IEC 61784-3-2:2021
(Main)Industrial communication networks - Profiles - Part 3-2: Functional safety fieldbuses - Additional specifications for CPF 2
Industrial communication networks - Profiles - Part 3-2: Functional safety fieldbuses - Additional specifications for CPF 2
IEC 61784-3-2:2021 specifies a safety communication layer (services and protocol) based on CPF 2 of IEC 61784 1, IEC 61784 2 and IEC 61158 Type 2. It identifies the principles for functional safety communications defined in IEC 61784 3 that are relevant for this safety communication layer. This safety communication layer is intended for implementation in safety devices only.
NOTE 1 It does not cover electrical safety and intrinsic safety aspects. Electrical safety relates to hazards such as electrical shock. Intrinsic safety relates to hazards associated with potentially explosive atmospheres.
This document defines mechanisms for the transmission of safety-relevant messages among participants within a distributed network using fieldbus technology in accordance with the requirements of IEC 61508 (all parts) for functional safety. These mechanisms may be used in various industrial applications such as process control, manufacturing automation and machinery. This document provides guidelines for both developers and assessors of compliant devices and systems.
Réseaux de communication industriels - Profils - Partie 3-2: Bus de terrain de sécurité fonctionnelle - Spécifications supplémentaires pour CPF 2
L'IEC 61784-3-2:2021 spécifie une couche de communication de sécurité (services et protocole) qui repose sur la CPF 2 de l'IEC 61784 1, l'IEC 61784 2 et l'IEC 61158, Type 2. Elle identifie les principes applicables aux communications de sécurité fonctionnelle définies dans l'IEC 61784 3, qui correspondent à cette couche de communication de sécurité. Cette couche de communication de sécurité est destinée à être mise en œuvre uniquement sur les appareils de sécurité.
NOTE 1 Elle ne couvre pas les aspects relatifs à la sécurité électrique et à la sécurité intrinsèque. La sécurité électrique concerne les dangers tels que les chocs électriques. La sécurité intrinsèque concerne les dangers associés aux atmosphères explosibles.
Le présent document définit les mécanismes de transmission des messages relatifs à la sécurité entre les participants d'un réseau réparti, en utilisant la technologie de bus de terrain conformément aux exigences de la série IEC 61508 (toutes les parties) concernant la sécurité fonctionnelle. Ces mécanismes peuvent être utilisés dans différentes applications industrielles, par exemple la commande de processus, l'usinage automatique et les machines. Le présent document fournit des lignes directrices aux développeurs, ainsi qu'aux évaluateurs d'appareils et de systèmes conformes.
General Information
Relations
Standards Content (Sample)
IEC 61784-3-2 ®
Edition 4.0 2021-05
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Industrial communication networks – Profiles –
Part 3-2: Functional safety fieldbuses – Additional specifications for CPF 2
Réseaux de communication industriels – Profils –
Partie 3-2: Bus de terrain de sécurité fonctionnelle – Spécifications
supplémentaires pour CPF 2
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.
Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des
questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.
IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.
IEC publications search - webstore.iec.ch/advsearchform IEC online collection - oc.iec.ch
The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the
variety of criteria (reference number, text, technical publications previews. With a subscription you will always
committee, …). It also gives information on projects, replaced have access to up to date content tailored to your needs.
and withdrawn publications.
Electropedia - www.electropedia.org
IEC Just Published - webstore.iec.ch/justpublished
The world's leading online dictionary on electrotechnology,
Stay up to date on all new IEC publications. Just Published
containing more than 22 000 terminological entries in English
details all new publications released. Available online and
and French, with equivalent terms in 18 additional languages.
once a month by email.
Also known as the International Electrotechnical Vocabulary
(IEV) online.
IEC Customer Service Centre - webstore.iec.ch/csc
If you wish to give us your feedback on this publication or
need further assistance, please contact the Customer Service
Centre: sales@iec.ch.
A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.
A propos des publications IEC
Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.
Recherche de publications IEC - IEC online collection - oc.iec.ch
webstore.iec.ch/advsearchform Découvrez notre puissant moteur de recherche et consultez
La recherche avancée permet de trouver des publications IEC gratuitement tous les aperçus des publications. Avec un
en utilisant différents critères (numéro de référence, texte, abonnement, vous aurez toujours accès à un contenu à jour
comité d’études, …). Elle donne aussi des informations sur adapté à vos besoins.
les projets et les publications remplacées ou retirées.
