🔥🔥 Don’t Miss Out on Our End of Autumn Sale. If you have any questions, feel free to click the bottom right corner to contact our customer service..

Concat us[email protected]
Shopping Cart

No products in the cart.

🔍
BS EN IEC 61784-3-2:2021

BS EN IEC 61784-3-2:2021

$215.11

Industrial communication networks. Profiles – Functional safety fieldbuses. Additional specifications for CPF 2

Published By Publication Date Number of Pages
BSI 2021 288
PDF Format Searchable Printable Preview Now
Guaranteed Safe Checkout
Categories: ,

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

IEC 61784-3-2:2021 specifies a safety communication layer (services and protocol) based on CPF 2 of IEC 61784 1, IEC 61784 2 and IEC 61158 Type 2. It identifies the principles for functional safety communications defined in IEC 61784 3 that are relevant for this safety communication layer. This safety communication layer is intended for implementation in safety devices only. NOTE 1 It does not cover electrical safety and intrinsic safety aspects. Electrical safety relates to hazards such as electrical shock. Intrinsic safety relates to hazards associated with potentially explosive atmospheres. This document defines mechanisms for the transmission of safety-relevant messages among participants within a distributed network using fieldbus technology in accordance with the requirements of IEC 61508 (all parts) for functional safety. These mechanisms may be used in various industrial applications such as process control, manufacturing automation and machinery. This document provides guidelines for both developers and assessors of compliant devices and systems.

