“Nodes are attached by edge links, while bridges are connected among themselves with trunk links that carry a higher traffic than edge links and therefore require more bandwidth."
This statement and figure indicate that each of the switch (a.k.a. bridge) ports for the switch-to-switch links are configured as TRUNK ports.
TRUNK ports allow messages with any VID to pass i.e. there are several, if not all, values of VID that are allowed to pass through the port.
Certainly switch-to-switch links will most likely need to be configured as TRUNK ports since the various messages between the switches could each belong to different VLANs, i.e. their VID might be different but must still pass.
The statement and diagram also indicate that IEDs are only connected to the switch via the EDGE ports on the switches.
EDGE ports support only one specific VLAN i.e. the VID in the message must match the unique PVID of the port.
This therefore means that IEDs only communicate using a single VLAN.
However it is incorrect to assume that the IED will only use one VLAN, i.e. is only connected to an EDGE port.
In fact (assuming VLAN-aware switch configuration is used) the port for switch-to-IED may need to be configured as TRUNK as the IED may need to send/receive messages on multiple VLANs i.e. the acceptable VIDs will need to be more than just a single VID value, e.g. VID=1 for GOOSE and VID=5 for SCADA, in fact I have spoken with one utility who has 200+ VLANs on the one port all for different remote engineering access profiles! These require the switch ports to be configured as TRUNK, not EDGE.
Proposal
The wording and diagram need to be modified to indicate that the IEDs can be connected via EDGE or TRUNK ports depending on, respectively, whether there is one or multiple VLANs that the IED needs to communicate on.
Discussion
Created
Status
Lets revisit this - it is not just a "blue question" The wording and diagram must be updated to indicate that IEDs can (and probably should in most instances) be connected to TRUNK ports
03 Mar 18
Not Applicable
I have recently been drawn back to this TISSUE. Firstly I don't agree that its status is "BLUE" as a question only - it is a real suggestion to correct the wording in Part 90-4!
Yes, in traditional "Industrial Ethernet", IEDs generally don't specify the VLAN in the message frame it sends. However the bridges apply VLAN tags based on the PVID of the Ingress port. The bridges can remove those tags on TRUNK egress ports depending on the egress port Tagging rule and the particular message VID compared to the egress port PVID.
However in typical GOOSE applications, the sending device defines the VID tag in the message it sends. Hence a single IED can be configured to send multiple GOOSE on multiple VLANs simultaneously. Likewise a single IED can be configured to subscribe to multiple GOOSE sent via multiple VLANs. Hence that requires IEDs to be connected to ports configured as TRUNK, not EDGE.
I agree that prior to IC 61850-90-4, there was no IEC 61850 "specification" of a bridge, but now that we do have LNs for bridge configurations the Standard should not rule out common practice of using TRUNK ports for IED connection.
12 Jun 17
Not Applicable
This shows why VLANs are not popular. The IEDs themselves have usually no means to define VLANs, this ability is not requested in IEC 61850. So, the burden of handlnig the VLANs is left to the bridges, but there is no bridge specification in IEC 61850. Also, the support of several VLANs per port in not standard - a port can only set one VLAN. We need to address this issue in a normative way, otherwise there will be too many ways how to configure VLANs.
But first, the question is: why do we have VLANs at all? Security cannot be an aspect since there exist methods to circumvent it. Traffic separation per VLAN is not interesting since SCADA must have access to all VLANs and therefore this applies only to a tree structure, in which case it is better to simply separate the segments via different interfaces. For multicast traffic - the bulk of IEC 61850 - there is no advantage of using VLANs over MC filtering.