WO2016097459A1 - Redundancy in process control system - Google Patents

Redundancy in process control system Download PDF

Info

Publication number
WO2016097459A1
WO2016097459A1 PCT/FI2014/051007 FI2014051007W WO2016097459A1 WO 2016097459 A1 WO2016097459 A1 WO 2016097459A1 FI 2014051007 W FI2014051007 W FI 2014051007W WO 2016097459 A1 WO2016097459 A1 WO 2016097459A1
Authority
WO
WIPO (PCT)
Prior art keywords
lan
prp
network
interface
switch
Prior art date
Application number
PCT/FI2014/051007
Other languages
French (fr)
Inventor
Marko Stenvik
Original Assignee
Metso Automation Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Metso Automation Oy filed Critical Metso Automation Oy
Priority to PCT/FI2014/051007 priority Critical patent/WO2016097459A1/en
Priority to FI20170083A priority patent/FI128272B/en
Publication of WO2016097459A1 publication Critical patent/WO2016097459A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/08Arrangements for detecting or preventing errors in the information received by repeating transmission, e.g. Verdan system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/22Arrangements for detecting or preventing errors in the information received using redundant apparatus to increase reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/54Store-and-forward switching systems 
    • H04L12/56Packet switching systems
    • H04L12/5691Access to open networks; Ingress point selection, e.g. ISP selection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/70Virtual switches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/14Multichannel or multilink protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/622Layer-2 addresses, e.g. medium access control [MAC] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/677Multiple interfaces, e.g. multihomed nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/35Switches specially adapted for specific applications
    • H04L49/351Switches specially adapted for specific applications for local area network [LAN], e.g. Ethernet switches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/35Switches specially adapted for specific applications
    • H04L49/354Switches specially adapted for specific applications for supporting virtual local area networks [VLAN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5038Address allocation for local use, e.g. in LAN or USB networks, or in a controller area network [CAN]

