RELIABILITY ENHANCEMENT SCHEME FOR IEC61850 BASED SUBSTATION AUTOMATION SYSTEM

RELIABILITY ENHANCEMENT SCHEME FOR IEC61850 BASED SUBSTATION AUTOMATION SYSTEM

IFAC Symposium on Power Plants and Power Systems Control, Kananaskis, Canada, 2006 RELIABILITY ENHANCEMENT SCHEME FOR IEC61850 BASED SUBSTATION AUTOM...

457KB Sizes 1 Downloads 40 Views

IFAC Symposium on Power Plants and Power Systems Control, Kananaskis, Canada, 2006

RELIABILITY ENHANCEMENT SCHEME FOR IEC61850 BASED SUBSTATION AUTOMATION SYSTEM Seong-Il Lim, Dong-Ho Park, Seung-Jae Lee, Seung-Soo Han, Myeon-Song Choi Next-Generation Power Technology Center, Myongji University, Korea

Abstract: Reliability of IEDs in a substation is a critical issue in power system operation and in practice, use of different IEDs from different manufacturers has been causing many difficulties in maintaining reliability. In this paper, a new reliability enhancement scheme for a IEC61850-based substation automation system is proposed. It utilizes a redundant backup IED and software-moving on communication network. A fault detection technique based on pattern checking is also proposed. Reliability analysis of the proposed scheme is given as well. Copyright © 2006 IFAC Keywords: Substation Automation, IEC61850, Fault Tolerant System, Intelligent Electronic Device.

1. INTRODUCTION

m or more of which must be functioning for the system to be operational assuming that the system is composed of n identical and independent components. The idea of redundancy is used in almost every aspect of power system. J.Nahman suggests a method to optimize a number of spare items of substation components, which have to be stored at the beginning of each year throughout a planning period [5]. The fault-tolerant software implementing a stable memory to substitute a stable storage device is reported [6]. In this paper, a new method to improve reliability of a substation is proposed. This method, which we call SRET (System Reliability Enhancement Technology), is based on the latest substation automation system standard-IEC61850. SRET scheme is a fault tolerant technique at system level and utilizes backup IEDs and software moving capability over the communication network.

In order to resolve difficulty in information exchange among IEDs in a substation due to a use of different IEDs from different manufacturers, standardization has started in the beginning of 1990s and as a result, IEC61850 has been generated as a global standard [1]. Recently construction of IEC61850-based substation automation system has been reported around the world. Developments in IEC61850-based substation have introduced many advantages in maintenance and operation. However, reliability issue has not been paid much attention. Note that a conventional redundant scheme is weak from the security point of view while it enhances dependability. Upon introducing IEC61850, taking advantage of networking-based information exchange, reliability issue can be dealt with in a very different way. A fault tolerant technique, another direction to improve reliability of IED has been developed during last two decades. The main idea is to use various types of redundancy to tolerate a possible error. One most popular technique is NVP (N‐Version Programming) [2]. NVP uses n versions of algorithms to solve a problem and then obtain an optimal result from n results. This idea was further developed by others [3-4]. NMR (N-modular Redundant) is another widely used method in which

2. IEC61850 BASED SAS The scheme presented in this paper used many features of IEC61850 to improve reliability of a substation automation system (SAS). The main features of IEC61850, which make our scheme possible, are network based data transfer, standard interface, and SCL (Substation Configuration Language) based engineering.

207

IFAC Symposium on Power Plants and Power Systems Control, Kananaskis, Canada, 2006

HMI

HMI

RTU

ENG

Switch Station Bus

Switch Rela y

Rela y

Bay Controller

Rela y

Conventional CT/VT’s

Conventional SCADA

(a) Existing SCADA SAS

Non-Convent Switchgear

System Configurator

.SSD file

Rela y

.SCD file

IED Configurator

Process Bus

Switch Conventional Switchgear

CID file is downloaded to its appropriate IED through communication network. Note that reconfiguration of the data path can be easily done through such SCL‐based engineering.

