SIST EN 61162-402:2006

SLOVENSKI STANDARD
01-februar-2006
3RPRUVNDQDYLJDFLMVNDLQUDGLRNRPXQLNDFLMVNDRSUHPDWHUVLVWHPL±'LJLWDOQL
YPHVQLNL±GHO+NUDWQDRERMHVPHUQDNRPXQLNDFLMDPHGYHþXGHOHåHQFL±
0HGVHERMQRSRYH]RYDQMHODGLMVNLKVLVWHPRY±=DKWHYH]DGRNXPHQWLUDQMHLQ
SUHVNXãDQMH,(&
Maritime navigation and radiocommunication equipment and systems - Digital interfaces
-- Part 402: Multiple talkers and multiple listeners - Ship systems interconnection -
Documentation and test requirements
Navigations- und Funkkommunikationsgeräte und -systeme für die Seeschifffahrt -
Digitale Schnittstellen -- Teil 402: Mehrere Datensender und mehrere Datenempfänger -
Schiffssystemzusammenschaltung - Dokumentation und Prüfanforderungen
Matériels et systèmes de navigation et de radiocommunication maritimes - Interfaces
numériques -- Partie 402: Emetteurs et récepteurs multiples - Interconnexion des
systèmes maritimes - Documentation et exigences d'essai
Ta slovenski standard je istoveten z: EN 61162-402:2005
ICS:
33.060.01 Radijske komunikacije na Radiocommunications in
splošno general
47.020.70 Navigacijska in krmilna Navigation and control
oprema equipment
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN 61162-402
NORME EUROPÉENNE
EUROPÄISCHE NORM November 2005

ICS 47.020.70
English version
Maritime navigation and radiocommunication equipment and systems –
Digital interfaces
Part 402: Multiple talkers and multiple listeners –
Ship systems interconnection –
Documentation and test requirements
(IEC 61162-402:2005)
Matériels et systèmes de navigation  Navigations- und Funk-
et de radiocommunication maritimes – kommunikationsgeräte und -systeme
Interfaces numériques für die Seeschifffahrt –
Partie 402: Emetteurs et récepteurs Digitale Schnittstellen
multiples – Teil 402: Mehrere Datensender und
Interconnexion des systèmes maritimes – mehrere Datenempfänger –
Documentation et exigences d'essai Schiffssystemzusammenschaltung –
(CEI 61162-402:2005) Dokumentation und Prüfanforderungen
(IEC 61162-402:2005)
This European Standard was approved by CENELEC on 2005-10-01. CENELEC members are bound to
comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European
Standard the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on
application to the Central Secretariat or to any CENELEC member.

This European Standard exists in two official versions (English, German). A version in any other language
made by translation under the responsibility of a CENELEC member into its own language and notified to the
Central Secretariat has the same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Cyprus, Czech
Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden,
Switzerland and United Kingdom.

CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung

Central Secretariat: rue de Stassart 35, B - 1050 Brussels

© 2005 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.

Ref. No. EN 61162-402:2005 E
Foreword
The text of document 80/411/FDIS, edition 1 of IEC 61162-402, prepared by IEC TC 80, Maritime
navigation and radiocommunication equipment and systems, was submitted to the IEC-CENELEC
parallel vote and was approved by CENELEC as EN 61162-402 on 2005-10-01.
The following dates were fixed:
– latest date by which the EN has to be implemented
at national level by publication of an identical
national standard or by endorsement (dop) 2006-07-01
– latest date by which the national standards conflicting
with the EN have to be withdrawn (dow) 2008-10-01
Annex ZA has been added by CENELEC.
__________
Endorsement notice
The text of the International Standard IEC 61162-402:2005 was approved by CENELEC as a
European Standard without any modification.
__________
- 3 - EN 61162-402:2005
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
NOTE Where an international publication has been modified by common modifications, indicated by (mod), the relevant
EN/HD applies.
Publication Year Title EN/HD Year
1)
IEC 60092-504 - Electrical installations in ships - -
Part 504: Special features - Control and
instrumentation
1)
2)
IEC 60945 - Maritime navigation and EN 60945 2002
radiocommunication equipment and
systems - General requirements -
Methods of testing and required test
results
IEC 61162-4xx Series Maritime navigation and radio- EN 61162-4xx- Series
communication equipment and systems -
Digital interfaces
Part 4xx: Multiple talkers and multiple
listeners - Ship systems interconnection