Definitions

  • the present invention relates to arranging redundancy in a process control system.
  • An industrial process such as a paper making process or a power station process
  • An information system used for con- trolling an industrial process is responsible for various tasks relating to collecting, distributing, storing and presenting process properties as well as to process control.
  • a process control system typically comprises a large number of work stations that operate independently or controlled by an operator. Such work stations carry out different process control related tasks, such as pro- cessing of measurement data and storage of historical data, according to the applications to be executed in the work stations.
  • process control systems have employed proprietary hardware and software solutions, in which case devices from different manufacturers are unable to communicate with each other. In such a case, it has been necessary to determine proprietary interfaces for applications in order to access data of different devices.
  • OPC Object Linking and Embedding for Process Control
  • a bus solution supporting the OPC standard comprises OPC clients and OPC servers.
  • the OPC servers may communicate with proprietary devices and transfer data to different OPC clients that forward data to applications utilizing the data.
  • the OPC enables a common interface to be provided for the applications so as to enable access to the data of different process control devices.
  • Process control system and process controllers or nodes are typically provided with redundant network connections to provide real time process data for further computers, such as operator stations in a control room of an industrial plant.
  • Ethernet standardized as IEEE 802.3, is widely used for providing network connections for process automation control systems. Network problems may seriously disturb the operation of the process automation system.
  • EP1483635 discloses a process control system that comprises OPC clients, OPC servers, and devices connected to the OPC servers.
  • the OPC client is provided with at least two parallel logical connections for transferring substantially the same data with one or more OPC server. Property information on parallel data units transferred via different logical connection is checked at the OPC client and compared.
  • the OPC client is provided with predetermined order criteria according to which the parallel data units can be arranged in order of superiority.
  • Parallel data units refer to data units whose payload to be used by an application is exactly or substantially the same.
  • Data units delivered via the logical connection having, according to the predetermined order criteria, the best property information are selected for the use of one or more applications processing the data units.
  • redundancy of OPC servers may thus be arranged by doubling, meaning that in addition to a primary OPC server, the system is also provided with a secondary OPC server.
  • a redundancy arrangement has been disclosed in WO 0 023 857, the solution according to the publication comprising switching over to using the secondary OPC server when the primary OPC server is no longer available.
  • the secondary server may start carrying out the tasks of the primary server without the client devices noticing the change (the logical connection provided for the client device re-mains unchanged although the server device providing the connection changes).
  • EP1497731 discloses a process control system with a duplicated PROFIBUS-bus (Process Field Bus).
  • the system comprises two control serv- ers, one control server being set to operate as the main (active) control server and the other control server being set to operate as a reserve (passive) control server.
  • the main control server and the reserve control server are connected to each other with a backup bus, which is advantageously duplicated.
  • F 120095450 discloses a process control system with control nodes that may, for example, operate as OPC servers for OPC clients in workstations.
  • a redundant Ethernet network and Ethernet switches are applied be- tween the control nodes and the workstations.
  • Each control node is provided by at least two connections, each via a different switch, to provide redundancy for process control related information flows.
  • each control node may be provided with redundant connections by two or more network interface cards.
  • the switches may belong to different network segments, i.e. redundancy may be provided by arranging connections via different network segments.
  • Primary and secondary network segments may be totally separated or they may be logical segments from a redundant network, which may be entirely mesh- interconnected, for instance. In this case network spanning tree logic should keep the network loop free.
  • IEC62439-3 clause 4 specifies the Parallel Redundancy Protocol (PRP) wherein each node is connected in parallel to two local area networks and allows seamless communication in the face of a single network disruption (for instance a cable, driver, switch or controller failure).
  • PRP Parallel Redundancy Protocol
  • IEC 62439-3 Clause 5 specifies the High-availability Seamless Redundancy (HSR) that applies the PRP principle to a ring topology to achieve cost-effective redundancy. Both protocols operate on the same principle.
  • Each node has two ports and sends the same frame simultaneously over two independent connections to the receiving node. The receiving node discards the duplicate frame, if both frames are successfully received.
  • PRP may implement redundancy in the devices as illustrated in Figure 1A.
  • the principle of operation for PRP is very simple.
  • Each PRP node (called Dual Attached Node, DAN) has two network connections and is attached to two physically independent and uncorrelated networks LAN_A and LAN_B (Local Area Network, LAN). Both interfaces of the DAN have the same MAC address and present the same IP address(es).
  • the networks LAN_A and LAN_B have no direct connection between them but are completely separated and are assumed to be fail-independent.
  • the networks LAN_A and LAN_B operate in parallel, thus providing a zero-time recovery and allowing checking redundancy.
  • the two networks LAN_A and LAN_B are identical in protocol at the MAC-LLC level, but they can differ in performance and topology. Transmission delays may also be different. Both interfaces of a DAN have the same MAC address and present the same IP address(es). A source DAN transmits its packets as duplicates (with the same MAC address and the same IP address) on both interfaces and hence over both networks LAN_A and LAN_B. In Figure 1 B, dotted arrows depict "A" frames transmitted over LAN_A and cross- hatched arrows depict "B" frames transmitted over LAN_B. In an error-free environment a destination DAN receives the same packets on both inter-faces, possibly with a time delay between them.
  • the receiving DAN will use the first of these packets, ignoring the second.
  • SAN non-PRP nodes
  • HSR applies the PRP principle of parallel operation to a single network of ring topology, treating the two directions as two virtual LANs.
  • ring topologies all devices are connected in a ring. Each device has a neighbour to its left and right. If a connection on one side of the device is broken, network connectivity can still be maintained over the ring via the opposite side of the device.
  • a node has two ports operated in parallel; it is a DANH (Doubly Attached Node with HSR protocol).
  • a simple HSR network consists of doubly attached bridging nodes, each having two ring ports, interconnected by full-duplex links, as shown in the example of Figure 1 B for unicast traffic.
  • each device incorporates a switch that forwards frames from port to port.
  • dotted arrows depict "A" frames
  • cross-hatched arrows depict "B" frames
  • grey arrows depict non-HSR frames exchanged be- tween ring and host.
  • Frames A and B circulating in the ring carry the HSR tag inserted by the source, which contains a sequence number.
  • the doublet ⁇ source MAC address, sequence number ⁇ uniquely identifies copies A and B of the same frame.
  • a destination node of a unicast frame does not forward a frame for which it is the only destination, except for testing.
  • HSR may also be used with a topology using two independ- ent networks. HSR nodes can be connected in the same way as PRP nodes to separate LANs.
  • FIG. 2A illustrates an exemplary functional block diagram of a DAN.
  • Each DAN has two ports that operate in parallel and that are attached to the same upper layers of the communication stack through a link redundancy entity (LRE).
  • LRE link redundancy entity
  • the LRE replicates the frame and sends it through both its ports at nearly the same time.
  • the two frames transit through the two LANs with different delays. Ideally they arrive at the destination node within a small time window.
  • a node's LRE forwards the first received frame to its upper layers and discards the duplicate frame.
  • the LRE generates and handles duplicates.
  • This layer presents to its upper layers the same interface as the network adapter of a non- redundant adapter.
  • the LRE has two tasks: handling of duplicates and management of redundancy.
  • To supervise redundancy the LRE appends to each sent frame a 32-bit redundancy control trailer (RCT) and removes the RCT at reception.
  • RCT redundancy control trailer
  • a DAN has the same MAC address for both ports, and only one set of IP addresses. This makes redundancy transparent to the upper layers.
  • Figure 2B illustrates an Ethernet frame provided with an RCT inserted after the payload "LSDU” so that the RCT remains transparent to normal network traffic.
  • the RCT may contain a sequence counter "SeqNr", a LAN indicator "Lanid” and a size field "LSDU size” inserted after the payload "LSDU”.
  • a VLAN Virtual LAN
  • LAN A a local area network
  • VLANX, VLANY sub networks
  • VLAN technology is defined in IEEE Standard 802.3q, for example.
  • a switch treats all interfaces (i.e. Network Interface Controllers, NICs) on the switch as being in the same broadcast domain, i.e. all connected devices are in the same LAN A.
  • NICs Network Interface Controllers
  • a Layer 3 switch 32 can put some interfaces into one broadcast domain and some into another.
  • the switch instead of all ports on a switch 32 forming a single broadcast domain, the switch separates them into multiple broadcast domains (logical Ethernet segments, VLANs), based on configuration. All devices connected to a given port (e.g. port 1 and port 2 in Figure 3) automatically become members of the VLAN (e.g. VLANX and VLANY, respectively) to which that port was assigned.
  • Each interface or port of a switch must have one unique MAC address.
  • VLANs are most often assigned by the manufacturer of a network interface controller (NIC) and are stored in its hardware, such as the card's read-only memory or some other firmware mechanism.
  • NIC network interface controller
  • VLANs limit the broadcast do- main, improve security and performance and are ideal for separating industrial automation systems internally and separating them from information technology systems.
  • An additional benefit of VLAN technology is that operator can add security features to control traffic from VLAN to another.
  • the logical division to subnetworks may be based on which device groups they need to communicate with regularly, e.g. devices in different parts of a process may be divided in different VLANs. This means that devices in one VLAN will not be able to communicate directly with devices in another VLAN, such that unwanted traffic in each VLAN, or group of devices, is eliminated.
  • An Ethernet router 33 can be introduced which will allow data to be routed to and from other networks 34.
  • An aspect of the present invention is a system enabling PRP network in a local area network having subnetworks.
  • the objects of the invention are achieved by a redundant gateway system and a method according to attached independent claims.
  • the preferred embodiments of the invention are disclosed in attached dependent claims.
  • An aspect of the invention is a system for providing a parallel redundancy protocol (PRP) network, comprising
  • a parallel redundancy protocol (PRP) transition unit having a first and second PRP interfaces
  • a first network switch having a first interface, a second interface, and a third interface connected to the first PRP interface of the PRP transition unit
  • a second network switch having a first interface, a second interface, and a third interface a third interface connected to the second PRP interface of the PRP transition unit, the first interfaces of said first network switch and said second network switch are configured to have a common first MAC address or a common set of MAC addresses, and
  • the second interfaces of said first network switch and_said second network switch are configured to have a common second MAC address or set of MAC addresses.
  • first interfaces and said second interfaces of said network switches are configured to interface to a first virtual or physical local area network segment and a second virtual or physical local area network segment, respectively.
  • the system having said first interfaces of said network switches connected to said first LAN segment, is configured to form a first pair of PRP networks within said first LAN segment by sending and receiving duplicated data packets with same addresses to and from at least one dual attached node connected to said pair of PRP networks in said first LAN segment, and
  • the system having said second interfaces of said network switches connected to said second LAN segment, is configured to form a second pair of PRP networks within said second LAN segment of a local area network by sending and receiving duplicated data packets with same addresses to and from at least one dual attached node connected to said pair of PRP networks in said second LAN segment.
  • said first and second LAN segments comprise a first virtual LAN and a second virtual LAN.
