EN 61784-3-2:2010

SLOVENSKI STANDARD
01-oktober-2010
1DGRPHãþD
SIST EN 61784-3-2:2008
Industrijska komunikacijska omrežja - Profili - 3-2. del: Funkcijska varnost
procesnih vodil - Dodatne specifikacije za CPF 2 (IEC 61784-3-2:2010)
Industrial communication networks - Profiles - Part 3-2: Functional safety fieldbuses -
Additional specifications for CPF 2 (IEC 61784-3-2:2010)
Industrielle Kommunikationsnetze - Profile - Teil 3-2: Funktional sichere Übertragung bei
Feldbussen - Zusätzliche Festlegungen für die Kommunikationsprofilfamilie 2 (IEC 61784
-3-2:2010)
Réseaux de communication industriels - Partie 3-2: Bus de terrain à sécurité
fonctionnelle - Spécifications complémentaires pour le CPF 2 (CEI 61784-3-2:2010)
Ta slovenski standard je istoveten z: EN 61784-3-2:2010
ICS:
25.040.40 Merjenje in krmiljenje Industrial process
industrijskih postopkov measurement and control
35.100.05 9HþVORMQHXSRUDEQLãNH Multilayer applications
UHãLWYH
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD
EN 61784-3-2
NORME EUROPÉENNE
August 2010
EUROPÄISCHE NORM
ICS 25.040.40; 35.100.05 Supersedes EN 61784-3-2:2008

English version
Industrial communication networks -
Profiles -
Part 3-2: Functional safety fieldbuses -
Additional specifications for CPF 2
(IEC 61784-3-2:2010)
Réseaux de communication industriels -  Industrielle Kommunikationsnetze -
Partie 3-2: Bus de terrain à sécurité Profile -
fonctionnelle - Teil 3-2: Funktional sichere Übertragung
Spécifications complémentaires bei Feldbussen -
pour le CPF 2 Zusätzliche Festlegungen
(CEI 61784-3-2:2010) für die Kommunikationsprofilfamilie 2
(IEC 61784-3-2:2010)
This European Standard was approved by CENELEC on 2010-07-01. CENELEC members are bound to comply
with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard
the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on
application to the Central Secretariat or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CENELEC member into its own language and notified
to the Central Secretariat has the same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus,
the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia,
Spain, Sweden, Switzerland and the United Kingdom.

CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung

Management Centre: Avenue Marnix 17, B - 1000 Brussels

© 2010 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.
Ref. No. EN 61784-3-2:2010 E
Foreword
The text of document 65C/591A/FDIS, future edition 2 of IEC 61784-3-2, prepared by SC 65C, Industrial
networks, of IEC TC 65, Industrial-process measurement, control and automation, was submitted to the
IEC-CENELEC parallel vote and was approved by CENELEC as EN 61784-3-2 on 2010-07-01.
This European Standard supersedes EN 61784-3-2:2008.
The main technical changes with respect to EN 61784-3-2:2008 are listed below:
– updates in relation with changes in EN 61784-3;
– addition or modification of the following subclauses to support the Extended Format:
– 6.3.2.1, 6.3.3.4, 6.3.11, 6.6.7.5, 6.8.5.13, 6.8.5.14, 7.1.1, 7.5.5, 7.6.10.10, 7.6.10.12, 8.2, 8.10.2.4.4,
9.5.2;
– modification of all pseudo code in 7.5 to support Extended Format;
– addition of Attribute 15 in 6.7.3.1;
– addition of subclauses 8.11, 8.12 and 8.13 to clarify requirements for CP 2/2, CP 2/3 and CP 16/3
respectively.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN and CENELEC shall not be held responsible for identifying any or all such patent
rights.
The following dates were fixed:
– latest date by which the EN has to be implemented
at national level by publication of an identical
(dop) 2011-04-01
national standard or by endorsement
– latest date by which the national standards conflicting
(dow) 2013-07-01
with the EN have to be withdrawn
Annex ZA has been added by CENELEC.
__________
- 3 - EN 61784-3-2:2010
Endorsement notice
The text of the International Standard IEC 61784-3-2:2010 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards indicated:
IEC 60204-1 NOTE  Harmonized as EN 60204-1.
IEC 61158 series NOTE  Harmonized in EN 61158 series (not modified).
IEC 61496 series NOTE  Harmonized in EN 61496 series (partially modified).
IEC 61508-1:2010 NOTE  Harmonized as EN 61508-1:2010 (not modified).
IEC 61508-4:2010 NOTE  Harmonized as EN 61508-4:2010 (not modified).
IEC 61508-5:2010 NOTE  Harmonized as EN 61508-5:2010 (not modified).
IEC 61508-6:2010 NOTE  Harmonized as EN 61508-6:2010 (not modified).
IEC 61511 series NOTE  Harmonized in EN 61511 series (not modified).
IEC 61784-5 series NOTE  Harmonized in EN 61784-5 series (not modified).
IEC 61800-5-2 NOTE  Harmonized as EN 61800-5-2.
IEC 62061 NOTE  Harmonized as EN 62061.
ISO 10218-1 NOTE  Harmonized as EN ISO 10218-1.
ISO 12100-1 NOTE  Harmonized as EN ISO 12100-1.
ISO 13849-2 NOTE  Harmonized as EN ISO 13849-2.
__________
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications

The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.

NOTE  When an international publication has been modified by common modifications, indicated by (mod), the relevant EN/HD
applies.
Publication Year Title EN/HD Year

IEC 61131-2 - Programmable controllers - EN 61131-2 -
Part 2: Equipment requirements and tests

IEC 61131-3 - Programmable controllers - EN 61131-3 -
Part 3: Programming languages
IEC 61158-2 - Industrial communication networks - Fieldbus EN 61158-2 -
specifications -
Part 2: Physical layer specification and service
definition
IEC 61158-3-2 - Industrial communication networks - Fieldbus EN 61158-3-2 -
specifications -
Part 3-2: Data-link layer service definition -
Type 2 elements
IEC 61158-4-2 - Industrial communication networks - Fieldbus EN 61158-4-2 -
specifications -
Part 4-2: Data-link layer protocol specification
- Type 2 elements
IEC 61158-5-2 - Industrial communication networks - Fieldbus EN 61158-5-2 -
specifications -
Part 5-2: Application layer service definition -
Type 2 elements
IEC 61158-6-2 - Industrial communication networks - Fieldbus EN 61158-6-2 -
specifications -
Part 6-2: Application layer protocol
specification - Type 2 elements

IEC 61326-3-1 - Electrical equipment for measurement, EN 61326-3-1 -
control and laboratory use -
EMC requirements -
Part 3-1: Immunity requirements for safety-
related systems and for equipment intended to
perform safety-related functions (functional
safety) - General industrial applications

IEC 61326-3-2 - Electrical equipment for measurement, EN 61326-3-2 -
control and laboratory use –
EMC requirements -
Part 3-2: Immunity requirements for safety-
related systems and for equipment intended to
perform safety-related functions (functional
safety) - Industrial applications with specified
electromagnetic environment
- 5 - EN 61784-3-2:2010
Publication Year Title EN/HD Year

IEC 61508 Series Functional safety of EN 61508-1 Series
electrical/electronic/programmable electronic
safety-related systems
IEC 61784-1 - Industrial communication networks - Profiles - EN 61784-1 -
Part 1: Fieldbus profiles
IEC 61784-2 - Industrial communication networks - Profiles - EN 61784-2 -
Part 2: Additional fieldbus profiles for real-time
networks based on ISO/IEC 8802-3

