described step 4 comprises the following steps:
Step 4-1: collection network fault message;
Log information and the network information database of the network failure packets of information includes network message of collecting, SNMP data, the network equipment;
Step 4-2: network fault diagnosis and analysis;
Network fault diagnosis adopts sampling and controls active diagnosing test and the network fault diagnosis based on SNMP of the protocal analysis of network message, control link;
Step 4-3: carry out the network failure location;
By network failure is investigated, determine various top events and reason event, and, according to the logical relation between network failure, draw fault tree, and then clear and definite networking abort situation, complete the network failure location;
Step 4-4: network failure is reported to the police;
The attribute that network failure is reported to the police comprises time, alarm object, alarm types and the order of severity that the network failure warning occurs; The order of severity that network failure is reported to the police comprises emergency alarm, important warning, less important warning and informs warning;
Step 4-5: get rid of and record network failure;
By the automatic fault wipe-out mode, fault wipe-out mode or automatic fault are got rid of the mode of getting rid of combination with fault manually and are got rid of in time network failure manually;
The network failure record comprises result and the network failure description that time on date, grade, position, reason, the network failure of network failure generation cause.
In described step 4-1, the polling mode of taking the initiative or SNMP Trap mode collection network fault message;
1), initiatively in polling mode, collection network status data from the network disperseed, send querying command by network management system to the agent process of managed object, and require management object to return to current operating state, to reach testing goal;
2) in SNMP Trap mode, on the network equipment, due to occurring, the SNMPTrap message that significant trouble event or security incident produce resolved, object, position and the type of judgement network failure, utilize GetRequest message, GetNextRequest message and the GetResponse message of SNMP regularly to read the network traffics threshold value that statistics obtains, by setting network message flow value and the network traffics threshold value of comparing, when crossing the border, the discovering network flow threshold carries out the network failure warning.
Compared with prior art, beneficial effect of the present invention is: the self-diagnosing method of this intelligent substation network sampling and control link not only can prevent in time, the discovering network fault, management, location, eliminating and record after network failure occurs have also been proposed simultaneously, for accident analysis from now on provides safeguard, adopt this method to can further improve the reliability of transformer station's network operation, for the stable operation of transformer station provides safeguard, improve the intelligent level of transformer station.
The accompanying drawing explanation
Fig. 1 is the self-diagnosing method flow chart of the sampling of intelligent substation network and control link;
Fig. 2 is Analysis of Network Malfunction flow chart in the self-diagnosing method of intelligent substation network sampling and control link;
Fig. 3 is network failure positioning flow figure in the self-diagnosing method of intelligent substation network sampling and control link.
Embodiment
Below in conjunction with accompanying drawing, the present invention is described in further detail.
As Fig. 1, the invention provides the self-diagnosing method of a kind of intelligent substation network sampling and control link, comprise the following steps:
Step 1: carry out the IEC61850 Protocol Analysis;
Step 2: the active diagnosing test of control link, and then discovering network fault;
Step 3: based on SNMP (Simple Network Management Protocol, Simple Network Management Protocol), carry out network fault diagnosis;
Step 4: carry out the management of network failure.
In described step 1, carry out the IEC61850 Protocol Analysis and comprise basic network protocal analysis, high-level network protocol analysis and network traffic analysis; Specific as follows:
1) in the basic network protocal analysis, after the capture-data bag, packet is successively sealed off, obtain the information of different levels IEC61850 communication protocol, by IEC61850 communication protocol field decoding, identify improper IEC61850 communication protocol application, the packet of forging and wrong parameter setting;
2) during high-level network protocol is analyzed, according to frame statistics dissimilar in the byte number of the distribution situation of the relation of the feature of packet, surrounding time stamp, different I EC61850 communication protocol, network message flow, network utilization, IEC61850 communication protocol, every kind of IEC61850 communication protocol and the precedence relation of message, judge whether network data flow has problems, in time the discovering network fault;
3) in network traffic analysis, by packet, distribute and traffic statistics data definite threshold interval, once surpass threshold value send the network failure alarm.
The basic network protocal analysis is analyzed mainly for form, grammer and the content of GOOSE message and SV message, belongs to the analysis of single message content.
1) for the GOOSE message, formal definition according to the GOOSE message, check the syntax error of GOOSE message, size, ethernet source address, destination address, type, vlan information and GOOSE message field (MFLD) content by the known GOOSE message of the decoding to the GOOSE message, by the Decoding Analysis to the GOOSE message and with the comparing of configuration file, judge whether the GOOSE message exists error message;
Described GOOSE message field (MFLD) content comprises GOOSE APPID, length, reserved field, GocbRef, DataSet, GoID, StNum and SqNum;
2) for the SV message, formal definition according to the SV message, check the syntax error of SV message, the assignment of ethernet source address, destination address, vlan information, SV APPID, Length and savpdu field by the known SV message of the decoding of SV message, judge whether the SV message exists error message.