  • said first virtual LAN and said second virtual LAN configured in a single physical LAN.
  • said first and second physical LAN segments comprise a first physical LAN of a linear topology and a second physical LAN of a linear topology.
  • said PRP transition unit comprises a PRP adapter, particularly a Redundancy Box.
  • said first and second network switches comprise layer 3 switches.
  • said first and second LAN segments comprise layer 2 switches.
  • the first and second LAN segments are config- ured to provide separated process control networks for different parts of a process plant.
  • Figure 1A is a block diagram illustrating an example of Parallel Redundancy Protocol (PRP) network topology
  • FIG. 1 B is a block diagram illustrating an example of High- availability Seamless Redundancy (HSR) network topology
  • FIG. 2A is a block diagram illustrating exemplary functional blocks diagram of a Doubly Attached Node (DAN);
  • DAN Doubly Attached Node
  • FIG. 2B illustrates an Ethernet frame provided with a Redundancy Control Trailer (RCT) inserted after the payload;
  • RCT Redundancy Control Trailer
  • Figure 3 is a schematic block diagram illustrating a virtual LAN concept
  • Figure 4 is a hypothetical network topology implementing a PRP VLAN concept
  • Figure 5 is a hypothetical network topology implementing a PRP us- ing linear LAN segments.
  • Figure 4 illustrates an exemplary arrangement according an aspect of the invention for implementing a parallel redundancy protocol (PRP) in a local area network (LAN) using virtual LAN (VLAN) technology.
  • PRP parallel redundancy protocol
  • LAN local area network
  • VLAN virtual LAN
  • a A PRP transition unit 41 such as a RedBox, has two PRP network interfaces or ports PRP1 .A and PRP2.B connected to a port or interface P3 of a Layer 3 switch A and to a port or interface P3 of a Layer 3 switch B, respectively. From the PRP transi- tion unit 41 point of view the port PRP1 .A connected to LAN_A and the port is PRP2.B connected to LAN_B of a PRP network, effectively in a same way as the RedBox in the example illustrated in Figure 1A.
  • the configuration of the networks LAN_A and LAN_B is transparent to the PRP transition unit 41 .
  • ports or interfaces P1 of the switches A and B are configured to have a common first MAC address or a common set of MAC addresses
  • ports or interfaces P2 of the switches A and B are configured to have a common second MAC address or a common set of MAC addresses.
  • Such configuration is against the established principles that MAC addresses shall be unique (MAC addresses are typically hardwired in devices).
  • PRP transition 41 such identical configuration of the pair of switches A and B will enable new types of PRP network implementations as will be described in more detail below.
  • each PRP interface MAC address of the Layer 3 switch A is duplicated in the Layer 3 switch B.
  • a VLAN support is provided to the PRP technology, and the network to which the ports P3 of the switches A and B are connected, e.g. the PRP transition unit 41 , will see the underlaying network correctly.
  • a network switch is a hardware device that joins multiple computers or hosts together within a local area network (LAN).
  • Traditional network switches operate at Layer 2 of the OSI model, also referred to as the Data Link layer.
  • Media access control (MAC) data communication protocol is a sublayer of the data link layer.
  • the MAC sublayer provides addressing and channel access control mechanisms that make it possible for several terminals or network nodes to communicate within a multiple access network that incorporates a shared medium, e.g. Ethernet, at Layer 1 of the OSI model.
  • a Layer 2 switch relies on the MAC addresses to determine the source and destination of a packet.
  • a Layer 2 switch may learn MAC addresses automatically, building a table which can be used to selectively forward packets based on MAC addresses.
  • a Layer 3 switch operates at Layer 3 of the OSI model A and can support the same routing protocols as network routers do.
  • Internet Protocol IP
  • a Layer 3 switch can have a IP routing table for lookups and it can form a broadcast domain.
  • the layer 3 switch still have Layer 2 features such as spanning tree and trunking, and it acts like a layer 2 switch when it is connecting devices that are on the same network.
  • Layer 3 switches Other intelligence commonly found in Layer 3 switches, includes the ability to logically segment a network into two or more Virtual LANs (VLANs).
  • the Layer 3 switch can efficiently do inter-VLAN routing or to do internal routing between multiple broadcast domains or segments.
  • Examples of Layer 3 switches include SwitchBlade 4000 Series Layer 3 modular switches from Allied Telesis.
  • the switches A and B are VLAN aware switches, and the switches A and B are configured to split a physical LAN network, preferably a process automation network, into two separated virtual LAN segments VLAN X and VLAN Y that may corre- spond to process areas 1 and 2 in an automation system.
  • separated process control networks for different parts of a process plant may be provided using VLAN technology .
  • the switch A configures a first half of the VLANY via the port P1 and the switch B configures a second half of the VLANY via the port P1 .
  • the switch A configures a first half of the VLANX via the port P2 and the switch B configures a second half of the VLANX via the port P2.
  • Layer 2 network switches may be used in the VLANs X and Y. Effectively, as the switch A provides the LAN_A and the switch B provides the LAN_B to the PRP transition unit 41 , a PRP topology is provided in a single physical network split using VLAN technology. More specifically, the VLANX and VLANY each effectively comprise two separated, parallel operating, fail-independent and uncorrelated networks LAN_A and LAN_B.
  • Each Dual Attached Node (DAN) 42 referred to as a PRP node ACN/PRP herein, is connected in parallel to both networks LAN_A and LAN B.
  • the ACN/PRP 42 has two ports that share the same MAC address and present the same IP ad- dress(es) per port.
  • One port of the ACN/PRP 42 is connected to LAN_A and the other port is connected to LAN_B.
  • Different ACN/PRPs 42 naturally have different unique addresses.
  • two VLANs are illustrated in the example, any number of VLANs may be created.
  • one ACN/PRPs 42 in each VLAN is illustrated in the example, any number of ACN/PRPs may be connected.
  • the PRP Transition unit 41 typically has al- so an interface P1 towards a conventional network or network C, possibly through a firewall or router 43.
  • the PRP Transition unit 41 may be any entity, such as RedBox (Redundancy Box) in accordance with the IEC62439-3 clause 4, which behaves like a DAN to connect one network interface P1 to both LANs LAN_A and LAN.
  • RedBox Redundancy Box
  • Example of a commercially available device suitable to be used as the transition unit 41 is the RSP switch Hirschmann RSP25 from Belden Inc .
  • MAC address duplicates are used in the redundant communication between the PRP Transition unit 41 and the PRP node ACN/PRP 42.
  • the PRP Transition unit 41 receives duplicate packets from the LAN_A and LAN_B of the PRP network via the interface PRP1 .A and PRP2.B respectively, and removes one of the duplicates and sends the other duplicate packet via the interface P1 . Similarly in the reverse direction, the PRP Transition unit 41 receives packets via the interface P1 , duplicates them and sends the duplicate packets over LAN_A and LAN_B to the PRP node 42.
  • the PRP node 42 sends the same frame simultane- ously over two independent connections to the receiving node duplicate packets over LAN_A and LAN_B to the PRP Transition unit 41 , and upon receiving duplicate packets from the LAN_A and LAN_B the PRP node 42 removes one of the duplicates and transfers the other duplicate packet to upper protocol layers.
  • the mechanism of duplicate generation and duplicate rejection is thus carried out at PRP capable entities and completely transparent to devices or networks connected to the interface P1 such as the network C. Thereby, a situation wherein the same MAC address is registered at two different ports of a switch in other networks, which is an intolerable state, is avoided. Such a situation, also referred to as a "mac-flap" error would be encountered without the arrangement according to an aspect of the invention.
  • FIG. 5 illustrates another exemplary arrangement according an aspect of the invention for implementing a parallel redundancy protocol (PRP) in a local area network (LAN) split without using virtual LAN (VLAN) technology.
  • a PRP transition unit 41 such as a RedBox
  • Layer 3 switches A and B may be provided.
  • Same names and references symbols in Figures 4 and 5 may refer to same structures or functionalities as described unless noted otherwise.
  • From the PRP transition unit 41 point of view the port PRP1A connected to LAN_A and the port is PRP2B connected to LAN B of a PRP network, effectively in a same way as the RedBox in the example illustrated in Figure 1A.
  • the configuration of the networks LAN_A and LAN_B is transparent to the PRP transition unit 41 .
  • ports or interfaces P1 of the switches A and B are configured to have a common first MAC address or a common set of MAC addresses
  • ports or interfaces P2 of the switches A and B are configured to have a common second MAC address or a common set of MAC addresses.
  • each PRP interface MAC address of the Layer 3 switch A is duplicated in the Layer 3 switch B, and the network to which the ports P3 of the switches A and B are connected, e.g. the PRP transition unit 41 , will see the underlying network correctly.
  • the switches A and B are configured to split a physical LAN network, preferably a process automation network, into separated linear LAN segments or branches X and Y that may correspond to two or more process areas in an automation system.
  • separated process control networks for different parts of a process plant may be provided using linear LAN topology.
  • the switch A configures a first half of the linear LAN Y (that may comprise a plurality of Layer 2 switches Y/LAN_A) via the port P1 and a common media
  • the switch B configures a second half of the linear LAN Y (that may comprise a plurality of Layer 2 switches Y/LAN_B) via the port P1 and a common media.
  • the switch A configures a first half of the linear LAN X (that may comprise a plurality of Layer 2 switches X LAN_A) via the port P2 and a common media
  • the switch B configures a second half of the linear LANX (that may comprise a plurality of Layer 2 switches X/LAN_B) via the port P2 and a common media.
  • the switches nodes are connected to a common media or bus or in a daisy chain by a linear sequence of buses (although physical topology inside the split process areas can be any).
  • a PRP topology is provided in a single physical network split using parallel linear LAN branches X and Y. More specifically, the LANX and LANY each effectively comprise two separated, parallel operating, fail-independent and uncorrelated networks LAN_A and LAN B.
  • Each Dual Attached Node (DAN) 42 referred to as a PRP node ACN/PRP herein, is connected in parallel to both networks LAN_A and LAN_B.
  • the ACN/PRP 42 has two ports that share the same MAC address and present the same IP address(es) per port.
  • one port of the ACN/PRP 42 is connected to a port in the switch X/LAN_A or Y/LAN_A and the other port is connected to a port in the switch X/LAN_B or Y/LAN_B.
  • Alt- hough a specific number of linear LANs is illustrated in the example, any number of linear LANs may be employed.
  • the network topology can be applied to any process control system.
  • the process control system may be arranged to control any industrial process or the like.
  • the industrial processes may include, but are not limited to, processes in a processing industry, such as pulp and paper, oil refining, petrochemical and chemical industries, or processes in power plants, etc.
  • the process control system may be a Distributed Control System (DCS).
  • DCS Distributed Control System
  • Metso DNA DNA, Dynamic Network of Applications
  • a process control system may comprise a control room bus/network that may interconnect user interface components and control computers of the room.
  • a control room bus/network may be a local area network, for example, based on the standard Ethernet technology.
  • a process bus/network may, in turn, interconnect process control components, such as control nodes ACN 42 with each other.
  • the process bus/network may be implemented as a redundant PRP network similar to that shown in Figure 4 or 5.
  • Control nodes ACN 42 may also be connected to the control room network, allowing communication between control nodes ACN42 and user interfaces, for example.
  • control node refers generally to a computer-based apparatus, which may be used for process control purposes, such as a process controller, backup, display server, etc.
  • Example of a commercially available device suitable to be used as the ACN 42 is a Metso DNA ACN process controller with variety of operating roles (PRP DAN mode).
  • the control node ACN 42 may be connected to one or more input/output I/O units of field devices for arranging field device control.
  • field device refers generally to devices of the process being monitored and/or controlled. Typically there is a high number of process devices (field devices), such as actuators, valves, pumps and sensors, in a plant area (field).
  • the process control system may be provided with a firewall/router environment, such 43 shown in Figures 4 and 5, to effectively isolate the process control network from other network C, such as a normal office network of the plant, referred to as a mill network herein. The separation ensures that potential problems in the office network will not affect the control room bus and vice versa. Direct Internet access from the automation network is prohibited.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Small-Scale Networks (AREA)