1) 2)
IEC 61162-400 - Part 400: Multiple talkers and multiple EN 61162-400 2002
listeners - Ship systems interconnection -
Introduction and general principles

1) 2)
IEC 61162-401 - Part 401: Multiple talkers and multiple EN 61162-401 2002
listeners - Ship systems interconnection -
Application profile
1) 2)
IEC 61162-410 - Part 410: Multiple talkers and multiple EN 61162-410 2002
listeners - Ship systems interconnection -
Transport profile requirements and basic
transport profile
1) 2)
IEC 61162-420 - Part 420: Multiple talkers and multiple EN 61162-420 2002
listeners - Ship systems interconnection -
Companion standard requirements and
basic companion standards
1)
Undated reference.
2)
Valid edition at date of issue.

Publication Year Title EN/HD Year
1) 2)
IEC 61209 - Maritime navigation and EN 61209 1999
radiocommunication equipment and
systems - Integrated bridge systems
(IBS) - Operational and performance
requirements, methods of testing and
required test results
1) 2)
IEC 61508-3 - Functional safety of EN 61508-3 2001
electrical/electronic/programmable
electronic safety-related systems
Part 3: Software requirements
1) 2)
IEC 61508-4 - Part 4: Definitions and abbreviations EN 61508-4 2001

ISO 9001 2000 Quality management systems - EN ISO 9001 2000
Requirements
ISO/IEC 90003 2004 Sofware engineering - Guidelines for the - -
application of ISO 9001:2000 to computer
software
INTERNATIONAL IEC
STANDARD 61162-402
First edition
2005-09
Maritime navigation and radiocommunication
equipment and systems – Digital interfaces –
Part 402:
Multiple talkers and multiple listeners –
Ship systems interconnection –
Documentation and test requirements

 IEC 2005  Copyright - all rights reserved
No part of this publication may be reproduced or utilized in any form or by any means, electronic or
mechanical, including photocopying and microfilm, without permission in writing from the publisher.
International Electrotechnical Commission, 3, rue de Varembé, PO Box 131, CH-1211 Geneva 20, Switzerland
Telephone: +41 22 919 02 11 Telefax: +41 22 919 03 00 E-mail: inmail@iec.ch Web: www.iec.ch
PRICE CODE
Commission Electrotechnique Internationale W
International Electrotechnical Commission
МеждународнаяЭлектротехническаяКомиссия
For price, see current catalogue

– 2 – 61162-402  IEC:2005(E)
CONTENTS
FOREWORD.4
1 Scope.6
1.1 General .6
1.2 Limitations in scope.6
1.3 Limitations in test coverage .7
1.4 Limitations in degree of detail.7
2 Normative references .7
3 Definitions .8
4 Overview and basic principles .9
4.1 Introduction .9
4.2 Purpose of this standard.9
4.3 Use in the different stages of a development process.9
4.4 Structure of this standard .10
5 Critical functionality in the protocol .10
5.1 Function groups .11
5.2 High loading and general exception handling.12
5.3 Generalised architecture .13
5.4 Message passing contribution to possible errors .14
6 Test tools and test scenarios .15
6.1 Reference topology .15
6.2 System configurations .15
6.3 Test MAUs .16
7 Test of general protocol modules.17
7.1 MAU session management .17
7.2 Interface management.18
7.3 Transaction management .20
7.4 Exception handling .24
7.5 General high load tests .25
8 T-profile tests .26
8.1 Peer-to-peer message networks .26
8.2 Client-server message networks.27
8.3 Client-server stream networks .27
8.4 Broadcast networks.28
9 Test requirements for applications.28
9.1 Companion standard specification .29
9.2 Interface correctness.29
9.3 High load tests .30
10 Documentation requirements for general protocol modules.30
10.1 General software and test documentation.30
10.2 Technical specifications .30
11 Documentation requirements for applications .31
11.1 General software and test documentation.31
11.2 Companion standard specification .31
11.3 Technical specification .31

