IEC 61784-3-2:2010
(Main)Industrial communication networks - Profiles - Part 3-2: Functional safety fieldbuses - Additional specifications for CPF 2
Industrial communication networks - Profiles - Part 3-2: Functional safety fieldbuses - Additional specifications for CPF 2
IEC 61784 3-2:2010 specifies a safety communication layer (services and protocol) based on CPF 2 of IEC 61784-1, IEC 61784-2 and IEC 61158 Type 2. It identifies the principles for functional safety communications defined in IEC 61784-3 that are relevant for this safety communication layer. It defines mechanisms for the transmission of safety-relevant messages among participants within a distributed network using fieldbus technology in accordance with the requirements of IEC 61508 series for functional safety. These mechanisms may be used in various industrial applications such as process control, manufacturing automation and machinery. This second edition cancels and replaces the first edition published in 2007. It constitutes a technical revision. The main changes with respect to the previous edition are:
- updates in relation with changes in IEC 61784-3;
- addition or modification of the following subclauses to support the Extended Format: 6.3.2.1, 6.3.3.4, 6.3.11, 6.6.7.5, 6.8.5.13, 6.8.5.14, 7.1.1, 7.5.5, 7.6.10.10, 7.6.10.12, 8.2, 8.10.2.4.4, 9.5.2;
- modification of all pseudo code in 7.5 to support Extended Format;
- addition of Attribute 15 in 6.7.3.1;
- addition of subclauses 8.11, 8.12 and 8.13 to clarify requirements for CP 2/2, CP 2/3 and CP 16/3 respectively. This bilingual version published in 2011-11, corresponds to the English version published in 2010-07.
Réseaux de communication industriels - Profils - Partie 3-2: Bus de terrain de sécurité fonctionnelle - Spécifications supplémentaires pour CPF 2
La CEI 61784-3-2:2010 spécifie une couche de communication relative à la sécurité (services et protocole) fondée sur la CPF 2 de la CEI 61784-1, la CEI 61784-2 et le Type 2 de la CEI 61158. Elle identifie les principes applicables aux communications de sécurité fonctionnelle définies dans la CEI 61784-3, et appropriés à cette couche de communication de sécurité. Elle définit les mécanismes de transmission des messages relatifs à la sécurité entre les participants d'un réseau réparti, en utilisant la technologie de bus de terrain conformément aux exigences de la série CEI 61508 concernant la sécurité fonctionnelle. Ces mécanismes peuvent être utilisés dans diverses applications industrielles, telles que la commande de processus, l'usinage automatique et les machines. Cette seconde édition annule et remplace la première édition publiée en 2007. Elle constitue une révision technique. Les principales modifications par rapport à l'édition précédente sont:
- mises à jour par rapport aux changements apportés dans la CEI 61784-3;
- ajout ou modification des paragraphes suivants afin de prendre en charge le format étendu: 6.3.2.1, 6.3.3.4, 6.3.11, 6.6.7.5, 6.8.5.13, 6.8.5.14, 7.1.1, 7.5.5, 7.6.10.10, 7.6.10.12, 8.2, 8.10.2.4.4, 9.5.2;
- modification de tous les pseudo-codes en 7.5 afin de prendre en charge le format étendu;
- ajout de l'attribut 15 en 6.7.3.1;
- ajout des paragraphes 8.11, 8.12 et 8.13 afin de clarifier les exigences concernant les CP 2/2, CP 2/3 et CP 16/3 respectivement. La présente version bilingue, correspond à la version anglaise monolingue publiée en 2010-07.
General Information
Relations
Standards Content (Sample)
IEC 61784-3-2 ®
Edition 2.0 2010-06
INTERNATIONAL
STANDARD
colour
inside
Industrial communication networks – Profiles –
Part 3-2: Functional safety fieldbuses – Additional specifications for CPF 2
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester.
If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication,
please contact the address below or your local IEC member National Committee for further information.
IEC Central Office
3, rue de Varembé
CH-1211 Geneva 20
Switzerland
Email: inmail@iec.ch
Web: www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.
ƒ Catalogue of IEC publications: www.iec.ch/searchpub
The IEC on-line Catalogue enables you to search by a variety of criteria (reference number, text, technical committee,…).
It also gives information on projects, withdrawn and replaced publications.
ƒ IEC Just Published: www.iec.ch/online_news/justpub
Stay up to date on all new IEC publications. Just Published details twice a month all new publications released. Available
on-line and also by email.
ƒ Electropedia: www.electropedia.org
The world's leading online dictionary of electronic and electrical terms containing more than 20 000 terms and definitions
in English and French, with equivalent terms in additional languages. Also known as the International Electrotechnical
Vocabulary online.