Abstract

A PRP transition unit (41) has two PRP ports (PRP1.A, PRP2.B) connected to a port (P3) of a first Layer 3 switch (A) and to a port (P3) of a Layer 3 switch (B), respectively. Further, MAC addresses of other two or more ports (P1,P2) of the first switch (A) are duplicated in the second switch (B). The duplicated ports of the switch es (A, B) are connected to two or more virtual or physical local area network (LAN) segments (X,Y) and a respectively.

Description

REDUNDANCY IN PROCESS CONTROL SYSTEM
FIELD
The present invention relates to arranging redundancy in a process control system. BACKGROUND
In an industrial process, a highly automatized system is used for ensuring that the process operates in a correct manner. An industrial process, such as a paper making process or a power station process, is very extensive and complex, including many variables. An information system used for con- trolling an industrial process is responsible for various tasks relating to collecting, distributing, storing and presenting process properties as well as to process control. A process control system typically comprises a large number of work stations that operate independently or controlled by an operator. Such work stations carry out different process control related tasks, such as pro- cessing of measurement data and storage of historical data, according to the applications to be executed in the work stations.
Conventionally, process control systems have employed proprietary hardware and software solutions, in which case devices from different manufacturers are unable to communicate with each other. In such a case, it has been necessary to determine proprietary interfaces for applications in order to access data of different devices. Instead of proprietary hardware and software solutions, several standards have been developed to determine open communication interfaces for process control system. An example of such an open standard is OPC (Object Linking and Embedding for Process Control). The OPC provides a set of interfaces, properties and methods based on Ac- tiveX/COM (Component Object Model) technologies to be used for process control applications. A bus solution supporting the OPC standard comprises OPC clients and OPC servers. The OPC servers may communicate with proprietary devices and transfer data to different OPC clients that forward data to applications utilizing the data. The OPC enables a common interface to be provided for the applications so as to enable access to the data of different process control devices.
Process control system and process controllers or nodes are typically provided with redundant network connections to provide real time process data for further computers, such as operator stations in a control room of an industrial plant. Ethernet, standardized as IEEE 802.3, is widely used for providing network connections for process automation control systems. Network problems may seriously disturb the operation of the process automation system.
EP1483635 discloses a process control system that comprises OPC clients, OPC servers, and devices connected to the OPC servers. The OPC client is provided with at least two parallel logical connections for transferring substantially the same data with one or more OPC server. Property information on parallel data units transferred via different logical connection is checked at the OPC client and compared. The OPC client is provided with predetermined order criteria according to which the parallel data units can be arranged in order of superiority. Parallel data units refer to data units whose payload to be used by an application is exactly or substantially the same. Data units delivered via the logical connection having, according to the predetermined order criteria, the best property information are selected for the use of one or more applications processing the data units.
The functionality of OPC servers serving up to dozens of OPC clients thus plays a crucial role in the information system. In order to ensure the functionality of a system, redundancy of OPC servers may thus be arranged by doubling, meaning that in addition to a primary OPC server, the system is also provided with a secondary OPC server. Such a redundancy arrangement has been disclosed in WO 0 023 857, the solution according to the publication comprising switching over to using the secondary OPC server when the primary OPC server is no longer available. The secondary server may start carrying out the tasks of the primary server without the client devices noticing the change (the logical connection provided for the client device re-mains unchanged although the server device providing the connection changes).
EP1497731 discloses a process control system with a duplicated PROFIBUS-bus (Process Field Bus). The system comprises two control serv- ers, one control server being set to operate as the main (active) control server and the other control server being set to operate as a reserve (passive) control server. The main control server and the reserve control server are connected to each other with a backup bus, which is advantageously duplicated. There are different configurations for a field bus. In one approach, one bus for each field device is formed from each control server. In a second approach, one bus departs from each control server, and these buses are connected to a so- called Y-switch, via which the control servers connect to a non-duplicated field bus. In this type of a system, only the bus between the control servers is duplicated, but the field bus is not. In the third approach, one bus departs from each control server to a respective hub or repeater. Moreover, there is at least one further hub or repeater to which field devices are connected. The hubs or repeaters may be connected to each other in a ring configuration.
F 120095450 discloses a process control system with control nodes that may, for example, operate as OPC servers for OPC clients in workstations. A redundant Ethernet network and Ethernet switches are applied be- tween the control nodes and the workstations. Each control node is provided by at least two connections, each via a different switch, to provide redundancy for process control related information flows. Thus, each control node may be provided with redundant connections by two or more network interface cards. The switches may belong to different network segments, i.e. redundancy may be provided by arranging connections via different network segments. Primary and secondary network segments may be totally separated or they may be logical segments from a redundant network, which may be entirely mesh- interconnected, for instance. In this case network spanning tree logic should keep the network loop free.
The International Electrotechnical Commission (IEC) standard
IEC62439-3 clause 4 specifies the Parallel Redundancy Protocol (PRP) wherein each node is connected in parallel to two local area networks and allows seamless communication in the face of a single network disruption (for instance a cable, driver, switch or controller failure). (IEC 62439-3 Clause 5 specifies the High-availability Seamless Redundancy (HSR) that applies the PRP principle to a ring topology to achieve cost-effective redundancy. Both protocols operate on the same principle. Each node has two ports and sends the same frame simultaneously over two independent connections to the receiving node. The receiving node discards the duplicate frame, if both frames are successfully received.
PRP may implement redundancy in the devices as illustrated in Figure 1A. The principle of operation for PRP is very simple. Each PRP node (called Dual Attached Node, DAN) has two network connections and is attached to two physically independent and uncorrelated networks LAN_A and LAN_B (Local Area Network, LAN). Both interfaces of the DAN have the same MAC address and present the same IP address(es). The networks LAN_A and LAN_B have no direct connection between them but are completely separated and are assumed to be fail-independent. The networks LAN_A and LAN_B operate in parallel, thus providing a zero-time recovery and allowing checking redundancy. The two networks LAN_A and LAN_B are identical in protocol at the MAC-LLC level, but they can differ in performance and topology. Transmission delays may also be different. Both interfaces of a DAN have the same MAC address and present the same IP address(es). A source DAN transmits its packets as duplicates (with the same MAC address and the same IP address) on both interfaces and hence over both networks LAN_A and LAN_B. In Figure 1 B, dotted arrows depict "A" frames transmitted over LAN_A and cross- hatched arrows depict "B" frames transmitted over LAN_B. In an error-free environment a destination DAN receives the same packets on both inter-faces, possibly with a time delay between them. The receiving DAN will use the first of these packets, ignoring the second. There may also be non-PRP nodes, (called SAN or Singly Attached Nodes), the SAN being normal node with only one network interface and are either attached to one network only (and therefore can communicate only with other SANs attached to the same network.
HSR applies the PRP principle of parallel operation to a single network of ring topology, treating the two directions as two virtual LANs. In ring topologies, all devices are connected in a ring. Each device has a neighbour to its left and right. If a connection on one side of the device is broken, network connectivity can still be maintained over the ring via the opposite side of the device. As in PRP, a node has two ports operated in parallel; it is a DANH (Doubly Attached Node with HSR protocol). A simple HSR network consists of doubly attached bridging nodes, each having two ring ports, interconnected by full-duplex links, as shown in the example of Figure 1 B for unicast traffic. In other words, each device incorporates a switch that forwards frames from port to port. In Figure 1 B, dotted arrows depict "A" frames, cross-hatched arrows depict "B" frames, and grey arrows depict non-HSR frames exchanged be- tween ring and host. Frames A and B circulating in the ring carry the HSR tag inserted by the source, which contains a sequence number. The doublet {source MAC address, sequence number} uniquely identifies copies A and B of the same frame. A destination node of a unicast frame does not forward a frame for which it is the only destination, except for testing. As another example, HSR may also be used with a topology using two independ- ent networks. HSR nodes can be connected in the same way as PRP nodes to separate LANs.