61162-402  IEC:2005(E) – 3 –
Annex A (informative) Companion standard specifications .32
Annex B (informative) Examples of numeric values for tests .37

Figure 1 – Typical communication paths in an IEC 61162-4 system .13
Figure 2 – Message flow in IEC 61162-4 system.14
Figure 3 – Test topology .15
Figure 4 – Multiple client/server connections.22

Table 1 – Transaction test requirements summary .21
Table B.1 – Extreme values .37
Table B.2 – Significant decimals .38

– 4 – 61162-402  IEC:2005(E)
INTERNATIONAL ELECTROTECHNICAL COMMISSION
_____________
MARITIME NAVIGATION AND RADIOCOMMUNICATION
EQUIPMENT AND SYSTEMS –
DIGITAL INTERFACES –
Part 402: Multiple talkers and multiple listeners –
Ship systems interconnection –
Documentation and test requirements

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any
equipment declared to be in conformity with an IEC Publication.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
IEC 61162-402 has been prepared by Technical Committee 80: Maritime navigation and
radiocommunication equipment and systems.
The text of this standard is based on the following documents:
FDIS Report on voting
80/411/FDIS 80/421/RVD
Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

61162-402  IEC:2005(E) – 5 –
IEC 61162 consists of the following parts, under the general title Maritime navigation and
radiocommunication equipment and systems – Digital interfaces:
Part 1: Single talker and multiple listeners
Part 2: Single talker and multiple listeners, high-speed transmission
Part 3: Multiple talkers and multiple listeners – Serial data instrument network (under
consideration)
Part 400: Multiple talkers and multiple listeners – Ship systems interconnection –
Introduction and general principles
Part 401: Multiple talkers and multiple listeners – Ship systems interconnection –
Application profile
Part 402: Multiple talkers and multiple listeners – Ship systems interconnection –
Documentation and test requirements
Part 410: Multiple talkers and multiple listeners – Ship systems interconnection –
Transport profile requirements and basic transport profile
Part 420: Multiple talkers and multiple listeners – Ship systems interconnection –
Companion standard requirements and basic companion standards

The committee has decided that the contents of this publication will remain unchanged until
the maintenance result date indicated on the IEC web site under "http://webstore.iec.ch" in
the data related to the specific publication. At this date, the publication will be
• reconfirmed;
• withdrawn;
• replaced by a revised edition, or
• amended.
A bilingual version of this publication may be issued at a later date.

– 6 – 61162-402  IEC:2005(E)
MARITIME NAVIGATION AND RADIOCOMMUNICATION
EQUIPMENT AND SYSTEMS –
DIGITAL INTERFACES –
Part 402: Multiple talkers and multiple listeners –
Ship systems interconnection –
Documentation and test requirements

1 Scope
1.1 General
This standard series, IEC 61162-400 and upwards, specifies a communication protocol for
use in integrated ship systems. It also specifies an interface description language for use
together with the protocol, a set of rules for the use of this language and a set of standard
interfaces described in the language.
This part of the standard specifies a minimum set of tests to be done, test results to be
achieved and documents that shall be available for all implementations of general protocol
software and applications that are compliant with the IEC 61162-4 standard. Although this set
of standard documents is collectively referred to as IEC 61162-4, the actual part numbers are
in the 400-series (see 1.4 of IEC 61162-400).
1.2 Limitations in scope
The tests and documentation requirements do not cover electrical, physical or environmental
requirements that may apply to the use of software or computers onboard ships. Such
requirements may be covered by IEC 60945 or IEC 60092-504. Other standards may also be
applicable.
This standard does not necessarily cover all requirements from classification societies or
other authorities. It is the responsibility of the user of this standard to ensure that all
appropriate regulations are addressed.
This standard contains tests to check that an application using the IEC 61162-4 protocol
adheres to its advertised interface specification. These tests cannot guarantee the correct
functionality of that application beyond the possibility of connecting it to the network and with
a limited degree of accuracy in the messages transferred.
This standard does not cover the system in which the IEC 61162-4 communication standard is
used. Additional requirements will normally apply to the total system configuration.
Fundamental requirements relating to ensuring reliable and timely transfer of data across data
communication links are included in other standards associated with the integration of
equipment such as IEC 60092-504 and IEC 61209. This standard does not contain tests to
verify compliance with these requirements. In addition, specific equipment related standards
may also contain requirements for correctness and timeliness of data transmissions. Neither
does this standard contain any tests to verify such requirements. Thus, results from tests
carried out in accordance with this standard cannot be used to demonstrate compliance with
the requirements of any other standards for system or equipment functionality.

