Alain Fiocco Sr. Director CTO Office afiocco@cisco.com
BILLIONS OF DEVICES The Internet of Things Is Already Here 50 40 50 Billion Smart Objects 30 20 10 0 Source: Cisco IBSG, 2011 Inflection Point 12.5 25 7.2 6.8 7.6 TIMELINE 2010 2015 2020 Rapid Adoption Rate of Digital Infrastructure: 5X Faster Than Electricity and Telephony World Population
PROCESS MANUFACTURING ENERGY TRANSPORTATION CITIES RETAIL 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
IoT Device Characteristics
Assumptions & Constraints for Protocols
Field Area Network (FAN) Wide Area Network Field Area Network Router Neighborhood Area Network 6
IoT Architectural Philosophy Closed Systems Various Protocols (Little external interaction) (Modbus, SCADA, BACnet, LON, HART) Standardized Interfaces (Wireless/Wired) Standardized Networks (IP Based/ISO Stack) Protocol Gateways (Inherently complex, inefficient and fragmented networks) Proprietary Networks (Usually layer 2 based) From Distributed Intelligence (e.g. Fog Computing) To
Convergence of Applications Business Application #1 Business Application #2 Business Application #3 Business Application #1 Business Application #2 Business Application #3 Converged Application Infrastructure Network #1 Network #2 Network #3 Converged IP-Based Network Device #1 Device #2 Device #3 Device #1 Device #2 Device #3 Existing Proprietary Vertical Applications and Networks Converged Network Based on Open Standards and Common Data Models
Why Distribute Computing? Traditional Computing Model (Terminal/Mainframe, Client-Server, Web) IoT Computing Model Assumes Infinite, Bandwidth, 0 Delay Data Center/ Cloud Endpoint Speed of Light Latency-Critical Responsiveness Required Resiliency Security Data Grows Faster Than Bandwidth Data Center/ Cloud Fog Device Assumes Limited Bandwidth, Variable Delay, and Intermittent Connectivity IOx Assumes Limited Bandwidth, Variable Delay, and Intermittent Connectivity
Well Established Eco-Systems Fog computing use cases Build Your Own Interface Application Layer Gateway Protocol Translation Application Layer Security Application Data Processing Distributed Control
IoT Protocol Stack : Smartgrid example
Open Standards IP-based Reference Model Application Layer Transport Layer Network Layer Mgmt Data Link Layer Physical Layer LLC M A C Web Services, EXI, SOAP, RestFul,HTTPS/CoAP IPv6 RPL IEEE 802.15.4e MAC enhancements UDP/TCP IPv6 802.1x / EAP-TLS & IEEE 802.11i based Access Control IPv6 over PPP 6LoWPAN (RFC 6282) IPv6 over Ethernet (RFC 2464) (RFC 5072) IEEE 802.15.4 including FHSS IEEE 802.15.4g 2.4GHz, 915, 868MHz DSSS, FSK, OFDM Metering IEC 61968 CIM, ANSI C12.22, DLMS/COSEM, IEEE 1901.2 802.15.4 frame format IEEE 1901.2 NB-PLC OFDM IEEE 802.11 Wi-Fi IEEE 802.11 Wi-Fi 2.4, 5 GHz, Sub-GHz SCADA IEC 61850, 60870 DNP3/IP, Modbus/TCP, IEEE 802.3 Ethernet IEEE 802.3 Ethernet UTP, FO DNS, NTP, IPfix/Netflow, SSH RADIUS, AAA, LDAP, SNMP, (RFC 6272 IP in Smart Grid) Security (DTLS/TLS) Addressing, Routing, Multicast, QoS, Security 2G, 3G, LTE Cellular 2G, 3G, LTE Cellular IP or Ethernet Convergence SubL. IEEE 802.16 WiMAX IEEE 802.16 WiMAX 1.x, 3.xGHz Open Standards at all levels to ensure interoperability and reduce technology risk for utilities 15-20 years lifetime and future proofing Internet has 25 years lifetime and is continuously evolving
Field Area Network Architecture SIEM DB DMS DMS DMS SCADA CG-NMS SIEM Certificate Intrusion Authority Prevention MDM CIS MDM Billing & Pre-Payment Mgmt ORS Data Integrity & privacy: IPSec Traffic prioritization: IP QoS Scalable & reliable IP VPN MDMS AMI Head-End HER Public or Private IP Infrastructure Directory Services Access Control Network & Security Services Data Center, Enterprise Apps Zero Touch Provisioning Users and devices Authentication Devices management Open standards Neighborhood Area Network (NAN): IEEE 802.15.4g/e RF or/and IEEE 1901.2 PLC Mesh IPv6 based communications 6LoWPAN, RPL, Fully Secured AES 128 encryption, IEEE 802.1x authentication, IEEE 802.11i key management Network Management CoAP based, Zero Touch Provisioning, Over-the-Air firmware upgrade