Figure 2A illustrates an exemplary functional block diagram of a DAN. Each DAN has two ports that operate in parallel and that are attached to the same upper layers of the communication stack through a link redundancy entity (LRE). When upper layer protocol sends a frame, the LRE replicates the frame and sends it through both its ports at nearly the same time. The two frames transit through the two LANs with different delays. Ideally they arrive at the destination node within a small time window. When receiving, a node's LRE forwards the first received frame to its upper layers and discards the duplicate frame. The LRE generates and handles duplicates. This layer presents to its upper layers the same interface as the network adapter of a non- redundant adapter. The LRE has two tasks: handling of duplicates and management of redundancy. To supervise redundancy, the LRE appends to each sent frame a 32-bit redundancy control trailer (RCT) and removes the RCT at reception. A DAN has the same MAC address for both ports, and only one set of IP addresses. This makes redundancy transparent to the upper layers. Figure 2B illustrates an Ethernet frame provided with an RCT inserted after the payload "LSDU" so that the RCT remains transparent to normal network traffic. The RCT may contain a sequence counter "SeqNr", a LAN indicator "Lanid" and a size field "LSDU size" inserted after the payload "LSDU".
Sometimes operator may wish to split large switched networks, which are large broadcast domains. Traditional LAN segmentation adds routers to the network to split a broadcast domain. Devices in a LAN segment are connected to a respective router, and communication between different LAN segments occurs via routers. A VLAN (Virtual LAN) is a Layer 2 method of creating independent logical networks within a single physical network. Hosts in the same physical LANbehave as if they are connected to different LAN segments For example, as illustrated in Figure 3, a local area network may be implemented with a single physical network 31 (LAN A) that may be logically divided into sub networks (VLANX, VLANY) using a VLAN technology. VLAN technology is defined in IEEE Standard 802.3q, for example. Without VLANs, a switch treats all interfaces (i.e. Network Interface Controllers, NICs) on the switch as being in the same broadcast domain, i.e. all connected devices are in the same LAN A. With port-based VLANs, a Layer 3 switch 32 can put some interfaces into one broadcast domain and some into another. Thus, instead of all ports on a switch 32 forming a single broadcast domain, the switch separates them into multiple broadcast domains (logical Ethernet segments, VLANs), based on configuration. All devices connected to a given port (e.g. port 1 and port 2 in Figure 3) automatically become members of the VLAN (e.g. VLANX and VLANY, respectively) to which that port was assigned. Each interface or port of a switch must have one unique MAC address. MAC addresses are most often assigned by the manufacturer of a network interface controller (NIC) and are stored in its hardware, such as the card's read-only memory or some other firmware mechanism. VLANs limit the broadcast do- main, improve security and performance and are ideal for separating industrial automation systems internally and separating them from information technology systems. An additional benefit of VLAN technology is that operator can add security features to control traffic from VLAN to another. The logical division to subnetworks may be based on which device groups they need to communicate with regularly, e.g. devices in different parts of a process may be divided in different VLANs. This means that devices in one VLAN will not be able to communicate directly with devices in another VLAN, such that unwanted traffic in each VLAN, or group of devices, is eliminated. An Ethernet router 33 can be introduced which will allow data to be routed to and from other networks 34. SUMMARY OF THE INVENTION
An aspect of the present invention is a system enabling PRP network in a local area network having subnetworks. The objects of the invention are achieved by a redundant gateway system and a method according to attached independent claims. The preferred embodiments of the invention are disclosed in attached dependent claims.
An aspect of the invention is a system for providing a parallel redundancy protocol (PRP) network, comprising
a parallel redundancy protocol (PRP) transition unit having a first and second PRP interfaces,
a first network switch having a first interface, a second interface, and a third interface connected to the first PRP interface of the PRP transition unit,
a second network switch having a first interface, a second interface, and a third interface a third interface connected to the second PRP interface of the PRP transition unit, the first interfaces of said first network switch and said second network switch are configured to have a common first MAC address or a common set of MAC addresses, and
the second interfaces of said first network switch and_said second network switch are configured to have a common second MAC address or set of MAC addresses.
In an embodiment, the first interfaces and said second interfaces of said network switches are configured to interface to a first virtual or physical local area network segment and a second virtual or physical local area network segment, respectively.
In an embodiment,
the system, having said first interfaces of said network switches connected to said first LAN segment, is configured to form a first pair of PRP networks within said first LAN segment by sending and receiving duplicated data packets with same addresses to and from at least one dual attached node connected to said pair of PRP networks in said first LAN segment, and
the system, having said second interfaces of said network switches connected to said second LAN segment, is configured to form a second pair of PRP networks within said second LAN segment of a local area network by sending and receiving duplicated data packets with same addresses to and from at least one dual attached node connected to said pair of PRP networks in said second LAN segment.
In an embodiment, said first and second LAN segments comprise a first virtual LAN and a second virtual LAN.
In an embodiment, said first virtual LAN and said second virtual LAN configured in a single physical LAN.
In an embodiment, said first and second physical LAN segments comprise a first physical LAN of a linear topology and a second physical LAN of a linear topology.
In an embodiment, said PRP transition unit comprises a PRP adapter, particularly a Redundancy Box.
In an embodiment, said first and second network switches comprise layer 3 switches.
In an embodiment, said first and second LAN segments comprise layer 2 switches.
In an embodiment, the first and second LAN segments are config- ured to provide separated process control networks for different parts of a process plant.
BRIEF DESCRIPTION OF DRAWINGS
Some embodiments of the present invention are described below, by way of example only, with reference to the accompanying drawings, in which
Figure 1A is a block diagram illustrating an example of Parallel Redundancy Protocol (PRP) network topology;
Figure 1 B is a block diagram illustrating an example of High- availability Seamless Redundancy (HSR) network topology;
Figure 2A is a block diagram illustrating exemplary functional blocks diagram of a Doubly Attached Node (DAN);
Figure 2B illustrates an Ethernet frame provided with a Redundancy Control Trailer (RCT) inserted after the payload;
Figure 3 is a schematic block diagram illustrating a virtual LAN concept;
Figure 4 is a hypothetical network topology implementing a PRP VLAN concept; and
Figure 5 is a hypothetical network topology implementing a PRP us- ing linear LAN segments.
EXEMPLARY EMBODIMENTS
Figure 4 illustrates an exemplary arrangement according an aspect of the invention for implementing a parallel redundancy protocol (PRP) in a local area network (LAN) using virtual LAN (VLAN) technology.
In the exemplary embodiment shown in Figure 4, a A PRP transition unit 41 , such as a RedBox, has two PRP network interfaces or ports PRP1 .A and PRP2.B connected to a port or interface P3 of a Layer 3 switch A and to a port or interface P3 of a Layer 3 switch B, respectively. From the PRP transi- tion unit 41 point of view the port PRP1 .A connected to LAN_A and the port is PRP2.B connected to LAN_B of a PRP network, effectively in a same way as the RedBox in the example illustrated in Figure 1A. The configuration of the networks LAN_A and LAN_B is transparent to the PRP transition unit 41 . Further, ports or interfaces P1 of the switches A and B are configured to have a common first MAC address or a common set of MAC addresses, and ports or interfaces P2 of the switches A and B are configured to have a common second MAC address or a common set of MAC addresses. Such configuration is against the established principles that MAC addresses shall be unique (MAC addresses are typically hardwired in devices). However, in combination with the PRP transition 41 such identical configuration of the pair of switches A and B will enable new types of PRP network implementations as will be described in more detail below. In other words, each PRP interface MAC address of the Layer 3 switch A is duplicated in the Layer 3 switch B. Thereby, a VLAN support is provided to the PRP technology, and the network to which the ports P3 of the switches A and B are connected, e.g. the PRP transition unit 41 , will see the underlaying network correctly.
Let us first have few words about network switching and routing generally. A network switch is a hardware device that joins multiple computers or hosts together within a local area network (LAN). Traditional network switches operate at Layer 2 of the OSI model, also referred to as the Data Link layer. Media access control (MAC) data communication protocol is a sublayer of the data link layer. The MAC sublayer provides addressing and channel access control mechanisms that make it possible for several terminals or network nodes to communicate within a multiple access network that incorporates a shared medium, e.g. Ethernet, at Layer 1 of the OSI model. A Layer 2 switch relies on the MAC addresses to determine the source and destination of a packet. A Layer 2 switch may learn MAC addresses automatically, building a table which can be used to selectively forward packets based on MAC addresses. For example, if a switch receives packets from MAC address X on Port 1 it then knows that packets destined for MAC address X can simply be forwarded out of that port rather than having to try each available port in turn. A Layer 3 switch operates at Layer 3 of the OSI model A and can support the same routing protocols as network routers do. Internet Protocol (IP) is the most common Layer 3 protocol. A Layer 3 switch can have a IP routing table for lookups and it can form a broadcast domain. On the other hand, the layer 3 switch still have Layer 2 features such as spanning tree and trunking, and it acts like a layer 2 switch when it is connecting devices that are on the same network. Other intelligence commonly found in Layer 3 switches, includes the ability to logically segment a network into two or more Virtual LANs (VLANs). The Layer 3 switch can efficiently do inter-VLAN routing or to do internal routing between multiple broadcast domains or segments. Examples of Layer 3 switches include SwitchBlade 4000 Series Layer 3 modular switches from Allied Telesis.
