1 / 23

BACnet IT prototype

BACnet IT prototype. Joint effort of Cimetrics and CiscoBased on BACnet IT discussions to dateTestbed for ideasProof of principle"Does this stuff actually work?How hard is it to implement?How hard is it to get two independent implementations to interoperate?How similar can we keep it to toda

zwi
Download Presentation

BACnet IT prototype

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. BACnet IT prototype

    2. BACnet IT prototype Joint effort of Cimetrics and Cisco Based on BACnet IT discussions to date Testbed for ideas “Proof of principle” Does this stuff actually work? How hard is it to implement? How hard is it to get two independent implementations to interoperate? How similar can we keep it to today’s BACnet?

    3. Prototypes Cimetrics All new code, developed by the Cimetrics BACstac team Python based implementation for rapid prototyping Cisco Minimal modifications to Steve Karg’s open source BACnet stack Implemented in C These are only experiments, not products!

    4. Design decisions Use Internet Protocols (IPv4 & IPv6) Device are IP hosts as per various IETF documents: http://tools.ietf.org/html/rfc1123 (Requirements for Internet Hosts) http://tools.ietf.org/html/draft-baker-ietf-core-11 (Internet Protocols for the Smart Grid) mDNS/DNS-SD used for discovery TCP transport Certificate authentication via TLS Encryption via TLS Keep broadcasts to a minimum & link-local only ASN-1 encoding as close to current BACnet as possible

    5. Naming The following could all be ways of referring to a BACnet device: BACnet “host” (i.e. IP hostname, port would default to 0xBAC2) IP address + port BACnet Name (DNS-SD service instance name) Canonical Name in SSL Certificate (CN=) For this prototype the namespace is similar to current BACnet Unstructured string, not required to be a URI (but could be) This bears further discussion There are various discovery and lookup methods to resolve the various names

    6. Service Discovery DNS-SD for service discovery Discovery records hosted by mDNS for small, single link networks Hosted by standard DNS servers (e.g. bind) for link networks Co-existence between mDNS & DNS is possible Typically corporate network would have DNS servers, but the printer on your floor is nonetheless advertising itself on the local link via mDNS Service names are of the form: instance.type.location Location is scope of the search. E.g. .local. for mDNS Type indicates the protocol. E.g. _bacnet._tcp Instance is the name of an instance of this service

    7. Discovery sequence - mDNS Look PTR record query via local broadcast to port 5353 BACnet IT service type is _bacnet._tcp Examples using dig: dig –p 5353 @224.0.0.251 _bacnet._tcp.local PTR dig –p 5353 @ff02::1 _bacnet._tcp.local PTR Both the IPv6 & IPv4 queries return the same records: _bacnet._tcp.local.  10  IN  PTR   propserv._bacnet._tcp.local. propserv._bacnet._tcp.local. 10    IN  TXT   "txtvers=1" propserv._bacnet._tcp.local. 10    IN  SRV   0 0 47810 fry-u.local. fry-u.local.         10  IN  AAAA  fe80::a00:27ff:fe97:4408 fry-u.local.         10  IN  A     10.111.0.31 TXT records might return more properties using key=value pairs This could be used to enable filtering on desired properties without any further broadcast queries An alternative filtering mechanisms could be using subtypes. E.g. _thermostat._sub._bacnet._tcp By convention, the first key value pair would be the version number (e.g. txtvers=1 here) of the rest of the key value pairs (none in this example) SRV record contains mapping to IP host name A or AAAA records provide IP address resolution Note, the default port of 0xBAC2 is assumed

    8. Discovery sequence - DNS PTR record query directly to configured DNS host DNS host address might be obtained via DHCP Everything else is the same! Examples using dig: dig @DNSSERVER _bacnet._tcp.example.com PTR The query returns the same records as mDNS, but this time in the example.com domain:: _bacnet._tcp..example.com.  10  IN  PTR   propserv._bacnet._tcp.example.com. propserv._bacnet._tcp.example.com. 10  IN  TXT   "txtvers=1" propserv._bacnet._tcp.example.com. 10  IN  SRV   0 0 47810 fry-u.example.com. fry-u.example.com.         10  IN  AAAA  fe80::a00:27ff:fe97:4408 fry-u.example.com.         10  IN  A     10.111.0.31

    9. Discovery notes The BACnet device name in our example was propserv. The IP host name was fry-u fry-u.example.com when discovered via mDNS fry-u.example.com in our example DNS example.com would presumably be replaced by the site’s local DNS zone The BACnet device name is the canonical name of the device That’s the name that must be validated by the device’s certificate!

    10. Transport TLS provides reliable transport TLS certificates are issued on a per-host basis A single host could contain more than one BACnet address, accessible through on and the same access port (IPAddress:Port) For hosts that support multiple devices Client must resolve the device name to its device instance number See Who-Is-Request below Device Instance Numbers uniquely identify a device only for the duration of the current connection

    11. Connections All connections use TLS However, to make debugging easier in the prototypes, we have not turned on encryption of the data stream But it is trivial to enable encryption Mutual certificate-based authentication There is a single root signing certificate Each side must have its own certificate signed by that root certificate’s private key In a production system, there’d likely be at least one additional level

    12. Connections A TLS connection is somewhat expensive It takes about 9 packets involving some fairly large keys to establish a connection TLS connections are therefore kept open between pairs of communicating hosts Multiple BACnet devices per host are supported Responses can be received in a different order than requests were sent. If connection drops, any outstanding requests are considered aborted The outcome of any outstanding transaction is undetermined. The transaction may have succeed but its result was not delivered to the client or it may have failed before the server even started to execute it. Note this behavior is consistent with current BACnet (consider that you sent the request and then cut the wire).

