DNP3 Tutorial Part 5: Understanding DNP3 Layered Communication.

Previous Page: DNP3 Tutorial Part 4

We continue to examine the Distributed Network Protocol (DNP3), we focus on the layered communication model used to exchange info. The last section focused on the structure of DNP3 messages and showed the first few layers of the message.

  • The application layer combines two things. There's an application service data unit (ASDU), a packaged object in itself. There's also an application protocol control info (APCI) block to make an application protocol data unit (APDU).
  • The transport layer breaks the APDU into segments with a maximum size of 16 bytes. It then packages them with an 8-bit transport control header and 16-bit segment CRC separators into a transportFrame.
  • The link layer adds a header to the control and addressing information to prepare the packet for delivery to a single destination.

These layers can be mapped to the four-layer model developed by the Department of Defense (you may recall the DoD origins of the Internet) with the DoD Internet Layer omitted.

If the packet will be sent over a LAN/WAN, the three DNP3 layers are rolled up into the application layer. The assembled packet is wrapped in the Transport Control Protocol (TCP) by the transport layer. This in turn is wrapped in the Internet Protocol (IP) by the internet layer. The User Datagram Protocol (UDP) can also be used but presents some extra issues related to reliable delivery in congested networks.

The fourth layer is the Network Interface layer. This is where the assembled packet is actually interfaced to some kind of transport media (for example, RG58 co-axial or fiber). While this multi-layer model may seem a bit confusing, it effectively isolates the tasks of communication and ultimately assists in designing and implementing a network.

DNP3 Layered Communication
An DNP3 message passes through the protocol layers at both the manager and the agent. Each layer addresses a single communication task.
Traversing the Layers.

To illustrate the function of this layered model, let's look at a single DNP3 Read request over a LAN. The DNP3 Master wants to know the current status of the Remote's power and prepares a Read request message for the appropriate object. After passing through all three DNP3 layers, the message is passed to the TCP/UDP transport layer. The transport layer adds a data block that IDs the Master port from which the request is sent. Then it finds the port on which it expects the Remote DNP3 process to be listening for messages. The packet thus formed is then passed to the IP layer. Here, a data block is added. It contains the IP and Media Access addresses of the Master and the Remote. Then, the entire assembled packet gets passed to the Network Interface layer. The Network Interface layer verifies media access and availability and places the packet on the media for transmission.

After working its way across bridges and through routers based on the IP information, the packet finally arrives at the Remote. Here it passes through the same four layers in exactly the opposite order as it did at the Master. First, it is pulled off the media by the Network Interface layer. After confirming that the packet is intact and valid, the Network Interface layer simply passes it to the IP layer. The IP layer verifies the Media Access and IP address and passes it on to the TCP/UDP layer. There, the target port is checked for joined applications. If an application is listening at the target port, the packet is passed to the Application layer. If the listening application is the Remote DNP3 process, the Read request is passed through its three layers to validate the request and identify what information needs to be collected. The Remote response then follows the identical path in reverse to reach the Master.

An Aid for Troubleshooting.

Understanding this layered model of DNP3 communications makes it easier to troubleshoot network problems. When there is a problem, you can simply trace it down, out one end, into, and up the other. LAN/WAN link and activity status indicators provide some visibility to the Network Interface layer. ICMP echo requests and responses (Pings) provide some information regarding the proper working of the IP layer. DNP3 processing indicators can be used to verify the passage of the DNP3 packet through the TCP/UDP layer and the working of the Application layer. Each step can be verified independently until all steps are working correctly for end-to-end communication.