ƒ Customer Service Centre: www.iec.ch/webstore/custserv
If you wish to give us your feedback on this publication or need further assistance, please visit the Customer Service
Centre FAQ or contact us:
Email: csc@iec.ch
Tel.: +41 22 919 02 11
Fax: +41 22 919 03 00
IEC 61784-3-2 ®
Edition 2.0 2010-06
INTERNATIONAL
STANDARD
colour
inside
Industrial communication networks – Profiles –
Part 3-2: Functional safety fieldbuses – Additional specifications for CPF 2
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
PRICE CODE
XH
ICS 25.040.40; 35.100.05 ISBN 978-2-88910-977-7
– 2 – 61784-3-2 © IEC:2010(E)
CONTENTS
FOREWORD.12
0 Introduction .14
0.1 General .14
0.2 Patent declaration .16
1 Scope.17
2 Normative references .17
3 Terms, definitions, symbols, abbreviated terms and conventions .18
3.1 Terms and definitions .18
3.1.1 Common terms and definitions .19
3.1.2 CPF 2: Additional terms and definitions .23
3.2 Symbols and abbreviated terms.23
3.2.1 Common symbols and abbreviated terms .23
3.2.2 CPF 2: Additional symbols and abbreviated terms .24
3.3 Conventions .25
4 Overview of FSCP 2/1 (CIP Safety™).25
4.1 General .25
4.2 FSCP 2/1 .25
5 General .26
5.1 External documents providing specifications for the profile.26
5.2 Safety functional requirements .27
5.3 Safety measures .27
5.4 Safety communication layer structure .28
5.5 Relationships with FAL (and DLL, PhL) .28
5.5.1 General .28
5.5.2 Data types .28
6 Safety communication layer services .29
6.1 Introduction .29
6.2 Connection object .29
6.2.1 General .29
6.2.2 Class attribute extensions .29
6.2.3 Service extensions .30
6.2.4 Explicit message response format for SafetyOpen and SafetyClose .30
6.3 Connection Manager object .31
6.3.1 General .31
6.3.2 ForwardOpen for safety .31
6.3.3 Safety network segment .33
6.3.4 Originator rules for calculating the connection parameter CRC .36
6.3.5 SafetyOpen processing flowcharts.36
6.3.6 Checks required by Multipoint producers with existing connections .39
6.3.7 Electronic key usage for safety.40
6.3.8 RPI vs. API in safety connections .40
6.3.9 Application path construction for safety .40
6.3.10 Safety Validator connection types.41
6.3.11 Application reply data in a successful SafetyOpen response.43
6.3.12 Unsuccessful SafetyOpen response .45
6.3.13 ForwardClose for safety.47
61784-3-2 © IEC:2010(E) – 3 –
6.4 Identity object.48
6.4.1 General .48
6.4.2 Changes to common services .48
6.5 Link objects .48
6.5.1 DeviceNet object changes .48
6.5.2 TCP/IP Interface object changes .49
6.6 Safety Supervisor object.49
6.6.1 General .49
6.6.2 Safety Supervisor class attributes.50
6.6.3 Subclasses.50
6.6.4 Safety Supervisor instance attributes.50
6.6.5 Semantics .53
6.6.6 Subclasses.60
6.6.7 Safety Supervisor common services .60
6.6.8 Safety Supervisor behavior.71
6.7 Safety Validator object .78
6.7.1 General .78
6.7.2 Class attributes .78
6.7.3 Instance attributes .79
6.7.4 Class services .84
6.7.5 Instance services.85
6.7.6 Object behavior .85
6.8 Connection Configuration Object .88
6.8.1 General .88
6.8.2 Class attribute extensions .88
6.8.3 Instance attributes, additions and extensions. .88
6.8.4 Instance attribute semantics extensions or restrictions for safety.90
6.8.5 Special Safety Related Parameters – (Attribute 13) .95
6.8.6 Object-specific services.101
6.8.7 Common service extensions for safety. 101
6.8.8 Object behavior .103
7 Safety communication layer protocol .104
7.1 Safety PDU format .104
7.1.1 Safety PDU encoding .104
7.1.2 Safety CRC .116
7.2 Communication protocol behavior.117
7.2.1 Sequence of safety checks .117
7.2.2 Connection termination. 117
7.2.3 Cross checking error .117
7.3 Time stamp operation.118
7.4 Protocol sequence diagrams .119
7.4.1 General .119
7.4.2 Normal safety transmission.119
7.4.3 Lost, corrupted and delayed message transmission. 120
7.4.4 Lost, corrupted or delayed message transmission with production
repeated.122
7.4.5 Point-to-point ping .124
7.4.6 Multipoint ping on CP 2/3 Safety.125
7.4.7 Multipoint ping on CP 2/2 safety networks .127
– 4 – 61784-3-2 © IEC:2010(E)
7.4.8 Multipoint ping – retry with success .127
7.4.9 Multipoint ping – retry with timeout .128
7.5 Safety protocol definition .129
7.5.1 General .129
7.5.2 High level view of a safety device .129
7.5.3 Safety Validator object .130
7.5.4 Relationship between SafetyValidatorServer and
SafetyValidatorClient .130
7.5.5 Extended Format time stamp rollover handling .131
7.5.6 SafetyValidatorClient function definition . 135
7.5.7 SafetyValidatorServer function definition . 143
7.6 Safety message and protocol data specifications. 156
7.6.1 Mode octet .156
7.6.2 Time Stamp Section .157
7.6.3 Time Coordination Message .157
7.6.4 Time correction message.158
7.6.5 Safety data production.158
7.6.6 Producer dynamic variables.166
7.6.7 Producer per consumer dynamic variables . 168
7.6.8 Consumer data variables .169
7.6.9 Consumer input static variables. 171
7.6.10 Consumer dynamic variables .172
8 Safety communication layer management.174
8.1 Overview .174
8.2 Definition of the measures used during connection establishment . 174
8.3 Originator-Target relationship validation . 178
8.4 Detection of mis-routed connection requests .179
8.5 SafetyOpen processing .179
8.6 Ownership management.179
8.7 Bridging different physical layers.180
8.8 Safety connection establishment .182
8.8.1 Overview .182
8.8.2 Basic facts for connection establishment . 182
8.8.3 Configuring safety connections.182
8.8.4 Network time expectation multiplier . 184
8.8.5 Establishing connections .185
8.8.6 Recommendations for consumer number allocation . 188
8.8.7 Recommendations for connection establishment . 189
8.8.8 Ownership establishment.189
8.8.9 Ownership use cases .190
8.8.10 PID/CID usage and establishment .193
8.8.11 Proper PID/CID usage in multipoint and point-to-point connections .193
8.8.12 Network supported services.195