In the exemplary embodiment shown in Figure 4, the switches A and B are VLAN aware switches, and the switches A and B are configured to split a physical LAN network, preferably a process automation network, into two separated virtual LAN segments VLAN X and VLAN Y that may corre- spond to process areas 1 and 2 in an automation system. In other words, separated process control networks for different parts of a process plant may be provided using VLAN technology .More specifically, the switch A configures a first half of the VLANY via the port P1 and the switch B configures a second half of the VLANY via the port P1 . Similarly, the switch A configures a first half of the VLANX via the port P2 and the switch B configures a second half of the VLANX via the port P2. Layer 2 network switches may be used in the VLANs X and Y. Effectively, as the switch A provides the LAN_A and the switch B provides the LAN_B to the PRP transition unit 41 , a PRP topology is provided in a single physical network split using VLAN technology. More specifically, the VLANX and VLANY each effectively comprise two separated, parallel operating, fail-independent and uncorrelated networks LAN_A and LAN_B. Each Dual Attached Node (DAN) 42, referred to as a PRP node ACN/PRP herein, is connected in parallel to both networks LAN_A and LAN B. The ACN/PRP 42 has two ports that share the same MAC address and present the same IP ad- dress(es) per port. One port of the ACN/PRP 42 is connected to LAN_A and the other port is connected to LAN_B. Different ACN/PRPs 42 naturally have different unique addresses. Although two VLANs are illustrated in the example, any number of VLANs may be created. Similarly, although one ACN/PRPs 42 in each VLAN is illustrated in the example, any number of ACN/PRPs may be connected.
As illustrated in Figure 4, the PRP Transition unit 41 typically has al- so an interface P1 towards a conventional network or network C, possibly through a firewall or router 43. The PRP Transition unit 41 may be any entity, such as RedBox (Redundancy Box) in accordance with the IEC62439-3 clause 4, which behaves like a DAN to connect one network interface P1 to both LANs LAN_A and LAN. Example of a commercially available device suitable to be used as the transition unit 41 is the RSP switch Hirschmann RSP25 from Belden Inc . As discussed above, MAC address duplicates are used in the redundant communication between the PRP Transition unit 41 and the PRP node ACN/PRP 42. Basically the PRP Transition unit 41 receives duplicate packets from the LAN_A and LAN_B of the PRP network via the interface PRP1 .A and PRP2.B respectively, and removes one of the duplicates and sends the other duplicate packet via the interface P1 . Similarly in the reverse direction, the PRP Transition unit 41 receives packets via the interface P1 , duplicates them and sends the duplicate packets over LAN_A and LAN_B to the PRP node 42. Similarly, the PRP node 42 sends the same frame simultane- ously over two independent connections to the receiving node duplicate packets over LAN_A and LAN_B to the PRP Transition unit 41 , and upon receiving duplicate packets from the LAN_A and LAN_B the PRP node 42 removes one of the duplicates and transfers the other duplicate packet to upper protocol layers. The mechanism of duplicate generation and duplicate rejection is thus carried out at PRP capable entities and completely transparent to devices or networks connected to the interface P1 such as the network C. Thereby, a situation wherein the same MAC address is registered at two different ports of a switch in other networks, which is an intolerable state, is avoided. Such a situation, also referred to as a "mac-flap" error would be encountered without the arrangement according to an aspect of the invention.
Figure 5 illustrates another exemplary arrangement according an aspect of the invention for implementing a parallel redundancy protocol (PRP) in a local area network (LAN) split without using virtual LAN (VLAN) technology. In the example of Figure 5, a combination of a PRP transition unit 41 , such as a RedBox, and two identically configured Layer 3 switches A and B may be provided. Same names and references symbols in Figures 4 and 5 may refer to same structures or functionalities as described unless noted otherwise. From the PRP transition unit 41 point of view the port PRP1A connected to LAN_A and the port is PRP2B connected to LAN B of a PRP network, effectively in a same way as the RedBox in the example illustrated in Figure 1A. The configuration of the networks LAN_A and LAN_B is transparent to the PRP transition unit 41 . Further, ports or interfaces P1 of the switches A and B are configured to have a common first MAC address or a common set of MAC addresses, and ports or interfaces P2 of the switches A and B are configured to have a common second MAC address or a common set of MAC addresses. In other words, each PRP interface MAC address of the Layer 3 switch A is duplicated in the Layer 3 switch B, and the network to which the ports P3 of the switches A and B are connected, e.g. the PRP transition unit 41 , will see the underlying network correctly.
However, in the exemplary embodiment shown in Figure 5, the switches A and B are configured to split a physical LAN network, preferably a process automation network, into separated linear LAN segments or branches X and Y that may correspond to two or more process areas in an automation system. In other words, separated process control networks for different parts of a process plant may be provided using linear LAN topology. More specifically, the switch A configures a first half of the linear LAN Y (that may comprise a plurality of Layer 2 switches Y/LAN_A) via the port P1 and a common media, and the switch B configures a second half of the linear LAN Y (that may comprise a plurality of Layer 2 switches Y/LAN_B) via the port P1 and a common media. Similarly, the switch A configures a first half of the linear LAN X (that may comprise a plurality of Layer 2 switches X LAN_A) via the port P2 and a common media, and the switch B configures a second half of the linear LANX (that may comprise a plurality of Layer 2 switches X/LAN_B) via the port P2 and a common media. In a linear LAN network topology, the switches nodes are connected to a common media or bus or in a daisy chain by a linear sequence of buses (although physical topology inside the split process areas can be any).
Effectively, as the switch A provides the LAN_A and the switch B provides the LAN_B to the PRP transition unit 41 , a PRP topology is provided in a single physical network split using parallel linear LAN branches X and Y. More specifically, the LANX and LANY each effectively comprise two separated, parallel operating, fail-independent and uncorrelated networks LAN_A and LAN B. Each Dual Attached Node (DAN) 42, referred to as a PRP node ACN/PRP herein, is connected in parallel to both networks LAN_A and LAN_B. The ACN/PRP 42 has two ports that share the same MAC address and present the same IP address(es) per port. More specifically, one port of the ACN/PRP 42 is connected to a port in the switch X/LAN_A or Y/LAN_A and the other port is connected to a port in the switch X/LAN_B or Y/LAN_B. Alt- hough a specific number of linear LANs is illustrated in the example, any number of linear LANs may be employed.
The network topology according to exemplary embodiments can be applied to any process control system. The process control system may be arranged to control any industrial process or the like. The industrial processes may include, but are not limited to, processes in a processing industry, such as pulp and paper, oil refining, petrochemical and chemical industries, or processes in power plants, etc.
There are various architectures for a process control system. For example, the process control system may be a Distributed Control System (DCS). One example of such a decentralized control system is Metso DNA (DNA, Dynamic Network of Applications) delivered by Metso. A central processing unit(s) of a process control system controlling the productive activity of an entire factory, such as a paper mill, is (are) often called a control room, which may be composed of one or more control room computer(s)/programs and process control computer(s)/programs as well as databases. A process control system may comprise a control room bus/network that may interconnect user interface components and control computers of the room. A control room bus/network may be a local area network, for example, based on the standard Ethernet technology. A process bus/network may, in turn, interconnect process control components, such as control nodes ACN 42 with each other. The process bus/network may be implemented as a redundant PRP network similar to that shown in Figure 4 or 5. Control nodes ACN 42 may also be connected to the control room network, allowing communication between control nodes ACN42 and user interfaces, for example. The term "control node" refers generally to a computer-based apparatus, which may be used for process control purposes, such as a process controller, backup, display server, etc. Example of a commercially available device suitable to be used as the ACN 42 is a Metso DNA ACN process controller with variety of operating roles (PRP DAN mode). The control node ACN 42 may be connected to one or more input/output I/O units of field devices for arranging field device control. The term "field device" refers generally to devices of the process being monitored and/or controlled. Typically there is a high number of process devices (field devices), such as actuators, valves, pumps and sensors, in a plant area (field). The process control system may be provided with a firewall/router environment, such 43 shown in Figures 4 and 5, to effectively isolate the process control network from other network C, such as a normal office network of the plant, referred to as a mill network herein. The separation ensures that potential problems in the office network will not affect the control room bus and vice versa. Direct Internet access from the automation network is prohibited.
The accompanying drawings and the description pertaining to them are only intended to illustrate the present invention. The above-illustrated em- bodiments may be combined in various ways. Different variations and modifications to the invention will be apparent to those skilled in the art, without departing from the scope of the invention defined in the appended claims. Different features may thus be omitted, modified or replaced by equivalents.

