Redundancy for PROFINET networks - Frederic Depuydt & Philippe Saey, KU Leuven (Catholic University of Leuven, Belgium)

29/05/2018
PI UK Coventry & London 1
Redundancy protocols for PROFINET
The Smart Way to Industry 4.0 with PROFINET Based Technologies
26 March 2019, AMTC, Coventry
28 March 2019, The Crystal, London
Philippe Saey (lecturer)
Frederic Depuydt (lecturer)
Mathieu Troch
Dimitri De Schuyter
Jos De Brabanter
• Introduction
• Types of redundancy
• MRP
• MRPD
• PRP
• HSR
• Some applications
• Conclusion
2
Outline
The document reflects the author's views. The INTERREG V 2 Seas Program Authorities are not liable for
any use that may be made of the information contained therein.
1
2

29/05/2018
Outline
• Introduction
• MRP
• MRPD
• PRP
• HSR
• Conclusion
Introduction
• Modern factory automation (1) is not wired (2, left) but connected via an industrial network (2, right)
Introduction
(1)
(2)
3
4

29/05/2018
• In factory automation, typical structure is “pyramidal”
• The layers considered today are the field, process and cell level.
Introduction
• Typical cycle times at field and cell level are 1 – 5 ms, sometimes even shorter. For
factory automation, PLCs (Programmable Logic Controllers) are typically used as
controller.
• Consequently, the cycle time of industrial networks are of the same magnitude;
communication also needs to be deterministic, and only carries a small number of
bytes as payload.
Introduction
Company level
Factory level
Cell level
Operating level
Sensor/
actuator
Number of
participants
Transaction
frequency
Amount of
Data bytes
Life time of data Cost per
connection
Network speed
500
5
1 ms
1 hour Mbytes
bits
Months/years
Milli-
seconds
< € 20
> € 10000 1 Gbps
< 1 Mbps
5
6

29/05/2018
Fieldbusses worldwide 2018 (HMS)
Introduction
We focus on PROFINET, in
the EU the most used
technology for ethernet based
industrial networks.
• Ethernet based PROFINET provides deterministic reliable communication in cycle times
between 250 µs up to ms level.
• When PROFINET communication stops, devices go to the fail-safe state.
• Distributed I/O sets outputs to low (and drives coast or brake to standstill) as default fail safe
state
• Alternatively, you can configure another fail safe state, e.g.:
• distributed I/O can set their output to high
• drives can run at a lower predefined speed
• drives / distributed I/O can keep their last speed/value
Introduction – Fail-Safe State
7
8

29/05/2018
IO Controller
(“master”: PLC)
IO Device (“slave”:
electrical drive, robot,
HMI station, remote I/O)
• Measurement setup: IO-Device with toggling output
CH1 CH2 CH3 CH4 AUX
Measurement setup: IO-Device with toggling output
Received by IO-Device
Sent by IO-Controller
IO-Device Digital Output
Normal
communication
Not received anymore
by remote I/O
IO Device goes to fail
safe state; IO Controller
sends a PNIO alarm
9
10

29/05/2018
• Measurement setup: IO-Device with toggling output
When PROFINET communication stops…
Mirror port
IO-Controller
Mirror port
IO-Device
CH1 CH2 CH3 CH4 AUX
Wireshark measurement at IO-Controller side
Update cycle
Wire break
3 update cycles
without response
11
12

29/05/2018
Wireshark measurement at IO-Device side
Update cycle
Wire break
3 update cycles
without response
And what if we do not want to go to the fail safe state because of
errors in the physical layer of the network ???
=> network redundancy
13
14

29/05/2018
Outline
• Introduction
• MRP
• MRPD
• PRP
• HSR
• Conclusion
Types of redundancy
… to minimize or avoid down time of the network and application
• Left are typically industrial, right typically IT redundancy types
Types of Redundancy
Industrial redundancies Other redundancies
MRP* RST
MRPD RSTP
PRP* CRP*
HSR* BRP*
DRP*
* IEC 62439
MRP: Media Redundancy Protocol
MRPD: Media Redundancy for Planned Duplication
PRP: Parallel Redundancy Protocol
HSR: High-availability Seamless Redundancy
15
16