8.8.13 FSCP 2/1 safety device type.196
8.9 Safety configuration process .200
8.9.1 Introduction to safety configuration . 200
8.9.2 Configuration goals .200
8.9.3 Configuration overview .201
8.9.4 User configuration guidelines . 202
61784-3-2 © IEC:2010(E) – 5 –
8.9.5 Configuration process SIL3 justification .203
8.9.6 Device functions for tool configuration .204
8.9.7 Password security .204
8.9.8 SNCT interface services .204
8.9.9 Configuration lock.204
8.9.10 Effect of configuration lock on device behavior . 205
8.9.11 Configuration ownership .206
8.9.12 Configuration mode .206
8.9.13 Measures used to ensure integrity of configuration process .206
8.9.14 Download process .208
8.9.15 Verification process .211
8.9.16 Verification process .214
8.9.17 Configuration error analysis.215
8.10 Electronic Data Sheets extensions for safety.218
8.10.1 General rules for EDS based safety devices . 218
8.10.2 EDS extensions for safety .219
8.11 Requirements for CP 2/2 .223
8.11.1 EPI rules for safety messages that travel over CP 2/2 .223
8.11.2 Default safety I/O service .223
8.11.3 Duplicate IP detection.224
8.11.4 Priority for safety connections .224
8.12 Requirements for CP 2/3 .224
8.12.1 Allocation of CP 2/3 identifiers.224
8.12.2 Additional requirements .227
8.13 CP 16/3 requirements.227
8.13.1 Transport layer requirements.227
8.13.2 Multicast connections .227
8.13.3 CIP Safety and the CP 16/3 device model .227
8.13.4 UNID assignment on CP 16/3 .228
9 System requirements.230
9.1 Indicators and switches .230
9.1.1 General indicator requirements.230
9.1.2 LED indications for setting the device UNID.230
9.1.3 Module Status LED.230
9.1.4 Indicator warning .231
9.1.5 Network Status LED .231
9.1.6 Switches.232
9.2 Installation guidelines.235
9.3 Safety function response time .235
9.3.1 Overview .235
9.3.2 Network time expectation .235
9.3.3 Equations for calculating network reaction times . 236
9.4 Duration of demands .238
9.5 Constraints for calculation of system characteristics. 238
9.5.1 Number of nodes .238
9.5.2 Network PFH .238
9.5.3 Bit Error Rate (BER) .241
9.6 Maintenance.242
9.7 Safety manual .242
– 6 – 61784-3-2 © IEC:2010(E)
10 Assessment.242
Annex A (informative) Additional information for functional safety communication
profiles of CPF 2.243
A.1 Hash function example code.243
A.2 … .257
Annex B (informative) Information for assessment of the functional safety
communication profiles of CPF 2 .258
Bibliography.259
Table 1 – Communications errors and detection measures matrix.27
Table 2 – New class attributes .29
Table 3 – Service extensions .30
Table 4 – SafetyOpen and SafetyClose response format .30
Table 5 – Safety network segment identifier.33
Table 6 – Safety network segment definition .33
Table 7 – Safety network segment router format .35
Table 8 – Safety Network Segment Extended Format .35
Table 9 – Multipoint producer parameter evaluation rules .40
Table 10 – ForwardOpen setting options for safety connections.42
Table 11 – Network connection parameters for safety connections .43
Table 12 – CP 2/3 Safety target application reply (size: 10 octets).44
Table 13 – EF CP 2/3 Safety target application reply (size: 14 octets) .44
Table 14 – SafetyOpen target application reply (size: 18 octets) .45
Table 15 – EF SafetyOpen target application reply (size: 22 octets).45
Table 16 – New and extended error codes for safety .46
Table 17 – SafetyOpen error event guidance table.46
Table 18 – Identity object common service changes .48
Table 19 – New DeviceNet object instance attribute .48
Table 20 – New TCP/IP Interface object Instance Attribute .49
Table 21 – Safety Supervisor class attributes .50
Table 22 – Safety Supervisor instance attributes .50
Table 23 – Device status attribute state values .54
Table 24 – Exception status attribute format .55
Table 25 – Common exception detail attribute values .56
Table 26 – Exception detail format summary.57
Table 27 – Summary of device behavior for various CFUNID values .59
Table 28 – Safety Supervisor common services .61
Table 29 – Safety Supervisor object specific services .61
Table 30 – Configure_Request message structure .63
Table 31 – Validate_Configuration message structure.63
Table 32 – Validate_Configuration success message structure .63
Table 33 – Validate_Configuration error code .64
Table 34 – Validate_Configuration extended codes.64
61784-3-2 © IEC:2010(E) – 7 –
Table 35 – Set_Password message structure.66
Table 36 – Reset_Password message structure.66
Table 37 – Configuration_Lock/Unlock message structure .67
Table 38 – Mode_Change message structure .67
Table 39 – Safety_Reset message structure .67
Table 40 – Safety Supervisor safety reset types .68
Table 41 – Attribute bit map parameter .68
Table 42 – Reset processing rules for rest types.68
Table 43 – Propose_TUNID service .69
Table 44 – Apply_TUNID service .70
Table 45 – Safety Supervisor events.72
Table 46 – State event matrix for Safety Supervisor.73
Table 47 – Configuration owner control vs. device state.76
Table 48 – State mapping of Safety Supervisor to Identity object .77
Table 49 – Safety Supervisor object event mapping.77
Table 50 – Identity object event mapping .78
Table 51 – Safety Validator class attributes .79
Table 52 – Safety Validator instance attributes .79
Table 53 – Safety Validator state assignments.81
Table 54 – Safety Validator type, bit field assignments .82
Table 55 – Multipoint producer SafetyOpen parameter evaluation rules .83
Table 56 – Safety Validator class services .84
Table 57 – Safety Validator instance services.85
Table 58 – Safety Validator Get_Attributes_All service data.85
Table 59 – Safety Validator state event matrix .87
Table 60 – State mapping between Safety Supervisor and Safety Validator objects .87
Table 61 – Connection configuration object class attribute extensions .88
Table 62 – Connection Configuration Object instance attribute additions/extensions.88
