BS EN 61784-3-2:2010

$215.11

Industrial communication networks. Profiles – Functional safety fieldbuses. Additional specifications for CPF 2

Published By	Publication Date	Number of Pages
BSI	2010	268

Guaranteed Safe Checkout

Categories: 35.100.05 - Multilayer applications, BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

This part of the IEC 61784-3 series specifies a safety communication layer (services and protocol) based on CPF 2 of IEC 61784-1, IEC 61784-2 and IEC 61158 Type 2. It identifies the principles for functional safety communications defined in IEC 61784-3 that are relevant for this safety communication layer.

NOTE 1 It does not cover electrical safety and intrinsic safety aspects. Electrical safety relates to hazards such as electrical shock. Intrinsic safety relates to hazards associated with potentially explosive atmospheres.

This part¹ defines mechanisms for the transmission of safety-relevant messages among participants within a distributed network using fieldbus technology in accordance with the requirements of IEC 61508 series² for functional safety. These mechanisms may be used in various industrial applications such as process control, manufacturing automation and machinery.

This part provides guidelines for both developers and assessors of compliant devices and systems.

NOTE 2 The resulting SIL claim of a system depends on the implementation of the selected functional safety communication profile within this system – implementation of a functional safety communication profile according to this part in a standard device is not sufficient to qualify it as a safety device.

