C13 – Profibus and Profinet network design - Andy Verwer, VTC
36
PROFIBUS and PROFINET System Design Andy Verwer, Verwer Training & Consultancy Ltd UK PITC PROFIBUS & PROFINET UK Conference, Stratford-upon-Avon 23/24 June 2015
C13 – Profibus and Profinet network design - Andy Verwer, VTC
1. PROFIBUSand PROFINET SystemDesign Andy Verwer, Verwer
Training & Consultancy Ltd UK PITC PROFIBUS & PROFINET UK
Conference, Stratford-upon-Avon 23/24 June 2015
3. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 SystemCosts
Mostsystemdesignersandprojectmanagerslookatthe
projectprocurement,installationanddeploymentcostswhen
theypriceajob. However,thecostsofanautomationsystemspreadoverthe
lifecycleoftheplantandshouldincludemaintenance,fault
findingandhealthchecking.
Perhapsmostimportantisthecostintermsoflossof
productionshouldfaultsdevelopduringthelifetimeofthe
plant.Spendingalittlemoreatprocurementtimecanrepay manytimesover.
Alsogoodfaulttolerantdesignneednotbemoreexpensive.
Sometimesfaulttolerancecanbeachievedatnoadditional cost. 3
4. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 Lifecyclecosts 4
Theprocurement, installationand commissioning costsareonly
incurredatthestart oftheproject. Costsfromdevice failuresincreaseas
equipmentgets older. Whensystem overhaulis undertakenthiscan
partiallyresetthe increasingcostof failures. System overhaul
5. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 ControlSystemDesign
Controlsystemdesignnormallyproceedsbybuildingonthe
experienceobtainedfrompreviousdesigns.
But,designswhicharebasedonbadlydesignedsystemswillbe bad!
Onlybyusingexperiencefromoperationsandmaintenance
staffcanwedevelopgoodsystemdesigns.
Inmyexperienceitisrareforsuchfeedbackmechanismstobe
present.Particularlywhendesigniscarriedoutbysub contractors.
Designersmustknowaboutmistakesthathavebeenmadein thepast.
Feedbackfromoperationsandmaintenanceisessential.
Thecontractliabilitythreatandaccompanyingblamecultureis
oftenresponsibleforpreventingthisfeedback.
6. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 SystemCosts
Maximisingplantavailabilityiscriticalinreducingthetotal
costsofthesystem. ItisessentialthattheSystemDesigner understands:
Thatminimisingplantdowntimewhenfaultsinevitably
occur(i.e.maximisingplantavailability)isakey requirement.
Theimpactofthenetworklayoutonplantreliability.
Thattheincorporationofnetworkhealthcheckingand
faultfindingfacilitiesareessential.
Howtoappropriatelyusefeaturessuchasredundancyand
networkmonitoringandrapidfaultlocationandrepairto
improveplantavailability. 6
7. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 7 Introduction
Thepartsofacontrolsystem willfailwhilstinservice.
Theconsequencesoffailures areoftenpredictable,butthe
failuresthemselvesare unpredictable. Thedesignofareliable
controlsystemisnotsimple. andshouldbe accompaniedbyanalysisof
howpartsfailandofthe consequencesofthese failures.
8. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 Minimisingthefailurefootprint
Therearethreebasicwaystominimisetheimpactoffaults:
Makefailureslesslikely Minimisefailurefrequency.
Restricttheeffectsofanyfailuresthatwillinevitablyoccur.
Provideforrapidfaultdetectionorperformancedegradation,
rapidlocationandrapidrepair Minimisefailureduration.
Agoodnetworkdesignwillminimisetheeffectonproduction
wheninevitablefailuresoccur.
Wecanspeakofminimisingthefailurefootprint. Fault frequency Fault
effect Fault duration
9. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 Minimisingthefailurefootprint
Understandandimplementthedesignandinstallationrules.
Improvereliability useofwelltested(certified)andreliable
devices,connectorsandnetworkcomponents.
ForPROFIBUSusethelowestpossiblebitratethatgivesthe
requiredperformance. 1. Makefailureslesslikely
Minimisefailurefrequency.
10. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 Minimisingthefailurefootprint
2. Restricttheeffectsofanyfailuresthatwillinevitablyoccur
Minimisefailureextent. Wellthoughtoutnetworklayoutanddesign.
Thinkaboutusing: Separate networks or different masters
(distributed control), Different segments (segmentation), Dealing
with common cause failures.
11. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 Minimisingthefailurefootprint
3. Provideforrapidfaultdetectionorperformance
degradation,rapidlocationandrapidrepair Minimisefailureduration.
Provide facilities in the design for rapid fault diagnosis and
fault location. Provide in the design for hot device swapping
without reconfiguration. Use designs that allow for a quick fix.
Provide redundancy when appropriate. Needs to be well thought out!