Control Center

Control Center

Non-Convent CT/VT’s

.CID file

.ICD file

IEC61850 Based SAS

(b) IEC61850 based

SSD : System Specification Description ICD : IED Capability Description SCD : System Configuration Description CID : Configured IED Description

IED

Fig. 1. Migration of structure of substation protection and control system

Fig. 2. SCL based engineering

2.1 Digital data transfer

2.3 Standard Interface

In a existing substation protection and control system, analog data such as voltage and current are fed into protection relays from CT and PT which are installed on the primary protection equipments such as transformers and circuit‐breakers through hardwires (Fig.1‐a). When using mechanical protection relay, those analog voltage and current data are used directly. In case of digital protection relay, those analog data are converted into digital data by A/D converter inside the relay. In the IEC61850‐based substation automation system, analog signal will be converted into digital data by the process IED installed on the primary protection equipment and be sent to the bay IED through the process bus (Fig.1‐b). The largest difference between the two schemes above is whether the data transfer path can be changed during operation. In the existing system, analog data are transferred through hardwiring, so data transfer path cannot be changed unless the physical connection is changed. In the communication network, data are transferred over the network, so the data transfer path is determined by changing the destination of data packet.

In IEC61850, all the information about the substation is modeled into the standard interface called LN (Logical Node). Data exchange between these IEDs is possible as long as all these IEDs follow the standard LN interface regardless of IED hardware structure or algorithm. For example, suppose there are two distance relays made by different manufacturers, whose signal filtering, calculation of RMS, error detection algorithm, and hardware are different. Note that as long as two relays have the same services and the same LN interface, one can replace another as illustrated in Fig.3.

LN

LN

LN

LN

The standard Interface based on Logical Node

LN

Mappin

Vendor A

LN

LN

LN

Mappin Exclusive Function Implementation by different d

Vendor B IED

Fig. 3. Concept of logical node interface

2.2 SCL based engineering

3. SYSTEM RELIABILITY ENHANCEMENT TECHNOLOGY

For integration of various IEDs, IEC61850 suggests a standard engineering technique. The key is in the software called System Configurator and IED Configurator. Figure 2 shows the course of IEC61850 engineering. First, System Configurator gathers all the information about the substation from the SSD (System Specification Description) file that contains system related information and the ICD (IED Capability Description) file that contains IED related information, and then it creates the SCD (Substation Configuration Description) file that configures the function and data flow for each IED. All the files mentioned above are made by XML‐based SCL (Substation Configuration Language). The IED Configurator receives the SCD file and creates CID (Configured IED Description) file that contains the format suitable for IED. Finally

3.1 System Structure System Reliability Enhancement Technology System Structure The structure of SRET-based substation automation system is shown in Fig. 4. Note that station unit, bay IED, process IED, and engineering unit (EU) constitute a substation automation system, which follows IEC61850 standard. A Backup IED (b‐IED) and trouble manager (TM) are added to the system for implementing SRET. The trouble manager is in charge of detecting the IED error and the backup IED is a redundant IED that is to replace the faulted IED.

208

IFAC Symposium on Power Plants and Power Systems Control, Kananaskis, Canada, 2006 Station Unit 1

Station Unit 1

Station Unit 1

Station Unit 1

Engineering Unit

Station Unit 1

Station Unit 1

Engineerin g Unit

IED Trouble Test

Bay IED 1

Bay IED n

Bay IED 2

Backup IED

Bay IED 1

Trouble Manager

Bay IED 2

Bay IED n

Backup IED

Trouble Manager

CID : Configured IED Description

Process IED 1

Process IED 2

Process IED 3

Process IED 1

Process IED n

Process IED 2

Process IED 3

Process IED n

Fig. 5. LN based standard interface

Fig. 4. Structure of SAS reliability improving SRET system

3.3 IED error detection

3.2 Procedure of error detection

If an output of the IED to a certain input is different from the expected, it could be a sign of IED error. So by checking outputs for all possible inputs, IED error can be detected. A test input is provided to IED from TM on the station bus and its output is sent back to TM through the process bus (See Fig. 6). By comparing the results with pre‐calculated results, TM will determine the status of the IED. Many test patterns have been generated by EMTDC and the set of test patterns are prepared for all different types of IEDs that are to be tested.