29/05/2018
• The general idea is to create an extra network path that can be used when the
original path fails.
• Additional network issues when using redundancy:
• In a ring structure: avoid loops (=> “broadcast” storms)
• Detect problems in main and redundant path
• Activation of the redundant path
Types of Redundancy
Network redundancy classes for PROFINET
• Redundancy Class 1 (e.g. MRP)
• Ring redundancy for applications with network recovery times up to about
200 ms
• Redundancy Class 2 (e.g. HSR, also PRP)
• Ring redundancy for RT requirements (bumpless)
• Redundancy Class 3 (e.g. MRPD)
• Ring redundancy for IRT requirements (bumpless)
Types of Redundancy - Classes
17
18

29/05/2018
Outline
• Introduction
• MRP
• MRPD
• PRP
• HSR
• Conclusion
MRP
Media Redundancy Protocol
• Network recovery time < 200 ms
• Supported by most devices
• IO-Devices, IO-Controllers and
switches allowed in the ring
• 1 Redundancy Manager
• Multiple Redundancy Clients
*Network Recovery time: the time
between network failure and working
network (after which the PROFINET
communication can start up again)
Switch
(MRM)
Distributed IO
(MRC)

✓
Distributed IO
(MRC)
IO-controller
Switch
(MRC)
19
20

29/05/2018
• MRP packets sent every 20 ms
1) The devices to which a broken cable is connected send an MRP packet to the manager with
the “LinkDown” notification
21
22

29/05/2018
2) When the Manager notices that the ring is broken it sends a “topology change” packet
• All switches clear their FDB (Forwarding DataBase)
• Time from error until FDB clearing = Ring Recovery Time
In the mean time, the IO-Device lets the CPU know that a communication time-out has occurred
after the watchdog time is exceeded
23
24

29/05/2018
• Measured network recovery time
(62 ms in a ring with 4 components)
(Network Recovery Time,
or Fault Recovery Time)
Measurement of “Reinstate Recovery Time”, PROFINET
“Recovery time”: time between network failure and fully operational network
25
26

29/05/2018
Fast Start-Up
• Normal start-up requires check for
• Half / full duplex
• Cross or straight cable
• Applications:
• Redundant networks
• Tool changers
• …
2004 2005 2006 2007 2008 2009 2010
Simple device exchange
Network configuration
Switch Integration
Fiber Optics
Network diagnosis
Topology
Media Redundancy
Time synchronization
Maintenance NE107
Fast Start Up Performance
Optimization
Fiber Optic
Enhancements
PROFINET in PA
Basic functions
Specification
Function
Enhancements
PN V2.1 PN V2.2 PN V2.3PN V2.0
PN V1.0
Whitepaper
PN V1.3
Applications Standard Robots
Highest
Speed /
Process
Basic
Functionality
27
28

29/05/2018
Measurement of “Reinstate Recovery Time”, PROFINET with Fast Start-Up
60 ms of Network Recovery Time of the network (4 components), about 400 ms for starting up
PROFINET to data exchange (FSU) => reinstate recovery time about 460 ms
“Reinstate Recovery Time”: time between network failure and fully
operational network (e.g. PROFINET: in “data exchange”).
Type of Redundancy
(For industrial automation)
MRP
Media Redundancy Protocol
Network topology Ring
Typical application Industrial IT, Process Automation,
Building Automation
Specific hardware needed? No, included in most
Network recovery time
(Datasheet)
200 ms
(typical, depends on #devices)
Network recovery time (measured, 4 devices) 60 ms
Reinstate recovery time (Without Fast start-up
(“FSU”) measured)
± 3.5 s for ET200S
Reinstate recovery time (With Fast start-up (“FSU”)
measured)
± 460 ms for ET200S
Latency introduced by network components of the
redundant ring
Typicaly ± 3 µs + packet duration (typicall
PROFINET packet is 6,7 µs)
Pros • Implemented in most Class B devices
• Cost effective
• Only 1 extra line segment needed
Cons • not seamless
• Ring required
• Configuration mandatory
29
30

