The present invention relates to industrial control systems and, in particular, a modular, high-availability industrial system using a network ring.
Industrial controllers, such as programmable logic controllers (PLC's), are specialized electronic computer systems used for the control of industrial processes or machinery, for example, in a factory environment. Industrial controllers differ from conventional computers in a number of ways. Physically, they are constructed to be substantially more robust against shock and damage and to better resist external contaminants and extreme environmental conditions. The processors and operating systems are optimized for real-time control and execute languages allowing ready customization of programs to comport with a variety of different controller applications. Industrial controllers may have a user interface for accessing, controlling and/or monitoring the industrial controller, such as through a locally connected terminal having a keyboard, mouse and display.
Typically, industrial controllers have a modular architecture that allows different numbers and types of network cards or adapters to be used to connect the controllers to the process or machinery to be controlled through special “control networks” suitable for highly reliable and available real-time communication. Such control networks commonly used in industrial control systems include, for example, ControlNet, DeviceNet, EtherNet/IP and Sercos, whose specifications are published and whose protocols are used broadly by a number of manufacturers and suppliers. Control networks differ from standard communication networks, such as Ethernet, by guaranteeing maximum communication delays. This may be obtained, for example, by pre-scheduling the bandwidth of the network and/or providing redundant communication capabilities to high-availability. Control networks also differ from one another in physical aspects, for example, the type of media (e.g., co-axial cable, twisted pair, light fiber, etc.), the protocols of its operation, (e.g., Baud rate, number of channels, word transmission size, use of connected messaging, etc.) and how the data is formatted and how it is collected into standard messages.
Many networks also incorporate protocols to repair the network in the event of network node failure. These protocols can take a relatively long time to reconnect the network (as much as 30 seconds) and thus are unacceptable for industrial control networks where the controlled process cannot be undirected during this period without disastrous consequences.
The risk of debilitating network failure in an industrial control can often be reduced using a redundant network topology, for example, where network nodes are connected in a ring with a supervisor. Normally the ring is opened at the supervisor node for all standard data and thus operates in a normal linear topology. The supervisor may send out test “telegram” or “beacon” frames in one direction on the ring which are received back at the supervisor in the other direction to indicate the integrity of the ring. If the ring is broken, such as by a node or media failure, the supervisor joins the ends of the ring to produce once again a continuous linear topology now separated by the failed component. Changes in the mode of operation of the supervisor from “separated” to “joined” may be transmitted to the other nodes using notification frames so that these nodes can rebuild their MAC address routing tables used to associate a port with a destination address.
The error detection time of such ring systems can be quite fast, limited principally by the transmission rate of the beacons (every several milliseconds). This rate defines the maximum time before which an error is detected and the ring may be reconfigured.
Also, as part of their enhanced modularity, industrial controllers may employ one or more industrial devices coupled through the control networks. Industrial devices may comprise one or more I/O modules dedicated to a particular type of industrial function, for example, detecting input AC or DC signals or controlling output AC or DC signals in conjunction with an industrial process, or running motors or other machinery. Each I/O module may have a connector system allowing them to be installed in different combinations in an industrial device along with other selected I/O modules to match the demands of the particular application. Multiple industrial devices may be located at convenient control points near the controlled process or machine to communicate with the industrial controller via the control network.
Industrial systems may require flexibility for adding, removing and/or modifying industrial controllers and industrial devices. For example, it may be desirable to add a new industrial process via a new industrial device, thereby increasing the capability or capacity of the industrial system. Similarly, it may be desirable to modify or remove an existing industrial controller or industrial device due to changes in requirements in the industrial system, such as a controlled process or machine that has become obsolete. In addition, in some applications, industrial controllers and/or industrial devices might require addition, removal or modification while the industrial system is actively running. This may occur, for example, when interrupting the process would cause costly downtime and/or product defects.
Industrial systems, including industrial controllers and industrial devices, like many other systems, may also be susceptible to various faults occurring throughout the system. For example, the electronics held within an industrial controller or industrial device, the network connection or I/O connection or function card, or the power source, may all be potential points of failure due to a number of conditions. However, in certain industrial systems requiring high-availability for running critical applications, a failure occurring at any point could lead to potentially catastrophic conditions.