ABBIndustrial Networks Connecting Controllers via OPC

is 8 milliseconds for all tests (see Table 4.2). It shows clearly, that the test system variation with Woodhead PROFIBUS returns the best round-trip times, while

the Beckhoff approach is worthless for our task. Moreover, its ability of emulating several slaves saves the effort of inserting multiple PCI cards. Beside all these

advantages, the Woodhead PROFIBUS approach causes the word swap problem,

which cannot be solved without adding program code at this time.

Whereas MMS also meets our requirements, it is about two times slower than the

Woodhead approach. Furthermore, the standard deviation of the RTTs measured

is vastly greater with MMS than with PROFIBUS. This is remarkable, since our

test were made with a direct Ethernet link (crossed cable). As the performance

of MMS depends on network traffic and AC800M’s CPU load, it is to be expected

that communication using MMS will get slower and even less deterministic in a real

environment

Although on the first spot Test 5 seems to be useless, this is not the case at

all. Firstly, it proved that the system basically works even with this amount of

variables. Secondly, while Test 4 is the most relevant evaluation concerning the

real requirements, Test 5 was intended to look for the limits of the current system,

Chapter 6

Redundancy

This chapter will provide theoretical considerations on redundancy. Since the

Woodhead PROFIBUS solution was the most promising approach, our considerations are based on this test system variation and the amount of signals according

to Test 4, which resembles the real requirements.

6.1 Terms and Concepts

Please notice that when talking about redundant components in this context, we

mean duplication if not stated otherwise. The term redundancy does not define the

number of redundant components in general.

6.1.1 Levels of Redundancy

There is a large variety within the levels of redundancy. While it is possible to

double only the most important or critical components, one can also make a whole

system redundant. This usually allows the concurrent outage of several different

parts of a system (e.g. a processor module and a bus line) without interrupting

the whole system. An outage can be an unplanned failure of a component but also

a planned maintenance action. Security relevant parts like protection systems are

often even implemented three times or more.

It is also important to know that redundancy can be implemented on different

levels in communication. Most redundancy hardware devices or software programs

that are able to switch between different connections work on a protocol level,

that is, they recognize errors in the communication protocol e.g. if a device fails

or the connection is broken. They are not able to identify errors in the transported data, though. In contrary, redundancy logic on application level checks the

values/contents of the transported data, and therefore also detects errors if the protocol itself runs correctly. It is also possible to combine these approaches, e.g. if an

application level program is able to force a switchover in a physical switch. A typical specification for the maximum switchover time in the turbine control business

is 20 ms.

6.1.2 Master-, Slave- and Line-Redundancy

In bus systems there are three aspects of redundancy which can be combined arbitrarily. Since the outage of a non-redundant bus master in a classical master/slave

bus system like PROFIBUS interrupts any communication, it is very common to

implement bus master redundancy. In contrary, slave redundancy can be implemented depending on the importance of a specific slave. For real master or slave

redundancy it is of course necessary to implement two completely independent

communication stacks [36]. In practice this is normally done by using two identical

communication interfaces. The two interfaces communicate directly or via a third

component (e.g. the processor module) to be activated or deactivated and exchange

configuration data. Line redundancy means the multiple presences of physical media. A redundant master/slave bus system is showed in Figure 6.3. ABB offers a

device called RLM01 to connect single-line PROFIBUS slaves to a line redundant

layout, allowing reducing the non-redundant part to a short distance. Since the

device needs to copy data, it causes a delay, but this is very small compared to our

cycle times (about 1.5 µs at 12 Mbit/s).

6.1.3 Transparency

For the different components of a redundant system it makes a difference whether

the redundant pairs behave in a transparent manner or not. If they behave transparently, the other parts recognize a redundant pair as one single device and will

not have to do anything; at the most there will be a more or less drastic pause due

to the switchover. If redundant components behave not transparently, it is usually needed that nearby components are intelligent enough to check which device is

working correctly.

For redundant components which behave transparently it is inevitable to have

a redundancy communication (RedCom), which can be a direct link or be managed

by a superior component. This connection is on one hand needed to determine

which component is the active one and which is in stand-by mode. On the other