História stránky

...

Lines of categories TCP/IP-TCP and TCP/IP-TCP Redundant were designed for the needs of communication protocols which that are built directly on TCP/IP. Both IPv4 and IPv6 protocols are supported. TLS encryption is also supported, using certificates or pre-shared keys (PSK).

TCP/IP-TCP Redundant line enables the implementation of redundant communication (redundant network lines, redundant network interfaces) and , configuration of two or more IP addresses of a communication partner, and creation of two parallel TCP connections.
Following The following protocols are supported at the present time:

Line TCP/IP-TCP

• Allen-Bradley CSP/PCC
• Datalogger ESC8816
• DLMS/COSEM
• DNP3
• Ethernet/IP
• General Electric SRTP
• Generic User Protocol
• HART
• IEC 60870-5-104
• IEC 60870-5-104 Server
• IEC 60870-5-104 Sinaut
• IEC 60870-6 ICCP/TASE.2
• IEC 61850
• IoT over LoRaWAN/Sigfox
• Johnson Controls N2-Bus
• KMZ Lite protocol
• KMZ protocol
• KNX protocol
• L&G TOCCATAKMZ Protocol
• MODBUS Client
• MODBUS Server
• MQTT Client (Message Queue Telemetry Transport)
• Omron FINS
• Orange GDEP
• SAE RTU
• Siemens SAPHIR
• Siemens SIMATIC S7 ISO on TCP
• Telegyr 809 Server
• Teltonika Codec14

...

• DLMS/COSEM
• Generic User Protocol
• HART
• IEC 60870-5-104 Sinaut
• IEC 60870-5-104 Sinaut
• IEC 60870-6 ICCP/TASE.2
• MODBUS Client
• Siemens SAPHIR
• Siemens SIMATIC S7 ISO on TCPSiemens SAPHIR

TCP/IP-TCP line configuration

...

Image RemovedImage Added

Server

...

section

Host

IP address or network name of a computer. If the name is configured (and not an IP address in the format X.X.X.X), it will be converted into an IP address using the standard name resolution mechanism provided by OS (hosts, DNS, WINS ..).
If a server protocol is configured, the IP address for the KOM process to listen should be configured, i.e. the IP address of one of the computer network interfaces on which the KOM process runs on. Example: 127.0.0.1 or localhost (local interface), 192.16.0.1.

Note: It is possible to use a symbolic address ALL symbolic addresses * or ALL (for IPv4 protocol) or [*] or [ALL] (for IPv6 protocol)  - in this case, the KOM process listens on a chosen TCP port in on all network interfaces which are available.
If the configured protocol is not the a server protocol, the IP address of the communication partner to which the KOM process connects should be configured.
Note: If the configured protocol is not a server protocol, for selected protocols, multiple IP addresses or names can be configured (separated by commas or semicolons). The KOM process will cyclically try all configured IP addresses/names when connecting to a communication partner.

...

Port

If a server protocol is configured, enter the number of TCP port number on which the KOM process should listen on. Otherwise, enter the number of TCP port number of the communication partner to which the KOM process should connect.

Line number

It is used for the configuration of a specific parameter in some selected protocols, ; in other protocols, it is not used, and it can be set to any numeric value (e.g., 0).

"TLS - Certificates" section

Parameters that allow you to configure TLS encryption based on public and private keys. TLS encryption is enabled if the "Partner Certificate(s)" parameter and/or the "My Certificate"/"My Key" pair is configured.
Note: TLS certificate-based encryption takes precedence over pre-shared key (PSK)-based encryption.

Partner certificate(s)

Trusted certificate(s) to authenticate the other communicating party. This parameter allows you to verify that the other party is trusted because its public key is signed by one of the configured certificates (certificate authorities).

This parameter specifies the path to the certificates. Multiple certificates can be specified and separated by a comma. The path may contain the symbolic constant #APPDIR# indicating the application directory (e.g., D:\D2000\D2000_APP\MyApp).

Example: D:\some.crt,#APPDIR#/another.crt

Note: The /DC start parameter can be used to disable verification of the other party at the D2000 KOM process level - e.g., if the other party's certificate expires or another emergency situation occurs, and it is not possible to reconfigure the other party operationally.