Table 63 – Connection flag bit definitions.90
Table 64 – O-to-T connection parameters .92
Table 65 – T-to-O connection parameters .93
Table 66 – Data map formats.94
Table 67 – Data map format 0.95
Table 68 – Data map format 1.95
Table 69 – Target device’s SCCRC values.97
Table 70 – Target device’s SCTS values.98
Table 71 – Time correction connection parameters for multipoint connection .98
Table 72 – Format Type attribute meaning.99
Table 73 – Format Status attribute meaning.100
Table 74 – Connection Configuration Object-specific services . 101
Table 75 – Get_Attributes_All Response service data (added attributes ) . 101
Table 76 – Get_Attributes_All Response service data (added parameters ) . 102
Table 77 – Set_Attributes_All Request service data (added attributes) . 102
– 8 – 61784-3-2 © IEC:2010(E)
Table 78 – Set_Attributes_All Response service data (added parameters ). 103
Table 79 – State Mapping between Safety Supervisor and the CCO objects .103
Table 80 – Connection sections and PDU formats.105
Table 81 – Mode octet variables .106
Table 82 – Time Stamp variables.109
Table 83 – Time Coordination message variables .110
Table 84 – Time Correction Message variables.112
Table 85 – CRC polynomials used .116
Table 86 – Connection sections and message formats. 117
Table 87 – Data reception - Link triggered .146
Table 88 – Time_Correction reception - Link triggered . 146
Table 89 – Data reception - Application triggered. 146
Table 90 – Time_Correction reception - Application triggered .147
Table 91 – Consuming application – Safety data monitoring .147
Table 92 – Producer connection status determination . 159
Table 93 – Consuming safety connection status .170
Table 94 – Connection establishment errors and measures to detect errors. 174
Table 95 – SNN Date/Time allocations.175
Table 96 – SNN legal range of time values .175
Table 97 – Safety connection parameters .183
Table 98 – SafetyOpen summary .186
Table 99 – Originator/Target service mapping.197
Table 100 – Unsupported originator/target service types.197
Table 101 – Configuration goals .201
Table 102 – Configuration owner control vs. device state.206
Table 103 – Errors and detection measures.215
Table 104 – Parameter class keywords.220
Table 105 – New Connection Manager section keywords for safety . 220
Table 106 – Connection Manager field usage for safety .221
Table 107 – Connection parameter field settings for safety . 223
Table 108 – CP 2/3 ID assignment rules .224
Table 109 – LED indications for setting UNID .230
Table 110 – Module Status LED.231
Table 111 – Network status LED states .231
Table 112 – Connection reaction time type – producing/consuming applications . 236
Figure 1 – Relationships of IEC 61784-3 with other standards (machinery) .14
Figure 2 – Relationships of IEC 61784-3 with other standards (process).15
Figure 3 – Relationship of Safety Validators .26
Figure 4 – Communication layers.28
Figure 5 – ForwardOpen with safety network segment .32
Figure 6 – Safety network target format .34
61784-3-2 © IEC:2010(E) – 9 –
Figure 7 – Target Processing SafetyOpen with no configuration data (Form 2
SafetyOpen) .37
Figure 8 – Target Processing for SafetyOpen with configuration data (Form 1
SafetyOpen) .38
Figure 9 – Originator logic to determine which format to use.39
Figure 10 – Applying device configuration.64
Figure 11 – Configure and Validate processing flowcharts .65
Figure 12 – UNID handling during “Waiting for TUNID” .71
Figure 13 – Safety Supervisor state diagram.72
Figure 14 – Configuration, testing and locked relationships.76
Figure 15 – Safety connection types .82
Figure 16 – Safety Validator state transition diagram .86
Figure 17 – Logic for Auto-detecting format type.100
Figure 18 – Connection Configuration Object state diagram.103
Figure 19 – Connection Configuration Object data flow.104
Figure 20 – Format of the mode octet .105
Figure 21 – 1 or 2 octet data section, Base Format .106
Figure 22 – 1 or 2 octet data section, Extended Format .107
Figure 23 – 3 to 250 octet data section format, Base Format .107
Figure 24 – 3 to 250 octet data section format, Extended Format. 108
Figure 25 – Time Stamp section format, Base Format.109
Figure 26 – BF Time Coordination message encoding .110
Figure 27 – EF Time Coordination message encoding .110
Figure 28 – BF Time Correction message encoding .111
Figure 29 – EF Time Correction message encoding .111
Figure 30 – 1 or 2 octet point-to-point PDU encoding. 113
Figure 31 – 1 or 2 Octet multipoint PDU encoding.113
Figure 32 – 1 or 2 Octet, multipoint, Format 2 safety connection format . 114
Figure 33 – 3 to 250 Octet Point-to-point PDU encoding .114
Figure 34 – 3 to 248 Octet Multipoint PDU encoding .115
Figure 35 – 3 to 248 Octet, Multipoint, safety connection format .115
Figure 36 – CRC Calculation order for Extended Format messages . 116
Figure 37 – Time stamp sequence .118
Figure 38 – Sequence diagram of a normal producer/consumer safety sequence. 119
Figure 39 – Sequence diagram of a normal producer/consumer safety sequence
(production repeated) .120
Figure 40 – Sequence diagram of a corrupted producer to consumer message . 121
Figure 41 – Sequence diagram of a lost producer to consumer message . 121
Figure 42 – Sequence diagram of a delayed message .122
Figure 43 – Sequence diagram of a corrupted producer to consumer message with
production repeated.123
Figure 44 – Sequence diagram of a connection terminated due to delays . 124
Figure 45 – Sequence diagram of a failure of safety CRC check .124
Figure 46 – Sequence diagram of a point-to-point ping - normal response . 125
– 10 – 61784-3-2 © IEC:2010(E)
Figure 47 – Sequence diagram of a successful multipoint ping, CP 2/3 safety . 126
Figure 48 – Sequence diagram of a successful multipoint ping, CP 2/2 safety . 127
Figure 49 – Sequence diagram of a multipoint ping retry.128
Figure 50 – Sequence diagram of a multipoint ping timeout .
