BS EN 61784-3-2:2010
$215.11
Industrial communication networks. Profiles – Functional safety fieldbuses. Additional specifications for CPF 2
| Published By | Publication Date | Number of Pages |
| BSI | 2010 | 268 |
This part of the IEC 61784-3 series specifies a safety communication layer (services and protocol) based on CPF 2 of IEC 61784-1, IEC 61784-2 and IEC 61158 Type 2. It identifies the principles for functional safety communications defined in IEC 61784-3 that are relevant for this safety communication layer.
NOTE 1 It does not cover electrical safety and intrinsic safety aspects. Electrical safety relates to hazards such as electrical shock. Intrinsic safety relates to hazards associated with potentially explosive atmospheres.
This part1 defines mechanisms for the transmission of safety-relevant messages among participants within a distributed network using fieldbus technology in accordance with the requirements of IEC 61508 series2 for functional safety. These mechanisms may be used in various industrial applications such as process control, manufacturing automation and machinery.
This part provides guidelines for both developers and assessors of compliant devices and systems.
NOTE 2 The resulting SIL claim of a system depends on the implementation of the selected functional safety communication profile within this system ā implementation of a functional safety communication profile according to this part in a standard device is not sufficient to qualify it as a safety device.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 9 | CONTENTS |
| 19 | 0 Introduction 0.1 General Figures Figure 1 ā Relationships of IEC 61784-3 with other standards (machinery) |
| 20 | Figure 2 ā Relationships of IEC 61784-3 with other standards (process) |
| 21 | 0.2 Patent declaration |
| 22 | 1 Scope 2 Normative references |
| 23 | 3 Terms, definitions, symbols, abbreviated terms and conventions 3.1 Terms and definitions |
| 28 | 3.2 Symbols and abbreviated terms |
| 30 | 3.3 Conventions 4 Overview of FSCPĀ 2/1 (CIP Safetyā¢) 4.1 General 4.2 FSCPĀ 2/1 |
| 31 | 5 General 5.1 External documents providing specifications for the profile FigureĀ 3 ā Relationship of Safety Validators |
| 32 | 5.2 Safety functional requirements 5.3 Safety measures Tables TableĀ 1 ā Communications errors and detection measures matrix |
| 33 | 5.4 Safety communication layer structure 5.5 Relationships with FAL (and DLL, PhL) FigureĀ 4 ā Communication layers |
| 34 | 6 Safety communication layer services 6.1 Introduction 6.2 Connection object TableĀ 2 ā New class attributes |
| 35 | TableĀ 3 ā Service extensions TableĀ 4 ā SafetyOpen and SafetyClose response format |
| 36 | 6.3 Connection Manager object |
| 37 | FigureĀ 5 ā ForwardOpen with safety network segment |
| 38 | TableĀ 5 ā Safety network segment identifier TableĀ 6 ā Safety network segment definition |
| 39 | FigureĀ 6 ā Safety network target format |
| 40 | TableĀ 7 ā Safety network segment router format TableĀ 8 ā Safety Network Segment Extended Format |
| 42 | FigureĀ 7 ā Target Processing SafetyOpen with no configuration data (Form 2 SafetyOpen) |
| 43 | FigureĀ 8 ā Target Processing for SafetyOpen with configuration data (Form 1 SafetyOpen) |
| 44 | FigureĀ 9 ā Originator logic to determine which format to use |
| 45 | TableĀ 9 ā Multipoint producer parameter evaluation rules |
| 47 | TableĀ 10 ā ForwardOpen setting options for safety connections |
| 48 | TableĀ 11 ā Network connection parameters for safety connections |
| 49 | TableĀ 12 ā CPĀ 2/3 Safety target application reply (size: 10 octets) TableĀ 13 ā EF CPĀ 2/3 Safety target application reply (size: 14 octets) |
| 50 | TableĀ 14 ā SafetyOpen target application reply (size: 18 octets) TableĀ 15 ā EF SafetyOpen target application reply (size: 22 octets) |
| 51 | TableĀ 16 ā New and extended error codes for safety TableĀ 17 ā SafetyOpen error event guidance table |
| 53 | 6.4 Identity object 6.5 Link objects TableĀ 18 ā Identity object common service changes TableĀ 19 ā New DeviceNet object instance attribute |