The high-level network protocol dissecting needle carries out comprehensive compare of analysis to GOOSE message and SV message, belongs to the globality analysis of GOOSE network and SV network;
1), by the analysis-by-synthesis of GOOSE message, the Network Abnormal that can find comprises that GOOSE APPID is not unique, GOOSE message incorrect order, the frame losing of GOOSE message and GOOSE message repeat;
2) by the analysis of SV message, the Network Abnormal that can find comprises that full station SV APPID is not unique, SV message incorrect order, SV data exception, the sampling interval is unstable and merge cells between asynchronous sampling.
In network traffic analysis, after network message is sampled, and carry out analytic statistics, choose the network traffics index and carry out the exception of network traffic detection, by the statistics to intelligent substation normal operation lower network flow indicator, determine the network traffics threshold value, the network traffics threshold then setting network message flow value and statistics obtained, according to the amplitude of networking flow difference, carry out the network failure warning.Described network traffics index comprises that flux of multicast, vlan traffic, network receive (up-downgoing) flow and network sends (up-downgoing) flow.
Described step 2 comprises the following steps:
Step 2-1: GOOSE message and SV message in intelligent substation are set, use the network message generator to send respectively GOOSE message and SV message to GOOSE network and SV network, check GOOSE message and SV message network delay and packet loss separately, and judge whether configuration, physical link and the performance of the network equipment exist extremely;
Step 2-2:ICMP provides unified error report information, and the error message of transmission turns back to the equipment that sends former data, because only have transmitting apparatus to be only the logic recipient of error message.Transmitting apparatus can be determined and send wrong type according to icmp packet subsequently, but the unique function of ICMP is to Report a Problem rather than correct a mistake, and the task of correcting a mistake is completed by transmit leg.The presence of timed sending ICMP bag detection network equipment, check the ICMP error message returned, thus the discovering network fault;
Step 2-3: gather and resolve the daily record of the network equipment, in time the discovering network fault.
In described step 2-1, ethernet source address, destination address, ethernet type, VLAN and the PDU of network message is set;
Described destination address is multicast address, the destination address form of GOOSE message is 01-0C-CD-01-XX-XX, scope is (between 01-0C-CD-01-00-00 and 01-0C-CD-01-01-FF), the destination address form of SV message is 01-0C-CD-04-XX-XX, and scope is (between 01-0C-CD-04-00-00 and 01-0C-CD-04-01-FF);
The ethernet type of GOOSE message is 88B8, and the ethernet type of SV message is 88BA;
For VLAN, VLAN ID and VLAN priority are set;
PDU arranges with reference to the real network message of catching and is arranged.
In described step 2-3, gather and analyze the log information of the network equipment that comprises router, switch and fire compartment wall, in time the discovering network fault; The analytic process of the network equipment is divided into log information collection, log information filtration, journal format conversion, daily record parsing and alarm;
The daily record of the network equipment can be divided into admin log, system journal and security log by content and type; Described admin log recording user log-in events, user exit event and revise the system configuration event; Cpu busy percentage, memory usage, network interface abnormal state event, network interface recovering state event, power failure event, fan failure event and device temperature anomalous event are recorded in described system journal; Described security log record does not meet Access Events and the assault of security strategy.
In described step 3, based on SNMP, carry out network fault diagnosis, to obtain network failure information, specifically comprise the following steps:
Step 3-1: utilize GetRequest message, GetNextRequest message and the GetResponse message of SNMP regularly to read managed object SNMP MIB storehouse, obtain network topology, control link Interface status, port network flow and device resource service condition, find in time to comprise that network configuration is abnormal, control link is obstructed, exception of network traffic and device resource configure network failure on the low side;
Step 3-2: resolve the SNMP Trap message that the network equipment initiatively sends, obtain the cold start-up, warm start, communication link failure and the communication link that comprise communication equipment and recover normal network failure information;
Step 3-3: by SNMP generating network topology, and compare with the network topology of design, find to comprise in time the network failure of network equipment wiring error and communication link fails.
Described step 4 comprises the following steps:
Step 4-1: collection network fault message;
Log information and the network information database of the network failure packets of information includes network message of collecting, SNMP data, the network equipment;
In described step 4-1, the polling mode of taking the initiative or SNMP Trap mode collection network fault message;
1), initiatively in polling mode, collection network status data from the network disperseed, send querying command by network management system to the agent process of managed object, and require management object to return to current operating state, to reach testing goal;
2) in SNMP Trap mode, on the network equipment, due to occurring, the SNMPTrap message that significant trouble event or security incident produce resolved, object, position and the type of judgement network failure, utilize GetRequest message, GetNextRequest message and the GetResponse message of SNMP regularly to read the network traffics threshold value that statistics obtains, by setting network message flow value and the network traffics threshold value of comparing, when crossing the border, the discovering network flow threshold carries out the network failure warning.Because network state and flow are dynamic changes, need, according to the situation of network at that time, threshold value (for example can be according to managed object mean value for the previous period be multiplied by a weight coefficient determine current threshold value) dynamically is set.