PDF Catalog

PDF Pages	PDF Title
9	CONTENTS
19	0 Introduction 0.1 General Figures Figure 1 – Relationships of IEC 61784-3 with other standards (machinery)
20	Figure 2 – Relationships of IEC 61784-3 with other standards (process)
21	0.2 Patent declaration
22	1 Scope 2 Normative references
23	3 Terms, definitions, symbols, abbreviated terms and conventions 3.1 Terms and definitions
28	3.2 Symbols and abbreviated terms
30	3.3 Conventions 4 Overview of FSCP 2/1 (CIP Safety™) 4.1 General 4.2 FSCP 2/1
31	5 General 5.1 External documents providing specifications for the profile Figure 3 – Relationship of Safety Validators
32	5.2 Safety functional requirements 5.3 Safety measures Tables Table 1 – Communications errors and detection measures matrix
33	5.4 Safety communication layer structure 5.5 Relationships with FAL (and DLL, PhL) Figure 4 – Communication layers
34	6 Safety communication layer services 6.1 Introduction 6.2 Connection object Table 2 – New class attributes
35	Table 3 – Service extensions Table 4 – SafetyOpen and SafetyClose response format
36	6.3 Connection Manager object
37	Figure 5 – ForwardOpen with safety network segment
38	Table 5 – Safety network segment identifier Table 6 – Safety network segment definition
39	Figure 6 – Safety network target format
40	Table 7 – Safety network segment router format Table 8 – Safety Network Segment Extended Format
42	Figure 7 – Target Processing SafetyOpen with no configuration data (Form 2 SafetyOpen)
43	Figure 8 – Target Processing for SafetyOpen with configuration data (Form 1 SafetyOpen)
44	Figure 9 – Originator logic to determine which format to use
45	Table 9 – Multipoint producer parameter evaluation rules
47	Table 10 – ForwardOpen setting options for safety connections
48	Table 11 – Network connection parameters for safety connections
49	Table 12 – CP 2/3 Safety target application reply (size: 10 octets) Table 13 – EF CP 2/3 Safety target application reply (size: 14 octets)
50	Table 14 – SafetyOpen target application reply (size: 18 octets) Table 15 – EF SafetyOpen target application reply (size: 22 octets)
51	Table 16 – New and extended error codes for safety Table 17 – SafetyOpen error event guidance table
53	6.4 Identity object 6.5 Link objects Table 18 – Identity object common service changes Table 19 – New DeviceNet object instance attribute
54	6.6 Safety Supervisor object Table 20 – New TCP/IP Interface object Instance Attribute
55	Table 21 – Safety Supervisor class attributes Table 22 – Safety Supervisor instance attributes
59	Table 23 – Device status attribute state values
60	Table 24 – Exception status attribute format
61	Table 25 – Common exception detail attribute values
62	Table 26 – Exception detail format summary
64	Table 27 – Summary of device behavior for various CFUNID values
66	Table 28 – Safety Supervisor common services Table 29 – Safety Supervisor object specific services
68	Table 30 – Configure_Request message structure Table 31 – Validate_Configuration message structure Table 32 – Validate_Configuration success message structure
69	Figure 10 – Applying device configuration Table 33 – Validate_Configuration error code Table 34 – Validate_Configuration extended codes
70	Figure 11 – Configure and Validate processing flowcharts
71	Table 35 – Set_Password message structure Table 36 – Reset_Password message structure
72	Table 37 – Configuration_Lock/Unlock message structure Table 38 – Mode_Change message structure Table 39 – Safety_Reset message structure
73	Table 40 – Safety Supervisor safety reset types Table 41 – Attribute bit map parameter Table 42 – Reset processing rules for rest types
74	Table 43 – Propose_TUNID service
75	Table 44 – Apply_TUNID service
76	Figure 12 – UNID handling during “Waiting for TUNID”
77	Figure 13 – Safety Supervisor state diagram Table 45 – Safety Supervisor events
78	Table 46 – State event matrix for Safety Supervisor
81	Figure 14 – Configuration, testing and locked relationships Table 47 – Configuration owner control vs. device state
82	Table 48 – State mapping of Safety Supervisor to Identity object Table 49 – Safety Supervisor object event mapping
83	6.7 Safety Validator object Table 50 – Identity object event mapping
84	Table 51 – Safety Validator class attributes Table 52 – Safety Validator instance attributes
86	Table 53 – Safety Validator state assignments
87	Figure 15 – Safety connection types Table 54 – Safety Validator type, bit field assignments
88	Table 55 – Multipoint producer SafetyOpen parameter evaluation rules
89	Table 56 – Safety Validator class services
90	Table 57 – Safety Validator instance services Table 58 – Safety Validator Get_Attributes_All service data
91	Figure 16 – Safety Validator state transition diagram
