IEC 61850 L2 / R-GOOSE Gateway
There are several options for sending GOOSE messages over IP networks, like tunneling of layer 2 (L2) GOOSE over UDP/IP or by implementing support for routable version of GOOSE on the IED. The approach described here is quite simple to implement and it does not require any changes on the side of existing GOOSE publishers or subscribers. This can be done with a gateway which on one hand is a subscriber of the 'traditional' L2 GOOSE messages published by the IEDs connected to the local network, but on the other hand publishes received messages as an UDP/IP multicast traffic. The idea is depicted in the picture below.
The main tasks of the gateway are:
• Subscribe to the selected L2 GOOSE messages using one of the parameters: GOOSE message ID or name of publisher control block
• Generate UDP multicast packet containing GOOSE APDU from the received L2 GOOSE messages
• Optionally encrypt payload of the outgoing R-GOOSE multi-cast packet
It is also possible to updat some parameters of the published R-GOOSE like application ID number, goose ID string, or customize the delay between re-send messages.
As for the configuration of the gateway, it could be done statically via xml file, in which case once the xml config file is uploaded to the gateway, subscribers and publishers are initialized and could be enabled or disabled by the IEC 61850 client application. The parameters of the subscriber (L2) side or publisher (routable) side, do not change until the new configuration is uploaded and instance of the gateway is restarted.
If required, it is also possible to modify during run time some parameters of the gateway:
• subscription attributes
• destination multicast addresses
• KDC server address
Since GOOSE messages published as UDP/IP multicast, might be sent over wide area networks it is very important to protect the information against unauthorized access and modification. This is why L2/R GOOSE gateway shall support authentication and encryption as defined by 62351-9.