IEC 61784-3 2010 Industrial communication networks - Profiles - EN 61784-3 2010
Part 3: Functional safety fieldbuses - General
rules and profile definitions
IEC 61784-5-2 - Industrial communication networks - Profiles - EN 61784-5-2 -
Part 5-2: Installation of fieldbuses - Installation
profiles for CPF 2
IEC 61918 - Industrial communication networks - EN 61918 -
Installation of communication networks in
industrial premises
IEC 62026-3 - Low-voltage switchgear and controlgear - EN 62026-3 -
Controller-device interfaces (CDIs) -
Part 3: DeviceNet
ISO 13849-1 - Safety of machinery - Safety-related parts of EN ISO 13849-1 -
control systems -
Part 1: General principles for design

ISO 15745-2 2003 Industrial automation systems and - -
integration - Open systems application
integration framework -
Part 2: Reference description for ISO 11898-
based control systems
ISO 15745-3 2003 Industrial automation systems and - -
integration - Open systems application
integration framework -
Part 3: Reference description for IEC 61158
based control systems
ISO 15745-4 2003 Industrial automation systems and - -
integration - Open systems application
integration framework -
Part 4: Reference description for Ethernet-
based control systems
IEC 61784-3-2 ®
Edition 2.0 2010-06
INTERNATIONAL
STANDARD
colour
inside
Industrial communication networks – Profiles –
Part 3-2: Functional safety fieldbuses – Additional specifications for CPF 2

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
PRICE CODE
XL
ICS 25.040.40; 35.100.05 ISBN 978-2-88910-977-7
– 2 – 61784-3-2 © IEC:2010(E)
CONTENTS
FOREWORD.12
0 Introduction .14
0.1 General .14
0.2 Patent declaration .16
1 Scope.17
2 Normative references .17
3 Terms, definitions, symbols, abbreviated terms and conventions .18
3.1 Terms and definitions .18
3.1.1 Common terms and definitions .19
3.1.2 CPF 2: Additional terms and definitions .23
3.2 Symbols and abbreviated terms.23
3.2.1 Common symbols and abbreviated terms .23
3.2.2 CPF 2: Additional symbols and abbreviated terms .24
3.3 Conventions .25
4 Overview of FSCP 2/1 (CIP Safety™).25
4.1 General .25
4.2 FSCP 2/1 .25
5 General .26
5.1 External documents providing specifications for the profile.26
5.2 Safety functional requirements .27
5.3 Safety measures .27
5.4 Safety communication layer structure .28
5.5 Relationships with FAL (and DLL, PhL) .28
5.5.1 General .28
5.5.2 Data types .28
6 Safety communication layer services .29
6.1 Introduction .29
6.2 Connection object .29
6.2.1 General .29
6.2.2 Class attribute extensions .29
6.2.3 Service extensions .30
6.2.4 Explicit message response format for SafetyOpen and SafetyClose .30
6.3 Connection Manager object .31
6.3.1 General .31
6.3.2 ForwardOpen for safety .31
6.3.3 Safety network segment .33
6.3.4 Originator rules for calculating the connection parameter CRC .36
6.3.5 SafetyOpen processing flowcharts.36
6.3.6 Checks required by Multipoint producers with existing connections .39
6.3.7 Electronic key usage for safety.40
6.3.8 RPI vs. API in safety connections .40
6.3.9 Application path construction for safety .40
6.3.10 Safety Validator connection types.41
6.3.11 Application reply data in a successful SafetyOpen response.43
6.3.12 Unsuccessful SafetyOpen response .45
6.3.13 ForwardClose for safety.47