...
IEC 61784-3-2 ®
Edition 2.0 2010-06
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Industrial communication networks – Profiles –
Part 3-2: Functional safety fieldbuses – Additional specifications for CPF 2
Réseaux de communication industriels – Profils –
Partie 3-2: Bus de terrain de sécurité fonctionnelle – Spécifications
supplémentaires pour CPF 2
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by
any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC or
IEC's member National Committee in the country of the requester.
If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication,
please contact the address below or your local IEC member National Committee for further information.
Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de la CEI ou du Comité national de la CEI du pays du demandeur.
Si vous avez des questions sur le copyright de la CEI ou si vous désirez obtenir des droits supplémentaires sur cette
publication, utilisez les coordonnées ci-après ou contactez le Comité national de la CEI de votre pays de résidence.
IEC Central Office
3, rue de Varembé
CH-1211 Geneva 20
Switzerland
Email: inmail@iec.ch
Web: www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.
Catalogue of IEC publications: www.iec.ch/searchpub
The IEC on-line Catalogue enables you to search by a variety of criteria (reference number, text, technical committee,…).
It also gives information on projects, withdrawn and replaced publications.
IEC Just Published: www.iec.ch/online_news/justpub
Stay up to date on all new IEC publications. Just Published details twice a month all new publications released. Available
on-line and also by email.
Electropedia: www.electropedia.org
The world's leading online dictionary of electronic and electrical terms containing more than 20 000 terms and definitions
in English and French, with equivalent terms in additional languages. Also known as the International Electrotechnical
Vocabulary online.
Customer Service Centre: www.iec.ch/webstore/custserv
If you wish to give us your feedback on this publication or need further assistance, please visit the Customer Service
Centre FAQ or contact us:
Email: csc@iec.ch
Tel.: +41 22 919 02 11
Fax: +41 22 919 03 00
A propos de la CEI
La Commission Electrotechnique Internationale (CEI) est la première organisation mondiale qui élabore et publie des
normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.
A propos des publications CEI
Le contenu technique des publications de la CEI est constamment revu. Veuillez vous assurer que vous possédez
l’édition la plus récente, un corrigendum ou amendement peut avoir été publié.
Catalogue des publications de la CEI: www.iec.ch/searchpub/cur_fut-f.htm
Le Catalogue en-ligne de la CEI vous permet d’effectuer des recherches en utilisant différents critères (numéro de référence,
texte, comité d’études,…). Il donne aussi des informations sur les projets et les publications retirées ou remplacées.
Just Published CEI: www.iec.ch/online_news/justpub
Restez informé sur les nouvelles publications de la CEI. Just Published détaille deux fois par mois les nouvelles
publications parues. Disponible en-ligne et aussi par email.
Electropedia: www.electropedia.org
Le premier dictionnaire en ligne au monde de termes électroniques et électriques. Il contient plus de 20 000 termes et
définitions en anglais et en français, ainsi que les termes équivalents dans les langues additionnelles. Egalement appelé
Vocabulaire Electrotechnique International en ligne.