92	6.8 Connection Configuration Object Table 59 – Safety Validator state event matrix Table 60 – State mapping between Safety Supervisor and Safety Validator objects
93	Table 61 – Connection configuration object class attribute extensions Table 62 – Connection Configuration Object instance attribute additions/extensions
95	Table 63 – Connection flag bit definitions
97	Table 64 – O-to-T connection parameters
98	Table 65 – T-to-O connection parameters
99	Table 66 – Data map formats
100	Table 67 – Data map format 0 Table 68 – Data map format 1
102	Table 69 – Target device’s SCCRC values
103	Table 70 – Target device’s SCTS values Table 71 – Time correction connection parameters for multipoint connection
104	Table 72 – Format Type attribute meaning
105	Figure 17 – Logic for Auto-detecting format type Table 73 – Format Status attribute meaning
106	Table 74 – Connection Configuration Object-specific services Table 75 – Get_Attributes_All Response service data (added attributes )
107	Table 76 – Get_Attributes_All Response service data (added parameters ) Table 77 – Set_Attributes_All Request service data (added attributes)
108	Figure 18 – Connection Configuration Object state diagram Table 78 – Set_Attributes_All Response service data (added parameters ) Table 79 – State Mapping between Safety Supervisor and the CCO objects
109	7 Safety communication layer protocol 7.1 Safety PDU format Figure 19 – Connection Configuration Object data flow
110	Figure 20 – Format of the mode octet Table 80 – Connection sections and PDU formats
111	Figure 21 – 1 or 2 octet data section, Base Format Table 81 – Mode octet variables
112	Figure 22 – 1 or 2 octet data section, Extended Format Figure 23 – 3 to 250 octet data section format, Base Format
113	Figure 24 – 3 to 250 octet data section format, Extended Format
114	Figure 25 – Time Stamp section format, Base Format Table 82 – Time Stamp variables
115	Figure 26 – BF Time Coordination message encoding Figure 27 – EF Time Coordination message encoding Table 83 – Time Coordination message variables
116	Figure 28 – BF Time Correction message encoding Figure 29 – EF Time Correction message encoding
117	Table 84 – Time Correction Message variables
118	Figure 30 – 1 or 2 octet point-to-point PDU encoding Figure 31 – 1 or 2 Octet multipoint PDU encoding
119	Figure 32 – 1 or 2 Octet, multipoint, Format 2 safety connection format Figure 33 – 3 to 250 Octet Point-to-point PDU encoding
120	Figure 34 – 3 to 248 Octet Multipoint PDU encoding Figure 35 – 3 to 248 Octet, Multipoint, safety connection format
121	Figure 36 – CRC Calculation order for Extended Format messages Table 85 – CRC polynomials used
122	7.2 Communication protocol behavior Table 86 – Connection sections and message formats
123	7.3 Time stamp operation Figure 37 – Time stamp sequence
124	7.4 Protocol sequence diagrams Figure 38 – Sequence diagram of a normal producer/consumer safety sequence
125	Figure 39 – Sequence diagram of a normal producer/consumer safety sequence (production repeated)
126	Figure 40 – Sequence diagram of a corrupted producer to consumer message Figure 41 – Sequence diagram of a lost producer to consumer message
127	Figure 42 – Sequence diagram of a delayed message
128	Figure 43 – Sequence diagram of a corrupted producer to consumer message with production repeated
129	Figure 44 – Sequence diagram of a connection terminated due to delays Figure 45 – Sequence diagram of a failure of safety CRC check
130	Figure 46 – Sequence diagram of a point-to-point ping – normal response
131	Figure 47 – Sequence diagram of a successful multipoint ping, CP 2/3 safety
132	Figure 48 – Sequence diagram of a successful multipoint ping, CP 2/2 safety
133	Figure 49 – Sequence diagram of a multipoint ping retry Figure 50 – Sequence diagram of a multipoint ping timeout
134	7.5 Safety protocol definition Figure 51 – Safety device reference model entity relation diagram
135	Figure 52 – Two devices interchanging safety data via a SafetyValidatorClient and a SafetyValidatorServer
137	Figure 53 – Point-to-point, originating consumer. target producer
138	Figure 54 – Point-to-point, originator producer, target consumer
139	Figure 55 – Multi-point, originator consumer, target producer
140	Figure 56 – Safety production data flow
149	Figure 57 – Consumer safety data monitoring
150	Figure 58 – SafetyValidatorServer – application triggered
151	Table 87 – Data reception – Link triggered Table 88 – Time_Correction reception – Link triggered Table 89 – Data reception – Application triggered
152	Table 90 – Time_Correction reception – Application triggered Table 91 – Consuming application – Safety data monitoring
161	7.6 Safety message and protocol data specifications
164	Table 92 – Producer connection status determination