Claims

1 . A system for providing a parallel redundancy protocol (PRP) network, comprising
a parallel redundancy protocol (PRP) transition unit having a first and second PRP interfaces,
a first network switch (A) having a first interface, a second interface, and a third interface connected to the first PRP interface of the PRP transition unit,
a second network switch (B) having a first interface, a second inter- face, and a third interface a third interface connected to the second PRP interface of the PRP transition unit,
the first interfaces of said first network switch (A) and said second network switch (B) are configured to have a common first MAC address or a common set of MAC addresses, and
the second interfaces of said first network switch (A) and said second network switch (B) are configured to have a common second MAC address or set of MAC addresses.
2. A system as claimed in claim 1 , wherein the first interfaces and said second interfaces of said network switches (A, B) are configured to inter- face to a first virtual or physical local area network (LAN) segment (X) and a second virtual or physical local area network (LAN) segment (Y), respectively.
3. A system as claimed in claim 2, wherein
the system, having said first interfaces of said network switches connected to said first LAN segment, is configured to form a first pair of PRP networks (LAN_A, LAN_B) within said first LAN segment (X) by sending and receiving duplicated data packets with same addresses to and from at least one dual attached node (CAN) connected to said pair of PRP networks (LAN_A, LAN_B) in said first LAN segment, and
the system, having said second interfaces of said network switches connected to said second LAN segment, is configured to form a second pair of PRP networks (LAN_A, LAN_B) within said second LAN segment (Y) of a local area network (LAN) by sending and receiving duplicated data packets with same addresses to and from at least one dual attached node (CAN) connected to said pair of PRP networks (LAN_A, LAN_B) in said second LAN segment (Y).
4. A system as claimed in claim 2 or 3, wherein said first and second LAN segments comprise a first virtual LAN and a second virtual LAN.
5. A system as claimed in claim 4, wherein said first virtual LAN and said second virtual LAN configured in a single physical LAN.
6. A system according to claim 2 or 3, wherein said first and second physical LAN segments comprise a first physical LAN of a linear topology and a second physical LAN of a linear topology.
7. A system as claimed in in any one of claims 1 -6, wherein said
PRP transition unit comprises a PRP adapter, particularly a Redundancy Box.
8. A system as claimed in in any one of claims 1 -7, wherein said first and second network switches comprise layer 3 switches.
9. A system as claimed in in any one of claims 1 -8, wherein said first and second LAN segments comprise layer 2 switches.
10. A system as claimed in any one of claims 1 -9, wherein the first and second LAN segments are configured to provide separated process control networks for different parts of a process plant.
PCT/FI2014/051007 2014-12-16 2014-12-16 Redundancy in process control system WO2016097459A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/FI2014/051007 WO2016097459A1 (en) 2014-12-16 2014-12-16 Redundancy in process control system
FI20170083A FI128272B (en) 2014-12-16 2014-12-16 Redundancy in process control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/FI2014/051007 WO2016097459A1 (en) 2014-12-16 2014-12-16 Redundancy in process control system

Publications (1)

Publication Number Publication Date
WO2016097459A1 true WO2016097459A1 (en) 2016-06-23

Family

ID=56125986

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2014/051007 WO2016097459A1 (en) 2014-12-16 2014-12-16 Redundancy in process control system

Country Status (2)