Security Architecture Certificate-based identities, user names & passwords Role based Access Control 802.1x-based access control for meters, routers, grid devices Link-layer encryption in RF Mesh Group-based key generation and management (mesh) Network-layer encryption for WAN Backhaul (IPSec) Directory Services Certificate Authority AAA Server Security Services Field Area Router (FAR) CGR 1000 Series Intrusion Prevention Public or Private WAN Neighborhood Area Network (RF Mesh) NMS AMI Head-End HES SIEM FAN Aggregation Layer within Substation Automation Network Mobile Workforce Secure Device Identity via Digital Certificates Strong user identities with Role-Based Access Time-stamped logs, correlation at SIEM Separation of AMI vs. non-ami traffic, segmentation 15 Smart Meters Secure storage for encryption keys Secure encryption keys Network-layer encryption (IPSec) Link-layer encryption (AES-128)
Sub-1GHz Regulations around the World Ultra NarrowBand China 2 W ** Europe India Hong-Kong Iran UAE 2 W ** USA Canada Chile Colombo Mexico Argentina Uruguay Venezuela 902-928MHz 4 W * Brazil 902-907.5, 915-928 MHz 4 W * Australia 915-928MHz Korea 917-923.5MHz 4 W * S.A. 4 W ** Israel 2 W * Malaysia 2 W ** China 2 W ** Allocated Frequency bands Licensed/unlicensed (ISM) Transmit power Time transmitting Japan (2012) 915-930MHz 4 W* 0.5 / 0.02 W * Licensed/unlicensed Hong-Kong 920-924 MHz Thailand 2 W * Singapore 0.5 W ** Singapore 2 W ** 840 850 860 870 880 890 900 910 920 930 940 950 MHz * e.i.r.p. ** e.r.p. Source: CEPT - DKE 731.09r1 JSC E.U CEPT new frequency bands discussion (870-876MHz 500mW and 915-921MHz 25mW) 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Wi-SUN Alliance Vision: Drive industry to embrace open standards and interoperability. Definition of Wi-SUN profile based on IEEE 802.15.4g/e Reduce technology risk Testing Certification www.wi-sun.org 17
Certification for products built on the IEEE 1901.2 Low-Frequency, Narrow-Band Powerline Communications standard Leverages HomePlug s long established programs & expertise in testing & certifying powerline networking products. HomePlug will promote the adoption of Netricity products to foster an ecosystem served by multiple technology vendors. The Netricity program is supported by HomePlug Alliance member companies:
twitter: @alainfiocco email: afiocco@cisco.com
Connected Grid Network Management The Connected Grid NMS Solution provides grid operators Scalable, Utility Ops communication management Enterprise-class visibility for up to 10M endpoints Secure network commissioning, monitoring and life cycle management via well-defined interfaces Integration with Utility Operations and Enterprise Bus The Cisco Connected Grid Device Manager provides Device level network monitoring and troubleshooting 23
CG-NMS Visualization
Cisco 1240 Connected Grid Router Outdoor Model (Pole Mounted) GPS Antenna Battery Backup Ethernet Switch 2GE WAN (Cu or SFP), 4FE LAN 2 RS 232/RS 485 Serial Ports Ruggedized, IP67 Ethernet (RJ-45) Connector Four Module Slots Integrated Antennas for: RF Mesh, WiMAX, 2G/3G, WiFi Liquid Tight (IP67) Adapter Estimated dimensions: 30.5 cm (H) x 20.3 (W) x 19 cm (D) = 12 (H) x 8.0 (W) x 7.5 (D) Antennas shown above are optional; can be deployed with external antennas
Cisco 1120 Connected Grid Router Indoor Model (Din-Rail Mounted) Fiber WAN 2 GE SFP Ethernet Switch 2GE WAN, 6FE Serial RS-232, RS-485 Console and Alarm Ports Three Phase AC Input GPS Antenna Slot 1 Integrated AC and DC PS Module Slots DC Input Slot 2 Wi-Fi Antenna Substation hardened IEC61850-3 and IEEE1613-compliant Fixed memory Din-rail mounted Convection cooled No fans and/or moving parts Increased operating temp Dimensions 8.9 cm (H) x 22.9 cm (W) x 20 cm (D) = 3.5" (H) x 9.0" (W) x 7.8" (D)
Industrial Router 500 915 MHz RF Mesh DA Gateway LEDs viewable from top and front Two Serial Ports One 10/100 Ethernet Port Reset Switch Transport Distribution Automation and SCADA over IPv6 RF Mesh Ruggedized for harsh industrial environments Compact size and low power Authentication and encryption IP quality of service RF mesh aggregated by CGR1000 Series Managed by Connected Grid NMS and Device Manager 915 MHz RF Connector USB Port 9-60 VDC PWR/Alarm Form Factor Specifications Compact form factor: 4.5 x 5.5 x 1.25 Fixed configurations- Panel / DIN rail mount IP-30 rating IEC 61850-3 / IEEE 1613 Extended Temperature range (-40C to +70C) Mounting Feet (can be moved to front and back)