DNP3 Protocol : Architecture, Working, Function codes, Data format & Its Applications

The DNP3 or Distributed Network Protocol3 was launched in the 1992 by a Japanese Corporation to establish a protocol for communication between distributed systems. DNP3 is network based device control protocol which is used for communication between a device and a remote input / ouput device. This protocol mainly depends on an object oriented model that decreases the data bit mapping that is usually required by other less object-oriented protocols. It is mainly used between central master stations as well as distributed remote units where the central master station simply works as an interface between the human network manager as well as the monitoring system. The distributed remote unit is the interface between the master station & the physical apparatus being observed & controlled in the distant areas. The data exchange between these two can be done by the common objects library. This article discusses an overview of the DNP3 protocol – working with applications.

What is DNP3 Protocol?

The set of communication protocols that are used between different components within process automation systems is known as the DNP3 protocol. This protocol was mainly designed for communication purposes between different kinds of data acquisition & control equipment. So in SCADA systems, this protocol plays an essential role when it is utilized by RTUs, SCADAs, and IEDs.

DNP3 Protocol Architecture & Its Working

The DNP3 is a third version distributed network protocol. It has one integrity poll and three polling levels, where the integrity poll is used to grab the data at one poll.

DNP3 Protocol Architecture
DNP3 Protocol Architecture

The DNP3 network architecture can be unicast, multidrop, and data connector/hierarchical architectures.

The unicast architecture: is also known as one-to-one architecture, here the master station can communicate only with one outstation, whereas in multidrop architecture the master station can communicate with more than one outstation device which means it can communicate with multiple outstation devices. The data connector/hierarchical architecture is a combination of multidrop and unicast architectures.

The DNP3 communication protocol is commonly used for electric utilities, water & sewage, oil & gas, transportation, and other SCADA environments. It allows you to view important levels in real-time and historically, that could be temperature, humidity, battery level, voltage, fuel level, etc. It also allows you to detect problems and correct the problems quickly, and also you can eliminate bottlenecks and inefficiencies.

The designing of the DNP3 protocol can be done based on the layers of the OSI model like data link, transport, application & user layer. This protocol has the flexibility for connecting a single master through a minimum of one or above outstations above serial as well as Ethernet physical media.
Other possible architectures mainly comprise various master connections with a single outstation & peer-to-peer operations. Usually, the master starts control commands to request data from or activate devices that are managed through the outstation. This outstation simply reacts to the master by transmitting suitable information.

DNP3 Protocol Layers
DNP3 Protocol Layers

Based on OSI model, the DNP3 protocol includes four layers Data Link, Transport Function, Application & User Layer. Here, the Data Link Layer at the bottom will make the physical link more reliable by addressing & error detection. The Transport Function simply assembles frames of Link Layer into Application Layer fragments. This layer takes the whole message & specifies what data is preferred to the above User Layer. Every message can have several data types like analog, binary & counter inputs & outputs.

How DNP3 Protocol Works?

The DNP3 protocol simply works by using 27 fundamental function codes for allowing communication between master stations & remote units. So that some function codes will allow the master to request and get the condition of information from a remote device and other function codes will permit the master to decide or correct the remote unit configuration.

Several function codes are mainly used in the DNP3 master station for controlling the equipment or remote unit at remote sites. DNP3 master station issues most of the communication to the remote device of DNP3. But, the Unsolicited Message (o/p message) is initiated through a remote unit, and it generates an alarm. So that this message gives an alert to the master once an alarm occurs.

Function Codes

The function codes of DNP3 include the following.

Function Code



Confirm function code.


Read function code.

Write function code.


Select function code.


Operate function code.


Direct operate function code


Cold restart function code


Warm restart function code


Stop application function code


Delete file function code


Response function code


Unsolicited Response function code

DNP3 Message Format

The message format structure of DNP3 is shown below. If we examine this structure, we can observe that the messages are exchanged between masters & remotes. The serial telemetry protocol (TBOS) is byte-oriented by exchanging a single byte to communicate.

Extended serial telemetry protocols such as TABS are packet-oriented with packets of bytes that are exchanged to communicate. These packets normally include header, data & checksum bytes. The DNP3 protocol is packet-oriented & utilized the packet structure which is shown in the following figure.

Message Format of DNP3
 Message Format of DNP3

In the above message format diagram, the DNP3 ASDU (application service data unit) is valuable for the adjustment of clever content that is controlled through both qualifiers as well as indexSize fields. So this design will make application data accessible within flexible configurations.

Now let’s discuss how the data is exchanged especially in the layered communication model.
The application layer in the above diagram combines an ASDU (application service data unit) and a packaged object by an APCI (application protocol control) block to make an APDU (application protocol data unit).

The transport layer will break the application service data unit or APDU into different segments with a maximum 16 bytes size & packages them by an 8-bit transport control header & 16-bit segment CRC separators into a transport Frame.

The link layer is mapped to the 4-layer model which is developed through the DoD (Department of Defense) through the DoD Internet Layer omitted. If the serial transport is utilized, then packet assembly is done & located on the transport media for delivery.

If the packet is transmitted over a LAN or WAN, then 3 DNP3 layers are rolled up into the first layer. The packet which is assembled can be wrapped within the TCP (Transport Control Protocol) through the transport layer which is wrapped within the IP (Internet Protocol) through the internet layer. The UDP (User Datagram Protocol) can also be utilized but presents some extra issues connected to reliable delivery within packed networks.

DNP3 Data Format

DNP is extensively used in controlling the message passing in between the central station & the control units. The data format of DNP3 mainly includes two sections the header & the data sections. Further, the header is separated into six subsections.