| 54 | 6.6 Safety Supervisor object TableĀ 20 ā New TCP/IP Interface object Instance Attribute |
| 55 | TableĀ 21 ā Safety Supervisor class attributes TableĀ 22 ā Safety Supervisor instance attributes |
| 59 | TableĀ 23 ā Device status attribute state values |
| 60 | TableĀ 24 ā Exception status attribute format |
| 61 | TableĀ 25 ā Common exception detail attribute values |
| 62 | TableĀ 26 ā Exception detail format summary |
| 64 | TableĀ 27 ā Summary of device behavior for various CFUNID values |
| 66 | TableĀ 28 ā Safety Supervisor common services TableĀ 29 ā Safety Supervisor object specific services |
| 68 | TableĀ 30 ā Configure_Request message structure TableĀ 31 ā Validate_Configuration message structure TableĀ 32 ā Validate_Configuration success message structure |
| 69 | FigureĀ 10 ā Applying device configuration TableĀ 33 ā Validate_Configuration error code TableĀ 34 ā Validate_Configuration extended codes |
| 70 | FigureĀ 11 ā Configure and Validate processing flowcharts |
| 71 | TableĀ 35 ā Set_Password message structure TableĀ 36 ā Reset_Password message structure |
| 72 | TableĀ 37 ā Configuration_Lock/Unlock message structure TableĀ 38 ā Mode_Change message structure TableĀ 39 ā Safety_Reset message structure |
| 73 | TableĀ 40 ā Safety Supervisor safety reset types TableĀ 41 ā Attribute bit map parameter TableĀ 42 ā Reset processing rules for rest types |
| 74 | TableĀ 43 ā Propose_TUNID service |
| 75 | TableĀ 44 ā Apply_TUNID service |
| 76 | FigureĀ 12 ā UNID handling during āWaiting for TUNIDā |
| 77 | FigureĀ 13 ā Safety Supervisor state diagram TableĀ 45 ā Safety Supervisor events |
| 78 | TableĀ 46 ā State event matrix for Safety Supervisor |
| 81 | FigureĀ 14 ā Configuration, testing and locked relationships TableĀ 47 ā Configuration owner control vs. device state |
| 82 | TableĀ 48 ā State mapping of Safety Supervisor to Identity object TableĀ 49 ā Safety Supervisor object event mapping |
| 83 | 6.7 Safety Validator object TableĀ 50 ā Identity object event mapping |
| 84 | TableĀ 51 ā Safety Validator class attributes TableĀ 52 ā Safety Validator instance attributes |
| 86 | TableĀ 53 ā Safety Validator state assignments |
| 87 | FigureĀ 15 ā Safety connection types TableĀ 54 ā Safety Validator type, bit field assignments |
| 88 | TableĀ 55 ā Multipoint producer SafetyOpen parameter evaluation rules |
| 89 | TableĀ 56 ā Safety Validator class services |
| 90 | TableĀ 57 ā Safety Validator instance services TableĀ 58 ā Safety Validator Get_Attributes_All service data |
| 91 | FigureĀ 16 ā Safety Validator state transition diagram |
| 92 | 6.8 Connection Configuration Object TableĀ 59 ā Safety Validator state event matrix TableĀ 60 ā State mapping between Safety Supervisor and Safety Validator objects |
| 93 | TableĀ 61 ā Connection configuration object class attribute extensions TableĀ 62 ā Connection Configuration Object instance attribute additions/extensions |
| 95 | TableĀ 63 ā Connection flag bit definitions |
| 97 | TableĀ 64 ā O-to-T connection parameters |
| 98 | TableĀ 65 ā T-to-O connection parameters |
| 99 | TableĀ 66 ā Data map formats |
| 100 | TableĀ 67 ā Data map format 0 TableĀ 68 ā Data map format 1 |
| 102 | TableĀ 69 ā Target deviceās SCCRC values |
| 103 | TableĀ 70 ā Target deviceās SCTS values TableĀ 71 ā Time correction connection parameters for multipoint connection |
| 104 | TableĀ 72 ā Format Type attribute meaning |
| 105 | FigureĀ 17 ā Logic for Auto-detecting format type TableĀ 73 ā Format Status attribute meaning |
| 106 | TableĀ 74 ā Connection Configuration Object-specific services TableĀ 75 ā Get_Attributes_All Response service data (added attributes ) |
| 107 | TableĀ 76 ā Get_Attributes_All Response service data (added parameters ) TableĀ 77 ā Set_Attributes_All Request service data (added attributes) |
| 108 | FigureĀ 18 ā Connection Configuration Object state diagram TableĀ 78 ā Set_Attributes_All Response service data (added parameters ) TableĀ 79 ā State Mapping between Safety Supervisor and the CCO objects |