Service Clients: www.iec.ch/webstore/custserv/custserv_entry-f.htm
Si vous désirez nous donner des commentaires sur cette publication ou si vous avez des questions, visitez le FAQ du
Service clients ou contactez-nous:
Email: csc@iec.ch
Tél.: +41 22 919 02 11
Fax: +41 22 919 03 00
IEC 61784-3-2 ®
Edition 2.0 2010-06
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Industrial communication networks – Profiles –
Part 3-2: Functional safety fieldbuses – Additional specifications for CPF 2
Réseaux de communication industriels – Profils –
Partie 3-2: Bus de terrain de sécurité fonctionnelle – Spécifications
supplémentaires pour CPF 2
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
PRICE CODE
INTERNATIONALE
XH
CODE PRIX
ICS 25.040.40; 35.100.05 ISBN 978-2-88912-811-2
– 2 – 61784-3-2 IEC:2010
CONTENTS
FOREWORD . 12
0 Introduction . 14
0.1 General . 14
0.2 Patent declaration . 16
1 Scope . 17
2 Normative references . 17
3 Terms, definitions, symbols, abbreviated terms and conventions . 18
3.1 Terms and definitions . 18
3.1.1 Common terms and definitions . 19
3.1.2 CPF 2: Additional terms and definitions . 23
3.2 Symbols and abbreviated terms. 23
3.2.1 Common symbols and abbreviated terms . 23
3.2.2 CPF 2: Additional symbols and abbreviated terms . 24
3.3 Conventions . 25
4 Overview of FSCP 2/1 (CIP Safety™) . 25
4.1 General . 25
4.2 FSCP 2/1 . 25
5 General . 26
5.1 External documents providing specifications for the profile . 26
5.2 Safety functional requirements . 27
5.3 Safety measures . 27
5.4 Safety communication layer structure . 28
5.5 Relationships with FAL (and DLL, PhL) . 28
5.5.1 General . 28
5.5.2 Data types . 28
6 Safety communication layer services . 29
6.1 Introduction . 29
6.2 Connection object . 29
6.2.1 General . 29
6.2.2 Class attribute extensions . 29
6.2.3 Service extensions . 30
6.2.4 Explicit message response format for SafetyOpen and SafetyClose . 30
6.3 Connection Manager object . 31
6.3.1 General . 31
6.3.2 ForwardOpen for safety . 31
6.3.3 Safety network segment . 33
6.3.4 Originator rules for calculating the connection parameter CRC . 36
6.3.5 SafetyOpen processing flowcharts . 36
6.3.6 Checks required by Multipoint producers with existing connections . 39
6.3.7 Electronic key usage for safety . 40
6.3.8 RPI vs. API in safety connections . 40
6.3.9 Application path construction for safety . 40
6.3.10 Safety Validator connection types . 41
6.3.11 Application reply data in a successful SafetyOpen response . 43
6.3.12 Unsuccessful SafetyOpen response . 45
61784-3-2 IEC:2010 – 3 –
6.3.13 ForwardClose for safety . 47
6.4 Identity object . 48
6.4.1 General . 48
6.4.2 Changes to common services . 48
6.5 Link objects . 48
6.5.1 DeviceNet object changes . 48
6.5.2 TCP/IP Interface object changes . 49
6.6 Safety Supervisor object. 49
6.6.1 General . 49
6.6.2 Safety Supervisor class attributes . 50
6.6.3 Subclasses . 50
6.6.4 Safety Supervisor instance attributes . 50
6.6.5 Semantics . 53
6.6.6 Subclasses . 60
6.6.7 Safety Supervisor common services . 60
6.6.8 Safety Supervisor behavior . 71
6.7 Safety Validator object . 78
6.7.1 General . 78
6.7.2 Class attributes . 78
6.7.3 Instance attributes . 79
6.7.4 Class services . 84
6.7.5 Instance services . 85
6.7.6 Object behavior . 85
6.8 Connection Configuration Object . 88
6.8.1 General . 88
6.8.2 Class attribute extensions . 88
6.8.3 Instance attributes, additions and extensions. . 88
6.8.4 Instance attribute semantics extensions or restrictions for safety . 90
6.8.5 Special Safety Related Parameters – (Attribute 13) . 95
6.8.6 Object-specific services . 101
6.8.7 Common service extensions for safety . 101
6.8.8 Object behavior . 103
7 Safety communication layer protocol . 104
7.1 Safety PDU format . 104
7.1.1 Safety PDU encoding . 104
7.1.2 Safety CRC . 116
7.2 Communication protocol behavior . 117
7.2.1 Sequence of safety checks . 117
7.2.2 Connection termination . 117
7.2.3 Cross checking error . 117
7.3 Time stamp operation . 118
7.4 Protocol sequence diagrams . 119
7.4.1 General . 119
7.4.2 Normal safety transmission . 119
7.4.3 Lost, corrupted and delayed message transmission . 120
7.4.4 Lost, corrupted or delayed message transmission with production
repeated . 122
7.4.5 Point-to-point ping . 124
7.4.6 Multipoint ping on CP 2/3 Safety . 125
– 4 – 61784-3-2 IEC:2010
7.4.7 Multipoint ping on CP 2/2 safety networks . 127
7.4.8 Multipoint ping – retry with success . 127
7.4.9 Multipoint ping – retry with timeout . 128
7.5 Safety protocol definition . 129
7.5.1 General . 129
7.5.2 High level view of a safety device . 129
7.5.3 Safety Validator object . 130
7.5.4 Relationship between SafetyValidatorServer and
SafetyValidatorClient . 130
7.5.5 Extended Format time stamp rollover handling . 131
7.5.6 SafetyValidatorClient function definition . 135
7.5.7 SafetyValidatorServer function definition . 143
7.6 Safety message and protocol data specifications. 156
7.6.1 Mode octet . 156
7.6.2 Time Stamp Section . 157
7.6.3 Time Coordination Message . 157
7.6.4 Time correction message . 158
7.6.5 Safety data production . 158
7.6.6 Producer dynamic variables . 166
7.6.7 Producer per consumer dynamic variables . 168
7.6.8 Consumer data variables . 169
7.6.9 Consumer input static variables . 171
7.6.10 Consumer dynamic variables . 172
8 Safety communication layer management . 174
8.1 Overview . 174
8.2 Definition of the measures used during connection establishment . 174
8.3 Originator-Target relationship validation . 178
8.4 Detection of mis-routed connection requests . 179