Trouble manager periodically checks functioning of each bay IED to determine whether the IED is faulted. The fault detection procedure of trouble manager is as follows: ① TM requires information of the UUT (Unit Under Test) bay IED and b‐IED from engineering unit and asks the engineering unit to reconfigure the system for testing. ② EU informs the function of UUT IED to b‐IED and prepares the functional software that makes b‐IED operate same as UUT IED. ③ EU creates the SCD configuration file that sets up the data transfer path between b‐IED and other IEDs same as the previous data exchange between UUT IED and other IEDs. ④ EU uses the IED configurator provided by its manufacturer to create the CID file using the SCD file and sends them to IEDs. With this step, the reconfiguration is finished, which let the backup IED replace the UUT IED. ⑤ EU modifies the CID file of UUT IED, in order to make UUT IED get the data from TM and also send output to TM. ⑥ TM sends the previously prepared test pattern to UUT IED over the process bus. ⑦ UUT IED performs its function using the data provided by TM and sends output to TM over the station bus. ⑧ TM determines whether there is an error on UUT IED by comparing the output of UUT IED with correct result data in TM. ⑨ If no error is detected on UUT IED, TM requires EU to reconfigure the system to return to the original operation of UUT IED and then continue to check the next IED. If error is detected, the system will inform the operator. b-IED will replace the failed UUT IED until it is repaired. .

011000111yyy Result Pattern Station Bus Trouble Manager

Test IED Process Bus 011000111yyy Test Pattern

Fig. 6. Error detecting method 4. RELIABILITY ANALYSIS Engineering Unit

Bay IED 1

Bay IED 2

Bay IED N

Backup IED

Backup IED

Fig. 7. Structure of IED system Reliability of the proposed SRET-based SAS is studied using the system in Fig.7. Note that only bay IEDs, backup IED (b-IED), trouble manager (TM), and engineering unit (EU) are considered and others such as station unit and process IED are not included

209

IFAC Symposium on Power Plants and Power Systems Control, Kananaskis, Canada, 2006 for reliability analysis since they do not affect the reliability of the SRET-based system. In the structure above, engineering unit and trouble manager play a role of a switching system, which switches bay IED by backup IED during testing. Let D(t ) be a lifetime distribution function of trouble manager and engineering unit. A reliability model of the switching system composed by trouble manager and engineering unit is a serial model, whose reliability can be represented as

where F(t) is the general lifetime distribution of IED device, m is number of devices (in the dual structure, m is 2), and

F (t ) = 1 − R(t )

(6) Here R(t) is the reliability distribution as mentioned above. Note that this OR operation could cause incorrect result in case any IED misoperates, thus deteriorating the security. This makes a dual structure different from a parallel system. Probability of this

RTE (t ) = [1 − D(t )]2

(1) Note that when the switching system works correctly, SRET system can perform correctly. This means that if a failure of a bay IED is detected, then failed bay IED is replaced by backup IED. In this case, those normally operating bay IEDs and backup IEDs can be regarded as a subsystem, whose reliability model is a traditional NMR model (N-modular redundant) shown below. : RI (t ) =

n

⎛ n⎞

i =m

⎝ ⎠

∑ ⎜⎜ i ⎟⎟R(t ) (1 − R(t )) i

n −i

(2)

mis‐operation, and is the failure rate of mis‐operation on an IED device. Now the reliability model of dual structure can be represented as and the model of existing IED system that is composed by many dual‐structure units as

Rold = {[1 − F (t ) 2 ][1 − 2(1 − λ )λmis ]}m

Here, m is a number of bay IED, n is a sum of number of bay IED and backup IED, and R(t) is a reliability distribution of an IED device. But in case that the switching system fails, this SRET scheme can’t perform correctly. Failure of any bay IED can’t be detected and the backup IED become useless. In this case, there are only bay IEDs in our system, the reliability model of these bay IEDs is also a serial model that has (3) R(t) is the reliability distribution of IED device mentioned above. So, the reliability model of the SRET system can be expressed as: Rnew (t ) = RI (t ) RTE (t ) + RII (t )[1 − RTE (t )] (4)

The CDF and reliability of exponential distribution are given as

F (t ) = 1 − e − λt and R(t ) = e − λt

(8)

Here λ is the failure rate. Now let’s calculate the

In the current IED system, dual structure is widely used. From the reliability point of view, the structure can be simplified as one in Fig. 8.

failure rate. If is a number very close to 1, and all failures are assumed to happen uniformly, for every time interval , there will be one failure. And, (9) α =T /Nf

Bay

is the number of

where T is overall time, and failures in time T. Therefore,

OR

−Tλ / N

f F (α ) = 1 − e − αλ = 1 − e =ε where ε is a number very close to 1. So − N f ln(1 − ε ) λ=

Bay

T

Fig. 8. Dual structure of existing IED system

R parallel (t ) = 1 − F (t )

(10)

(11)

From [7], it can be seen that for every million hours, there will be 48.65 no‐operation failures and 37.28 mis-operation failures.