Electropedia - www.electropedia.org
IEC Just Published - webstore.iec.ch/justpublished
Le premier dictionnaire d'électrotechnologie en ligne au
Restez informé sur les nouvelles publications IEC. Just
monde, avec plus de 22 000 articles terminologiques en
Published détaille les nouvelles publications parues.
anglais et en français, ainsi que les termes équivalents dans
Disponible en ligne et une fois par mois par email.
16 langues additionnelles. Egalement appelé Vocabulaire
Electrotechnique International (IEV) en ligne.
Service Clients - webstore.iec.ch/csc
Si vous désirez nous donner des commentaires sur cette
publication ou si vous avez des questions contactez-nous:
sales@iec.ch.
IEC 61784-3-2 ®
Edition 4.0 2021-05
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Industrial communication networks – Profiles –
Part 3-2: Functional safety fieldbuses – Additional specifications for CPF 2
Réseaux de communication industriels – Profils –
Partie 3-2: Bus de terrain de sécurité fonctionnelle – Spécifications
supplémentaires pour CPF 2
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 25.040.40; 35.100.05 ISBN 978-2-8322-9747-6
– 2 – IEC 61784-3-2:2021 IEC 2021
CONTENTS
FOREWORD . 12
0 Introduction . 14
0.1 General . 14
0.2 Patent declaration . 15
1 Scope . 17
2 Normative references . 17
3 Terms, definitions, symbols, abbreviated terms and conventions . 19
3.1 Terms and definitions . 19
3.1.1 Common terms and definitions . 19
3.1.2 CPF 2: Additional terms and definitions . 24
3.2 Symbols and abbreviated terms . 25
3.2.1 Common symbols and abbreviated terms . 25
3.2.2 CPF 2: Additional symbols and abbreviated terms . 26
3.3 Conventions . 27
4 Overview of FSCP 2/1 (CIP Safety™) . 27
4.1 General . 27
4.2 FSCP 2/1 . 27
5 General . 28
5.1 External documents providing specifications for the profile . 28
5.2 Safety functional requirements . 29
5.3 Safety measures . 29
5.4 Safety communication layer structure . 30
5.5 Relationships with FAL (and DLL, PhL) . 30
5.5.1 General . 30
5.5.2 Data types . 30
6 Safety communication layer services . 31
6.1 General . 31
6.2 Connection object . 31
6.2.1 General . 31
6.2.2 Class attribute extensions . 31
6.2.3 Service extensions . 32
6.2.4 Explicit message response format for SafetyOpen and SafetyClose . 32
6.3 Connection Manager object. 33
6.3.1 General . 33
6.3.2 ForwardOpen for safety . 33
6.3.3 Safety network segment . 35
6.3.4 Originator rules for calculating the connection parameter CRC . 38
6.3.5 SafetyOpen processing flowcharts . 38
6.3.6 Checks required by Multipoint producers with existing connections . 41
6.3.7 Electronic key usage for safety . 42
6.3.8 RPI vs. API in safety connections . 42
6.3.9 Application path construction rules for safety connections . 42
6.3.10 Safety Validator connection types . 44
6.3.11 Application reply data in a successful SafetyOpen response . 48
6.3.12 Unsuccessful SafetyOpen response . 50
6.3.13 ForwardClose for safety . 52
6.4 Identity object . 52
6.4.1 General . 52
6.4.2 Changes to common services . 53
6.4.3 Extensions for CP 16/3 devices . 53
6.5 Link objects . 53
6.5.1 DeviceNet object changes . 53
6.5.2 TCP/IP Interface object changes. 54
6.5.3 SERCOS III Link object. 54
6.6 Safety Supervisor object . 56
6.6.1 General . 56
6.6.2 Safety Supervisor class attributes . 56
6.6.3 Subclasses . 57
6.6.4 Safety Supervisor instance attributes . 57
6.6.5 Semantics. 61
6.6.6 Subclasses . 67
6.6.7 Safety Supervisor common services . 68
6.6.8 Safety Supervisor behavior . 80
6.7 Safety Validator object . 87
6.7.1 General . 87
6.7.2 Class attributes . 87
6.7.3 Instance attributes . 88
6.7.4 Class services . 94
6.7.5 Instance services . 94
6.7.6 Object behavior . 95
6.8 Connection Configuration Object . 98
6.8.1 General . 98
6.8.2 Class attribute extensions . 98
6.8.3 Instance attributes, additions and extensions. . 98
6.8.4 Instance attribute semantics extensions or restrictions for safety . 101
6.8.5 Special Safety Related Parameters – (Attribute 13) . 106
6.8.6 Object-specific services . 112
6.8.7 Common service extensions for safety . 112
6.8.8 Object behavior . 114
7 Safety communication layer protocol . 115
7.1 Safety PDU format . 115
7.1.1 Safety PDU encoding . 115
7.1.2 Safety CRC . 127