Step 4-2: network fault diagnosis and analysis;
As Fig. 2, network fault diagnosis adopts sampling and controls active diagnosing test and the network fault diagnosis based on SNMP of the protocal analysis of network message, control link;
Step 4-3: carry out the network failure location;
As Fig. 3, by network failure is investigated, determine various top events and reason event, and, according to the logical relation between network failure, draw fault tree, find out the basic reason that produces network failure, fault location is more accurate; And then clear and definite networking abort situation, complete the network failure location;
Step 4-4: network failure is reported to the police;
The attribute that network failure is reported to the police comprises time, alarm object, alarm types and the order of severity that the network failure warning occurs; The order of severity that network failure is reported to the police comprises emergency alarm, important warning, less important warning and informs warning;
Step 4-5: get rid of and record network failure;
By the automatic fault wipe-out mode, fault wipe-out mode or automatic fault are got rid of the mode of getting rid of combination with fault manually and are got rid of in time network failure manually;
The network failure record comprises result and the network failure description that time on date, grade, position, reason, the network failure of network failure generation cause.
Except the Back ground Information that records network failure, for the initial data that produces fault, also to be preserved, as the basic evidence of Fault Diagnosis for Substation, a kind of important security audit means are provided simultaneously, which entity is clear and definite substation safety event should be responsible for by.In the process of the sampling of intelligent substation network and control link self diagnosis, according to adopted analytical method and technology, need respectively to record following information:
(1) if found certain transformer station's fault in the message Decoding Analysis, will preserve this message.
(2) if found certain transformer station's fault in the message advanced analysis, will preserve a series of message.
(3) if found certain transformer station's fault in exception of network traffic detects, will get off the information recordings such as this procotol type of message, flow, message sample.
(4) if found certain transformer station's fault in Network anomalous behaviors detects, will attack this information recordings such as kind, message protocol type, flow, message sample and get off.
(5), if found certain transformer station's fault in ICMP detective survey process, will get off the message sent and the message accounting of response.
(6) if found certain transformer station's fault in network equipment log analysis process, will get off the syslog message accounting of this daily record, show the user easily to read intelligible mode simultaneously.
(7) if found certain fault in the process that message is initiatively tested in station, will get off the information recordings such as problem types (function or performance), test event.
(8), if found certain fault in the network fault diagnosis process based on SNMP, will get off the information recordings such as diagnostic mode (snmp polling, SNMP Trap, Topology Discovery), SNMP message content.
Network failure is reported to the police and record provides a kind of evidence retention mechanism to the network link self diagnosis, strong technical support is provided to the operation maintenance of intelligent substation simultaneously, helps the O&M personnel to analyze problems and solve them.Through Network Information Gathering, network fault diagnosis, network failure location and network failure report to the police with record after, need to and use for reference the knowledge of historical failure database according to the result of accident analysis, take suitable fault eliminating measure.If new network link failure writes the historical failure database by the information of new fault, for later fault, get rid of guidance is provided.
Finally should be noted that: above embodiment is only in order to illustrate that technical scheme of the present invention is not intended to limit, although with reference to above-described embodiment, the present invention is had been described in detail, those of ordinary skill in the field are to be understood that: still can modify or be equal to replacement the specific embodiment of the present invention, and do not break away from any modification of spirit and scope of the invention or be equal to replacement, it all should be encompassed in the middle of claim scope of the present invention.
Claims (11)
1. the self-diagnosing method of intelligent substation network sampling and control link is characterized in that: said method comprising the steps of:
Step 1: carry out the IEC61850 Protocol Analysis;
Step 2: the active diagnosing test of control link, and then discovering network fault;
Step 3: based on SNMP, carry out network fault diagnosis;
Step 4: carry out the management of network failure.
2. the self-diagnosing method of intelligent substation network according to claim 1 sampling and control link, it is characterized in that: in described step 1, carry out the IEC61850 Protocol Analysis and comprise basic network protocal analysis, high-level network protocol analysis and network traffic analysis; Specific as follows:
1) in the basic network protocal analysis, after the capture-data bag, packet is successively sealed off, obtain the information of different levels IEC61850 communication protocol, by IEC61850 communication protocol field decoding, identify improper IEC61850 communication protocol application, the packet of forging and wrong parameter setting;
2) during high-level network protocol is analyzed, according to frame statistics dissimilar in the byte number of the distribution situation of the relation of the feature of packet, surrounding time stamp, different I EC61850 communication protocol, network message flow, network utilization, IEC61850 communication protocol, every kind of IEC61850 communication protocol and the precedence relation of message, judge whether network data flow has problems, in time the discovering network fault;
3) in network traffic analysis, by packet, distribute and traffic statistics data definite threshold interval, once surpass threshold value send the network failure alarm.