61162-402  IEC:2005(E) – 7 –
1.3 Limitations in test coverage
The test plan only specifies general tests of the protocols and a limited set of other general
properties (black box tests). The test procedures will not generally cover tests of operating
systems, communication libraries or other software components that are used to implement
the standard. Neither does this standard specify any tests related to the way the system is
implemented (white or glass box testing).
1.4 Limitations in degree of detail
The test procedures are general in nature and do not generally specify detailed test programs
and procedures. The procedures specify a minimum set of functional aspects that need to be
tested, with, in some cases, a minimum required set of excitations and corresponding
required responses. The testers must develop the detailed procedures and test tools
themselves.
2 Normative references
The following referenced documents are indispensable for the application of this document.
For dated references, only the edition cited applies. For undated references, the latest edition
of the referenced document (including any amendments) applies.
IEC 60092-504, Electrical Installations in ships – Special features – Control and
instrumentation
IEC 60945, Maritime navigation and radiocommunication equipment and systems – General
requirements – Methods of testing and required test results
IEC 61162-4, (shorthand for all parts in the IEC 61162-400 series), Maritime navigation and
radio-communication equipment and systems – Digital interfaces – Part 4xx: Multiple talkers
and multiple listeners – Ship systems interconnection
IEC 61162-400, Maritime navigation and radiocommunication equipment and systems –
Digital interfaces – Part 400: Multiple talkers and multiple listeners – Ship systems
interconnection – Introduction and general principles
IEC 61162-401, Multiple talkers and multiple listeners – Ship systems interconnection –
Application profile
IEC 61162-410, Multiple talkers and multiple listeners – Ship systems interconnection –
Transport profile requirements and basic transport profile
IEC 61162-420, Multiple talkers and multiple listeners – Ship systems interconnection –
Companion standard requirements and basic companion standards
IEC 61209, Maritime navigation and radiocommunication equipment and systems – Integrated
Bridge Systems (IBS) – Operational and performance requirements, methods of testing and
required test results
IEC 61508-3, Functional safety of electrical/electronic/programmable electronic safety-related
systems – Part 3: Software requirements.
IEC 61508-4, Functional safety of electrical/electronic/programmable electronic safety-related
systems – Part 4: Definitions and abbreviations
ISO 9001: 2000, Quality management systems – Requirements.
ISO/IEC 90003: 2004, Software engineering – Guidelines for the application of ISO 9001:
2000 to computer software.
– 8 – 61162-402  IEC:2005(E)
3 Definitions
For the purposes of this document, the following definitions apply.
3.1
black-box testing
testing that ignores the internal workings and internal structure of a component and focuses
on the responses generated as a result of controlled stimuli and execution conditions.
Typically used to evaluate the compliance of a component with specified functional
requirements. See also white-box testing
3.2
defect
latent faults in a component ("bug" in software), that either represent or can cause an error
and by that a failure
3.3
error
that part of the system state that is liable to lead to a failure (IEC 61508-4) IEC 61508-4 does
not classify a software defect as an error, but as a fault. In this standard, the term defect will
be used to mean also software defects. The term fault will not be used.
3.4
fault
see error and defect
3.5
failure
occurs when a delivered service deviates from the intended service. It is the effect of an error
on the service (IEC 61508-4)
3.6
memory leak
situation where a program is not able to reclaim dynamically allocated memory that should be
released as a result of the removal of an internal object. It typically occurs during sequences
of connect and disconnect
3.7
safety integrity level
discrete level (one out of a possible four) where safety integrity level 4 has the highest level
of safety integrity and safety integrity level 1 has the lowest. Safety integrity is the probability
of a safety-related system satisfactorily performing the required safety functions under all the
stated conditions within a stated period of time (see IEC 61508-4).
3.8
white-box testing
testing that uses knowledge of the internal structure and internal workings of a component to
exercise, for example selected internal execution paths or sub-component interactions in the
component. See also black-box testing.

