Electric Utility Substation Software-Defined Network

November 22, 2016 by Jeff Shepard

Schweitzer Engineering Laboratories successfully completed on-site testing of its new software-defined networking (SDN) technology at the Ameren Illinois Technology Applications Center (TAC) in Champaign, Illinois, using their smart grid testbed. SDN is emerging as a superior solution for the needs of both operational technology (OT) and information technology (IT) networks.

Through the OpenFlow specification, SEL is using SDN to enhance the performance, configuration and management of proactive OT and dynamic IT networks. By providing centralized traffic engineering, the SEL-2740S Software-Defined Network Switch and SEL-5056 SDN Flow Controller give IT and OT network engineers a path- and packet-level control of their communications flows.

With sub-100µs healing times, deny-by-default security, a –40 to +85 degrees C operating range, and OT-optimized designs, the SEL-2740S and SEL-5056 provide unique capabilities that will change the way Ethernet is used for mission-critical applications.

Engineers from Ameren, Pacific Northwest National Laboratory (PNNL), University of Illinois and SEL met in late February at the Ameren facility to perform validation tests on the SEL-2740S and SEL-5056. The validation testing focused on three main areas: cybersecurity, performance testing and operational integration.

The performance testing results exceeded expectations. With less than 100 µs healing times, link failures went unnoticed by applications. The event report collection saw zero packets dropped even when there was a link break during the report collection.

“We successfully executed all test steps in our test plan, and it went so smoothly we were able to finish early,” explains Rhett Smith, SEL senior product manager. “The performance increase over traditional Ethernet is amazing to measure, and the cybersecurity attributes of the whitelisted flows of communication made the Ameren network engineers excited about what is now possible.”

SDN will enable non-service-affecting network maintenance, centralized visualization and change control that current Ethernet technology is unable to provide. During testing, other attributes were discovered that are not possible with traditional networking. This included the ability to use port mirroring for a single flow instead of the entire port payload and being able to send data packets to an intrusion detection system (IDS) for deep-packet inspection if they don’t match whitelist rules.

SDN is inherently more secure than traditional Ethernet because of its deny-by-default architecture that uses whitelist flow management. During the testing, the engineers focused significantly on the cybersecurity aspects of the SEL-2740S and SEL-5056. Threat modeling exercises showed that key management and secure communications were intact and well designed.

The SEL-2740S is the industry’s first SDN-based switch that improves Ethernet performance in mission-critical applications. The SEL-2740S and SEL-5056 are scheduled to release later this year.