29/05/2018
Outline
• Introduction
• MRP
• MRPD
• PRP
• HSR
• Conclusion
MRPD
Media Redundancy for Planned Duplication
• Suitable for PROFINET IRT
• Packages are sent in both directions
• Seamless redundancy
• Not many devices support this
MRPD: Media Redundancy for Planned Duplication
31
32

29/05/2018
Outline
• Introduction
• MRP
• MRPD
• PRP
• HSR
• Conclusion
PRP
Parallel Redundancy Protocol
• Two physically separated LANs
• Messages sent on both LANs
• Seamless redundancy
• No recovery time
• Line, star, tree
LAN A LAN B
33
34

29/05/2018
Node types
• Dual Attached Node
• Single Attached Node
• Redundancy Box
• Virtual DAN
LAN B
LAN A
DAN DAN
DAN
SAN SAN
SAN
RedBox
VDANVDAN
VDAN
Duplicate packet handling in link layer
• “Duplicate Accept”
• Both messages are used
• Higher layer protocols must cope with duplicates
• No network supervision
• “Duplicate Discard”
• First arrived message is used
• Decision taken in the link layer
• Redundancy Control Trailer
35
36

29/05/2018
7 bytes 1 byte 6 bytes 6 bytes 2 bytes 4 bytes
Preamble SFD
Destination
address
Source
address
Ether
type
LSDU FCS
0x8892
Ethernet II Frame for PROFINET IRT
7 bytes 1 byte 6 bytes 6 bytes 2 bytes 2 bytes 2 bytes 4 bytes
Preamble SFD
Destination
address
Source
address
Ether
type VLAN
Ether
type
LSDU FCS
0x8100 0x8892
Ethernet II Frame for PROFINET RT
Redundancy Control Trailer
• 16-bit sequence number
• 4-bit LAN Identifier
• 12-bit data unit size
• 16-bit suffix = 0x88FB
1010 (0x0A) for LAN A
1011 (0x0B) for LAN B
7 bytes 1 byte 6 bytes 6 bytes 2 bytes 2 bytes 2 bytes 6 bytes 4 bytes
Preamble SFD
Destination
address
Source
address
Ether
type
VLAN
Ether
type
LSDU RCT FCS
Sequence
number
LAN ID LSDU size PRP suffix
16 bits 4 bits 12 bits 16 bits
6 bytes are added in the RCT;
LAN ID is “A” or “B”
Maximum pay load size is 1496
bytes (... oversized packets)
37
38

29/05/2018
PROFINET IO message
LAN A
LAN B
Measurement Setup
• IN
• LAN A
• LAN B
• OUT
Update Time: 2 ms
Measured packets: IO-Controller→IO-Device
PRP - Measurements
LAN A
LAN B
CH1 CH2 CH3 CH4 AUX
39
40

29/05/2018
PRP - Measurements
PRP - Measurements
44
45

29/05/2018
PRP – Measurements
Latency is comparable to a “store and forward” switch
PRP - Measurements
Sequence number: 0xA8FB → 43259
LAN A & LAN B
LSDU Size: 0x034 → 52
Suffix: 0x88FB
IN
LAN A
LAN B
OUT
46
47

29/05/2018
Type of Redundancy
MRP PRP
Media Redundancy Protocol Parallel Redundancy Protocol
Network topology Ring Line, Star, Tree
Typical application Industrial IT, Process
Automation, Building
Automation
Factory Automation at IO-Device level,
Automation in ships, energy switch
gear, tunnels, power generation and
distribution, etc.
Specific hardware needed? No, included in most Yes
(Datasheet)
200 ms
0 ms
Network recovery time (measured, 4 devices) 60 ms 0 ms
Reinstate recovery time(Without Fast start-up
± 3.5 s for ET200S 0 ms
Reinstate recovery time (With Fast start-up
± 460 ms for ET200S 0 ms
Latency introduced by network components of
the redundant ring
Typicaly ± 3 µs + packet duration
(typicall PROFINET packet is 6,7 µs)
Pros • Implemented in most Class B
devices
• Cost effective
• Only 1 extra line segment
needed
• Seamless
• Typically “plug and play”
• Works for all networked devices
• Only a part of the network is
duplicated with one PRP set, only one
connection of the network is made
redundant
• Ring required
• Extra hardware needed
• Consequently 2 times latency
added
• Extra 6 bytes added as trailer
Outline
• Introduction
• MRP
• MRPD
• PRP
• HSR
• Conclusion
HSR
High-availability Seamless Redundancy
48
49