    13. Device Communication All communication is based on the reliable transport, and therefore all BACnet-PDUs are unicast messages. Typically, communication between devices is based on transactions (request/response). Each transaction is identified by a 32-bit Invoke-ID, which is unique inside of the current connection. Invoke-ID must be unique for each request inside of a connection regardless whether it is sent to one device or different devices. There are no timeouts at the protocol level. All confirmed requests should be eventually confirmed, or the connection broken. Timeouts may be implemented at the application level.

    14. Resolving device instances These are confirmed services: Who-Is-Request ::= SEQUENCE { instanceName [0] CharacterString OPTIONAL } Who-Is-Response ::= SEQUENCE OF SEQUENCE { instanceName [0] CharacterString instanceNumber [1] Unsigned32 timeStamp [2] BACnetDateTime OPTIONAL } If the Who-Is-Request does not have any instanceName then Who-Is response shall contain the list of all devices. If the current BACnet Service Point is not a gateway then the list should be empty. If the Who-Is-Request contains instanceName then Who-Is response shall have only one element that contains the canonical name of that device, the instance number to refer to it, and optionally timeStamp. The optional timeStamp can be used to convey time when this device was discovered by gateway. This may be useful for an operator to find recently plugged devices. The precise meaning of timeStamp is a local matter.

    15. Enumerating The procedure of enumerating of all devices, all objects, and all properties on the BACnet internetwork or in some given domain consist of: enumerating all BACnet Service Points using DNS-SD and mDNS establishing TLS connection with client authentication to each found BACnet service point reading the list of available objects by reading the object-list property in the device using ReadPropertyMultiple to read properties of each object Issuing Who-Is-Request to find other devices inside of a gateway. For each device inside of gateway repeating steps #3 and #4 using instanceNumber from Who-Is-Response.

    16. Datagram header Each datagram starts with the header of 4 octets: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Control Flags | Datagram Type | Datagram Size | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The first octet is a control octet: Bit 7: 1 indicates that it is a special control datagram, which are used to control messages during connection negations; 0 indicates a BACnet APDU. Bit 6: 1 indicates it contains device instance Bits 2..5: reserved; they must set to zero by sender and ignored by receiver. Bits 1,0: Network priority where: B'11' = Life Safety message B'10' = Critical Equipment message B'01' = Urgent message B'00' = Normal message The second octet is Datagram Type. Its meaning depends on bit 7. The third and fourth octets represent datagram length in the network order. It is interpreted as the number of octets after this header.

    17. BACnet-PDU Each BACnet-PDU starts with the fixed part described in the following slides. Note, we don’t use ASN.1 to describe this fixed part, as it is not used in current BACnet All primitive data types have fixed size and are encoded in the network order. Optional fields can be omitted based on flags in the diagram header, which was described above.

    18. BACnetPDU BACnetPDU ::= CHOICE { confirmed-request-PDU [0] BACnet-Confirmed-Request-PDU, unconfirmed-request-PDU [1] BACnet-Unconfirmed-Request-PDU, ACK-PDU [2] BACnet-SimpleACK-PDU, error-PDU [3] BACnet-Error-PDU, abort-PDU [4] BACnet-Client-Abort-PDU Context-specific tags are NOT used, and the choice is determined by the Datagram Type (second octet) in the transmit header. }

    19. BACnet-Confirmed-Request BACnet-Confirmed-Request ::= SEQUENCE { invoke-id [0] Unsigned32 device-instance [1] Unsigned32 OPTIONAL (See device flag) service-choice [2] BACnetConfirmedServiceChoice service-request [3] BACnet-Confirmed-Service-Request OPTIONAL -- Context-specific tags 0..3 are NOT used in header encoding } 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Invoke Id | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Device Instance Number | (optional) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Service Choice| Service Request | +-+-+-+-+-+-+-+-+ . | | . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    20. BACnet-Unconfirmed-Request BACnet-Unconfirmed-Request ::= SEQUENCE { device-instance [0] Unsigned32 OPTIONAL (See device flag) service-choice [1] BACnetUnconfirmedServiceChoice service-request [2] BACnet-Unconfirmed-Service-Request -- Context-specific tags 0..2 are NOT used in header encoding } 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Device Instance Number | (optional) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Service Choice| Service Request | +-+-+-+-+-+-+-+-+ . | | . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    21. BACnet-ACK-PDU BACnet-ACK-PDU ::= SEQUENCE { invoke-id [0] Unsigned32 service-ACK [1] BACnet-Confirmed-Service-ACK OPTIONAL -- Context-specific tags 0..1 are NOT used in header encoding } 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Invoke Id | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Service ACK | . . (optional) | | . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    22. BACnet-Error-PDU BACnet-Error-PDU ::= SEQUENCE { invoke-id [0] Unsigned32 error [1] BACnet-Error -- Context-specific tags 0..1 are NOT used in header encoding } 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Invoke Id | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Error | . . | | . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

    23. BACnet-Client-Abort-PDU BACnet-Client-Abort-PDU ::= SEQUENCE { invoke-id [0] Unsigned32 -- Context-specific tag 0 is NOT used in header encoding } 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Invoke Id | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

More Related