7.2 Communication protocol behavior . 128
7.2.1 Sequence of safety checks . 128
7.2.2 Connection termination . 128
7.2.3 Cross checking error. 129
7.3 Time stamp operation . 129
7.4 Rollover counts in the EF . 130
7.5 Protocol sequence diagrams . 130
7.5.1 General . 130
7.5.2 Normal safety transmission . 130
7.5.3 Lost, corrupted and delayed message transmission . 132
7.5.4 Lost, corrupted or delayed message transmission with production
repeated . 134
– 4 – IEC 61784-3-2:2021 IEC 2021
7.5.5 Point-to-point ping . 136
7.5.6 Multipoint ping on CP 2/3 Safety . 137
7.5.7 Multipoint ping on CP 2/2 safety networks . 139
7.5.8 Multipoint ping – retry with success . 139
7.5.9 Multipoint ping – retry with timeout . 140
7.6 Safety protocol definition . 141
7.6.1 General . 141
7.6.2 High level view of a safety device . 141
7.6.3 Safety Validator object . 142
7.6.4 Relationship between SafetyValidatorServer and SafetyValidatorClient . 142
7.6.5 Extended Format time stamp rollover handling . 143
7.6.6 SafetyValidatorClient function definition . 149
7.6.7 SafetyValidatorServer function definition . 157
7.7 Safety message and protocol data specifications . 170
7.7.1 Mode octet . 170
7.7.2 Time Stamp Section . 171
7.7.3 Time Coordination Message . 171
7.7.4 Time correction message . 172
7.7.5 Safety data production . 172
7.7.6 Producer dynamic variables . 180
7.7.7 Producer per consumer dynamic variables . 182
7.7.8 Consumer data variables . 183
7.7.9 Consumer input static variables . 185
7.7.10 Consumer dynamic variables . 186
8 Safety communication layer management . 188
8.1 Overview. 188
8.2 Definition of the measures used during connection establishment . 188
8.3 Originator-Target relationship validation. 192
8.4 Detection of mis-routed connection requests . 193
8.5 SafetyOpen processing . 193
8.6 Ownership management . 193
8.7 Bridging different physical layers . 194
8.8 Safety connection establishment . 196
8.8.1 Overview . 196
8.8.2 Basic facts for connection establishment . 196
8.8.3 Configuring safety connections . 197
8.8.4 Network time expectation multiplier . 198
8.8.5 Establishing connections . 200
8.8.6 Recommendations for consumer number allocation . 203
8.8.7 Recommendations for connection establishment . 203
8.8.8 Ownership establishment . 204
8.8.9 Ownership use cases . 204
8.8.10 PID/CID usage and establishment . 207
8.8.11 Proper PID/CID usage in multipoint and point-to-point connections . 208
8.8.12 Network supported services . 210
8.8.13 FSCP 2/1 safety device type . 211
8.9 Safety configuration process . 215
8.9.1 Introduction to safety configuration . 215
8.9.2 Configuration goals . 215
8.9.3 Configuration overview . 216
8.9.4 User configuration guidelines . 217
8.9.5 Configuration process justification . 218
8.9.6 Device functions for tool configuration . 219
8.9.7 Password security . 219
8.9.8 SNCT interface services . 219
8.9.9 Configuration lock . 220
8.9.10 Effect of configuration lock on device behavior . 220
8.9.11 Configuration ownership . 222
8.9.12 Configuration mode . 222
8.9.13 Measures used to ensure integrity of configuration process . 222
8.9.14 Download process . 224
8.9.15 Verification process . 227
8.9.16 Configuration error analysis . 230
8.10 Electronic Data Sheets extensions for safety . 234
8.10.1 General rules for EDS based safety devices . 234
8.10.2 EDS extensions for safety . 235
8.11 Requirements for CP 2/2 . 240
8.11.1 EPI rules for safety messages that travel over CP 2/2 . 240
8.11.2 Default safety I/O service . 240
8.11.3 Duplicate IP detection . 241
8.11.4 Priority for safety connections . 241
8.12 Requirements for CP 2/3 . 241
8.12.1 Allocation of CP 2/3 identifiers . 241
8.12.2 Additional requirements . 244
8.13 CP 16/3 requirements . 244
8.13.1 General architecture for CPF 2 on CP 16/3 . 244
8.13.2 Baseline FSCP 2/1 on CP 16/3 device . 244
8.13.3 Supported objects and services in CP 16/3 devices . 245
8.13.4 Transport layer requirements . 246
8.13.5 FSCP 2/1 and the CP 16/3 device model . 248
8.13.6 UNID assignment on CP 16/3 . 249
9 System requirements . 252
9.1 Indicators and switches . 252
9.1.1 General indicator requirements . 252
9.1.2 LED indications for setting the device UNID . 252
9.1.3 Module Status LED . 252