61162-402  IEC:2005(E) – 9 –
4 Overview and basic principles
4.1 Introduction
This part of IEC 61162 covers test and documentation requirements. Proper testing, based on
a test plan, and the availability of documentation are factors that are important in ensuring the
correctness of a protocol or application software module. This document specifies general
requirements to testing and documentation for both protocol and application modules. This
document only specifies the tests that have to be made and the required test results. It does
not specify the tools or mechanisms that are used to perform the test. This is the
responsibility of the tester.
Documentation requirements are more specific and define the minimum requirements for
documentation that follows protocol or application modules. The user should take care to
supplement the minimum requirements with whatever extra documentation that it is felt to be
necessary to use the module in question. Of particular importance is software documentation
in the case where there is the possibility to modify the module.
Annexes summarise the test requirements in a form that can be used as a test log.
4.2 Purpose of this standard
This standard shall help to ensure that important aspects of an implementation of IEC 61162-
4 basic software does what it is supposed to do and that it does not contain any hidden
defects. This standard can also be used to ensure that an application using the IEC 61162-4
standard actually implements the interface to the network that it advertises through its
specification or companion standard document.
This standard shall also define a minimum set of documents that shall follow the application
or be available from the developer of the application or communication software. These
documents will partly specify interface and functionality attributes as well as act as part proof
of the implementation's adherence to the IEC 61162-4 specification.
With these two goals in mind, this standard covers part of the verification and validation
process that is necessary to produce safe integrated ship systems. The main emphasis is,
however, on verification.
4.3 Use in the different stages of a development process
The stages of a development process are dependent on the process being used and how that
process is implemented. However, the stages on a high level can be characterised as
belonging to the specification, design, implementation and integration phases. The following
clauses will, [with the basis] in these phases, specify where this standard can be applied and
which other standards can be used.
This standard does not address the software development- and lifecycle as such. However,
this standard requires that any software produced to comply with IEC 61162-4, as a minimum
is developed to the ISO 9001 standard and implements the relevant part of this standard as
specified in ISO/IEC 90003, for the software product, or to equivalent standards.
4.3.1 Specification
The specification of an IEC 61162-4 module is contained in IEC 61162-400, IEC 61162-401
and IEC 61162-410. The interface between applications and the IEC 61162-4 network shall be
specified through companion standard documents as prescribed in IEC 61162-420.

– 10 – 61162-402  IEC:2005(E)
4.3.2 Design
IEC 61162-400, IEC 61162-401 and IEC 61162-410 contain parts of the design specification
in the form of ER-diagrams, message sequence charts, state diagrams and basic
modularisation. Additional design documents are, however, necessary for the coding of an
IEC 61162-4 implementation. This standard does not prescribe particular methods or tests for
the preparation of design documents.
The IEC 61508-3 standard may be appropriate for certain types of system that need a high
safety integrity level. The standard will, in any case, contain guidelines that can be used in
the design phase.
4.3.3 Implementation
No part of this standard prescribes any particular principle that shall be used during
implementation of IEC 61162-4 compliant devices.
IEC 61508-3 may be appropriate for certain types of system that need a high safety integrity
level. The standard will in any case contain guidelines that can be used in the implementation
phase.
4.3.4 Integration
This part of IEC 61162 describes a set of functional tests that shall be performed on a
finished IEC 61162-4 module or application. Some of these tests are appropriate as pre-
integration tests and can also be helpful in pinpointing particular problems in the
implementation. Notes in the standard will give information to that effect, where appropriate.
IEC 61508-3 may be appropriate for certain types of systems that need a high safety integrity
level. This standard will in any case contain guidelines that can be used in the integration
phase.
IEC 61209 also contains requirements that are appropriate for certain types of systems, in
particular integrated bridge systems.
4.3.5 Verification
This standard covers functional tests (black-box tests) that shall be used to verify that a
module, or an implementation thereof, using the IEC 61162-4 protocol, satisfies certain
functional requirements that are inherent in the test section of this part of the standard. This
standard is mainly intended for the use in the verification phase.
4.4 Structure of this standard
This clause specifies general requirements of the development process. Clause 5 identifies
the critical functionality in the IEC 61162-4 protocol and relevant test scenarios. Clause 6
defines test tools and test scenarios. Clause 7 contains test plans for general protocol
modules. Clause 8 contains test plans for application modules. Clause 9 contains
documentation requirements. Annexes contain summary tables that can be used as basis for
the creation of test and documentation logs and check lists.
5 Critical functionality in the protocol
This clause analyses the typical IEC 61162-4 functionality and system architecture and
defines the most important test scenarios. The purpose of this clause is to describe the
rationale behind the selection of test cases and also to be a basis for the creation of more
extensive and voluntary tests when these are desired by the implementers or users.