| 109 | 7 Safety communication layer protocol 7.1 Safety PDU format FigureĀ 19 ā Connection Configuration Object data flow |
| 110 | Figure 20 ā Format of the mode octet TableĀ 80 ā Connection sections and PDU formats |
| 111 | FigureĀ 21 ā 1 or 2 octet data section, Base Format TableĀ 81 ā Mode octet variables |
| 112 | FigureĀ 22 ā 1 or 2 octet data section, Extended Format FigureĀ 23 ā 3 to 250 octet data section format, Base Format |
| 113 | FigureĀ 24 ā 3 to 250 octet data section format, Extended Format |
| 114 | FigureĀ 25 ā Time Stamp section format, Base Format TableĀ 82 ā Time Stamp variables |
| 115 | FigureĀ 26 ā BF Time Coordination message encoding FigureĀ 27 ā EF Time Coordination message encoding TableĀ 83 ā Time Coordination message variables |
| 116 | FigureĀ 28 ā BF Time Correction message encoding FigureĀ 29 ā EF Time Correction message encoding |
| 117 | TableĀ 84 ā Time Correction Message variables |
| 118 | FigureĀ 30 ā 1 or 2 octet point-to-point PDU encoding FigureĀ 31 ā 1 or 2 Octet multipoint PDU encoding |
| 119 | FigureĀ 32 ā 1 or 2 Octet, multipoint, Format 2 safety connection format FigureĀ 33 ā 3 to 250 Octet Point-to-point PDU encoding |
| 120 | FigureĀ 34 ā 3 to 248 Octet Multipoint PDU encoding FigureĀ 35 ā 3 to 248 Octet, Multipoint, safety connection format |
| 121 | FigureĀ 36 ā CRC Calculation order for Extended Format messages TableĀ 85 ā CRC polynomials used |
| 122 | 7.2 Communication protocol behavior TableĀ 86 ā Connection sections and message formats |
| 123 | 7.3 Time stamp operation FigureĀ 37 ā Time stamp sequence |
| 124 | 7.4 Protocol sequence diagrams FigureĀ 38 ā Sequence diagram of a normal producer/consumer safety sequence |
| 125 | FigureĀ 39 ā Sequence diagram of a normal producer/consumer safety sequence (production repeated) |
| 126 | FigureĀ 40 ā Sequence diagram of a corrupted producer to consumer message FigureĀ 41 ā Sequence diagram of a lost producer to consumer message |
| 127 | FigureĀ 42 ā Sequence diagram of a delayed message |
| 128 | FigureĀ 43 ā Sequence diagram of a corrupted producer to consumer message with production repeated |
| 129 | FigureĀ 44 ā Sequence diagram of a connection terminated due to delays FigureĀ 45 ā Sequence diagram of a failure of safety CRC check |
| 130 | FigureĀ 46 ā Sequence diagram of a point-to-point ping – normal response |
| 131 | FigureĀ 47 ā Sequence diagram of a successful multipoint ping, CPĀ 2/3 safety |
| 132 | FigureĀ 48 ā Sequence diagram of a successful multipoint ping, CPĀ 2/2 safety |
| 133 | FigureĀ 49 ā Sequence diagram of a multipoint ping retry FigureĀ 50 ā Sequence diagram of a multipoint ping timeout |
| 134 | 7.5 Safety protocol definition FigureĀ 51 ā Safety device reference model entity relation diagram |
| 135 | FigureĀ 52 ā Two devices interchanging safety data via a SafetyValidatorClient and a SafetyValidatorServer |
| 137 | FigureĀ 53 ā Point-to-point, originating consumer. target producer |
| 138 | FigureĀ 54 ā Point-to-point, originator producer, target consumer |
| 139 | FigureĀ 55 ā Multi-point, originator consumer, target producer |
| 140 | FigureĀ 56 ā Safety production data flow |
| 149 | FigureĀ 57 ā Consumer safety data monitoring |
| 150 | FigureĀ 58 ā SafetyValidatorServer – application triggered |
| 151 | TableĀ 87 ā Data reception – Link triggered TableĀ 88 ā Time_Correction reception – Link triggered TableĀ 89 ā Data reception – Application triggered |
| 152 | TableĀ 90 ā Time_Correction reception – Application triggered TableĀ 91 ā Consuming application ā Safety data monitoring |
| 161 | 7.6 Safety message and protocol data specifications |
| 164 | TableĀ 92 ā Producer connection status determination |
| 175 | TableĀ 93 ā Consuming safety connection status |
| 179 | 8 Safety communication layer management 8.1 Overview 8.2 Definition of the measures used during connection establishment TableĀ 94 ā Connection establishment errors and measures to detect errors |