61784-3-2 © IEC:2010(E) – 3 –
6.4 Identity object.48
6.4.1 General .48
6.4.2 Changes to common services .48
6.5 Link objects .48
6.5.1 DeviceNet object changes .48
6.5.2 TCP/IP Interface object changes .49
6.6 Safety Supervisor object.49
6.6.1 General .49
6.6.2 Safety Supervisor class attributes.50
6.6.3 Subclasses.50
6.6.4 Safety Supervisor instance attributes.50
6.6.5 Semantics .53
6.6.6 Subclasses.60
6.6.7 Safety Supervisor common services .60
6.6.8 Safety Supervisor behavior.71
6.7 Safety Validator object .78
6.7.1 General .78
6.7.2 Class attributes .78
6.7.3 Instance attributes .79
6.7.4 Class services .84
6.7.5 Instance services.85
6.7.6 Object behavior .85
6.8 Connection Configuration Object .88
6.8.1 General .88
6.8.2 Class attribute extensions .88
6.8.3 Instance attributes, additions and extensions. .88
6.8.4 Instance attribute semantics extensions or restrictions for safety.90
6.8.5 Special Safety Related Parameters – (Attribute 13) .95
6.8.6 Object-specific services.101
6.8.7 Common service extensions for safety. 101
6.8.8 Object behavior .103
7 Safety communication layer protocol .104
7.1 Safety PDU format .104
7.1.1 Safety PDU encoding .104
7.1.2 Safety CRC .116
7.2 Communication protocol behavior.117
7.2.1 Sequence of safety checks .117
7.2.2 Connection termination. 117
7.2.3 Cross checking error .117
7.3 Time stamp operation.118
7.4 Protocol sequence diagrams .119
7.4.1 General .119
7.4.2 Normal safety transmission.119
7.4.3 Lost, corrupted and delayed message transmission. 120
7.4.4 Lost, corrupted or delayed message transmission with production
repeated.122
7.4.5 Point-to-point ping .124
7.4.6 Multipoint ping on CP 2/3 Safety.125
7.4.7 Multipoint ping on CP 2/2 safety networks .127

– 4 – 61784-3-2 © IEC:2010(E)
7.4.8 Multipoint ping – retry with success .127
7.4.9 Multipoint ping – retry with timeout .128
7.5 Safety protocol definition .129
7.5.1 General .129
7.5.2 High level view of a safety device .129
7.5.3 Safety Validator object .130
7.5.4 Relationship between SafetyValidatorServer and
SafetyValidatorClient .130
7.5.5 Extended Format time stamp rollover handling .131
7.5.6 SafetyValidatorClient function definition . 135
7.5.7 SafetyValidatorServer function definition . 143
7.6 Safety message and protocol data specifications. 156
7.6.1 Mode octet .156
7.6.2 Time Stamp Section .157
7.6.3 Time Coordination Message .157
7.6.4 Time correction message.158
7.6.5 Safety data production.158
7.6.6 Producer dynamic variables.166
7.6.7 Producer per consumer dynamic variables . 168
7.6.8 Consumer data variables .169
7.6.9 Consumer input static variables. 171
7.6.10 Consumer dynamic variables .172
8 Safety communication layer management.174
8.1 Overview .174
8.2 Definition of the measures used during connection establishment . 174
8.3 Originator-Target relationship validation . 178
8.4 Detection of mis-routed connection requests .179
8.5 SafetyOpen processing .179
8.6 Ownership management.179
8.7 Bridging different physical layers.180
8.8 Safety connection establishment .182
8.8.1 Overview .182
8.8.2 Basic facts for connection establishment . 182
8.8.3 Configuring safety connections.182
8.8.4 Network time expectation multiplier . 184
8.8.5 Establishing connections .185
8.8.6 Recommendations for consumer number allocation . 188
8.8.7 Recommendations for connection establishment . 189
8.8.8 Ownership establishment.189
8.8.9 Ownership use cases .190
8.8.10 PID/CID usage and establishment .193
8.8.11 Proper PID/CID usage in multipoint and point-to-point connections .193
8.8.12 Network supported services.195
8.8.13 FSCP 2/1 safety device type.196
8.9 Safety configuration process .200
8.9.1 Introduction to safety configuration . 200
8.9.2 Configuration goals .200
8.9.3 Configuration overview .201
8.9.4 User configuration guidelines . 202

