RFBACnet Tutorial: Understanding the Building Automation Protocol
This tutorial provides a comprehensive overview of the BACnet (Building Automation and Control Networks) protocol, covering its stack architecture and fundamental concepts.
BACnet is a widely adopted automation and control protocol found in products from leading industry vendors like Johnson Controls Inc., Siemens building technologies, KMC Controls, and Teletrol Systems. It was designed from the ground up as an independent, open-standard automation protocol, and several free BACnet protocol stacks are available.
BACnet boasts a wide range of applications, including:
- Lighting control
- Security systems
- Fire control
- Alarm systems
- HVAC (Heating, Ventilating, and Air-Conditioning)
- Interfacing with utility companies
BACnet International oversees conformance testing services and promotes the development and adoption of the BACnet standard.
BACnet technology is designed to interoperate with other technologies such as KNX and Zigbee, and interoperability specifications have been developed to ensure the coexistence of these systems.
BACnet Protocol Stack Architecture
Figure: BACnet protocol stack
The figure above illustrates the BACnet protocol stack. As shown, it comprises the following layers:
- Physical Layer
- Link Layer
- Network Layer
- Application Layer
The BACnet protocol is a streamlined version of the OSI stack, omitting the transport and session layers. The application layer handles the functions typically associated with these two layers.
BACnet Physical Layer
BACnet’s upper layers are independent of the physical layer, enabling its implementation on various networks. The following physical layers have been specified for BACnet:
- ARCNET
- Ethernet
- IP tunnels
- BACnet/IP
- RS-232
- RS485
- Lonworks /LonTalk
RS232 is used for point-to-point communication. RS485 supports up to 32 nodes with a distance of 1200 meters at 76 Kbps.
BACnet Protocol Link Layer
BACnet can be implemented directly using LonTalk / IEEE802.2 link layers. It specifies PTP (Point To Point) data link layer for RS232 connections. It specifies MS/TP data link layer for RS-485 connections.
The standard specifies BVLL (BACnet Virtual Link Layer), which defines the services (e.g., broadcast) required by a BACnet device at the link layer. IP BVLL encapsulates the necessary control information in a header containing BACnet virtual link control information. Thanks to IP BVLL, BACnet devices can communicate directly over IP networks without needing a router device.
BACnet uses the BBMD (BACnet Broadcast Management Device) concept, which implements the broadcast requirements of the desired link layer. A BACnet broadcast message is converted to IP-based multicast/broadcast messages.
BACnet Network Layer
The BACnet network layer defines the network addresses needed for routing. A BACnet network consists of one or more segments. Segments using the same LAN technologies are connected using bridges. Segments using different LAN protocols are connected/interfaced using routers.
BACnet Application Layer
BACnet doesn’t separate the presentation and application layers. It handles reliability and segmentation/sequencing mechanisms usually associated with transport and session layers. BACnet represents devices as objects that exchange service primitives. These service primitives are described using ASN.1 syntax and serialized using ASN.1 BER.
BACnet Security Layer
Let’s explore the BACnet security concept. Device A can request a session key from a key server to establish secure communication with Device B. The key server delivers this key (referred to as ‘SKab’) to both devices. BACnet protocol uses 56-bit DES encryption.
Device A and Device B authenticate each other by exchanging challenges (random number encryption with the session key). The challenge message includes an identifier (InvokeID), which is used for all future authenticated transactions.