3. the self-diagnosing method of intelligent substation network according to claim 2 sampling and control link, it is characterized in that: the basic network protocal analysis is analyzed mainly for form, grammer and the content of GOOSE message and SV message, belongs to the analysis of single message content.
4. the self-diagnosing method of intelligent substation network according to claim 2 sampling and control link, it is characterized in that: the high-level network protocol dissecting needle carries out comprehensive compare of analysis to GOOSE message and SV message, belongs to the globality analysis of GOOSE network and SV network;
1), by the analysis-by-synthesis of GOOSE message, the Network Abnormal that can find comprises that GOOSE APPID is not unique, GOOSE message incorrect order, the frame losing of GOOSE message and GOOSE message repeat;
2) by the analysis of SV message, the Network Abnormal that can find comprises that full station SV APPID is not unique, SV message incorrect order, SV data exception, the sampling interval is unstable and merge cells between asynchronous sampling.
5. the self-diagnosing method of intelligent substation network according to claim 2 sampling and control link, it is characterized in that: in network traffic analysis, after network message is sampled, and carry out analytic statistics, choose the network traffics index and carry out the exception of network traffic detection, by the statistics to intelligent substation normal operation lower network flow indicator, determine the network traffics threshold value, then network traffics threshold setting network message flow value and statistics obtained, according to the amplitude of networking flow difference, carry out the network failure warning.
6. the self-diagnosing method of intelligent substation network according to claim 5 sampling and control link, it is characterized in that: described network traffics index comprises flux of multicast, vlan traffic, network reception flow and network transmitted traffic.
7. the self-diagnosing method of intelligent substation network according to claim 1 sampling and control link, it is characterized in that: described step 2 comprises the following steps:
Step 2-1: GOOSE message and SV message in intelligent substation are set, use the network message generator to send respectively GOOSE message and SV message to GOOSE network and SV network, check GOOSE message and SV message network delay and packet loss separately, and judge whether configuration, physical link and the performance of the network equipment exist extremely;
Step 2-2: the presence of timed sending ICMP bag detection network equipment, check the ICMP error message returned, thus the discovering network fault;
Step 2-3: gather and resolve the daily record of the network equipment, in time the discovering network fault.
8. the self-diagnosing method of intelligent substation network according to claim 7 sampling and control link, it is characterized in that: in described step 2-3, gather and analyze the log information of the network equipment that comprises router, switch and fire compartment wall, in time the discovering network fault; The analytic process of the network equipment is divided into log information collection, log information filtration, journal format conversion, daily record parsing and alarm;
The daily record of the network equipment can be divided into admin log, system journal and security log by content and type; Described admin log recording user log-in events, user exit event and revise the system configuration event; Cpu busy percentage, memory usage, network interface abnormal state event, network interface recovering state event, power failure event, fan failure event and device temperature anomalous event are recorded in described system journal; Described security log record does not meet Access Events and the assault of security strategy.
9. the self-diagnosing method of intelligent substation network according to claim 1 sampling and control link is characterized in that: in described step 3, based on SNMP, carry out network fault diagnosis, to obtain network failure information, specifically comprise the following steps:
Step 3-1: utilize GetRequest message, GetNextRequest message and the GetResponse message of SNMP regularly to read managed object SNMP MIB storehouse, obtain network topology, control link Interface status, port network flow and device resource service condition, find in time to comprise that network configuration is abnormal, control link is obstructed, exception of network traffic and device resource configure network failure on the low side;
Step 3-2: resolve the SNMP Trap message that the network equipment initiatively sends, obtain the cold start-up, warm start, communication link failure and the communication link that comprise communication equipment and recover normal network failure information;
Step 3-3: by SNMP generating network topology, and compare with the network topology of design, find to comprise in time the network failure of network equipment wiring error and communication link fails.
10. the self-diagnosing method of intelligent substation network according to claim 1 sampling and control link, it is characterized in that: described step 4 comprises the following steps:
Step 4-1: collection network fault message;
Log information and the network information database of the network failure packets of information includes network message of collecting, SNMP data, the network equipment;
Step 4-2: network fault diagnosis and analysis;
Network fault diagnosis adopts sampling and controls active diagnosing test and the network fault diagnosis based on SNMP of the protocal analysis of network message, control link;
Step 4-3: carry out the network failure location;
By network failure is investigated, determine various top events and reason event, and, according to the logical relation between network failure, draw fault tree, and then clear and definite networking abort situation, complete the network failure location;
Step 4-4: network failure is reported to the police;
The attribute that network failure is reported to the police comprises time, alarm object, alarm types and the order of severity that the network failure warning occurs; The order of severity that network failure is reported to the police comprises emergency alarm, important warning, less important warning and informs warning;
Step 4-5: get rid of and record network failure;
By the automatic fault wipe-out mode, fault wipe-out mode or automatic fault are got rid of the mode of getting rid of combination with fault manually and are got rid of in time network failure manually;
The network failure record comprises result and the network failure description that time on date, grade, position, reason, the network failure of network failure generation cause.