Use standardised, vendor independent solutions rather than being
locked into manufacturer specific solutions.
12. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015
Techniquesforminimisingfaultimpact
Pluggabledevicesthatcanberemoved/replacedwithout
impingingonnetworkoperation.
Appropriatenetworkdesignandsegmentationsothatphysical
layerfaultsallowcriticalplantoperationtocontinueinthe
eventoffailureordevicereplacement.
Layoutforrapidtroubleshootingandfaultisolation.
Useappropriatesolutionsforredundancy. ForPROFIBUSsystemsuse:
connectorsystemsandlayoutsthatdonotbreakthebus
orlooseterminationwhendisconnected.
Terminationsolutionsthatallowdevicestoberemovedor replaced.
13. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 Reliabilityandavailability
Reliabilityisameasureofhowacomponent,assemblyor
systemwillperformitsintendedfunction,withoutfailure,for
therequireddurationwheninstalledandoperatedcorrectlyin
aspecifiedenvironment.
Availabilityisameasureofreliabilityindicatingthefractionof
timeinwhichadeviceorsystemisexpectedtooperate correctly.
Itisimportanttorememberthatreliabilityisastatistical
measure:itwillnotpredictwhenaparticulardevicewillfail,
onlytheexpectedfailureratebasedonaverageperformance
ofabatchoftestdevicesoronpastperformance. 13
14. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 Somedefinitions
MeanTimeBetweenFailures(MTBF)istheexpectedor
averagetimethatadevicewillbefreeoffailure.
TypicalMTBFforawelldesignedandmanufacturedelectronic
devicemightbe10to20years.
MeanTimeToRepair(MTTR),isthetimetakentorepaira faileddevice.
Inanoperationalsystem,MTTRgenerallymeanstimeto
detectthefailure,diagnoseandlocatetheproblemand
replacethefailedpart. 14
15. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 Availability
AvailabilitycanbecalculatedfromMTBFandMTTR: MTTRMTBF MTBF
ty,Availabili A Rememberthatavailabilityisastatisticalmeasureand
representsanaverageprobabilityofbeinginoperation.
Thereislittlepointintryingtobeaccuratewiththesefigures
sinceactualfailuresareunpredictable.
Availabilityistypicallyspecifiedinninesnotation.For
example3ninesavailabilitycorrespondsto99.9%
availability.A5ninesavailabilitycorrespondsto99.999%
availability.
23. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 CommonCauseFailures
Evenwhenwehavewhatappearstobeafullyredundant
system,therewillalwaysbecertainfailuresthatwillcause
bothredundantroutestofailatthesametime.
Examplesofsuchcommoncausefailuresinclude:
Powersupplyfailure,blackout,brownoutetc.
Commonsourceinterference,lightningstrikesetc.
Mechanicalfailure,driveshaftfracture,jammingetc.
Processfailure,pipeburst,blockagesetc. Redundant device Redundant
device Common causefailure Intermsofthereliability
model,anycommoncause failureiseffectivelyinseries
withtheredundantpaths, bypassingtheredundancy.
24. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015
MultipleMaster/ControllerSystems
MultiplePROFIBUSmastersorPROFINETcontrollerswith
automaticdutystandbyswitchingareavailablefromanumber ofsuppliers.
Thesecandrivedifferentnetworkstoprovideredundancy
downtothefieldlevel.However,separatepowersupplyand
networkcableroutingareadvisabletominimisecommon causefailures.
Sometimesdualslavescanbeusedinthefieldwithasimple
wiredORvotingsystemdrivingthefinalactuatoror
connectingtworedundantsensors.
However,moreoftenwefindsuchredundantcontrollersare
usingthesamefielddevicesandactuators.
25. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 RedundancysolutionsforPROFIBUS
SolutionsforredundantPROFIBUScablingareavailablefrom
manymanufacturers: SiemensYLink PROCENTECProfiHubs ABBRedundancy
LinkModule MoorHawke RedundancyforPA COMbricksmodules
26. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 Slavewith integrated
redundancy Y Slave4 Slave 3A Slave 3B Mechanically combinedoutputs
Redundant slaves WiredOR outputs Slave 2A Slave 2B Y Redundant
masters Master B Y RedundancysolutionsforPROFIBUS
Properlydesignedredundant solutionscanproviderobustness
againstawideselectionoffaults andconditions. 26 Master A
Redundantcables PSUA PSUB Redundant power supplies Y Slave 1
Redundant linksorhubs Y
27. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 PROFINETsystemlayout
PROFINETsystemscanbelaidoutinanumberofways: 27
Starandtreetopologies usingswitches:
Linetopologyusingtwoportdevices: Oracombinationofboth.
Switches
28. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 PROFINETsystemlayout
Thereisaclearadvantageofthestartopologyintermsof
systemavailabilityinthatanydevicecanbereplacedwithout
affectingtheotherdevices.