8.5 SafetyOpen processing . 179
8.6 Ownership management . 179
8.7 Bridging different physical layers . 180
8.8 Safety connection establishment . 182
8.8.1 Overview . 182
8.8.2 Basic facts for connection establishment . 182
8.8.3 Configuring safety connections . 182
8.8.4 Network time expectation multiplier . 184
8.8.5 Establishing connections . 185
8.8.6 Recommendations for consumer number allocation . 188
8.8.7 Recommendations for connection establishment . 189
8.8.8 Ownership establishment . 189
8.8.9 Ownership use cases . 190
8.8.10 PID/CID usage and establishment . 193
8.8.11 Proper PID/CID usage in multipoint and point-to-point connections . 193
8.8.12 Network supported services . 195
8.8.13 FSCP 2/1 safety device type . 196
8.9 Safety configuration process . 200
8.9.1 Introduction to safety configuration . 200
8.9.2 Configuration goals . 200
8.9.3 Configuration overview . 201
61784-3-2 IEC:2010 – 5 –
8.9.4 User configuration guidelines . 202
8.9.5 Configuration process SIL3 justification . 203
8.9.6 Device functions for tool configuration . 204
8.9.7 Password security . 204
8.9.8 SNCT interface services . 204
8.9.9 Configuration lock . 204
8.9.10 Effect of configuration lock on device behavior . 205
8.9.11 Configuration ownership . 206
8.9.12 Configuration mode . 206
8.9.13 Measures used to ensure integrity of configuration process . 206
8.9.14 Download process . 208
8.9.15 Verification process . 211
8.9.16 Verification process . 214
8.9.17 Configuration error analysis . 215
8.10 Electronic Data Sheets extensions for safety . 218
8.10.1 General rules for EDS based safety devices . 218
8.10.2 EDS extensions for safety . 219
8.11 Requirements for CP 2/2 . 223
8.11.1 EPI rules for safety messages that travel over CP 2/2 . 223
8.11.2 Default safety I/O service . 223
8.11.3 Duplicate IP detection. 224
8.11.4 Priority for safety connections . 224
8.12 Requirements for CP 2/3 . 224
8.12.1 Allocation of CP 2/3 identifiers . 224
8.12.2 Additional requirements . 227
8.13 CP 16/3 requirements . 227
8.13.1 Transport layer requirements . 227
8.13.2 Multicast connections . 227
8.13.3 CIP Safety and the CP 16/3 device model . 227
8.13.4 UNID assignment on CP 16/3 . 228
9 System requirements . 230
9.1 Indicators and switches . 230
9.1.1 General indicator requirements . 230
9.1.2 LED indications for setting the device UNID . 230
9.1.3 Module Status LED . 230
9.1.4 Indicator warning . 231
9.1.5 Network Status LED . 231
9.1.6 Switches . 232
9.2 Installation guidelines . 235
9.3 Safety function response time . 235
9.3.1 Overview . 235
9.3.2 Network time expectation . 235
9.3.3 Equations for calculating network reaction times . 236
9.4 Duration of demands . 238
9.5 Constraints for calculation of system characteristics . 238
9.5.1 Number of nodes . 238
9.5.2 Network PFH . 238
9.5.3 Bit Error Rate (BER) . 241
9.6 Maintenance . 242
– 6 – 61784-3-2 IEC:2010
9.7 Safety manual . 242
10 Assessment . 242
Annex A (informative) Additional information for functional safety communication
profiles of CPF 2 . 243
A.1 Hash function example code . 243
A.2 … . 257
Annex B (informative) Information for assessment of the functional safety
communication profiles of CPF 2 . 258
Bibliography . 259
Table 1 – Communications errors and detection measures matrix . 27
Table 2 – New class attributes . 29
Table 3 – Service extensions . 30
Table 4 – SafetyOpen and SafetyClose response format . 30
Table 5 – Safety network segment identifier . 33
Table 6 – Safety network segment definition . 33
Table 7 – Safety network segment router format . 35
Table 8 – Safety Network Segment Extended Format . 35
Table 9 – Multipoint producer parameter evaluation rules . 40
Table 10 – ForwardOpen setting options for safety connections . 42
Table 11 – Network connection parameters for safety connections . 43
Table 12 – CP 2/3 Safety target application reply (size: 10 octets) . 44
Table 13 – EF CP 2/3 Safety target application reply (size: 14 octets) . 44
Table 14 – SafetyOpen target application reply (size: 18 octets) . 45
Table 15 – EF SafetyOpen target application reply (size: 22 octets) . 45
Table 16 – New and extended error codes for safety . 46
Table 17 – SafetyOpen error event guidance table . 46
Table 18 – Identity object common service changes . 48
Table 19 – New DeviceNet object instance attribute . 48
Table 20 – New TCP/IP Interface object Instance Attribute . 49
Table 21 – Safety Supervisor class attributes . 50
Table 22 – Safety Supervisor instance attributes . 50
Table 23 – Device status attribute state values . 54
Table 24 – Exception status attribute format . 55
Table 25 – Common exception detail attribute values . 56
Table 26 – Exception detail format summary . 57
Table 27 – Summary of device behavior for various CFUNID values . 59
Table 28 – Safety Supervisor common services . 61
Table 29 – Safety Supervisor object specific services . 61
Table 30 – Configure_Request message structure . 63
Table 31 – Validate_Configuration message structure. 63
Table 32 – Validate_Configuration success message structure . 63
Table 33 – Validate_Configuration error code . 64
61784-3-2 IEC:2010 – 7 –
Table 34 – Validate_Configuration extended codes . 64
Table 35 – Set_Password message structure . 66
Table 36 – Reset_Password message structure . 66
Table 37 – Configuration_Lock/Unlock message structure . 67
Table 38 – Mode_Change message structure . 67
Table 39 – Safety_Reset message structure . 67
Table 40 – Safety Supervisor safety reset types . 68