Same data are sent to two IEDs with same function, and then two results will be operated by an OR operation. This structure is very similar to the structure whose reliability model is a parallel model, but there is an obvious difference – OR operation. In the parallel model, the system will get correct result as long as at least one unit gets correct result. So its model is m

(7)

Before calculating the reliability distribution of SRET system and existing system, the following assumptions are made. - lifetime distribution F(t) of an IED device is an exponential distribution; - lifetime distribution D(t) of trouble manager and engineering unit is same as F(t); - the switch between bay IED and backup IED is instantaneous.

RII (t ) = R(t ) m

D A T A

where is the failure rate of an case is IED device, including both no‐operation and

So set

and , then we have the failure rate of IED

device is

. And for the failure rate

of mis‐operation,

(5)

so we have

210

, others are same, .

IFAC Symposium on Power Plants and Power Systems Control, Kananaskis, Canada, 2006 With those numbers, the reliability of both systems can be calculated by reliability models.

5. CONCLUSIONS SRET, new reliability enhancement technique that can be applied to the IEC61850-based substation automation system is proposed in this paper. The proposed SRET-based system detects failure of IED automatically and replaces the failed IED by backup IED, securing availability of IED all the time. Reliability analysis performed in this study has shown the effectiveness of the proposed scheme. Application of SRET is not limited to electric power substation, but can be extended to other automation systems adopting communication network-based operation.

1 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0

REFERENCES 0

2000

4000

Time

6000

8000

10000

12000

[1] IEC61850 International Standard [2] Elmendorf, W. R., “Fault-Tolerant Programming,” Proceedings of FTCS-2, Newton, MA, 1972, pp. 79-83 [3] Avizienis, A., “The N-Version Approach to Fault-Tolerant Software,” IEEE transactions on Software Engineering, Vol. SE-11, No. 12, 1985, pp.1491-1501 [4] Chen, L., and A. Avizienis, “N-Version Programming: A Fault‐Tolerance Approach to Reliability of Software Operation,” Proceedings of FTCS‐8, Toulouse, France, 1978, pp. 3-9 [5] Nahman, J.M. and Tubic, D., “Optimal sparing strategy for substation components”, IEEE Transactions on Power Delivery, Volume 6, Issue 2, April 1991, pp. 633–639 [6] Deconinck, G., Bott, O., Cassinari, F., De Florio, V., Lauwereins, R., “Stable Memory in Substation Automation: a Case Study,” 1998 Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing, 23-25 June 1998, pp. 452-457 [7] Ding Maosheng, Wang Gang, Li Xiaohua, “Reliability analysis of digital relay,” 2004 Eighth IEE International Conference on Developments in Power System Protection, Volume 1, 5-8 April

Fig. 9. Lifetime distribution of an IED device 1 0.9 0.8 0.7

5

10

15

20

0.6 0.5 0.4 0.3 old

old no

0.2 0.1 0

0

100

200

300 Time (hours)

400

500

600

Fig. 10. Reliability comparison with 100 IED Figure 9 shows a lifetime distribution F(t) for an IED device and Figure 10 represents comparison of reliability when there are 100 bay IEDs in the IED system. Further another case with 100 IEDs without use of dual structure, represented by ‘old no bk’ is shown in the figure. The model of this system is a , where m=100 is serial model, so the number of bay IED. In Fig. 10, the curve ‘old bk’ represents the reliability of the existing IED system that uses dual structure for 100 bay IEDs case. The other four curves are the reliability of new SRET system with 100 bay IEDs with 5, 10, 15, and 20 backup IEDs from left to right. Figure 11 is the reliability comparison in the case of 200 bay IEDs. The other four curves marked ‘10’, ‘20’, ‘30’, ‘40’ represent the reliability of SRET system with 200 bay IEDs with 10, 20, 30, 40 backup IEDs respectively.

211

IFAC Symposium on Power Plants and Power Systems Control, Kananaskis, Canada, 2006

1

212