9.1.4 Indicator warning . 253
9.1.5 Network Status LED . 253
9.1.6 Switches . 254
9.2 Installation guidelines . 256
9.3 Safety function response time . 257
9.3.1 Overview . 257
9.3.2 Network time expectation . 257
9.3.3 Equations for calculating network reaction times . 258
9.4 Duration of demands . 260
9.5 Constraints for calculation of system characteristics . 260
9.5.1 Number of nodes . 260
9.5.2 Network PFH of Extended Format . 260
– 6 – IEC 61784-3-2:2021 IEC 2021
9.5.3 Bit Error Rate (BER) . 261
9.6 Maintenance . 262
9.7 Safety manual . 262
10 Assessment . 262
Annex A (informative) Additional information for functional safety communication
profiles of CPF 2 . 263
A.1 Hash function example code . 263
A.2 Void . 277
Annex B (informative) Information for assessment of the functional safety
communication profiles of CPF 2. 278
Bibliography . 279
Figure 1 – Relationships of IEC 61784-3 with other standards (machinery) . 14
Figure 2 – Relationships of IEC 61784-3 with other standards (process) . 15
Figure 3 – Relationship of Safety Validators. 28
Figure 4 – Communication layers . 30
Figure 5 – ForwardOpen with safety network segment . 34
Figure 6 – Safety network target format . 36
Figure 7 – Target Processing SafetyOpen with no configuration data (Type 2
SafetyOpen) . 39
Figure 8 – Target Processing for SafetyOpen with configuration data (Type 1
SafetyOpen) . 40
Figure 9 – Originator logic to determine which format to use . 41
Figure 10 – Applying device configuration . 72
Figure 11 – Configure and Validate processing flowcharts . 73
Figure 12 – UNID handling during "Waiting for TUNID" . 79
Figure 13 – Safety Supervisor state diagram . 81
Figure 14 – Configuration, testing and locked relationships . 85
Figure 15 – Safety connection types . 92
Figure 16 – Safety Validator state transition diagram . 96
Figure 17 – Logic for Auto-detecting format type . 111
Figure 18 – Connection Configuration Object state diagram . 114
Figure 19 – Connection Configuration Object data flow . 115
Figure 20 – Format of the mode octet . 117
Figure 21 – 1 or 2 octet data section, Base Format . 117
Figure 22 – 1 or 2 octet data section, Extended Format . 118
Figure 23 – 3 to 250 octet data section format, Base Format . 118
Figure 24 – 3 to 250 octet data section format, Extended Format . 119
Figure 25 – Time Stamp section format, Base Format . 120
Figure 26 – BF Time Coordination message encoding . 121
Figure 27 – EF Time Coordination message encoding . 121
Figure 28 – BF Time Correction message encoding . 122
Figure 29 – EF Time Correction message encoding . 122
Figure 30 – 1 or 2 octet point-to-point PDU encoding . 124
Figure 31 – 1 or 2 Octet multipoint PDU encoding . 124
Figure 32 – 1 or 2 Octet, multipoint, Format 2 safety connection format . 125
Figure 33 – 3 to 250 Octet Point-to-point PDU encoding . 125
Figure 34 – 3 to 248 Octet Multipoint PDU encoding . 126
Figure 35 – 3 to 248 Octet, Multipoint, safety connection format . 126
Figure 36 – CRC Calculation order for Extended Format messages . 127
Figure 37 – Time stamp sequence . 129
Figure 38 – Sequence diagram of a normal producer/consumer safety sequence . 130
Figure 39 – Sequence diagram of a normal producer/consumer safety sequence
(production repeated) . 131
Figure 40 – Sequence diagram of a corrupted producer to consumer message . 132
Figure 41 – Sequence diagram of a lost producer to consumer message . 133
Figure 42 – Sequence diagram of a delayed message . 134
Figure 43 – Sequence diagram of a corrupted producer to consumer message with
production repeated . 135
Figure 44 – Sequence diagram of a connection terminated due to delays . 135
Figure 45 – Sequence diagram of a failure of safety CRC check . 136
Figure 46 – Sequence diagram of a point-to-point ping – normal response . 136
Figure 47 – Sequence diagram of a successful multipoint ping, CP 2/3 safety. 138
Figure 48 – Sequence diagram of a successful multipoint ping, CP 2/2 safety. 139
Figure 49 – Sequence diagram of a multipoint ping retry . 140
Figure 50 – Sequence diagram of a multipoint ping timeout . 140
Figure 51 – Possible safety architectures for FSCP 2/1 . 141
Figure 52 – Safety device reference model entity relation diagram . 142