Table 41 – Attribute bit map parameter . 68
Table 42 – Reset processing rules for rest types . 68
Table 43 – Propose_TUNID service . 69
Table 44 – Apply_TUNID service . 70
Table 45 – Safety Supervisor events . 72
Table 46 – State event matrix for Safety Supervisor . 73
Table 47 – Configuration owner control vs. device state . 76
Table 48 – State mapping of Safety Supervisor to Identity object . 77
Table 49 – Safety Supervisor object event mapping . 77
Table 50 – Identity object event mapping . 78
Table 51 – Safety Validator class attributes . 79
Table 52 – Safety Validator instance attributes . 79
Table 53 – Safety Validator state assignments . 81
Table 54 – Safety Validator type, bit field assignments . 82
Table 55 – Multipoint producer SafetyOpen parameter evaluation rules . 83
Table 56 – Safety Validator class services . 84
Table 57 – Safety Validator instance services . 85
Table 58 – Safety Validator Get_Attributes_All service data . 85
Table 59 – Safety Validator state event matrix . 87
Table 60 – State mapping between Safety Supervisor and Safety Validator objects . 87
Table 61 – Connection configuration object class attribute extensions . 88
Table 62 – Connection Configuration Object instance attribute additions/extensions . 88
Table 63 – Connection flag bit definitions. 90
Table 64 – O-to-T connection parameters . 92
Table 65 – T-to-O connection parameters . 93
Table 66 – Data map formats . 94
Table 67 – Data map format 0 . 95
Table 68 – Data map format 1 . 95
Table 69 – Target device’s SCCRC values . 97
Table 70 – Target device’s SCTS values . 98
Table 71 – Time correction connection parameters for multipoint connection . 98
Table 72 – Format Type attribute meaning . 99
Table 73 – Format Status attribute meaning . 100
Table 74 – Connection Configuration Object-specific services . 101
Table 75 – Get_Attributes_All Response service data (added attributes ) . 101
Table 76 – Get_Attributes_All Response service data (added parameters ) . 102
– 8 – 61784-3-2 IEC:2010
Table 77 – Set_Attributes_All Request service data (added attributes) . 102
Table 78 – Set_Attributes_All Response service data (added parameters ) . 103
Table 79 – State Mapping between Safety Supervisor and the CCO objects . 103
Table 80 – Connection sections and PDU formats. 105
Table 81 – Mode octet variables . 106
Table 82 – Time Stamp variables . 109
Table 83 – Time Coordination message variables . 110
Table 84 – Time Correction Message variables . 112
Table 85 – CRC polynomials used . 116
Table 86 – Connection sections and message formats . 117
Table 87 – Data reception - Link triggered . 146
Table 88 – Time_Correction reception - Link triggered . 146
Table 89 – Data reception - Application triggered. 146
Table 90 – Time_Correction reception - Application triggered . 147
Table 91 – Consuming application – Safety data monitoring . 147
Table 92 – Producer connection status determination . 159
Table 93 – Consuming safety connection status . 170
Table 94 – Connection establishment errors and measures to detect errors . 174
Table 95 – SNN Date/Time allocations . 175
Table 96 – SNN legal range of time values . 175
Table 97 – Safety connection parameters . 183
Table 98 – SafetyOpen summary . 186
Table 99 – Originator/Target service mapping . 197
Table 100 – Unsupported originator/target service types . 197
Table 101 – Configuration goals . 201
Table 102 – Configuration owner control vs. device state . 206
Table 103 – Errors and detection measures . 215
Table 104 – Parameter class keywords . 220
Table 105 – New Connection Manager section keywords for safety . 220
Table 106 – Connection Manager field usage for safety . 221
Table 107 – Connection parameter field settings for safety . 223
Table 108 – CP 2/3 ID assignment rules . 224
Table 109 – LED indications for setting UNID . 230
Table 110 – Module Status LED . 231
Table 111 – Network status LED states . 231
Table 112 – Connection reaction time type – producing/consuming applications . 236
Figure 1 – Relationships of IEC 61784-3 with other standards (machinery) . 14
Figure 2 – Relationships of IEC 61784-3 with other standards (process) . 15
Figure 3 – Relationship of Safety Validators . 26
Figure 4 – Communication layers . 28
Figure 5 – ForwardOpen with safety network segment . 32
61784-3-2 IEC:2010 – 9 –
Figure 6 – Safety network target format . 34
Figure 7 – Target Processing SafetyOpen with no configuration data (Form 2
SafetyOpen) . 37
Figure 8 – Target Processing for SafetyOpen with configuration data (Form 1
SafetyOpen) . 38
Figure 9 – Originator logic to determine which format to use . 39
Figure 10 – Applying device configuration . 64
Figure 11 – Configure and Validate processing flowcharts . 65
Figure 12 – UNID handling during “Waiting for TUNID” . 71
Figure 13 – Safety Supervisor state diagram . 72
Figure 14 – Configuration, testing and locked relationships . 76
Figure 15 – Safety connection types . 82
Figure 16 – Safety Validator state transition diagram . 86
Figure 17 – Logic for Auto-detecting format type . 100
Figure 18 – Connection Configuration Object state diagram . 103
Figure 19 – Connection Configuration Object data flow . 104
Figure 20 – Format of the mode octet . 105
Figure 21 – 1 or 2 octet data section, Base Format . 106
Figure 22 – 1 or 2 octet data section, Extended Format . 107
Figure 23 – 3 to 250 octet data section format, Base Format . 107
Figure 24 – 3 to 250 octet data section format, Extended Format . 108
Figure 25 –
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...