11. the self-diagnosing method of intelligent substation network sampling according to claim 10 and control link is characterized in that: in described step 4-1, the polling mode of taking the initiative or SNMP Trap mode collection network fault message;
1), initiatively in polling mode, collection network status data from the network disperseed, send querying command by network management system to the agent process of managed object, and require management object to return to current operating state, to reach testing goal;
2) in SNMP Trap mode, on the network equipment, due to occurring, the SNMP Trap message that significant trouble event or security incident produce resolved, object, position and the type of judgement network failure, utilize GetRequest message, GetNextRequest message and the GetResponse message of SNMP regularly to read the network traffics threshold value that statistics obtains, by setting network message flow value and the network traffics threshold value of comparing, when crossing the border, the discovering network flow threshold carries out the network failure warning.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310361597.8A CN103457791B (en) | 2013-08-19 | 2013-08-19 | A kind of intelligent substation network samples and the self-diagnosing method of control link |
| PCT/CN2014/084681 WO2015024497A1 (en) | 2013-08-19 | 2014-08-19 | Intelligent substation network sampling and control link self-diagnosis method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310361597.8A CN103457791B (en) | 2013-08-19 | 2013-08-19 | A kind of intelligent substation network samples and the self-diagnosing method of control link |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103457791A true CN103457791A (en) | 2013-12-18 |
| CN103457791B CN103457791B (en) | 2016-09-28 |
Family
ID=49739776
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310361597.8A Active CN103457791B (en) | 2013-08-19 | 2013-08-19 | A kind of intelligent substation network samples and the self-diagnosing method of control link |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103457791B (en) |
| WO (1) | WO2015024497A1 (en) |
Cited By (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104092588A (en) * | 2014-07-23 | 2014-10-08 | 哈尔滨工程大学 | Network anomaly traffic flow detection method based on combination of SNMP and NetFlow |
| WO2015024497A1 (en) * | 2013-08-19 | 2015-02-26 | 国家电网公司 | Intelligent substation network sampling and control link self-diagnosis method |
| CN104579839A (en) * | 2015-01-05 | 2015-04-29 | 广州至德电力科技有限公司 | Transformer substation communication network state online monitoring system and method |
| CN104979908A (en) * | 2015-06-25 | 2015-10-14 | 云南电网有限责任公司电力科学研究院 | Substation network online failure analysis method |
| WO2015169392A1 (en) * | 2014-05-09 | 2015-11-12 | Abb Technology Ltd | A method for providing status information of a channel's health condition in a communications network |
| CN105139473A (en) * | 2015-05-06 | 2015-12-09 | 东莞团诚自动化设备有限公司 | Mechanical equipment operation data active detection recorder and record method |
| CN105281945A (en) * | 2014-09-19 | 2016-01-27 | 中国人民解放军第二炮兵工程大学 | Data flow-based deterministic network integrity fault detection method |
| CN105592489A (en) * | 2014-11-12 | 2016-05-18 | 中兴通讯股份有限公司 | Transmission data management method and apparatus |
| CN105721195A (en) * | 2016-01-19 | 2016-06-29 | 华南理工大学 | Transformer substation intelligent diagnosis method based on secondary system state estimation |
| CN105871847A (en) * | 2016-04-01 | 2016-08-17 | 国网江苏省电力公司电力科学研究院 | Intelligent substation network abnormal flow detection method |
| CN105930724A (en) * | 2016-06-16 | 2016-09-07 | 上海电机学院 | Intrusion detection method on basis of big data for intelligent electric meters |
| CN106130950A (en) * | 2016-05-20 | 2016-11-16 | 南京理工大学 | Method for detecting abnormality for IEC61850 agreement SV message |
| CN106357423A (en) * | 2016-08-19 | 2017-01-25 | 南京国电南自电网自动化有限公司 | Abnormal diagnosis method of secondary equipment of intelligent substation based on fault tree |
| CN106685928A (en) * | 2016-12-06 | 2017-05-17 | 国网浙江省电力公司绍兴供电公司 | SMV (sampled measured value) network attack grading detection method applicable to digital substation bay level |
| CN107064780A (en) * | 2017-06-23 | 2017-08-18 | 上海电力通信有限公司 | A kind of circuit detecting method of digital transformer substation |
| CN108322332A (en) * | 2017-12-28 | 2018-07-24 | 贵阳忆联网络有限公司 | A kind of data disaster response system and method |