61784-3-2 © IEC:2010(E) – 5 –
8.9.5 Configuration process SIL3 justification .203
8.9.6 Device functions for tool configuration .204
8.9.7 Password security .204
8.9.8 SNCT interface services .204
8.9.9 Configuration lock.204
8.9.10 Effect of configuration lock on device behavior . 205
8.9.11 Configuration ownership .206
8.9.12 Configuration mode .206
8.9.13 Measures used to ensure integrity of configuration process .206
8.9.14 Download process .208
8.9.15 Verification process .211
8.9.16 Verification process .214
8.9.17 Configuration error analysis.215
8.10 Electronic Data Sheets extensions for safety.218
8.10.1 General rules for EDS based safety devices . 218
8.10.2 EDS extensions for safety .219
8.11 Requirements for CP 2/2 .223
8.11.1 EPI rules for safety messages that travel over CP 2/2 .223
8.11.2 Default safety I/O service .223
8.11.3 Duplicate IP detection.224
8.11.4 Priority for safety connections .224
8.12 Requirements for CP 2/3 .224
8.12.1 Allocation of CP 2/3 identifiers.224
8.12.2 Additional requirements .227
8.13 CP 16/3 requirements.227
8.13.1 Transport layer requirements.227
8.13.2 Multicast connections .227
8.13.3 CIP Safety and the CP 16/3 device model .227
8.13.4 UNID assignment on CP 16/3 .228
9 System requirements.230
9.1 Indicators and switches .230
9.1.1 General indicator requirements.230
9.1.2 LED indications for setting the device UNID.230
9.1.3 Module Status LED.230
9.1.4 Indicator warning .231
9.1.5 Network Status LED .231
9.1.6 Switches.232
9.2 Installation guidelines.235
9.3 Safety function response time .235
9.3.1 Overview .235
9.3.2 Network time expectation .235
9.3.3 Equations for calculating network reaction times . 236
9.4 Duration of demands .238
9.5 Constraints for calculation of system characteristics. 238
9.5.1 Number of nodes .238
9.5.2 Network PFH .238
9.5.3 Bit Error Rate (BER) .241
9.6 Maintenance.242
9.7 Safety manual .242

– 6 – 61784-3-2 © IEC:2010(E)
10 Assessment.242
Annex A (informative) Additional information for functional safety communication
profiles of CPF 2.243
A.1 Hash function example code.243
A.2 … .257
Annex B (informative) Information for assessment of the functional safety
communication profiles of CPF 2 .258
Bibliography.259

Table 1 – Communications errors and detection measures matrix.27
Table 2 – New class attributes .29
Table 3 – Service extensions .30
Table 4 – SafetyOpen and SafetyClose response format .30
Table 5 – Safety network segment identifier.33
Table 6 – Safety network segment definition .33
Table 7 – Safety network segment router format .35
Table 8 – Safety Network Segment Extended Format .35
Table 9 – Multipoint producer parameter evaluation rules .40
Table 10 – ForwardOpen setting options for safety connections.42
Table 11 – Network connection parameters for safety connections .43
Table 12 – CP 2/3 Safety target application reply (size: 10 octets).44
Table 13 – EF CP 2/3 Safety target application reply (size: 14 octets) .44
Table 14 – SafetyOpen target application reply (size: 18 octets) .45
Table 15 – EF SafetyOpen target application reply (size: 22 octets).45
Table 16 – New and extended error codes for safety .46
Table 17 – SafetyOpen error event guidance table.46
Table 18 – Identity object common service changes .48
Table 19 – New DeviceNet object instance attribute .48
Table 20 – New TCP/IP Interface object Instance Attribute .49
Table 21 – Safety Supervisor class attributes .50
Table 22 – Safety Supervisor instance attributes .50
Table 23 – Device status attribute state values .54
Table 24 – Exception status attribute format .55
Table 25 – Common exception detail attribute values .56
Table 26 – Exception detail format summary.57
Table 27 – Summary of device behavior for various CFUNID values .59
Table 28 – Safety Supervisor common services .61
Table 29 – Safety Supervisor object specific services .61
Table 30 – Configure_Request message structure .63
Table 31 – Validate_Configuration message structure.63
Table 32 – Validate_Configuration success message structure .63
Table 33 – Validate_Configuration error code .64
Table 34 – Validate_Configuration extended codes.64