61162-402  IEC:2005(E) – 11 –
5.1 Function groups
An implementation of the IEC 61162-4 protocol standard will typically have to handle a set of
different functions where an error in any or each can cause failure. The most important
functions are listed in the following clauses.
5.1.1 MAU management
A MAU and an LNA must be able to co-operate to establish a MAU-LNA session and provide,
for example MAU name services and MAU watchdog functions. The typical stages in MAU
management are:
a) Accept a connection attempt from a MAU and register that MAU as existing in the system.
This includes checks for duplicate MAU names and the two connection sequences that
need to be considered: 1) LNA starts before MAU. 2) MAU starts before LNA.
b) Make the new MAU name and status available in the network. Respond to messages
about other MAUs by providing additional information, for example about duplicate names.
c) Provide the optional watchdog function and, if necessary, let the LNA kill the MAU when
the watchdog fails.
d) From the LNA, handle the death of a MAU correctly, i.e. clean up internal state and report
death to the system.
e) From the MAU, handle the death of the LNA correctly, i.e. clean up internal state and start
reconnection attempts if appropriate. This also applies to the closing down of the MAU-
LNA link from the LNA.
f) Handle the reconnect of a previously dead MAU or LNA correctly.
5.1.2 Interface and session management
MAUs connect to each other through interfaces. The system must be able to handle the
establishment and disruption of such connections as prescribed in the A-profile. The system
must also be able to handle session management, i.e. identification of parties in an exchange
of messages and flow control. The cases that need to be considered are enumerated below:
a) A server MAU exports an interface for use by clients. Note that there is a time difference
between the establishment of the server MAU session and the export of the interface and
that this must be handled by the LNA when remote clients attempt to connect.
b) A client MAU connects to the interface.
Note that steps a) and b) may be executed in the opposite order.
c) The server LNA shall check the connect message and, if appropriate, send a connection
request to the server MAU. Checks shall be made that the client is allowed to connect and
that the client's request is a true sub-set of the servers advertised interface.
d) If the connection attempt is accepted by both server components, i.e. the LNA and MAU,
an acknowledgement shall be sent to the client MAU. The client can start to send
transaction requests.
e) The server LNA and MAU shall be able to handle multiple clients in the same manner and
be able to keep the different sessions apart with regard to transaction source identity and
routing of transactions.
f) The client MAU or its LNA may die or the client MAU may close its side of the connection.
The server MAU shall be notified of the closing and the LNA clean up internal state,
including discarding any pending transactions.
g) The server MAU or its LNA may die or the server MAU may close its side of the
connection. The client shall be notified and the LNA clean up its internal state.
Note that f) may occur before g) or the two may occur at the same time.

