By Ian Verhappen, Industrial Automation Networks
With the increasing importance Ethernet has in today's automation networks, a key consideration in any design is the overall reliability of the resulting system.
To demonstrate the importance of getting things right and their impact on reliability, data from Datacom demonstrates the impact of each layer of the OSI model and percentages of failures that affect system reliability (Figure 1). The lower you go in the OSI model, the more failures there are, and 72% of failures occur in the first three layers. These faults include hardware failures, cabling failures, power losses, programming misconfigurations, etc.
Failure Mirrors Reliability
Failures are reflective of reliability. "The word reliability refers to both the guarantee of delivery of a message from source to destination, and the integrity of the message itself," says Dick Caro, president of CMC Associates (www.cmc.us), chairman of ISA-50 and recognized industrial protocol expert. "In most cases, message integrity is assured by the error-check codes in the messaging protocol, and acknowledgement of the received message. The usual method used to correct transmission error and failure of a message to be acknowledged by the receiving node is to retransmit the message."
Larry Thompson, owner and general manager of Electronic Systems Development and Training (ESdatCo), automation industry author and instructor, is exposed to a wide range of situations and confirms that running parallel programs, watchdog timers, checksums and so forth all aid in the detection of communication problems. "In most cases, encrypting network information will provide a more than sufficient check of network information reliability and integrity at the costs of additional processing and points of failure," he says. "However, one thing must be considered: Ethernet does not allow for duplicate packets, and any system of duplication must take this into account—hence, the need for software at the Data Link layer to make sure this does not happen."
With Ethernet-based networks and protocols, redundancy is the most commonly used method to maintain maximum uptime and still be able to deal with minor outages and failures. The statistics from Datacom (Figure 1) show why it is no surprise that the three main areas for Ethernet-based controls redundancy are physical, data link and network layer hardware and software.
Fast Recovery Essential
Automation environment recovery time typically needs to be less than 100 ms. Layer 2 Redundancy protocols do two things: Identify all the possible paths among the networking devices, and place the redundant extra paths in a blocking state to remove network loops. The Spanning Tree Algorithm (IEEE 802.1D) ensures only one path for Ethernet packets, but with recovery times as long as 15 seconds it is too slow. So equipment used for controls typically also support one or more of the following:
• Rapid Spanning Tree Protocol—Currently standardized as IEEE 802.1w 2004, RSTP is an evolutionary leap for STP with failover times from about 250 ms to 12 seconds through industrial processes.
• Multiple Spanning Tree Protocol—IEEE 802.1Q 2003 protocol MSTP allows multiple instances of Spanning Tree Protocol per Virtual LAN.
• Link Aggregation Control Protocol—IEEE 802.3ad protocol LACP allows the user to configure multiple Ethernet ports between Ethernet switches into a single virtual link. This permits load sharing of information between the links and is extremely fast in moving data between a failed port and an adjacent port if there is a link failure.
"A basic redundancy requirement for control systems is that every part of the communication network should be hooked up to a backup power supply with redundant power inputs," says Nick Sandoval, Moxa field application engineer. "The power supply is typically far more likely to fail than a switch." In addition, a completely redundant system consists of redundant switches, redundant communication ports and redundant device pairs. Table I summarizes the methodology Moxa (www.moxa.com) uses to determine the level of redundancy in its network designs.
One of Moxa's newest technologies to economically meet these redundancy requirements, Turbo Chain, connects several Ethernet switches together to form a daisy chain, in which a head switch and a tail switch (the edge switches at the two sides of the chain) are configured first (Figure 2). The remaining switches are configured as member switches. The two ends of the chain are connected to an Ethernet network such as Moxa's Turbo Ring. The network system will recover in less than 20 ms by activating the blocked path and backup path in the ring. Turbo Chain also allows for integration with other technologies such as RSTP and Turbo Ring networks.
Don't Skimp on Spare Ports
Sven Burkard, strategic and product marketing manager at Hirschmann Automation and Control (www.hirschmann-usa.com), recommends that "you plan for 5-10% spare ports and don't forget that managed switches are also a requirement for redundant media/data paths."