PDF Catalog

PDF Pages PDF Title
2 undefined
5 Annex ZA(normative)Normative references to international publicationswith their corresponding European publications
9 English
CONTENTS
19 FOREWORD
21 0 Introduction
0.1 General
Figure 1 – Relationships of IEC 617843 with other standards (machinery)
22 0.2 Patent declaration
Figures
Figure 2 – Relationships of IEC 617843 with other standards (process)
24 1 Scope
2 Normative references
26 3 Terms, definitions, symbols, abbreviated terms and conventions
3.1 Terms and definitions
3.1.1 Common terms and definitions
31 3.1.2 CPF 2: Additional terms and definitions
32 3.2 Symbols and abbreviated terms
3.2.1 Common symbols and abbreviated terms
33 3.2.2 CPF 2: Additional symbols and abbreviated terms
34 3.3 Conventions
4 Overview of FSCP 2/1 (CIP Safety™)
4.1 General
4.2 FSCP 2/1
35 5 General
5.1 External documents providing specifications for the profile
Figure 3 – Relationship of Safety Validators
36 5.2 Safety functional requirements
5.3 Safety measures
Tables
Table 1 – Communications errors and detection measures matrix
37 5.4 Safety communication layer structure
5.5 Relationships with FAL (and DLL, PhL)
5.5.1 General
5.5.2 Data types
Figure 4 – Communication layers
38 6 Safety communication layer services
6.1 General
6.2 Connection object
6.2.1 General
6.2.2 Class attribute extensions
Table 2 – New class attributes
39 6.2.3 Service extensions
6.2.4 Explicit message response format for SafetyOpen and SafetyClose
Table 3 – Service extensions
Table 4 – SafetyOpen and SafetyClose response format
40 6.3 Connection Manager object
6.3.1 General
6.3.2 ForwardOpen for safety
41 Figure 5 – ForwardOpen with safety network segment
42 6.3.3 Safety network segment
Table 5 – Safety network segment identifier
Table 6 – Safety network segment definition
43 Figure 6 – Safety network target format
44 Table 7 – Safety network segment router format
Table 8 – Safety Network Segment Extended Format
45 6.3.4 Originator rules for calculating the connection parameter CRC
6.3.5 SafetyOpen processing flowcharts
46 Figure 7 – Target Processing SafetyOpen with no configuration data(Type 2 SafetyOpen)
47 Figure 8 – Target Processing for SafetyOpen with configuration data(Type 1 SafetyOpen)
48 6.3.6 Checks required by Multipoint producers with existing connections
Figure 9 – Originator logic to determine which format to use
49 6.3.7 Electronic key usage for safety
6.3.8 RPI vs. API in safety connections
6.3.9 Application path construction rules for safety connections
Table 9 – Multipoint producer parameter evaluation rules
51 6.3.10 Safety Validator connection types
52 Table 10 – ForwardOpen setting options for safety connections with object-based application paths
54 Table 11 – ForwardOpen setting options for safety connections with ANSI Extended symbol segment application path
55 6.3.11 Application reply data in a successful SafetyOpen response
Table 12 – Network connection parameters for safety connections
Table 13 – SafetyOpen target application reply (size: 10 octets)
56 Table 14 – EF CP 2/2 or CP 16/3 SafetyOpen target application reply (size: 14 octets)
Table 15 – BF CP 2/3 SafetyOpen target application reply (size: 18 octets)
57 6.3.12 Unsuccessful SafetyOpen response
Table 16 – EF CP 2/3 SafetyOpen target application reply (size: 22 octets)
Table 17 – New and extended error codes for safety
58 Table 18 – SafetyOpen error event guidance table
59 6.3.13 ForwardClose for safety
6.4 Identity object
6.4.1 General
60 6.4.2 Changes to common services
6.4.3 Extensions for CP 16/3 devices
6.5 Link objects
6.5.1 DeviceNet object changes
Table 19 – Identity object common service changes
Table 20 – Identity object extensions for CP 16/3 devices
61 6.5.2 TCP/IP Interface object changes
6.5.3 SERCOS III Link object
Table 21 – New DeviceNet object instance attribute
Table 22 – New TCP/IP Interface object instance attribute
62 Table 23 – SERCOS III Link object class attributes
Table 24 – SERCOS III Link object instance attributes
63 6.6 Safety Supervisor object
6.6.1 General
6.6.2 Safety Supervisor class attributes
Table 25 – SERCOS III Link Object Common Services
64 6.6.3 Subclasses
6.6.4 Safety Supervisor instance attributes
Table 26 – Safety Supervisor class attributes
Table 27 – Safety Supervisor instance attributes
68 6.6.5 Semantics
69 Table 28 – Device status attribute state values
Table 29 – Exception status attribute format
70 Table 30 – Common exception detail attribute values
71 Table 31 – Exception detail format summary
73 Table 32 – Summary of device behavior for various CFUNID values
74 6.6.6 Subclasses
75 6.6.7 Safety Supervisor common services
Table 33 – Safety Supervisor common services
Table 34 – Safety Supervisor object specific services
77 Table 35 – Configure_Request message structure