Figure 53 – Two devices interchanging safety data via a SafetyValidatorClient and a
SafetyValidatorServer . 143
Figure 54 – Point-to-point, originating consumer. target producer . 144
Figure 55 – Point-to-point, originator producer, target consumer . 146
Figure 56 – Multi-point, originator consumer, target producer . 147
Figure 57 – Safety production data flow . 149
Figure 58 – Consumer safety data monitoring . 158
Figure 59 – SafetyValidatorServer – application triggered . 159
Figure 60 – Target ownership . 192
Figure 61 – SafetyOpen forms . 193
Figure 62 – Connection ownership state chart. 194
Figure 63 – SafetyOpen UNID mapping . 194
Figure 64 – Common CPF 2 application layer . 195
Figure 65 – End-to-End routing example . 195
Figure 66 – Sources for safety related connection parameters . 199
Figure 67 – Parameter mapping between originator and target . 200
Figure 68 – CP 2/3 Safety connection establishment in targets for Type 2a SafetyOpen . 202
Figure 69 – General sequence to detect configuration is required . 202
Figure 70 – PID/CID exchanges for two originator scenarios . 208
Figure 71 – Seed generation for multipoint connections . 209
Figure 72 – PID/CID runtime handling . 210
– 8 – IEC 61784-3-2:2021 IEC 2021
Figure 73 – Connection categories and supported services . 213
Figure 74 – Recommended connection types . 214
Figure 75 – Logic-to-logic supported services . 214
Figure 76 – Recommended connection types for logic to logic . 215
Figure 77 – Configuration data transfers . 216
Figure 78 – Protection measures in safety devices . 218
Figure 79 – Configuration, testing and locked relationships . 221
Figure 80 – Originator's configuration data. 223
Figure 81 – SNCT to device download process . 225
Figure 82 – SNCT Downloads to originators that perform Type 1 configuration . 226
Figure 83 – Protection from locking and ownership . 228
Figure 84 – Verification process including all alternatives . 230
Figure 85 – Baseline FSCP 2/1 on CP 16/3 device. 245
Figure 86 – FSCP 2/1 Adaptation Layer and SMP interaction . 247
Figure 87 – FSCP 2/1 Adaptation . 248
Figure 88 – CP 16/3 device model . 249
Figure 89 – Adding a standard module to a modular device . 251
Figure 90 – Safety device NodeID processing logic . 256
Figure 91 – Safety function response time . 257
Figure 92 – Safety function response time components . 259
Figure 93 – Network protocol reliability block diagram (RBD) . 260
Table 1 – Communications errors and detection measures matrix . 29
Table 2 – New class attributes . 31
Table 3 – Service extensions . 32
Table 4 – SafetyOpen and SafetyClose response format. 32
Table 5 – Safety network segment identifier . 35
Table 6 – Safety network segment definition . 35
Table 7 – Safety network segment router format . 37
Table 8 – Safety Network Segment Extended Format . 37
Table 9 – Multipoint producer parameter evaluation rules . 42
Table 10 – ForwardOpen setting options for safety connections with object-based
application paths . 45
Table 11 – ForwardOpen setting options for safety connections with ANSI Extended
symbol segment application path . 47
Table 12 – Network connection parameters for safety connections . 48
Table 13 – SafetyOpen target application reply (size: 10 octets) . 48
Table 14 – EF CP 2/2 or CP 16/3 SafetyOpen target application reply (size: 14 octets) . 49
Table 15 – BF CP 2/3 SafetyOpen target application reply (size: 18 octets) . 49
Table 16 – EF CP 2/3 SafetyOpen target application reply (size: 22 octets) . 50
Table 17 – New and extended error codes for safety. 50
Table 18 – SafetyOpen error event guidance table . 51
Table 19 – Identity object common service changes . 53
Table 20 – Identity object extensions for CP 16/3 devices . 53
Table 21 – New DeviceNet object instance attribute. 54
Table 22 – New TCP/IP Interface object instance attribute . 54
Table 23 – SERCOS III Link object class attributes . 55
Table 24 – SERCOS III Link object instance attributes . 55
Table 25 – SERCOS III Link Object Common Services . 56
Table 26 – Safety Supervisor class attributes . 57
Table 27 – Safety Supervisor instance attributes . 57
Table 28 – Device status attribute state values . 62
Table 29 – Exception status attribute format . 62
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...