Note: The certificate must contain the public key of the certification authority (if the other party's certificate is signed by a chain of authorities, it must contain all of them). It does not need to contain the other party's public key itself.

My certificate

Certificate (public key) used by the D2000 KOM process. The path may contain the symbolic constant #APPDIR# indicating the application directory (e.g,. D:\D2000\D2000_APP\MyApp).

Example: #APPDIR#/my.crt

My key

Private key used by the D2000 KOM process. The path may contain the symbolic constant #APPDIR# indicating the application directory (e.g., D:\D2000\D2000_APP\MyApp).

Example: #APPDIR#/my.key

openssl.exe rsa -aes256 -in my.key -out my_protected.key

chcp 65001

"TLS pre shared key" section

Pre shared key

The shared key which is used to encrypt the communication. This key must be identical on both the D2000 KOM process side and the peer computer side.

Kotva
redundant redundant

TCP/IP-TCP Redundant line configuration

...

Image RemovedImage Added

Primary Device

...

section

Host

Primary IP address of the communication partner to which the KOM process connects. If the name is configured (and not the IP address in the format X.X.X.X), it will be converted into an IP address using a standard name resolution mechanism provided by OS (hosts, DNS, WINS ..).

...

Port

Number A number of the primary TCP port of the communication partner to which the KOM process connects.

Backup Device section

Kotva
backup_device backup_device

Use Backup Device

If this option is not selected, the KOM process does not connect to the backup IP address, and the line works like a TCP/IP-TCP line, i.e,. without redundancy.

...

Host

Secondary The secondary IP address of the communication partner to which the KOM process connects. If the name is configured (and not an IP address X.X.X.X), it will be converted into an IP address using the standard name resolution mechanism provided by the OS (hosts, DNS, WINS...).

Backup Device - Port

Note: Implementation of redundancy is protocol-dependent. For some of the protocols (e.g., IEC 870-5-104), a parallel connection to the backup device is created. For some protocols (e.g., Modbus Client), the KOM process creates a single connection, alternately (after the connection is broken or cannot be established) using all IP addresses/names configured as Primary/Backup Devices.

Port

The number Number of a backup TCP port of the communication partner to which the KOM process connects.

"TLS - Certificates" and "TLS pre shared key" sections 

See the description of the parameters for the TCP/IP-TCP line above.

Note about entering the Host parameter

Parameter Host can contain several (up to 8) IP addresses or network names of computers separated by a comma or a semicolon, e.g., 172.16.0.1; 172.16.0.2 (spaces are permitted before and after the IP address due to readability). See the documentation of a used communication protocol to find out whether it can utilize more than one IP address. For example, the protocol IEC 870-5-104: if several IP addresses are configured (on TCP/IP-TCP or TCP/IP-TCP Redundant lines), the connection is initially established to the first IP address. If the connection breaks, the KOM process tries to reconnect to the second IP address, then to the third, etc. . After all configured IP addresses are tried, it uses again the first IP address.
This configuration can be used if several communication partners exist and they either provide the same valid data or only the one which that is active, i.e., it communicates (and all others refuse the connections).
Other protocols (e.g., MODBUS Client) currently use only the first configured IP address.

...

Note about the redundancy of network communication

Currently, only two a few protocols supporting the TCP/IP-TCP redundant line are implemented. Protocol :

• Protocol IEC 870-5-104 Sinaut is a specific implementation of the protocol

...

• IEC 104 designed for redundant communication with the Sinaut Spectrum system.

...

• The IEC 870-5-104 protocol, which

...

• implements multiple options for setting redundancy parameters, is much more common in practice.
• The MQTT Client protocol allows connection to two independent MQTT brokers on a TCP/IP-TCP Redundant line.

Note on TLS communication to the cloud

In the TLS implementation in the D2000 KOM process, the TLS extension "server_name" was added to the TLS Client Hello message (establishing a TLS connection), whereby the symbolic name specified in the "TCP/IP - TCP" or "TCP/IP - TCP Redundant" line configuration is sent as "server_name". This enables, for example, the functionality of the MQTTS protocol in the AWS environment, where there are multiple customers on one IP address, and it is necessary to determine which hostname the client is connecting to.
Note: If the IP address is not specified, the TLS extension "server_name" is not used in the TLS Client Hello message.

...