78 Table 36 – Validate_Configuration message structure
Table 37 – Validate_Configuration success message structure
Table 38 – Validate_Configuration error code
Table 39 – Validate_Configuration extended codes
79 Figure 10 – Applying device configuration
80 Figure 11 – Configure and Validate processing flowcharts
81 Table 40 – Set_Password message structure
Table 41 – Reset_Password message structure
82 Table 42 – Configuration_Lock/Unlock message structure
Table 43 – Mode_Change message structure
83 Table 44 – Safety_Reset message structure
Table 45 – Safety Supervisor safety reset types
Table 46 – Attribute bit map parameter
84 Table 47 – Reset processing rules for reset types
Table 48 – Propose_TUNID service
85 Table 49 – Apply_TUNID service
86 Figure 12 – UNID handling during “Waiting for TUNID”
87 6.6.8 Safety Supervisor behavior
Table 50 – Propose_TUNID_List service
Table 51 – Apply_TUNID_List service
88 Figure 13 – Safety Supervisor state diagram
Table 52 – Safety Supervisor events
89 Table 53 – State event matrix for Safety Supervisor
92 Figure 14 – Configuration, testing and locked relationships
Table 54 – Configuration owner control vs. device state
93 Table 55 – State mapping of Safety Supervisor to Identity object
Table 56 – Safety Supervisor object event mapping
94 6.7 Safety Validator object
6.7.1 General
6.7.2 Class attributes
Table 57 – Identity object event mapping
95 6.7.3 Instance attributes
Table 58 – Safety Validator class attributes
Table 59 – Safety Validator instance attributes
98 Table 60 – Safety Validator state assignments
Table 61 – Safety Validator type, bit field assignments
99 Figure 15 – Safety connection types
100 Table 62 – Multipoint producer SafetyOpen parameter evaluation rules
101 6.7.4 Class services
6.7.5 Instance services
Table 63 – Safety Validator class services
102 6.7.6 Object behavior
Table 64 – Safety Validator instance services
Table 65 – Safety Validator Get_Attributes_All service data
103 Figure 16 – Safety Validator state transition diagram
104 Table 66 – Safety Validator state event matrix
105 6.8 Connection Configuration Object
6.8.1 General
6.8.2 Class attribute extensions
6.8.3 Instance attributes, additions and extensions.
Table 67 – State mapping between Safety Supervisor and Safety Validator objects
Table 68 – Connection configuration object class attribute extensions
106 Table 69 – Connection Configuration Object instance attribute additions/extensions
108 6.8.4 Instance attribute semantics extensions or restrictions for safety
Table 70 – Connection flag bit definitions
110 Table 71 – O-to-T connection parameters
111 Table 72 – T-to-O connection parameters
112 Table 73 – Data map formats
113 6.8.5 Special Safety Related Parameters – (Attribute 13)
Table 74 – Data map format 0
Table 75 – Data map format 1
115 Table 76 – Target device’s SCCRC values
116 Table 77 – Target device’s SCTS values
Table 78 – Time correction connection parameters for multipoint connection
117 Table 79 – Format Type attribute meaning
118 Figure 17 – Logic for Auto-detecting format type
Table 80 – Format Status attribute meaning
119 6.8.6 Object-specific services
6.8.7 Common service extensions for safety
Table 81 – Connection Configuration Object-specific services
Table 82 – Get_Attributes_All Response service data (added attributes)
120 Table 83 – Get_Attributes_All Response service data (added parameters)
Table 84 – Set_Attributes_All Request service data (added attributes)
121 6.8.8 Object behavior
Figure 18 – Connection Configuration Object state diagram
Table 85 – Set_Attributes_All Response service data (added parameters)
Table 86 – State Mapping between Safety Supervisor and the CCO objects
122 7 Safety communication layer protocol
7.1 Safety PDU format
7.1.1 Safety PDU encoding
Figure 19 – Connection Configuration Object data flow
123 Table 87 – Connection sections and PDU formats
Table 88 – Connection sections and message format
124 Figure 20 – Format of the mode octet
Figure 21 – 1 or 2 octet data section, Base Format
Table 89 – Mode octet variables
125 Figure 22 – 1 or 2 octet data section, Extended Format
Figure 23 – 3 to 250 octet data section format, Base Format
126 Figure 24 – 3 to 250 octet data section format, Extended Format
127 Figure 25 – Time Stamp section format, Base Format
Table 90 – Time Stamp variables
128 Figure 26 – BF Time Coordination message encoding
Figure 27 – EF Time Coordination message encoding
Table 91 – Time Coordination message variables
129 Figure 28 – BF Time Correction message encoding
Figure 29 – EF Time Correction message encoding
130 Table 92 – Time Correction Message variables
131 Figure 30 – 1 or 2 octet point-to-point PDU encoding
Figure 31 – 1 or 2 Octet multipoint PDU encoding
132 Figure 32 – 1 or 2 Octet, multipoint, Format 2 safety connection format