175	Table 93 – Consuming safety connection status
179	8 Safety communication layer management 8.1 Overview 8.2 Definition of the measures used during connection establishment Table 94 – Connection establishment errors and measures to detect errors
180	Table 95 – SNN Date/Time allocations Table 96 – SNN legal range of time values
183	8.3 Originator-Target relationship validation Figure 59 – Target ownership
184	8.4 Detection of mis-routed connection requests 8.5 SafetyOpen processing 8.6 Ownership management Figure 60 – SafetyOpen forms
185	8.7 Bridging different physical layers Figure 61 – Connection ownership state chart Figure 62 – SafetyOpen UNID mapping
186	Figure 63 – Common CPF 2 application layer Figure 64 – End-to-End routing example
187	8.8 Safety connection establishment
188	Table 97 – Safety connection parameters
189	Figure 65 – Sources for safety related connection parameters
190	Figure 66 – Parameter mapping between originator and target
191	Table 98 – SafetyOpen summary
192	Figure 67 – CP 2/3 Safety connection establishment in targets for Form 2a SafetyOpen
193	Figure 68 – General sequence to detect configuration is required
198	Figure 69 – PID/CID exchanges for two originator scenarios
199	Figure 70 – Seed generation for multipoint connections
200	Figure 71 – PID/CID runtime handling
202	Table 99 – Originator/Target service mapping Table 100 – Unsupported originator/target service types
203	Figure 72 – Connection categories and supported services
204	Figure 73 – Recommended connection types Figure 74 – Logic-to-logic supported services
205	8.9 Safety configuration process Figure 75 – Recommended connection types for logic to logic
206	Figure 76 – Configuration data transfers Table 101 – Configuration goals
208	Figure 77 – Protection measures in safety devices
210	Figure 78 – Configuration, testing and locked relationships
211	Table 102 – Configuration owner control vs. device state
212	Figure 79 – Originator’s configuration data
214	Figure 80 – SNCT to device download process
215	Figure 81 – SNCT Downloads to originators that perform Form 1 configuration
217	Figure 82 – Protection from locking and ownership
218	Figure 83 – Example of read back and comparison of original and printout
219	Figure 84 – Diverse display without full data read back Figure 85 – Verification process including all alternatives
220	Table 103 – Errors and detection measures
223	8.10 Electronic Data Sheets extensions for safety
225	Table 104 – Parameter class keywords Table 105 – New Connection Manager section keywords for safety
226	Table 106 – Connection Manager field usage for safety
228	8.11 Requirements for CP 2/2 Table 107 – Connection parameter field settings for safety
229	8.12 Requirements for CP 2/3 Table 108 – CP 2/3 ID assignment rules
232	8.13 CP 16/3 requirements Figure 86 – CP 16/3 device model
234	Figure 87 – Adding a standard module to a modular device
235	9 System requirements 9.1 Indicators and switches Table 109 – LED indications for setting UNID
236	Table 110 – Module Status LED Table 111 – Network status LED states
239	Figure 88 – Safety device MACID processing logic
240	9.2 Installation guidelines 9.3 Safety function response time Figure 89 – Safety function response time
241	Table 112 – Connection reaction time type – producing/consuming applications
242	Figure 90 – Safety function response time components
243	9.4 Duration of demands 9.5 Constraints for calculation of system characteristics Figure 91 – Network protocol reliability block diagram (RBD)
245	Figure 92 – Network PFH summary
246	Figure 93 – Extended Format PFH summary
247	9.6 Maintenance 9.7 Safety manual 10 Assessment
248	Annex A (informative) Additional information for functional safety communication profiles of CPF 2
263	Annex B (informative) Information for assessment of the functional safety communication profiles of CPF 2
264	Bibliography

Additional information

Status	Withdrawn
Title	Industrial communication networks. Profiles – Functional safety fieldbuses. Additional specifications for CPF 2
Replaces	BS EN 61784-3-2:2008
Publisher	BSI
Committee	GEL/65/3
Pages	268
Publication Date	2010-09-30
Withdrawn Date	2017-12-14
Replaced By	BS EN 61784-3-2:2017
ISBN	978 0 580 72028 4
Standard Number	BS EN 61784-3-2:2010
Identical National Standard Of	EN 61784-3-2:2010, IEC 61784-3-2:2010
Descriptors	Communication networks, Data processing, Data transmission, Process control, Automatic control systems, Fieldbus, Interfaces (data processing), Data link layer (OSI), Computer networks, Industrial, Data transfer, Open systems interconnection, Safety, Bus networks
ICS Codes	35.100.05 - Multilayer applications

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BS EN 61784-3-2:2010

PDF Catalog

Related products