| 180 | TableĀ 95 ā SNN Date/Time allocations TableĀ 96 ā SNN legal range of time values |
| 183 | 8.3 Originator-Target relationship validation FigureĀ 59 ā Target ownership |
| 184 | 8.4 Detection of mis-routed connection requests 8.5 SafetyOpen processing 8.6 Ownership management FigureĀ 60 ā SafetyOpen forms |
| 185 | 8.7 Bridging different physical layers FigureĀ 61 ā Connection ownership state chart FigureĀ 62 ā SafetyOpen UNID mapping |
| 186 | FigureĀ 63 ā Common CPFĀ 2 application layer FigureĀ 64 ā End-to-End routing example |
| 187 | 8.8 Safety connection establishment |
| 188 | TableĀ 97 ā Safety connection parameters |
| 189 | FigureĀ 65 ā Sources for safety related connection parameters |
| 190 | FigureĀ 66 ā Parameter mapping between originator and target |
| 191 | TableĀ 98 ā SafetyOpen summary |
| 192 | FigureĀ 67 ā CPĀ 2/3 Safety connection establishment in targets for Form 2a SafetyOpen |
| 193 | FigureĀ 68 ā General sequence to detect configuration is required |
| 198 | FigureĀ 69 ā PID/CID exchanges for two originator scenarios |
| 199 | FigureĀ 70 ā Seed generation for multipoint connections |
| 200 | FigureĀ 71 ā PID/CID runtime handling |
| 202 | TableĀ 99 ā Originator/Target service mapping TableĀ 100 ā Unsupported originator/target service types |
| 203 | FigureĀ 72 ā Connection categories and supported services |
| 204 | FigureĀ 73 ā Recommended connection types FigureĀ 74 ā Logic-to-logic supported services |
| 205 | 8.9 Safety configuration process FigureĀ 75 ā Recommended connection types for logic to logic |
| 206 | FigureĀ 76 ā Configuration data transfers TableĀ 101 ā Configuration goals |
| 208 | FigureĀ 77 ā Protection measures in safety devices |
| 210 | FigureĀ 78 ā Configuration, testing and locked relationships |
| 211 | TableĀ 102 ā Configuration owner control vs. device state |
| 212 | FigureĀ 79 ā Originator’s configuration data |
| 214 | FigureĀ 80 ā SNCT to device download process |
| 215 | FigureĀ 81 ā SNCT Downloads to originators that perform Form 1 configuration |
| 217 | FigureĀ 82 ā Protection from locking and ownership |
| 218 | FigureĀ 83 ā Example of read back and comparison of original and printout |
| 219 | FigureĀ 84 ā Diverse display without full data read back FigureĀ 85 ā Verification process including all alternatives |
| 220 | TableĀ 103 ā Errors and detection measures |
| 223 | 8.10 Electronic Data Sheets extensions for safety |
| 225 | TableĀ 104 ā Parameter class keywords TableĀ 105 ā New Connection Manager section keywords for safety |
| 226 | TableĀ 106 ā Connection Manager field usage for safety |
| 228 | 8.11 Requirements for CPĀ 2/2 TableĀ 107 ā Connection parameter field settings for safety |
| 229 | 8.12 Requirements for CPĀ 2/3 TableĀ 108 ā CPĀ 2/3 ID assignment rules |
| 232 | 8.13 CPĀ 16/3 requirements FigureĀ 86 ā CPĀ 16/3 device model |
| 234 | FigureĀ 87 ā Adding a standard module to a modular device |
| 235 | 9 System requirements 9.1 Indicators and switches TableĀ 109 ā LED indications for setting UNID |
| 236 | TableĀ 110 ā Module Status LED TableĀ 111 ā Network status LED states |
| 239 | FigureĀ 88 ā Safety device MACID processing logic |
| 240 | 9.2 Installation guidelines 9.3 Safety function response time FigureĀ 89 ā Safety function response time |
| 241 | TableĀ 112 ā Connection reaction time type ā producing/consuming applications |
| 242 | FigureĀ 90 ā Safety function response time components |
| 243 | 9.4 Duration of demands 9.5 Constraints for calculation of system characteristics FigureĀ 91 ā Network protocol reliability block diagram (RBD) |
| 245 | FigureĀ 92 ā Network PFH summary |
| 246 | FigureĀ 93 ā Extended Format PFH summary |
| 247 | 9.6 Maintenance 9.7 Safety manual 10 Assessment |
| 248 | Annex A (informative) Additional information for functional safety communication profiles of CPF 2 |
| 263 | Annex B (informative) Information for assessment of the functional safety communication profiles of CPF 2 |
| 264 | Bibliography |