Figure 33 – 3 to 250 Octet Point-to-point PDU encoding
133 Figure 34 – 3 to 248 Octet Multipoint PDU encoding
Figure 35 – 3 to 248 Octet, Multipoint, safety connection format
134 7.1.2 Safety CRC
Figure 36 – CRC Calculation order for Extended Format messages
Table 93 – CRC polynomials used
135 7.2 Communication protocol behavior
7.2.1 Sequence of safety checks
7.2.2 Connection termination
Table 94 – CRC usage for connection and configuration
136 7.2.3 Cross checking error
7.3 Time stamp operation
Figure 37 – Time stamp sequence
137 7.4 Rollover counts in the EF
7.5 Protocol sequence diagrams
7.5.1 General
7.5.2 Normal safety transmission
Figure 38 – Sequence diagram of a normal producer/consumer safety sequence
138 Figure 39 – Sequence diagram of a normal producer/consumer safety sequence (production repeated)
139 7.5.3 Lost, corrupted and delayed message transmission
Figure 40 – Sequence diagram of a corrupted producer to consumer message
140 Figure 41 – Sequence diagram of a lost producer to consumer message
141 7.5.4 Lost, corrupted or delayed message transmission with production repeated
Figure 42 – Sequence diagram of a delayed message
142 Figure 43 – Sequence diagram of a corrupted producer to consumer message with production repeated
Figure 44 – Sequence diagram of a connection terminated due to delays
143 7.5.5 Point-to-point ping
Figure 45 – Sequence diagram of a failure of safety CRC check
Figure 46 – Sequence diagram of a point-to-point ping – normal response
144 7.5.6 Multipoint ping on CP 2/3 Safety
145 Figure 47 – Sequence diagram of a successful multipoint ping, CP 2/3 safety
146 7.5.7 Multipoint ping on CP 2/2 safety networks
7.5.8 Multipoint ping – retry with success
Figure 48 – Sequence diagram of a successful multipoint ping, CP 2/2 safety
147 7.5.9 Multipoint ping – retry with timeout
Figure 49 – Sequence diagram of a multipoint ping retry
Figure 50 – Sequence diagram of a multipoint ping timeout
148 7.6 Safety protocol definition
7.6.1 General
7.6.2 High level view of a safety device
Figure 51 – Possible safety architectures for FSCP 2/1
149 7.6.3 Safety Validator object
7.6.4 Relationship between SafetyValidatorServer and SafetyValidatorClient
Figure 52 – Safety device reference model entity relation diagram
150 7.6.5 Extended Format time stamp rollover handling
Figure 53 – Two devices interchanging safety data via a SafetyValidatorClient and a SafetyValidatorServer
151 Figure 54 – Point-to-point, originating consumer. target producer
153 Figure 55 – Point-to-point, originator producer, target consumer
154 Figure 56 – Multi-point, originator consumer, target producer
156 7.6.6 SafetyValidatorClient function definition
Figure 57 – Safety production data flow
164 7.6.7 SafetyValidatorServer function definition
165 Figure 58 – Consumer safety data monitoring
166 Figure 59 – SafetyValidatorServer – application triggered
167 Table 95 – Data reception – Link triggered
Table 96 – Time_Correction reception – Link triggered
Table 97 – Data reception – Application triggered
168 Table 98 – Time_Correction reception – Application triggered
Table 99 – Consuming application – Safety data monitoring
177 7.7 Safety message and protocol data specifications
7.7.1 Mode octet
178 7.7.2 Time Stamp Section
7.7.3 Time Coordination Message
179 7.7.4 Time correction message
7.7.5 Safety data production
180 Table 100 – Producer connection status determination
187 7.7.6 Producer dynamic variables
189 7.7.7 Producer per consumer dynamic variables
190 7.7.8 Consumer data variables
191 Table 101 – Consuming safety connection status
192 7.7.9 Consumer input static variables
193 7.7.10 Consumer dynamic variables
195 8 Safety communication layer management
8.1 Overview
8.2 Definition of the measures used during connection establishment
Table 102 – Connection establishment errors and measures to detect errors
196 Table 103 – SNN Date/Time allocations
Table 104 – SNN legal range of time values
199 8.3 Originator-Target relationship validation
Figure 60 – Target ownership
200 8.4 Detection of mis-routed connection requests
8.5 SafetyOpen processing
8.6 Ownership management
Figure 61 – SafetyOpen forms
201 8.7 Bridging different physical layers
Figure 62 – Connection ownership state chart
Figure 63 – SafetyOpen UNID mapping
202 Figure 64 – Common CPF 2 application layer
Figure 65 – End-to-End routing example
203 8.8 Safety connection establishment
8.8.1 Overview
8.8.2 Basic facts for connection establishment
204 8.8.3 Configuring safety connections
205 8.8.4 Network time expectation multiplier
Table 105 – Safety connection parameters
206 Figure 66 – Sources for safety related connection parameters
207 8.8.5 Establishing connections
Figure 67 – Parameter mapping between originator and target
208 Table 106 – SafetyOpen summary