61784-3-2 © IEC:2010(E) – 7 –
Table 35 – Set_Password message structure.66
Table 36 – Reset_Password message structure.66
Table 37 – Configuration_Lock/Unlock message structure .67
Table 38 – Mode_Change message structure .67
Table 39 – Safety_Reset message structure .67
Table 40 – Safety Supervisor safety reset types .68
Table 41 – Attribute bit map parameter .68
Table 42 – Reset processing rules for rest types.68
Table 43 – Propose_TUNID service .69
Table 44 – Apply_TUNID service .70
Table 45 – Safety Supervisor events.72
Table 46 – State event matrix for Safety Supervisor.73
Table 47 – Configuration owner control vs. device state.76
Table 48 – State mapping of Safety Supervisor to Identity object .77
Table 49 – Safety Supervisor object event mapping.77
Table 50 – Identity object event mapping .78
Table 51 – Safety Validator class attributes .79
Table 52 – Safety Validator instance attributes .79
Table 53 – Safety Validator state assignments.81
Table 54 – Safety Validator type, bit field assignments .82
Table 55 – Multipoint producer SafetyOpen parameter evaluation rules .83
Table 56 – Safety Validator class services .84
Table 57 – Safety Validator instance services.85
Table 58 – Safety Validator Get_Attributes_All service data.85
Table 59 – Safety Validator state event matrix .87
Table 60 – State mapping between Safety Supervisor and Safety Validator objects .87
Table 61 – Connection configuration object class attribute extensions .88
Table 62 – Connection Configuration Object instance attribute additions/extensions.88
Table 63 – Connection flag bit definitions.90
Table 64 – O-to-T connection parameters .92
Table 65 – T-to-O connection parameters .93
Table 66 – Data map formats.94
Table 67 – Data map format 0.95
Table 68 – Data map format 1.95
Table 69 – Target device’s SCCRC values.97
Table 70 – Target device’s SCTS values.98
Table 71 – Time correction connection parameters for multipoint connection .98
Table 72 – Format Type attribute meaning.99
Table 73 – Format Status attribute meaning.100
Table 74 – Connection Configuration Object-specific services . 101
Table 75 – Get_Attributes_All Response service data (added attributes ) . 101
Table 76 – Get_Attributes_All Response service data (added parameters ) . 102
Table 77 – Set_Attributes_All Request service data (added attributes) . 102

– 8 – 61784-3-2 © IEC:2010(E)
Table 78 – Set_Attributes_All Response service data (added parameters ). 103
Table 79 – State Mapping between Safety Supervisor and the CCO objects .103
Table 80 – Connection sections and PDU formats.105
Table 81 – Mode octet variables .106
Table 82 – Time Stamp variables.109
Table 83 – Time Coordination message variables .110
Table 84 – Time Correction Message variables.112
Table 85 – CRC polynomials used .116
Table 86 – Connection sections and message formats. 117
Table 87 – Data reception - Link triggered .146
Table 88 – Time_Correction reception - Link triggered . 146
Table 89 – Data reception - Application triggered. 146
Table 90 – Time_Correction reception - Application triggered .147
Table 91 – Consuming application – Safety data monitoring .147
Table 92 – Producer connection status determination . 159
Table 93 – Consuming safety connection status .170
Table 94 – Connection establishment errors and measures to detect error
...