| WO2018137147A1 (en) | 2017-01-24 | 2018-08-02 | 北京广利核***工程有限公司 | Self-diagnosis method for communication protocol of security-level instrumentation and control system of nuclear power plant |
| CN108632297A (en) * | 2018-05-21 | 2018-10-09 | 安徽国电京润电力科技有限公司 | A kind of high safety network architecture of electric power scheduling automatization system |
| CN109066989A (en) * | 2018-09-06 | 2018-12-21 | 广东电网有限责任公司 | The transformer station measurement and control device and method for having data check and abnormality alarming function |
| CN109462495A (en) * | 2018-09-30 | 2019-03-12 | 北京工业大学 | A kind of ship hardware and communication system detection system and method |
| CN109522263A (en) * | 2018-11-16 | 2019-03-26 | 郑州云海信息技术有限公司 | A kind of I2C link monitoring system |
| CN109902373A (en) * | 2019-02-21 | 2019-06-18 | 国网山东省电力公司临沂供电公司 | A kind of area under one's jurisdiction Fault Diagnosis for Substation, localization method and system |
| CN110266553A (en) * | 2018-03-12 | 2019-09-20 | 南京南瑞继保电气有限公司 | A kind of device operation/maintenance data automatic obtaining method |
| CN110336698A (en) * | 2019-07-05 | 2019-10-15 | 精英数智科技股份有限公司 | A kind of failure data analyzing method, server and storage medium |
| CN110365406A (en) * | 2019-07-16 | 2019-10-22 | 中国联合网络通信集团有限公司 | IP network optical port method of evaluating performance and equipment |
| CN111181812A (en) * | 2020-01-03 | 2020-05-19 | 四川新网银行股份有限公司 | Link fault detection method based on network flow |
| CN112073326A (en) * | 2020-07-30 | 2020-12-11 | 许继集团有限公司 | Intelligent substation process layer network data flow control method |
| WO2021036849A1 (en) * | 2019-08-23 | 2021-03-04 | 南京中兴新软件有限责任公司 | Snmp link detection method and apparatus, communication device and storage medium |
| CN112763960A (en) * | 2021-01-04 | 2021-05-07 | 山东电工电气集团有限公司 | Self-operation and maintenance method of on-site module |
| CN113867325A (en) * | 2021-10-27 | 2021-12-31 | 国核自仪***工程有限公司 | Communication diagnosis method and system for instrument control system |
| CN114640573A (en) * | 2020-11-30 | 2022-06-17 | 尹东权 | Network equipment fault processing system |
| CN115632883A (en) * | 2022-12-20 | 2023-01-20 | 武汉大学 | Industrial control network flow analysis safety detection system and method based on bypass technology |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104601375B (en) * | 2015-01-05 | 2017-12-01 | 广州至德电力科技有限公司 | A kind of intelligent substation communication network monitoring system, setting method and monitoring method |
| CN106656838A (en) * | 2016-10-19 | 2017-05-10 | 赛尔网络有限公司 | Data flow analyzing method and system |
| CN109379255B (en) * | 2018-12-12 | 2021-10-08 | 国网宁夏电力有限公司电力科学研究院 | Intelligent switch based process layer network flow monitoring and early warning method |
| CN111800313B (en) * | 2020-07-03 | 2021-11-09 | 国网四川省电力公司电力科学研究院 | Method for testing message output performance of digital relay protection tester |
| CN113259491B (en) * | 2021-07-01 | 2021-11-02 | 华自科技股份有限公司 | GOOSE dual-network communication data processing method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103001328A (en) * | 2012-11-19 | 2013-03-27 | 山东大学 | Fault diagnosis and assessment method of intelligent substation |
| CN103217569A (en) * | 2013-05-06 | 2013-07-24 | 广东电网公司珠海供电局 | Real-time current diagnosis method and equipment of homologous SMV (Sampled Measured Value) sample information of intelligent substation |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201956747U (en) * | 2010-11-16 | 2011-08-31 | 邢台供电公司 | International electrotechnical commission (IEC) 61850 communication-based electric power machine room monitoring system |
| CN102164058A (en) * | 2011-05-13 | 2011-08-24 | 北京航空航天大学 | IEC61850 standard transformer substation based communication network and system test method |
| CN102368715B (en) * | 2011-11-15 | 2013-04-03 | 浙江省电力公司 | IEC-61850 protocol gateway-based realization equipment for centralized network management of exchangers |
| CN103457791B (en) * | 2013-08-19 | 2016-09-28 | 国家电网公司 | A kind of intelligent substation network samples and the self-diagnosing method of control link |
-
2013
- 2013-08-19 CN CN201310361597.8A patent/CN103457791B/en active Active
-
2014
- 2014-08-19 WO PCT/CN2014/084681 patent/WO2015024497A1/en active Application Filing
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103001328A (en) * | 2012-11-19 | 2013-03-27 | 山东大学 | Fault diagnosis and assessment method of intelligent substation |
| CN103217569A (en) * | 2013-05-06 | 2013-07-24 | 广东电网公司珠海供电局 | Real-time current diagnosis method and equipment of homologous SMV (Sampled Measured Value) sample information of intelligent substation |