209 Figure 68 – CP 2/3 Safety connection establishment in targets for Type 2a SafetyOpen
Figure 69 – General sequence to detect configuration is required
210 8.8.6 Recommendations for consumer number allocation
8.8.7 Recommendations for connection establishment
211 8.8.8 Ownership establishment
8.8.9 Ownership use cases
214 8.8.10 PID/CID usage and establishment
215 8.8.11 Proper PID/CID usage in multipoint and point-to-point connections
Figure 70 – PID/CID exchanges for two originator scenarios
216 Figure 71 – Seed generation for multipoint connections
217 8.8.12 Network supported services
Figure 72 – PID/CID runtime handling
218 8.8.13 FSCP 2/1 safety device type
219 Table 107 – Originator/Target service mapping
Table 108 – Unsupported originator/target service types
220 Figure 73 – Connection categories and supported services
221 Figure 74 – Recommended connection types
Figure 75 – Logic-to-logic supported services
222 8.9 Safety configuration process
8.9.1 Introduction to safety configuration
8.9.2 Configuration goals
Figure 76 – Recommended connection types for logic to logic
223 8.9.3 Configuration overview
Figure 77 – Configuration data transfers
Table 109 – Configuration goals
224 8.9.4 User configuration guidelines
225 8.9.5 Configuration process justification
Figure 78 – Protection measures in safety devices
226 8.9.6 Device functions for tool configuration
8.9.7 Password security
8.9.8 SNCT interface services
227 8.9.9 Configuration lock
8.9.10 Effect of configuration lock on device behavior
228 Figure 79 – Configuration, testing and locked relationships
Table 110 – Configuration owner control vs. device state
229 8.9.11 Configuration ownership
8.9.12 Configuration mode
8.9.13 Measures used to ensure integrity of configuration process
230 Figure 80 – Originator’s configuration data
231 8.9.14 Download process
232 Figure 81 – SNCT to device download process
233 Figure 82 – SNCT Downloads to originators that perform Type 1 configuration
234 8.9.15 Verification process
235 Figure 83 – Protection from locking and ownership
237 8.9.16 Configuration error analysis
Figure 84 – Verification process including all alternatives
238 Table 111 – Errors and detection measures
241 8.10 Electronic Data Sheets extensions for safety
8.10.1 General rules for EDS based safety devices
242 8.10.2 EDS extensions for safety
Table 112 – Object Class section keywords
243 Table 113 – Safety Classx entry format
Table 114 – Parameter class keywords
244 Table 115 – New Connection Manager section keywords for safety
245 Table 116 – Connection Manager field usage for safety
247 8.11 Requirements for CP 2/2
8.11.1 EPI rules for safety messages that travel over CP 2/2
8.11.2 Default safety I/O service
Table 117 – Connection parameter field settings for safety
248 8.11.3 Duplicate IP detection
8.11.4 Priority for safety connections
8.12 Requirements for CP 2/3
8.12.1 Allocation of CP 2/3 identifiers
Table 118 – CP 2/3 ID assignment rules
251 8.12.2 Additional requirements
8.13 CP 16/3 requirements
8.13.1 General architecture for CPF 2 on CP 16/3
8.13.2 Baseline FSCP 2/1 on CP 16/3 device
252 8.13.3 Supported objects and services in CP 16/3 devices
Figure 85 – Baseline FSCP 2/1 on CP 16/3 device
253 8.13.4 Transport layer requirements
254 Figure 86 – FSCP 2/1 Adaptation Layer and SMP interaction
255 8.13.5 FSCP 2/1 and the CP 16/3 device model
Figure 87 – FSCP 2/1 Adaptation
256 8.13.6 UNID assignment on CP 16/3
Figure 88 – CP 16/3 device model
258 Figure 89 – Adding a standard module to a modular device
259 9 System requirements
9.1 Indicators and switches
9.1.1 General indicator requirements
9.1.2 LED indications for setting the device UNID
9.1.3 Module Status LED
Table 119 – LED indications for setting UNID
260 9.1.4 Indicator warning
9.1.5 Network Status LED
Table 120 – Module Status LED
Table 121 – Network status LED states
261 9.1.6 Switches
263 9.2 Installation guidelines
Figure 90 – Safety device NodeID processing logic
264 9.3 Safety function response time
9.3.1 Overview
9.3.2 Network time expectation
Figure 91 – Safety function response time
265 9.3.3 Equations for calculating network reaction times
Table 122 – Connection reaction time type – producing/consuming applications
266 Figure 92 – Safety function response time components
267 9.4 Duration of demands
9.5 Constraints for calculation of system characteristics
9.5.1 Number of nodes
9.5.2 Network PFH of Extended Format
Figure 93 – Network protocol reliability block diagram (RBD)
268 9.5.3 Bit Error Rate (BER)
269 9.6 Maintenance
9.7 Safety manual
10 Assessment
270 Annex A (informative) Additional information for functional safety communication profiles of CPF 2
285 Annex B (informative) Information for assessment of the functional safety communication profiles of CPF 2
286 Bibliography

Related products

BS EN IEC 61784-3-2:2021
$215.11