29/05/2018
• HSR creates a ring of HSR switches
• Messages sent in both directions of the ring, first arrived message is used
• “Network recovery” time is neglectable
• No recovery time: “seamless” redundancy
Measering Point 1 Measuring Point 2
Measuring Point 3
Port A
Port B
Distributed IO
IO-controller
HSR switch
HSR switch HSR switch
Latency (to get on the ring) is comparable to a “store and forward” switch
In the HSR ring: cut through
IN
HSR
1st segment
HSR
2nd segment
50
51

29/05/2018
Standard PROFINET RT header
• MAC address of destination
and source
• EtherType
• VLAN tag
• Ethertype
52
53

29/05/2018
7 bytes 1 byte 6 bytes 6 bytes 2 bytes 2 bytes 2 bytes 4 bytes 2 bytes 4 bytes
Preamble SFD
Destination
address
Source
address
Ether
type
VLAN 0x892F
HSR
Header
0x8892 LSDU FCS
Network LSDU Sequence
4 bits 12 bits 16 bits
Ethertype and HSR header are added at the
beginning of the message: 6 bytes
CH 1 CH 2 CH 3 CH 4 AUX
54
56

29/05/2018
Header when HSR is used
Ethertype: Defines Ethernet packet
VLAN tag: Defines function and priority
Ethertype: Extra bytes, shows that HSR is used
D0 – D5: Added bytes for HSR header
Ethertype: 0x892F = Code for HSR header
D0: First 4 bits show network and direction
Last 4 bits are used for DU length
D1: Also used for DU length
D2 & D3: Sequence Number
D4 & D5: Ethertype for Profinet
57
58

29/05/2018
HSR to Distributed IO
Port A
Port B
HSR to Distributed IO
Port A
Port B
Output IO Device
59
60

29/05/2018
Type of Redundancy
MRP PRP HSR
Media Redundancy Protocol Parallel Redundancy Protocol High-Availibility Seamless Redundancy
Network topology Ring Line, Star, Tree Ring
Typical application Industrial IT, Process Automation,
Building Automation
Factory Automation at IO-Device level, Automation in ships, energy switch gear,
tunnels, power generation and distribution, etc.
Specific hardware needed? No, included in most Yes Yes
(Datasheet)
200 ms
0 ms 0 ms
Network recovery time (measured, 4 devices) 60 ms 0 ms 0 ms
Reinstate recovery time (Without Fast start-up
± 3.5 s for ET200S 0 0
Reinstate recovery time (With Fast start-up
± 460 ms for ET200S 0 0
Latency introduced by network components of
the redundant ring
Typically ± 3 µs + packet duration
From outside the ring into the ring:
Typically ± 9 µs + packet duration
Between ring components:
Typically: ± 9µs (cut-through)
Pros • Implemented in most Class B
devices
• Cost effective
• Only 1 extra line segment needed
• Seamless
• Only a part of the network can be
duplicated
• Seamless
• Bytes in header allow faster
discard
• Ring required
• Extra hardware needed
• Extra 6 bytes added as trailer
• Extra HSR switches needed
• Extra 6 bytes added
• Bandwidth reduced to 50%, due to
duplication
Outline
• Introduction
• MRP
• MRPD
• PRP
• HSR
• Conclusion
Some applications
61
62