DNP3 Data Format
DNP3 Data Format

The format of the data frame & the necessary size of every field is shown in the above figure. In this diagram, the Sync is the first field which is 1 byte & it specifies the beginning of the frame.
This field value is fixed to 0564, so once a frame is received by examining the Sync field position then mapping can be done efficiently.

The field length provides the entire frame length so that a particular buffer can be assigned at the destination to hold the incoming frames. So the second frame is “Control field” which describes the control action required to be quired at the receiver end.

The control field will include hex value 41 otherwise 42 based on the action type. After that, the destination & the source address field will provide the intended receiver addresses & the sending node.
The CRC or Cyclic Redundancy Check is the last field that will help in verifying the frame error. A check value is connected to the message at the time of transmitting which will be cross-verified at the receiving end. Once this value matches, then it specifies the nonexistence of error within the frame. The section of data is 2 to 4 bytes however it has no role in controlling message passing.

The above figure shows the control message transmitted within the format of DNP3 from one station to another like control to destination. For the communication of various actions to destinations, the fields like the control field as well as the destination address whereas some fields will not change for all the communications.

Example of DNP3 Monitoring System

The DNP3 master and remote monitoring system diagram is shown below. This model is used to transfer data between two devices like master and remote using DNP3.

DNP3 Example
DNP3 Example

The DNP3 master and remote monitoring system diagram are shown below. This model is used to transfer data between two devices like master and remote using DNP3. Here the master is the computer and the slave or remote is the outstation. The transmitted data is either static data, event data & accept unsolicited event data.

The DNP3 protocol is normally used between the master (computer) and remote (Outstation). Here, the master is used to provide an interface between the human network manager as well as the monitoring system. The remote provides the interface between the master as well as the physical device which are being controlled or monitored.

Both the master & remote utilizes a common objects library for data exchange. Here data is The DNP3 protocol is a polled protocol that includes capabilities that are designed carefully. Once the master station is connected to a remote, then an integrity poll can be performed which is very significant for addressing DNP3 because for a data point they return all buffered values & comprise the present value of the point also.

Generally, the DNP3 drivers can perform different polls routinely like an Integrity Poll, a Class 1, a Class 2, and a Class 3. In Integrity Poll, the DNP3 simply requests the outstation to transmit its Class 1, class 2, & class 3 event data & Class 0 static data within chronological order. An Integrity Poll is normally used for synchronizing the databases of DNP3 master & slave and thus tends to be allocated a slow poll rate. Typically, Class 1, Class2 & Class 3 polls are used to recover individual class events at changeable rates based on the importance of those events more critical events are assigned to the classes which have the faster poll rate.

Difference between DNP3 and IEC 61850

The difference between DNP3 and IEC 61850 includes the following.


IEC 61850

The DNP3 protocol is an open industry specification. The IEC 61850 is the IEC standard.
The DNP users’ group is the standard organization of the DNP3 protocol. The international electrotechnical commission is the standard organization of IEC 61850.
The DNP3 protocol is a four-layer architecture and also supports seven-layer TCP/IP or UDP/IP. The communication in an IEC 61850 protocol is based on the OSI model.
The DNP3, GOOSE, HMI, IEC, RTU, and SCADA are the common terms of the IEC 61850 communication protocol. The intelligent device (IED), logical device & logical node, data object & data attribute are the levels that define the hierarchical information model of an IEC 61850
The benefits of distributed network protocol third version are no protocol translators are needed, maintenance, testing, and training will take less time, easy system expansion, and has long product life. The benefits of the IEC 61850 protocol are the extension cost, integration cost, equipment migration cost, and installation costs are low.


Difference between DNP3 and Modbus

The difference between DNP3 and Modbus include the following.



The distributed network protocol was developed in 1993 by Harris. The Modbus protocol was developed in 1979 by Modicon
The distributed network protocol uses bits. The Modbus communication protocol uses text descriptions to send the data.
DNP3 consists of three layers they are physical, datalink, and application layers. The Modbus communication protocol consists only application layer
The DNP3 protocol supports multiple slaves, multiple masters, and peer-to-peer communication. the Modbus protocol supports only peer-to-peer communication.
The configuration parameters required in the DNP3 protocol are bad rate, fragment size, and device addresses. The configurations required in the Modbus protocol are parity mode, ASCII mode, RTU mode, and baud rate.

DNP3 Pros and Cons

The advantages of the DNP3 protocol include the following.

  • DNP3 is an open standard protocol, so any designer can design DNP3 equipment which is well-matched with other DNP3 equipment.
  • DNP3 provides many capabilities due to an intelligent & robust protocol.
  • It can request & respond through several data types within single messages
  • It allows several master & peer-to-peer operations
  • It supports standard time format & time synchronization.
  • Software costs will be reduced.
  • No requirement for protocol translators.
  • Less maintenance & testing.

The disadvantages of the DNP3 protocol include the following.

The DNP3 uses a serial RTU & upgrades it through an Ethernet RTU (ERTU). If the communication channel bandwidth to that station is not also enhanced, then the user will have a slower link because of the overhead implemented in wrapping the DNP3 through TCP/IP.

DNP3 Applications

The DNP3 applications include the following.

  • DNP3 allows different devices within process automation systems to communicate.
  • Different utility companies broadly use this protocol for gas, electrical, and water telemetry systems.
  • It is used in SCADA Communications.
  • The DNP3 communication protocol is used in remote & SCADA monitoring systems.
  • This is applicable in the whole SCADA environment which includes from master to remote and RTU to IED communications & also in network applications.

Thus, this is all about an overview of the DNP3 protocol – working with applications. The DNP3 protocol specification mainly depends on the object model. So this model simply decreases the data bit mapping that is usually necessary with other less object-oriented protocols. For SCADA technicians & engineers, having some pre-defined objects will make the DNP3 more comfortable design & deployment framework. Here is a question for you, what is the protocol?