However,thesystemcostwillbesignificantlygreaterbecause
ofthenumberofswitchesrequired.
Thelinetopologyismuchlowercost,becauseseparate
switchesarenotrequired.
Butremovalorreplacementofanydevicewillcauseall
downstreamdevicestofail. 28
29. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 PROFINETandRedundancy
OneofthebigadvantagesofPROFINETisthatitincorporates
aspecificationformediaredundancy. Thestandardised
MediaRedundancyProtocol(MRP)provides
manufacturerindependentredundancywhichcanbeused overcopperorfibre
cables. PROFINETredundancycanprovide: Controllerredundancy.
Transmissionmediaandswitchredundancy. IOdeviceredundancy.
RedundantPROFINETsystemsarerelativelyeasytoimplement
andcanbeusedacrossdifferentmanufacturers.
30. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 PROFINETredundancysolutions 30
StandardisedMediaRedundancyProtocol(MRP)canbeused
onPROFINETsystemstogivemediaredundancy. IO Controller with MRP IO
Devices with MRP Switch with MRP IO Device without MRP
Butthesystemmuststillbeproperlydesigned,considering
allpossiblefailuresandtheirlikelihood.Commoncause
failuresmustbeproperlydealtwith.
32. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 AutomationIslandsorUnits
TheconceptofdividingtheplantintoAutomationIslandsor
AutomationUnitsiswellestablished.
Eachautomationunitisconsideredasbeingfunctionally
separatedfromtherestoftheplantsoallowingittooperate
(andtobeshutdown)independently.
Agoodnetworkdesignwillfacilitatetheisolationofthese
automationunitsusing: Differentcontrollers;
Differentnetworksorsubnetworks; Segmentation.
Carefulchoiceofvariousarchitecturesforautomationunitsis
akeystageinthedesignprocesswhichcanimpactonthe
overallreliabilityandmaintainabilityofthecontrolsystem. 32
33. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 Whoneedstrainingandwhy?
Peoplewhoareinvolvedwithnetworkinstallation 33
Commissioningandmaintenancepersonnel a)
Needtoknowthewiring/layoutrulesand reasonsforthem. b)
Needtoknowhowtousediagnostictoolsto
identifyfaultsandlocateproblems. c)
Needtobeabletohealthchecksystemsand verifynetworkquality. a)
Needtoknowthewiring/layoutrules andreasonsforthem. b)
Needtobeabletomakeupandtest cables,connectorsanddevices.
34. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 Whoneedstrainingandwhy?
Systemdesignersandpeopleinvolvedinthespecification,
procurementandmanagementofacontrolsystemproject 34
Devicedevelopersanddesigners a) Needtoknowthewiring/layoutrules
andreasonsforthem. b) Needtounderstandtheprotocoland
profilesandwhattheseoffer. a) Needtoknowthewiring/layoutrules
andreasonsforthem. b) Needtounderstandtheimpactofdesign
decisionsonthereliabilityand availabilityoftheplant. c)
Mustbefamiliarwithdrawingand documentationstandards. d)
Needtounderstandthewholelifecycle costsinvolvedinaproject.
35. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 PICertifiedtraining
PICertifiedtrainingcurrentlyincorporatesthefollowing
internationallyaccreditedcourses:
CertifiedPROFIBUSInstallercourse(1day)
CertifiedPROFIBUSEngineercourse(3days)
CertifiedPROFINETInstallercourse(1day)
CertifiedPROFINETEngineercourse(3day)
TheCertifiedInstalleriswidelyacceptedastheminimum
standardforanyoneinvolvedatatechnicallevelwith PROFIBUSorPROFINET.
TheEngineercourseprovidesindepthtreatmentofthe
protocolandprofiles.Usefulfordevelopersandformore
difficultproblems. 35
36. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS
& PROFINET Conference, June 2015 CertifiedSystemDesigncourses
ThisyearwestartedtoruncertifiedPROFIBUSSystemdesign
coursesintheUK.Thesecoursesarecurrentlyaccreditedwithin
theUKbytheUKPROFIBUSGroup.
Theobjectivesandlearningoutcomesforthesecourseshave
beendevelopedbyaninternationalteamofexperiencedtrainers
andconsultantsoveraperiodofthreeyears.
TheUKwaterindustryinparticularhasbeenaskingforthis
certifieddesignertrainingsothattheycanensurethatsub
contractdesigniscarriedoutbysuitablytrainedstaff.
ThecourseshavebeenrunbyVTCandwillsoonalsobeavailable fromMMU.
ThecoursehasbeenacceptedinprinciplebyPIanditisexpected
thatinternationalaccreditationwillbeapprovedwithinafew months.
CertifiedPROFINETsystemdesigncoursesarealsoplanned. 36