29/05/2018
MRP – Specific application
Using fairly standard MRP redundancy to allow a quick restart of production
after a network failure in Volvo Car Gent.
The robot station of “Inside Clear Coat”
provides the inside varnish coating of the car
body. It holds among others 5 robots to open
doors, and 4 painting robots, connected in a
PROFINET MRP ring. When the
communication stops, all devices go to the fail
safe state.
If no other malfunctioning equipment is
observed during a first line intervention of a
maintenance team, a quick restart of the
network communication (and consequently
production) is possible without actually
searching the error in the physical layer of the
network. MRP functionality “isolates” the
network error, and saves valuable production
time.
Besides the lab tests on working principle,
timing and overall latency, a field test in
the Hot Steel Rolling Mill of ArcelorMittal
Gent was conducted. A > 1 year test on
the dependability in a harsh environment,
running EtherCAT communication in a 4
ms cycle, going from the control room
over a long distance to the field,
concluded that:
PRP – Specific application
Field test in a harsh industrial environment: PRP application in the
Hot Steel Rolling Mill of ArcelorMittal Gent.
1. set-up was simply plug-and-play
2. communication with the IO Devices was never interrupted, no transition
to fail-safe state occurred.
63
64

29/05/2018
PRP – Specific application
PRP could typically be used to make a single vulnerable cable redundant.
E.g. could be a “cable run” in an accumulator for steel plate, or (figure) for an
overhead crane.
HSR – Specific application
Lab tests for safety network in a demanding industrial environment:
possible HSR application in the Hot Steel Rolling Mill of ArcelorMittal Gent.
The new “level 1 automation” of the finishing rolling mills in the Hot Steel Rolling Mill of
ArcelorMittal Gent requires the complete machine to be handled as “safety area”
according to the machine guidelines.
It involves among others locking in the complete set-up behind a fence, with safety locks
at the access gates (right figure, right component) in a PROFINET/PROFISAFE network.
65
66

29/05/2018
The large number of safety components combined with the harsh environment introduces a risk of having a
shutdown of the complete Hot Steel Rolling Mill, “only” because of e.g. a (temporary) malfunctioning cable
connection in the safety network (one might say a “side circuit” to the actual automation level).
As an average intervention in the fail-safe environment takes about 60 minutes (procedures), and average cost per
minute of standstill is about € 2000, any stop because of malfunctioning “side circuits” needs to be avoided.
Lab tests together with engineers of AMG, on actual equipment used, concluded:
1) Although most components – with watch dog time set sufficiently high – could be in a standard MRP ring, requiring (almost)
no extra components (so high reliability!), the reconfiguration time of the network rises too quickly.
2) Using PRP requires in this case a large amount of extra components and cabling.
3) Putting the safety network components in a ring of HSR switches introduces negligible packet jitter (order of µs). Permanent
diagnostics (a PN Inspektor?) and feedback of the status of the HSR switches into the automation and HMI level still need to
be covered.
67
68

29/05/2018
Outline
• Introduction
• MRP
• MRPD
• PRP
• HSR
• Conclusion
Conclusion
• Devices go to the Fail Safe State when ALL communication times out.
• When one wishes to avoid going to the fail safe state because of errors in the
physical layer of industrial networks, redundancy can be used => a higher
degree of availability is achieved.
• MRP typically covers “industrial IT” applications (e.g. logging, commissioning,
file transfer, …), but is typically too slow for faster I/O networks.
• When switchover needs to be seamless, one can consider using HSR or PRP
technologies.
Conclusion
69
70

29/05/2018
• PRP and HSR devices add very little latency to the network. PRP and HSR (for
going onto the HSR ring) add a latency comparable to “store and forward”
switches.
• HSR switches in the ring act like “cut through” switches, adding even less
latency.
Conclusion
Questions?
Visit our MRP, PRP and HSR demos at the INCASE stand
71
72

Redundancy for PROFINET networks - Frederic Depuydt & Philippe Saey, KU Leuven (Catholic University of Leuven, Belgium)

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Redundancy for PROFINET networks - Frederic Depuydt & Philippe Saey, KU Leuven (Catholic University of Leuven, Belgium)

Similar to Redundancy for PROFINET networks - Frederic Depuydt & Philippe Saey, KU Leuven (Catholic University of Leuven, Belgium) (20)

More from PROFIBUS and PROFINET InternationaI - PI UK

More from PROFIBUS and PROFINET InternationaI - PI UK (20)

Recently uploaded

Recently uploaded (20)

Redundancy for PROFINET networks - Frederic Depuydt & Philippe Saey, KU Leuven (Catholic University of Leuven, Belgium)