Ensuring high levels of system uptime is essential for many control systems, as this drives productivity and profitability. The risk of downtime is a significant concern since it negatively impacts operational resources and the bottom line. According to the ARC Advisory Group, plant downtime costs average about $12,500 per hour–of course, these costs will be less for some control systems and much more for others.
Ethernet-based I/O networks provide many compelling advantages. However, like a traditional fieldbus, they also provide many opportunities for failures in the numerous network interface modules, ports, and cables that run throughout the installation. To guarantee a high level of system uptime, some technique must be used to ensure that I/O communication is not disrupted when one of these components fails.
The most obvious approach to provide network redundancy that satisfies the demands of a control system’s I/O network would be to duplicate the entire network infrastructure– cables, conduits, switches, network interfaces and so forth, as illustrated in Figure 1. However, duplicating the network adds significant costs, including equipment purchase, installation, maintenance and repair.
PROFINET Media Redundancy Protocol (MRP) can help to ensure a network failure won’t disrupt a control system’s I/O network, with built-in network diagnostics to unambiguously identify and visualize failures, facilitating quicker and easier repairs.
Media Redundancy using MRP
Let’s say you wanted to take a vacation to the beach. You wouldn’t plan two parallel paths in the event of an accident blocking your way. Instead, you would allow your GPS to monitor the path and, in the event of an accident, reroute you around the blockage along the most efficient alternate route.
Traditional network redundancy schemes required two duplicate parallel networks to achieve a reliable backup connection to each node on the network. MRP provides each node on the network with a backup physical connection to every other node on the network, but in a much more cost-effective way: a ring topology. As Figure 2 depicts, adding one additional cable between the first and last nodes on the network provides two physical communications paths between each node on the network with minimal additional infrastructure.
MRP defines two types of ring participants: one node is the Media Redundancy Manager (MRM), depicted as C1 in Figure 2; and all other nodes are Media Redundancy Clients (MRC), shown as D1, D2, and D3 in Figure 2. Like a GPS, the MRM monitors the PROFINET ring. If it discovers a break in the network, the MRM notifies the other MRC ring participants of a network failure and quickly identifies the most effective alternate route.
Ethernet networks require loop-free topologies to operate correctly. MRP avoids network loops through its novel method for monitoring the health of the ring network. As depicted in Figure 3, as long as the MRM can successfully send MRP Test Packets from one of its ring ports and receive them on its other ring port, the MRM views the ring as healthy and forwards no data between its ring ports.
What happens, however, if a failure occurs in the network? If, as shown in Figure 4, a cable or network port fails, the MRM (C1) determines there is a break in the network. The MRM then begins forwarding data between its two network ports and notifies the other MRC ring participants that this new data path is available for immediate use.
In the same way, if a node on the network fails, the MRM (C1) determines there is a break in the network. The MRM then begins forwarding data between its two network ports and notifies the other MRC ring participants that this new data path is available for immediate use. Figure 5 depicts this scenario.
How PROFINET I/O works with MRP
PROFINET I/O is a robust communications protocol that makes allowances for intermittent network interruptions without losing communications between an I/O controller and its I/O devices. Within a single PROFINET connection (PROFINET Application Relationship), the protocol describes three types of communications data: record data; acyclic real-time data; and cyclic real-time data. Record data is used to establish new connections, parameterize I/O devices, and convey other configuration data. Acyclic real-time data is used for alarm reporting. Finally, cyclic real-time data is used to convey module input and output data on a regular, determined, interval.
Since the cyclic real-time data exchange between an I/O controller and I/O device occurs at a regular, pre-determined time interval, this data exchange is also used as a watchdog for the overall IO controller-to-I/O device application relationship. Simply put, if an I/O controller or I/O device misses three consecutive cyclic real-time data exchanges from its counterpart, that partner is considered lost and the I/O device or controller will default input and/or output data as configured. The I/O controller then will periodically try to reestablish a connection to the I/O device, and if successful, cyclic real-time data exchange will also resume. Acyclic data types have their own retry mechanisms to ensure data integrity, but do not directly factor into the connection status of an I/O controller or device.
Network Diagnostics
Even though PROFINET with MRP solutions provides fast detection and uninterrupted recovery from network failures, determining what needs repair quickly is crucial to maintaining critical control applications. PROFINET I/O controllers and I/O devices provide built-in diagnostic data that indicates link failures as well as overall node health. These indications can be used to identify the failure of a network cable, port or node.
These indications are available automatically in the customer’s process data. This allows the data to be used by:
- User Program Logic to react to any given failure, taking appropriate actions depending upon the severity of the network failure.
- HMI or other visualization technologies to clearly and concisely indicate to operators or maintenance personnel the location and nature of the network failure.
- Historian or other telemetry software for trending or other data analysis activities.
Conclusion
Network redundancy can be used to ensure that a network failure doesn’t disrupt a control system’s I/O network. Although duplicating the network achieves network redundancy, it carries with it significant additional costs. PROFINET with MRP provides network redundancy with minimal impact to total cost of ownership
After surviving a network failure, it is vital to quickly determine what needs repair in order to properly maintain the control application. PROFINET solutions provide built-in network diagnostic data that integrate with control system solutions, including HMIs and User Program Logic. These built-in network diagnostics can be used to identify and visualize failure, facilitating quicker and easier repairs.