SPN: Empowering 5G Virtual Private Networks for Electric Power Industry

As climate change intensifies, more countries and regions are adopting plans to peak carbon emissions and achieve carbon neutrality. Concrete actions to reduce greenhouse gas emissions and promote a low-carbon economy are being taken. At the 2020 United Nations General Assembly, the Chinese government put forward its “30-60” target , aiming to peak carbon emissions by 2030 and achieve carbon neutrality by 2060. To reach this target, China will focus on building a clean, low-carbon, secure, and efficient energy system. This includes controlling fossil energy consumption, improving energy efficiency, implementing renewable energy substitution, and undertaking structural reforms in the electric power sector. The goal is to construct a new power system centered around new energy sources. The introduction of 5G virtual private networks (VPNs) in the electric power industry will facilitate the creation of an energy Internet, supporting power grid companies and energy enterprises in transitioning to the new power system and advancing dual carbon goals.

Requirements and Background of 5G VPN for Electric Power Industry

5G services for the electric power industry fall into two main categories: control and collection. Based on power security requirements, they can be further categorized into four zones: production control zones (Security Subzones I and II), and management information zones (Security Subzones III and IV). Each zone carries distinct services with varying security needs. For example, Security Subzone I demands low communication latency (less than 12 ms end-to-end) and high reliability for differential protection services. Although fiber communication is heavily relied upon, the power distribution network span a vast area with numerous scattered communication terminal points. High synchronization accuracy is crucial for power distribution automation service in Security Subzone I and high-bandwidth video conferencing in Security Subzone II. Automatic relay protection equipment monitors distribution network lines and devices to quickly locate and isolate faults. For electric power video surveillance, especially HD monitoring, ultra-large bandwidth is needed. For example, deploying multiple 4K cameras at places like substations and high-voltage towers allows comprehensive multi-angle inspection.

According to security requirements of power services, physical isolation separates power grid services from other B2B/B2C services. Production control zones are physically separated from management information zones, with logical isolation within each zone. Traditional power networks rely on the overlaying of multiple transport schemes including synchronous digital hierarchy (SDH), optical transport network (OTN), and power line carriers. This results in high deployment costs, inability to guarantee service requirements, and lack of centralized control.

VPN Solution for Electric Power Service Transport

The emergence of 5G VPN slicing technology allows services from different power network zones to be transported through multiple logical networks overlaid on a single physical network.

When planning network slicing to meet various service requirements, dedicated and resource-exclusive network slices are created for production control zone services, utilizing resource block (RB) reservation and 5G QoS identifier (5QI) priority scheduling at the wireless side, metro transport network (MTN) slicing at the transport side, and a dedicated user plane function (UPF) for core network isolation. Management information zone services are logically separated from other B2B services and public-network services through 5QI priority scheduling, VPN isolation, and industry-network UPF sharing. See Table 1 for the implementation scheme.

Considering the requirements of electric power services for fined-grained bandwidth and hard isolation, we can deploy fine granularity units (FGUs) supporting a minimum of 10M bandwidth, based on the 5G bandwidth slicing specification of the MTN1.0 standard, to carry control/protection-class high-security services (Fig. 1).

Services in Security Subzones III and IV can share a VPN and be carried by a group-customer hard slice in the existing network, while services in Security Subzones I and II can be carried by a dedicated VPN through FGU slices that can flexibly allocate N×10M bandwidth. In shared large-network hard slicing, slice services are scheduled based on priority. Whether a slice service uses a dedicated VPN or shares one with others depends mainly on IP address conflicts and the necessity for independent management, operation and maintenance.

According to listed service requirements and transport slice characteristics, the VPN can be designed as follows: For services in production control zones (Security Subzones I and II), MTN hard slices (including fine-grained slices) are hard-isolated from management information zones (Security Subzones III and IV time slots). For services in Security Subzones I and II, an L3 VPN using SR tunnel of the MTN client channel or an L2 VPN using MPLS tunnel of an MTN subclient can be created. Depending on network conditions, they may also utilize a soft-isolated VPN on the MTN hard-slice channel. Services in management information zones (Security Subzones III and IV) can be transported via soft-isolated VPN on an MTN hard slice.

Practices of 5G VPN with State Grid Jiangsu

In August 2022, China Mobile Nanjing Branch, in collaboration with ZTE and State Grid Jiangsu, successfully tested and validated power production control services such as differential protection and power distribution automation. This environment encompassed a 5G wireless network, core network, and transport network in Jiangbei New District, Nanjing City, China.

In this test, the core network used a dedicated UPF to carry power services, while the SPN transport network employed ZTE’s ZXCTN6700 core aggregation device and ZXCTN6180H access layer device. Results show that SPN fine-grained slices  isolate power control and protection services securely. Unlike shared slices for group customers, fine-grained slices remain unaffected by congested flows and have hard isolation capabilities of SDH. With hard slices deployed at a minimum granularity of 10 Mbps, bandwidth requirements for power services can be met, allowing the 5G VPN to achieve 9 ms end-to-end average latency, zero packet loss, over 99.999% reliability, and synchronous timing accuracy error of less than 500 ns (meeting the 1 µs requirement of power services). The SPN FGU establishes a secure and efficient communication management channel with deterministic latency and jitter for power services, laying a solid foundation for SPN network to transport power services and achieve widespread commercial use in the power industry.