– 12 – 61162-402  IEC:2005(E)
h) The client and the server shall be able to reconnect at any time and the connection shall
be re-established as for the first connection. The client shall, if appropriate, be
automatically reconnected by the LNA.
Connection management must handle an arbitrary large number of clients and server MAUs in
all possible configurations; also when both client and server are located at the same LNA.
5.1.3 Transaction management
Data is exchanged as transactions between a client and server MAU. The system must be
able to execute these transactions correctly and on time. Transactions are performed in a
number of distinct steps:
a) The client MAU creates a request.
b) The client MAU protocol library (MAPI) adds address information and converts the
outgoing message to network format (data marshalling).
c) The client LNA multiplexes outgoing messages to correct destination LNA.
d) The server LNA de-multiplexes incoming messages to correct MAU.
e) The server MAU's MAPI converts the message to internal format, marshals the data and
extracts address information.
f) An application routine in the server MAU processes the message and generates an
acknowledgement. Multiple acknowledgements may also be generated for subscription
messages.
g) Address information is added to the acknowledgement by the MAPI and the message is
converted to network format.
h) The server LNA identifies the target MAU and multiplexes the message onto the correct
LNA link. For some message types (subscription), the LNA must duplicate the message to
a number of subscribers.
i) The client LNA receives the message and targets it at the client MAU.
j) The client MAPI converts the message to internal format and passes it to the correct
application handler routine.
k) The application part of the MAU processes the message.
In addition to this, all parties involved must be able to handle a transaction cancellation
issued at any time in the sequence. The system must also handle the shutting down of a
connection, by a command or as the result of a connection failure, at any time in the
sequence.
Transaction management must handle an arbitrary large number of client and server MAUs in
all possible configurations, also when both client and server are located at the same LNA.
5.2 High loading and general exception handling
The system shall also be able to handle abnormal situations that occur due to high load or
physical problems in the system. It is also necessary to quantify any load related effects that
may occur in the system.
5.2.1 Session limitation
The MAU shall be able to send session control messages to another MAU in the system.
These messages shall inhibit transmission of non-urgent data.
A server MAU can limit the number of clients that can connect to an interface. The server LNA
enforces this limit.
61162-402  IEC:2005(E) – 13 –
5.2.2 Load limitation
A server MAU can specify a maximum number of pending transactions on an interface.
Excessive non-urgent transactions are denied by the LNA.
Urgent transactions shall in any case have priority before non-urgent transactions.
5.2.3 Load tests
The IEC 61162-4 protocol, with Ethernet based T-profile, will normally be limited in its network
performance by the CPU power. It is in the particular context of switches between LNA and
MAUs that may cause high loads and, thus, delays in the system. It is necessary to quantify
this performance degradation.
In some cases, a system may also be limited by network or computer input/output bandwidth.
It is also necessary to quantify this effect where it occurs.
5.2.4 Exception handling
The system shall tolerate physical errors in the system. The cases that need consideration
are:
a) Sudden death of a host computer, including sudden loss of a communication link. This
makes it impossible to shut down the communication link properly and the system may be
dependent on link watchdogs to detect the failure. This is a particular problem when the
link is idle most of the time.
b) Errors on the hardware link interface that may give the host computer problems, for
example loss of carrier, may cause system software lock-up. Excessive interrupts can
cause high load on the computer.
c) Loss of redundancy. The system shall continue operation without any loss of functionality.
Warnings about loss of redundancy must be given to higher level error handlers. Various
transitions between redundant and non-redundant must be handled.
5.3 Generalised architecture
An IEC 61162-4 system can consist of any number of MAUs that in turn are assigned to a
number of LNAs. Each LNA must run on a separate host computer, but the MAUs may be
distributed between LNAs as is most convenient. A generalisation of the typical
communication paths in such a system is illustrated below.

M1 M2 M3 M4
L1 L2
IEC 1516/05
Figure 1 – Typical communication paths in an IEC 61162-4 system
Each LNA (L1 and L2) must multiplex data from and to each of its MAUs (M1 to M4). A real
system will typically consist of many more LNAs and usually more MAUs per LNA. However,
the possible faults that can occur can be generalised in this 4 times 2 diagram. The cases that
will have to be checked are:
– 14 – 61162-402  IEC:2005(E)
a) M1 is a client of itself (special case, but legal).
b) M1 is a client of M2 (same LNA).
c) M1 is a client of M3 (different LNA).
d) M1 and M2 are clients of M3 and M4 (multiplex needed on both client and server side).
e) M1, M2 and M3 are clients of M4 (L2 need to send some messages remote and some
locally).
f) M1 is a client of M2, M3 and M4 (same as previous, but test on the receiving side).
The above cases are the ones that need careful testing with respect to relevant functionality
and exception handling. These cases shall also be checked with larger number of LNAs and
MAUs , but in these cases one need only verify that the basic functionality is present.
5.4 Message passing contribution to possible errors
A typical message transfer can be illustrated as in the following figure:

Application
MAPI
T-profile 1
T-profile 1
LNA
T-profile 2
IEC 1517/05
Figure 2 – Message flow in IEC 61162-4 system
The MAU consists of the applica
...