Non-Patent Citations (1)
| Title |
|---|
| 张道银,张小飞,赵汝英: "智能变电站故障诊断技术研究", 《电力信息与通信技术》 * |
Cited By (43)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015024497A1 (en) * | 2013-08-19 | 2015-02-26 | 国家电网公司 | Intelligent substation network sampling and control link self-diagnosis method |
| WO2015169392A1 (en) * | 2014-05-09 | 2015-11-12 | Abb Technology Ltd | A method for providing status information of a channel's health condition in a communications network |
| CN104092588B (en) * | 2014-07-23 | 2017-11-21 | 哈尔滨工程大学 | A kind of exception flow of network detection method combined based on SNMP with NetFlow |
| CN104092588A (en) * | 2014-07-23 | 2014-10-08 | 哈尔滨工程大学 | Network anomaly traffic flow detection method based on combination of SNMP and NetFlow |
| CN105281945B (en) * | 2014-09-19 | 2020-04-07 | 中国人民解放军第二炮兵工程大学 | Deterministic network integrity fault detection method based on data flow |
| CN105281945A (en) * | 2014-09-19 | 2016-01-27 | 中国人民解放军第二炮兵工程大学 | Data flow-based deterministic network integrity fault detection method |
| CN105592489A (en) * | 2014-11-12 | 2016-05-18 | 中兴通讯股份有限公司 | Transmission data management method and apparatus |
| CN104579839B (en) * | 2015-01-05 | 2018-09-18 | 广州至德电力科技有限公司 | A kind of substation communication network state on_line monitoring system and method |
| CN104579839A (en) * | 2015-01-05 | 2015-04-29 | 广州至德电力科技有限公司 | Transformer substation communication network state online monitoring system and method |
| CN105139473A (en) * | 2015-05-06 | 2015-12-09 | 东莞团诚自动化设备有限公司 | Mechanical equipment operation data active detection recorder and record method |
| CN105139473B (en) * | 2015-05-06 | 2018-06-29 | 东莞团诚自动化设备有限公司 | Mechanical equipment operation data active detecting logger and recording method |
| CN104979908A (en) * | 2015-06-25 | 2015-10-14 | 云南电网有限责任公司电力科学研究院 | Substation network online failure analysis method |
| CN105721195A (en) * | 2016-01-19 | 2016-06-29 | 华南理工大学 | Transformer substation intelligent diagnosis method based on secondary system state estimation |
| CN105721195B (en) * | 2016-01-19 | 2019-05-17 | 华南理工大学 | A kind of intelligent substation diagnostic method based on electrical secondary system state estimation |
| CN105871847A (en) * | 2016-04-01 | 2016-08-17 | 国网江苏省电力公司电力科学研究院 | Intelligent substation network abnormal flow detection method |
| CN105871847B (en) * | 2016-04-01 | 2018-11-30 | 国网江苏省电力公司电力科学研究院 | A kind of intelligent substation exception flow of network detection method |
| CN106130950A (en) * | 2016-05-20 | 2016-11-16 | 南京理工大学 | Method for detecting abnormality for IEC61850 agreement SV message |
| CN105930724A (en) * | 2016-06-16 | 2016-09-07 | 上海电机学院 | Intrusion detection method on basis of big data for intelligent electric meters |
| CN106357423A (en) * | 2016-08-19 | 2017-01-25 | 南京国电南自电网自动化有限公司 | Abnormal diagnosis method of secondary equipment of intelligent substation based on fault tree |
| CN106685928A (en) * | 2016-12-06 | 2017-05-17 | 国网浙江省电力公司绍兴供电公司 | SMV (sampled measured value) network attack grading detection method applicable to digital substation bay level |
| WO2018137147A1 (en) | 2017-01-24 | 2018-08-02 | 北京广利核***工程有限公司 | Self-diagnosis method for communication protocol of security-level instrumentation and control system of nuclear power plant |
| CN107064780A (en) * | 2017-06-23 | 2017-08-18 | 上海电力通信有限公司 | A kind of circuit detecting method of digital transformer substation |
| CN108322332A (en) * | 2017-12-28 | 2018-07-24 | 贵阳忆联网络有限公司 | A kind of data disaster response system and method |
| CN110266553A (en) * | 2018-03-12 | 2019-09-20 | 南京南瑞继保电气有限公司 | A kind of device operation/maintenance data automatic obtaining method |
| CN108632297A (en) * | 2018-05-21 | 2018-10-09 | 安徽国电京润电力科技有限公司 | A kind of high safety network architecture of electric power scheduling automatization system |
| CN109066989A (en) * | 2018-09-06 | 2018-12-21 | 广东电网有限责任公司 | The transformer station measurement and control device and method for having data check and abnormality alarming function |
| CN109066989B (en) * | 2018-09-06 | 2021-05-28 | 广东电网有限责任公司 | Transformer substation measurement and control device with data verification and abnormal alarm functions and method |
| CN109462495A (en) * | 2018-09-30 | 2019-03-12 | 北京工业大学 | A kind of ship hardware and communication system detection system and method |
| CN109522263A (en) * | 2018-11-16 | 2019-03-26 | 郑州云海信息技术有限公司 | A kind of I2C link monitoring system |
| CN109522263B (en) * | 2018-11-16 | 2021-10-29 | 郑州云海信息技术有限公司 | I2C link monitoring system |