Country Link
FI (1) FI128272B (en)
WO (1) WO2016097459A1 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3379750A1 (en) * 2017-03-24 2018-09-26 Vector Informatik GmbH Method for processing a request message of a road vehicle and server arrangement
EP3690576A1 (en) * 2019-01-30 2020-08-05 Schneider Electric Industries SAS Control device and method for controlling a redundant connection in a flat network
CN111711583A (en) * 2020-06-11 2020-09-25 广东电网有限责任公司 Switch supporting configuration of multiple redundancy protocols and transformer substation network system
EP3652905A4 (en) * 2017-07-10 2021-02-24 BGC Partners, L.P. Networks for packet monitoring and replay
WO2021094803A1 (en) * 2019-11-11 2021-05-20 Siemens Canada Limited A network device for providing redundancy in an industrial network
CN113709046A (en) * 2021-07-19 2021-11-26 国网上海市电力公司 PRP-based cross-three-layer exchange parallel redundancy method
EP4006659A1 (en) * 2020-11-25 2022-06-01 Siemens Aktiengesellschaft Edge device
CN114697406A (en) * 2020-12-31 2022-07-01 霍尼韦尔国际公司 Multiple network redundancy protocol for data streams using the same physical interface
EP3876637A4 (en) * 2018-10-31 2022-07-27 Mitsubishi Electric Corporation Communication system and receiving-side device
CN115002128A (en) * 2022-05-25 2022-09-02 上海哥瑞利软件股份有限公司 Control method for implementing main/standby reliability improvement of OPC client
EP4072104A1 (en) * 2021-04-05 2022-10-12 Honeywell International Inc. Method and system for parallel redundancy protocol in connected networks
CN115333992A (en) * 2022-08-11 2022-11-11 四川灵通电讯有限公司 Link resource optimization method based on standard PRP protocol

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3130097A1 (en) * 2014-04-09 2017-02-15 Hirschmann Automation and Control GmbH Method for a redundant transmission system with prp and multiple data packet sending

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6751191B1 (en) * 1999-06-29 2004-06-15 Cisco Technology, Inc. Load sharing and redundancy scheme

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6751191B1 (en) * 1999-06-29 2004-06-15 Cisco Technology, Inc. Load sharing and redundancy scheme

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
FLATT ET AL.: "Mapping of PRP/HSR Redundancy Protocols onto a Configurable FPGA/CPU Based Architecture'.", INTERNATIONAL CONFERENCE OR EMBEDDED COMPUTER SYSTEMS: ARCHITECTURES, MODELING, AND SIMULATION (SAMOS), 15 July 2013 (2013-07-15), pages 121 - 128, XP032495399, DOI: doi:10.1109/SAMOS.2013.6621114 *
KRAMMER ET AL.: "A Software-Based Redundancy Concept For Building Automation Networks'.", IECON 2013 - 39TH ANNUAL CONFERENCE OF THE IEEE INDUSTRIAL ELECTRONICS SOCIETY, 10 November 2013 (2013-11-10), pages 5702 - 5709, XP032539024, DOI: doi:10.1109/IECON.2013.6700069 *

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3379750A1 (en) * 2017-03-24 2018-09-26 Vector Informatik GmbH Method for processing a request message of a road vehicle and server arrangement
CN114666205A (en) * 2017-07-10 2022-06-24 比吉斯合伙人有限公司 Network for packet monitoring and replay
EP3863247A1 (en) * 2017-07-10 2021-08-11 BGC Partners, L.P. Networks for packet monitoring and replay
EP3652905A4 (en) * 2017-07-10 2021-02-24 BGC Partners, L.P. Networks for packet monitoring and replay
EP3876637A4 (en) * 2018-10-31 2022-07-27 Mitsubishi Electric Corporation Communication system and receiving-side device
EP3690576A1 (en) * 2019-01-30 2020-08-05 Schneider Electric Industries SAS Control device and method for controlling a redundant connection in a flat network
US11695621B2 (en) 2019-01-30 2023-07-04 Schneider Electric Industries Sas Control device and method for controlling a redundant connection in a flat network
WO2021094803A1 (en) * 2019-11-11 2021-05-20 Siemens Canada Limited A network device for providing redundancy in an industrial network
US11743111B2 (en) 2019-11-11 2023-08-29 Siemens Canada Limited Network device and a method of configuring the network device therefor
CN111711583A (en) * 2020-06-11 2020-09-25 广东电网有限责任公司 Switch supporting configuration of multiple redundancy protocols and transformer substation network system
CN111711583B (en) * 2020-06-11 2022-06-14 广东电网有限责任公司 Switch supporting configuration of multiple redundancy protocols and transformer substation network system
EP4006659A1 (en) * 2020-11-25 2022-06-01 Siemens Aktiengesellschaft Edge device
WO2022112089A1 (en) 2020-11-25 2022-06-02 Siemens Aktiengesellschaft Edge device and method for providing redundancy functions on an edge device
CN114697406A (en) * 2020-12-31 2022-07-01 霍尼韦尔国际公司 Multiple network redundancy protocol for data streams using the same physical interface
EP4072104A1 (en) * 2021-04-05 2022-10-12 Honeywell International Inc. Method and system for parallel redundancy protocol in connected networks
CN113709046A (en) * 2021-07-19 2021-11-26 国网上海市电力公司 PRP-based cross-three-layer exchange parallel redundancy method
CN115002128B (en) * 2022-05-25 2023-06-06 上海哥瑞利软件股份有限公司 Control method for OPC client to realize main and standby reliability improvement
CN115002128A (en) * 2022-05-25 2022-09-02 上海哥瑞利软件股份有限公司 Control method for implementing main/standby reliability improvement of OPC client
CN115333992A (en) * 2022-08-11 2022-11-11 四川灵通电讯有限公司 Link resource optimization method based on standard PRP protocol
CN115333992B (en) * 2022-08-11 2024-01-23 四川灵通电讯有限公司 Link resource optimization method based on standard PRP protocol

Also Published As

Publication number Publication date
FI128272B (en) 2020-02-14
FI20170083A (en) 2017-06-01

Similar Documents

Publication Publication Date Title
FI128272B (en) Redundancy in process control system
US9673995B2 (en) Communication device and method for redundant message transmission in an industrial communication network
JP4688765B2 (en) Network redundancy method and intermediate switch device
EP3721607B1 (en) Multiple rstp domain separation
US7173934B2 (en) System, device, and method for improving communication network reliability using trunk splitting
US9218230B2 (en) Method for transmitting messages in a redundantly operable industrial communication network and communication device for the redundantly operable industrial communication network
CN104104570A (en) Aggregation processing method in IRF (Intelligent Resilient Framework) system and device
EP2250737B1 (en) Cable redundancy with a networked system
Kirrmann et al. HSR: Zero recovery time and low-cost redundancy for Industrial Ethernet (High availability seamless redundancy, IEC 62439-3)
CN103581164A (en) Method for transmitting messages in redundantly operable industrial communication network and communication device for redundantly operable industrial communication network
EP1897273A1 (en) Apparatus and method for segmenting a communication network
JP2008011082A (en) Redundancy method for network, and mediating device and host device thereof
EP2151098B1 (en) Methods, systems, and computer program products for providing accidental stack join protection
US20110299551A1 (en) Method and Apparatus for Transferring Data Packets Between a First Network and a Second Network
US7787385B2 (en) Apparatus and method for architecturally redundant ethernet
AU2021290259B2 (en) Multiple network redundancy protocols for data flow using the same physical interface
Kirrmann Highly available automation networks standard redundancy methods; rationales behind the IEC 62439 standard suite
CN115208967A (en) Method and system for parallel redundancy protocol in a connectivity network
Dolezilek et al. Fast fault detection, isolation, and recovery in ethernet networks for teleprotection and high-speed automation applications
WO2016097458A1 (en) Redundancy in process control system
Kirrmann Standard Redundancy Methods for Highly Available Automation Networks–rationales behind the upcoming IEC 62439 standard
WO2021094803A1 (en) A network device for providing redundancy in an industrial network
WO2014080618A1 (en) Pbb network, pbb edge switch, frame forwarding method, and storage medium
Pfeiffenberger et al. Demonstration of High-availability communication based on Software-defined Networking
JP2004056365A (en) Packet communication network system and its packet transfer route controlling method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14908327

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 20170083

Country of ref document: FI

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14908327

Country of ref document: EP

Kind code of ref document: A1