| CN109902373B (en) * | 2019-02-21 | 2023-06-23 | 国网山东省电力公司临沂供电公司 | Fault diagnosis and positioning method and system for district transformer substation |
| CN109902373A (en) * | 2019-02-21 | 2019-06-18 | 国网山东省电力公司临沂供电公司 | A kind of area under one's jurisdiction Fault Diagnosis for Substation, localization method and system |
| CN110336698A (en) * | 2019-07-05 | 2019-10-15 | 精英数智科技股份有限公司 | A kind of failure data analyzing method, server and storage medium |
| CN110365406A (en) * | 2019-07-16 | 2019-10-22 | 中国联合网络通信集团有限公司 | IP network optical port method of evaluating performance and equipment |
| WO2021036849A1 (en) * | 2019-08-23 | 2021-03-04 | 南京中兴新软件有限责任公司 | Snmp link detection method and apparatus, communication device and storage medium |
| CN111181812A (en) * | 2020-01-03 | 2020-05-19 | 四川新网银行股份有限公司 | Link fault detection method based on network flow |
| CN112073326A (en) * | 2020-07-30 | 2020-12-11 | 许继集团有限公司 | Intelligent substation process layer network data flow control method |
| CN112073326B (en) * | 2020-07-30 | 2023-05-12 | 许继集团有限公司 | Intelligent substation process layer network data flow control method |
| CN114640573A (en) * | 2020-11-30 | 2022-06-17 | 尹东权 | Network equipment fault processing system |
| CN114640573B (en) * | 2020-11-30 | 2024-05-03 | Sb信息技术股份公司 | Network equipment fault processing system |
| CN112763960A (en) * | 2021-01-04 | 2021-05-07 | 山东电工电气集团有限公司 | Self-operation and maintenance method of on-site module |
| CN113867325A (en) * | 2021-10-27 | 2021-12-31 | 国核自仪***工程有限公司 | Communication diagnosis method and system for instrument control system |
| CN115632883A (en) * | 2022-12-20 | 2023-01-20 | 武汉大学 | Industrial control network flow analysis safety detection system and method based on bypass technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103457791B (en) | 2016-09-28 |
| WO2015024497A1 (en) | 2015-02-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103457791B (en) | A kind of intelligent substation network samples and the self-diagnosing method of control link | |
| CN102142720B (en) | Network communication recorder and network communication record analysis system | |
| CN103033703B (en) | A kind of online, intelligent substation analysis test method of off-line integral type | |
| CN103296755B (en) | Network online monitoring system for transformer substation | |
| JP5249950B2 (en) | Method and system for utility network outage detection | |
| CN102158360B (en) | Network fault self-diagnosis method based on causal relationship positioning of time factors | |
| CN103296757B (en) | Multi-parameter identification based secondary system fault diagnosing method for intelligent substation | |
| CN101728869B (en) | Power station automation system data network security monitoring method | |
| CN106953749B (en) | Intelligent substation process level network real-time monitoring method | |
| CN106712001A (en) | Data modeling method for network message recording analysis device | |
| WO2015131463A1 (en) | Dynamic recognition method for network device topology of intelligent transformer substation network device based on mac address matching | |
| CN113507436B (en) | Power grid embedded terminal fuzzy test method aiming at GOOSE protocol | |
| CN103926917A (en) | Intelligent transformer substation master control device testing system and method | |
| CN104979908A (en) | Substation network online failure analysis method | |
| CN105186697A (en) | Remote diagnosis system of IED operating conditions of IEC61850 intelligent substation | |
| CN110351344A (en) | A kind of LoRa and 4G communication system of distributed power grid fault oscillograph | |
| CN111131274A (en) | Non-invasive intelligent substation vulnerability detection method | |
| CN112468592A (en) | Terminal online state detection method and system based on electric power information acquisition | |
| CN106506237B (en) | A kind of Fault Locating Method and device of substation communication network | |
| CN111030910A (en) | Method and system for monitoring communication state of ring network node, measurement and control device and local module | |
| CN203368148U (en) | Intelligent substation network message recording analyzer system | |
| CN102570610A (en) | Intelligent electricity-stealing preventing system and method | |
| CN112737973A (en) | Power network monitoring method and system based on protocol awareness | |
| CN105388395A (en) | GOOSE-based traction network fault distance measurement system and data transmission method thereof | |
| US20150227126A1 (en) | Communication configuration analysis in process control systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |