US20050240287A1

Movatterモバイル変換

Info

Publication number: US20050240287A1
Application number: US10/874,567
Authority: US
Inventors: David Glanzer; Colin Corles; Steven Brodman; William Hawkins; Michael Hirst; Tony Kozlik; Lee Neitzel; Raymond Sawyer; Johan Tegnell
Original assignee: Individual
Current assignee: Individual
Priority date: 1996-08-23
Filing date: 2004-06-22
Publication date: 2005-10-27
Also published as: US6826590B1

Abstract

A distributed control system architecture (HSE) provides an open, interoperable solution optimized for integration of distributed control systems and other control devices in a high performance backbone, provides an open, interoperable solution that provides system time synchronization suitable for distributed control applications operable over a high performance backbone, and provides an open, interoperable solution that provides a fault tolerant high performance backbone as well as fault tolerant devices that are connected to the backbone. The distributed control system architecture comprises a High speed Ethernet Field Device Access (HSE FDA) Agent, which maps services of a distributed control system, e.g., a fieldbus System, to and from a standard, commercial off-the-shelf (COTS) Ethernet/Internet component. The distributed control system architecture also comprises a High speed Ethernet System Management Kernel (HSE SMK) that operates to keep a local time, and keeps the difference between the local time and a system time provided by a time server within a value specified by the time sync class. The local time is used to time stamp events so that event messages from devices may be correlated across the system. The distributed control system architecture further comprises a High speed Ethernet Local Area Network Redundancy Entity (HSE LRE) that provides redundancy transparent to the applications running on the system. The HSE LRE of each device periodically transmits a diagnostic message representing its view of the network to the other Devices on the system. Each device uses the diagnostic messages to maintain a Network Status Table (NST), which is used for fault detection and selection from a redundant pair of resources.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation application of U.S. application Ser. No. 09/598,697, filed Jun. 21, 2000; which claims the benefit of U.S. Provisional Application No. 60/139,814, filed Jun. 21, 1999; and which is a continuation-in-part (CIP) application of U.S. application Ser. No. 08/916,178, filed Aug. 21, 1997; which claims the benefit of U.S. Provisional Application No. 60/024,346, filed Aug. 23, 1996; all of which are hereby incorporated by reference in their entirety.

TECHNICAL FIELD

The present invention relates to control system architecture. More particularly, the present invention relates to an open, interoperable distributed control system in a high performance network environment.

BACKGROUND OF THE INVENTION

Automatic control systems are critical to all sectors of industry such as process control, discrete control, batch control (process and discrete combined), machine tool control, motion control, and robotics. One of the strongest needs in modern control systems is development and use of “open” and “interoperable” systems. Open, interoperable systems allow control devices made by different manufacturers to communicate and work together in the same system without the need for custom programming. “Fieldbus” is the common term used to describe these types of control systems.

The movement toward open, interoperable fieldbus systems is driven by device manufacturers and end users. Manufacturers want open, interoperable systems because it allows them to sell their products to more end users while reducing development costs. End users want open, interoperable systems so that they can select the best control devices for their system regardless of the device manufacturer.

There has also been a trend toward distribution of control functions into intelligent devices. In centralized control systems, a central controller performs all the control functions.

In distributed control systems, more than one control device operating in the system takes an active role in the control functions. Although both centralized and decentralized systems use a communication network, decentralized systems reduce overall system costs by reducing or eliminating the centralized controller functions between the control devices and the human-machine interface.

In order for distributed control systems to be truly open and interoperable, both the communications system and the user layer (above the communication system layers) must be specified and made open. One of the truly open and interoperable distributed systems is the fieldbus system provided by the Fieldbus Foundation. The FOUNDATION™ Fieldbus user layer is described, e.g., in U.S. patent application Ser. No. 08/916,178 (hereafter the “'178” application) filed Aug. 21, 1997, entitled “BLOCK-ORIENTED CONTROL SYSTEM”, and assigned to the assignee of the present application.

The lower speed 31.25 kilobits per second fieldbus (H1) used by the FOUNDATION™ fieldbus is described in part by International Electrotechnical Committee (IEC) Standard IEC 61158, the entirety of which is hereby incorporated by reference herein.

While the FOUNDATION™ fieldbus provides the open and interoperable solution for the H1 control capability, there is a great need to provide an open and interoperable solution for distributed control on a very high performance communication system typically called a fieldbus “backbone” network. The backbone network aggregates information from the lower speed control devices, e.g., the H1 and other control devices, which is used in supervisory and advanced control applications. The backbone is also needed for integration of control information into the enterprise's Management Information Systems (MIS).

One of the widely accepted standards for high performance communications signaling is Ethernet. Invented by Xerox in the 1970's, Ethernet has progressed from an initial speed of 10 Megabits per second, to 100 Megabits per second, to 1 Gigabit per second and beyond. Ethernet signaling is specified in an Institute of Electrical and Electronics Engineers (IEEE) standard (IEEE 802.3). Ethernet signaling is the underlying technology used by the Internet. The Internet protocols are specified by the Internet Engineering Task Force (IETF) and are issued as Request for Comment (RFC) specifications.

Although Ethernet/Internet technology provides the basic services for a high performance fieldbus backbone, it does not provide for all of the functions needed for use in distributed control systems. In particular, IEEE and IETF do not have suitable open and interoperable solutions for integration of distributed control systems (e.g., the H1 subsystem), system time synchronization, and fault tolerance.

The method of transferring information from lower speed fieldbuses to the Ethernet used by organizations such as Open DeviceNet™ Vendor Association, Inc., (“EtherNet/IP,”) and PROFIBUS International, (“PROFINet”) are not suitable for use in the high performance environment because they encapsulate the lower speed protocol packets in an Ethernet frame. This method, known as “tunneling,” is common in centralized control systems, but is inadequate for high performance distributed control systems. Although simpler to specify, tunneling would require too many Transport Control Protocol (TCP) connections with the resulting interrupt processing and memory overhead on the devices connected to the fieldbus backbone. In addition tunneling wastes much of the Ethernet bandwidth because the lower speed protocol packets (e.g., the H1 packets) are small and in many cases the Ethernet packet overhead would be bigger than a lower speed protocol packet.

Devices connected to the Ethernet must have a common sense of system time for time stamp and function block scheduling (control) purposes. For high performance distributed control, system time often needs to be accurate to within less than 1 millisecond. Heretofore, there is no known solution that provides this accuracy using the Commercial Off The Shelf (COTS) Ethernet equipment.

Fault tolerance of the Ethernet communication media and devices connected to the Ethernet is required for high performance distributed control applications. There is no known solution that provides the required fault tolerance using standard COTS Ethernet equipment. All of the prior attempts in providing the required fault tolerance require special Ethernet/Internet electronic hardware and/or software, and/or a non-standard “redundancy manager” device to be added to the Ethernet.

Thus, what is needed is an open, interoperable solution optimized for integration of distributed control systems and other control devices in a high performance fieldbus backbone.

What is also needed is an open, interoperable solution that provides system time synchronization suitable for distributed control applications operable over a high performance fieldbus backbone.

What is also needed is an open, interoperable solution that provides a fault tolerant high performance fieldbus backbone as well as fault tolerant devices that are connected to the fieldbus backbone.

SUMMARY OF THE INVENTION

The present invention overcomes the shortcomings described above and provides a new and improved distributed control system, which operates on a high performance backbone, e.g., the standard COTS Ethernet and Internet technology. The embodiments of the present invention are collectively referred to herein as the “High Speed Ethernet” (HSE). HSE includes the features of the distributed control system described by the '178 application and FOUNDATION™ fieldbus specifications (which are listed in Appendix A as the Reference Set 1), and further includes three new protocols described in the supporting specifications thereof, which are listed in Appendix A as theReference Set 2. In particular, the new protocols are referred to herein as: the HSE Field Device Access (FDA) Agent, the HSE System Management Kernel (SMK), and the HSE Local Area Network Redundancy Entity (LRE).

The HSE FDA Agent allows System Management (SM) and Fieldbus Message Specification (FMS) services used by the H1 devices to be conveyed over the Ethernet using standard Internet User Data Protocol (UDP) and Transport Control Protocol (TCP). This allows HSE Devices on the Ethernet to communicate to H1 devices that are connected via a “HSE Linking Device.” The HSE FDA Agent is also used by the local Function Block Application Process (FBAP) in a HSE Device or HSE Linking Device. Thus, the HSE FDA Agent enables remote applications to access HSE Devices and/or H1 devices through a common interface.

The HSE SMK ensures that system level functions in each device are coordinated. These functions include system time, addition and removal of devices from the network, and function block scheduling. HSE SMK uses local clock that operates to keep a local time, and keeps the difference between the local time and a system time provided by a time server within a value specified by the time sync class (SeeReference Set 1 of Appendix A herein). The local time is used to time stamp events so that event messages from devices may be correlated across the system. Local time is also used to schedule the execution of the local function blocks.

HSE fault tolerance is achieved by operational transparency i.e., the redundancy operations are not visible to the HSE applications. This is necessary because HSE applications are required to coexist with standard MIS applications. The HSE LRE coordinates the redundancy function. Each HSE Device periodically transmits a diagnostic message representing its view of the network to the other HSE Devices on its Ethernet interfaces (commonly called Ethernet “Ports”). Each device uses the diagnostic messages to maintain a Network Status Table (NST), which is used for fault detection and Ethernet transmission port selection. There is no central “Redundancy Manager”. Instead, each device determines how it should behave in response to faults it detects.

BRIEF DESCRIPTION OF THE DRAWINGS

Features and advantages of the present invention will become apparent to those skilled in the art from the following description with reference to the drawings, in which:

FIG. 1 is a block diagram showing an exemplary embodiment of a high performance distributed control system in accordance with the principals of the present invention;

FIG. 2 is a block diagram showing an exemplary embodiment of device system architecture of a high performance distributed control system in accordance with the principles of the present invention;

FIG. 3 is a block diagram showing an exemplary embodiment of the structure of the High Speed Ethernet Management Information Base of the device system architecture shown inFIG. 2;

FIG. 4 is a block diagram showing an exemplary embodiment of the device system architecture shown inFIG. 2, showing the various local interfaces of the High Speed Ethernet Field Device Access agent;

FIG. 5 is a block diagram showing an exemplary embodiment of the relevant portions of the high performance distributed control system involved in time synchronization process in accordance with the principles of the present invention;

FIG. 6 is a flow diagram illustrative of an exemplary embodiment of the process of time synchronization in accordance with an embodiment of the principles of the present invention;

FIG. 7A is a timing diagram illustrative of a starting time offset before the time synchronization process in accordance with an embodiment of the principles of the present invention;

FIG. 7B is a timing diagram illustrative of a starting time offset after the time synchronization process in accordance with an embodiment of the principles of the present invention; and

FIG. 8 is a block diagram showing an exemplary embodiment of the redundant topology of a high performance distributed control system in accordance with the principles of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

For simplicity and illustrative purposes, the principles of the present invention are described by referring mainly to exemplary embodiments, particularly, with specific exemplary implementations of distributed control system in an Ethernet network. However, one of ordinary skill in the art would readily recognize that the same principles are equally applicable to, and can be implemented in, other implementations and designs using any other high speed networks, and that any such variation would be within such modifications that do not depart from the true spirit and scope of the present invention.

A: HSE Distributed Control System Overview

Referring toFIG. 1, an example of a highperformance control system100 is shown where standardCOTS Ethernet equipment130 is used to interconnectHSE Linking Devices110 andHSE Devices120 to anEthernet Network140. TheHSE Linking Devices110 in turn connect toH1 Devices170 usingH1 Networks150. Other types of equipment such as Personal Computer (PC)160 may also be connected to theEthernet Network140.

The actual Ethernet network topology and COTS Ethernet equipment configuration will depend on the particular application needs. However any Ethernet network topology or configuration using standard COTS Ethernet equipment other than the exemplary topology shown inFIG. 1 may be used, and such variations would be within such modifications that do not depart from the true spirit and scope of the present invention.

A.1: HSE System Architecture

The HSE system architecture in accordance with an embodiment of the principles of the present invention is shown inFIG. 2. The HSE system architecture is designed to meet the functional needs of the high performance distributed manufacturing and process control environments, e.g., in a high speed Ethernet network. It permits distributed automation systems to be constructed from various control and measurement devices manufactured by different vendors. The HSE system architecture is described by architecture components that have been adapted to the specifics of both the H1 and HSE environments.

The various protocols and standards referenced in the following disclosure are described in detail in the manuals and specifications listed in Appendix A herein, which are available from the Fieldbus Foundation, a not-for-profit organization headquartered in Austin, Tex., and the respective current versions as of the filing date of the present invention of all of which are hereby incorporated by reference in their entirety herein. Each of the architecture components of the HSE system architecture (shown inFIG. 2) will now be described in more detail.

A.2: Function Block Application Process Virtual Field Device (FBAP VFD)

Application Process (AP) is a term defined by the International Standards Organization (ISO) Open Systems Interconnect (OSI) Reference Model (RM), ISO 7498, to describe the portion of a distributed application that is resident in a single device. The term is used in the following description to refer to the entities within a device that performs a related set of functions, such as function block processing, network management, and system management.

Virtual Field Device (VFD) is a term defined by the Fieldbus Foundation (See Fieldbus Message Specification FF-870 listed inReference Set 1 in Appendix A herein). A VFD makes the parameters of an AP visible to a communication network.

In accordance with the principles of the present invention, the HSE system architecture (shown inFIG. 2) supports the Function Block Application Process Virtual Field Device (FBAP VFD)260. TheFBAP VFD260 provides a common means for defining inputs, outputs, algorithms, control variables, and behavior of the automation system. There may bemultiple FBAP VFDs260, e.g., n FBAP VFDs as shown, in a device in order to satisfy the particular needs an application. The FBAP VFD may or may not be present in a HSE Device or HSE Linking Device. If the HSE FBAP VFD is present, the device is sometimes also referred to as a “HSE Field Device.” In the following description, however, the FBAP VFD is to be assumed to be present in the HSE Device and HSE Linking Device, even if the term “HSE Field Device” is not used.

A standard set of function block classes and parameters are defined by the Fieldbus Foundation, e.g., in one or more of the specifications listed in Appendix A herein. Manufacturers of control devices may append their own parameters to the standard set of parameters to accommodate additional function block definitions as new requirements are discovered, and as technology advances. A more detailed description of the function block classes and parameters may be found, e.g., in Function Block Application Process-Part 1 Specification FF-890 listed inReference Set 1 of Appendix A herein.

A.3: H1 Interface

EachH1 Network150 attached to a HSE Linking Device110 (shown inFIG. 1) requires aH1 Interface240. TheBridge250 is used to convey H1 Network messages directly between other H1 Interfaces240 within the same HSE Linking Device110 (shown inFIG. 1). A HSE Linking Device may comprise, e.g., a HSE Device120 (shown inFIG. 1) that includes at least oneH1 Interface240.

A more detailed description of a H1 Interface may be found in the Fieldbus Message Specification FF-870, Fieldbus Access Sublayer Specification FF-821, Data Link Services and Data Link Protocol Specifications FF-821, 822, and Data Link Protocol Specification for Bridge Operation Addendum FF-806, all of which are listed in theReference Set 1 of Appendix A herein.

A.4: Ethernet/Internet Stack

The HSE system architecture uses a standard COTS Ethernet/Internet (“stack”)280 for communication with other devices on theEthernet Network140. The Ethernet/Internet stack used by HSE consists of Distributed Hose Control Protocol (DHCP)285, Simple Network Time Protocol (SNTP)286, and Simple Network Management Protocol (SNMP)287, which in turn use Transport Control Protocol (TCP)283 and User Data Protocol (UDP)284 services.

TCP

283 andUDP284 in turn use the standard Internet Protocol (IP)282 services, which uses the standard IEEE Ethernet 802.3 Media Access Control (MAC) and Physical (PHY) Layers281. The PHY layer in281 connects to one ormore Ethernet Networks140.

The Internet DHCP, SNTP, SNMP, TCP, UDP and IP protocols are specified by the Internet Engineering Task Force (IETF) Request For Comment (RFC) specifications. The IETF RFCs are listed in Appendix B herein, which are hereby incorporated by reference herein in their entireties. An Institute of Electrical and Electronics Engineers (IEEE) standard (IEEE 802.3), the entirety of which is hereby incorporated by reference herein, describe the Ethernet MAC and PHY layers. The specific use of each layer and protocol are detailed in the Ethernet Presence Specification FF-586 listed inReference Set 2 of Appendix A herein.

By preserving the standard use of the Ethernet/Internet stack, the HSE system architecture ensures interoperability among the different stack manufacturers.

A.5: HSE Management Agent

Again referring toFIG. 2, in general, theHSE Management Agent270 usesDHCP285 for acquiring an IP address for the device,SNTP286 for maintaining time synchronization with a time server, andSNMP287 for managing the TCP, UDP, and IP protocol layers. HSE Management Agent use of DHCP, SNTP and SNMP is routine and complies with standard practices known to those familiar with the Internet protocols, e.g., according to IEEE 802.3.

The HSE Management Agent usesSNMP287 for managing the Internet layer protocols. Specifically, theHSE Management Agent270 provides Ethernet Network access to the standard Management Information Base-II (MIB II) as defined by SNMPv2 in RFC 1213 and RFC 1643 (see Appendix B), and as defined also by Ethernet Presence FF-586 listed inReference Set 2 of Appendix A herein.

In accordance with an embodiment of the present invention, in order to comply with the ISO standards, the HSE Management Information Base (HSE MIB)271 comprises of a standard part, which is the second version of MIB-11 as defined in RFC 1213 and a HSE specific part (which is defined under the private enterprises level). For convenience in understanding, the detailed structure of theHSE MIB271 is shown inFIG. 3. The standardized structure of theHSE MIB271 provides a profile allowing interoperability, making the device appear as a well-behaved node.

B: HSE Core

Referring again toFIG. 2, theHSE core portion200 of the HSE system architecture identifies the new HSE capability in accordance with the principles of the present invention. TheHSE core200 provides the essential capabilities and integration needed to realize the high performance distributed control using HSE Devices, HSE Linking Devices and standard COTS Ethernet equipment.

B.1: Network Management Agent Virtual Field Device

The HSE System Architecture includes a Network Management Agent VFD (NMA VFD)210 for each HSE Device and each HSE Linking Device. The NMA VFD provides means for configuring, controlling and monitoring HSE Device and HSE Linking Device operation from the network.

Management information is contained in the Network Management Information Base (NMIB)213 and the System Management Information Base (SMIB)212. Using the configuration management capabilities of the NMA VFD, parameters are set in the NMIB and SMIB to support data exchanges with other devices in the system. This process involves defining the transfers between devices and then selecting the desired communications characteristics to support the transfers.

The NMA VFD can also be configured to collect performance and fault related information for selected transfers. This information is accessible during run-time, making it possible to view and analyze the behavior of device communications. If a problem is detected, performance is to be optimized, or device communications are to be changed, then reconfiguration can be performed dynamically while the device is till operating.

NMA VFD parameters and behavior are further defined in the HSE Network Management Specification FF-803 listed in theReference Set 2 of Appendix A herein.

B.2: HSE Field Device Access Agent

The HSE Field Device Access (FDA) Agent will now be described with References toFIG. 4, which is the same figure asFIG. 2 except that Local Interactions (291-299) for the HSE Field Device Access (FDA)Agent290 are shown. The operation of the HSE FDA Agent will now be described in terms of these local interactions.

One of the main functions of theHSE FDA Agent290 is to map services already defined for FOUNDATION™ fieldbus System Management (SM) (See FF-880 listed in theReference Set 1 of Appendix A herein) and Fieldbus Message Specification (FMS) (See FF-870 listed in theReference Set 1 of Appendix A herein) to an from the standard, COTS Ethernet/Internet280 component.

Generally, theHSE FDA Agent290 emulates the mapping defined by the FOUNDATION™ fieldbus Fieldbus Access Sublayer specification (See FF-875 listed in theReference Set 1 of Appendix A herein). TheHSE FDA Agent290 provides the common interface that enables remote applications to access devices of any type on both theH1 Networks150 and theHSE Network140.

Thus theHSE FDA Agent290 in accordance with the principles of the present invention allows systems to be constructed where the control is distributed in into various HSE Devices and/or H1 Devices, and any combinations thereof, as needed by the particular and user application.

B.2.1: HSE FDA Agent Local Interfaces

B.2.1.(a): Local Interface291: TCP—The TCPlocal interface291 allows theHSE FDA Agent290 to send and/or receive FMSmessages using TCP283.TCP283 provides interfaces modeled as sockets through which theHSE FDA Agent290 submits a buffer that contains one or more messages.

B.2.1.(b): Local Interface292: UDP—The UDPlocal interface292 allows theHSE FDA Agent290 to send and/or receive SM messages and certain FMSmessages using UDP284.UDP284 provides interfaces modeled as sockets through which theHSE FDA Agent290 submits a buffer that contains one or more messages.

B.2.1.(c): Local Interface293: HSE NMIB—TheHSE FDA Agent290 provides a local interface to theHSE NMIB213 inNMA VFD210. The HSE FDA Agent is capable of providing configuration and read-only access toNMA VFD210 via the HSENMIB Local Interface293.

B.2.1.(d): Local Interface294: HSE SMIB—TheHSE FDA Agent290 provides a local interface to theHSE SMIB212 inNMA VFD210. TheHSE FDA Agent290 is capable of providing configuration and read-only access toNMA VFD210 via the HSESMIB Local Interface294.

B.2.1.(e): Local Interface295: HSE SMK—TheHSE FDA Agent290 conveys HSE SM services to and from theHSE SMK220 through the HSE SMKlocal interface295. In accordance with an embodiment of the present invention, in a HSE Linking Device, theHSE SMK220 communicates locally with each of the H1 interfaces240, and does not use theHSE FDA Agent290.

B.2.1.(f): Local Interface296: HSE LRE—TheHSE FDA Agent290 maintains a local interface with the HSE LAN Redundancy Entity (HSE LRE)230 of the device through the HSE LRElocal interface296. Use of the HSE LRElocal interface296 will be described in more detail later.

B.2.1.(g): Local Interface297: H1 Interface—OnlyHSE FDA Agents290 of a HSE Linking Device interact with the H1 Interface(s)240 to accessH1 Networks150. The H1 local interface provides the HSE FDA Agent with FMS and SM access through theHSE SMK220.

The HSE FDA Agent forwards FMS requests and responses received form theTCP Interaction291 andUDP Interaction292 toH1 Network150 Through the H1 Interface(s)240. The HSE FDA Agent also forwards H1 requests and responses received from a H1 Network through theH1 Interface Interaction297 to theEthernet Network140 usingTCP Interaction291 andUDP Interaction292.

Thus, theHSE FDA Agent290 interacts with the services in the H1 Network in the same manner as any other application program would normally interact with the H1 network.

B.2.1.(h): Local Interface298: FBAP VFD—TheHSE FDA Agent290 uses the FBAP VFDlocal interface298 to access theFBAP VFD260. Both FMS and SM messages are communicated using the FBAP VFDlocal interface298.

B.2.1.(i): Local Interface299: HSE Management Agent—TheHSE FDA Agent290 maintains the HSE Management Agentlocal interface299 with theHSE Management Agent270 to access certain Quality of Service parameters associated with its UDP/TCP connections. The use of these parameters by theHSE FDA Agent290 is local to the specific UDP/TCP implementation.

B.2.2.: HSE FDA Agent Operation

Again Referring toFIG. 4, during the configuration of the system,HSE SMK220 uses thelocal interface295 for adding HSE and/or H1 devices to, and deleting the same from, the distributed system. An exchange of SM messages is used to identify new (or to be deleted) HSE and/or H1 Devices in the system.

For example, after a new HSE Device receives an Internet Protocol (IP) address, the new HSE Device periodically announces its presence on theEthernet network140. HSE Linking Devices also announce changes detected on theirH1 Network150. In a similar way, HSE SMK uses thelocal interface295 to determine the location of the function block “tags” that might exist in the HSE Devices and/or H1 Devices.

During operation of the system, the data acquisition, display and supervisory control functions, which are typically executing on a Personal Computer (PC) connected to theEthernet Network140, will need to access the data in a HSE Device, a HSE Linking Device and/or H1 devices connected to theH1 Networks150. The data access is typically performed using the “Client/Server” and/or the “Publisher/Subscriber” messages. These data access methods are well known to those familiar with Fieldbus messaging.

For Client/Server and Publisher/Subscriber messages originating or terminating in the HSE Device and/or HSE Linking Device, theHSE FDA Agent290 sends and receives theEthernet Network140 messages on thelocal interface291, provides the appropriate mapping to FMS services as previously described above, and uses

local interfaces

293,294,296,298 and299 to access theHSE NMIB213,HSE SMIB212,HSE LRE 230, FBAP VFD(s)260 and theHSE Management Agent270, respectively.HSE SMK220 is not accessed because it has its own SM messages as previously described.

For Client/Server, Publisher/Subscriber and/or SM messages originating or terminating in theH1 Network150, theHSE FDA Agent290 useslocal interface297 to send and/or receive messages from H1 Interface(s)240.

If the messages from theH1 network150 are to/from theEthernet Network140, and are Client/Server or Publisher/Subscriber messages,HSE FDA Agent290 uses the FMS Mapping andlocal interface291. If the H1 messages to/from theEthernet Network140 are SM messages, the HSE FDA Agent uses the SM mapping andlocal interface292.

If the messages to/fromH1 Network150 are to/from the HSE Linking Device, and are Client/Server or Publisher/Subscriber messages, HSE FDA Agent will use FMS mapping and the appropriate local interface (except thelocal interfaces291 and292).

If the messages to/fromH1 Network150 are to/from the HSE Linking Device, and are SM messages, HSE FDA Agent will use SM mapping and the appropriate local interface (except thelocal interfaces291 and292).

B.3: HSE System Management Kernel

Referring again toFIG. 2, the HSE system architecture includes a HSE System Management Kernel (SMK)220 for each HSE device and/or each HSE linking device. TheHSE SMK220 maintains information and a level of coordination that provides an integrated network environment for the execution and interoperation of theFBAP VFD260.

As previously discussed,HSE SMK220 provides for routine configuration of certain basic system information prior to device operation. For example HSE SMK startup takes a device through a set of predefined phases for this purpose. During this procedure a system configuration device recognizes the presence of the device on the network and configures basic information into theHSE SMIB212. Once the device receives its basic configuration information, its HSE SMK brings it to an operational state without affecting the operation of other devices on the network. It also enables theHSE FDA Agent290 for use by other functions in the device.

B.3.1.: HSE SMK System Time Synchronization

Now referring toFIG. 5, theHSE Management Agent270 inHSE Linking Device110 usesSNTP286 to interact withremote SNTP Server510 inTime Master500 to synchronizeSystem Time501′ inHSE MIB271′ withSystem Time501 in theTime Master500. WhenSystem Time501′ is synchronized withSystem Time501, Sync Flag (F)510 in the HSE MIB is set to true by the standard SNTP protocol. The Time Master and the HSE Linking Device are interconnected using standard,COTS Ethernet equipment130. This synchronization protocol is defined in IETF RFC 2030.

At any moment,Local Time502 inHSE SMIB212 may or may not be synchronized withSystem Time501′. In order to coordinate execution of function blocks in a distributed system, and to provide proper time stamping of function block alarms,Local Time502 must be Synchronized withSystem Time501′.

All of the function blocks are synchronized with Start of Macrocycle, “To”520 inHSE SMIB212. Each HSE Linking Device and HSE Device in the system has the same value for To. A function block is executed whenHSE SMK220 locally issues a Function Block (FB)Start221 message for the block. Each FB Start message is generated based on an offset from To.

At the start of the Macrocycle, To, and the offset for each block is based onLocal Time502. Therefore each device must adjust theirLocal Time502 to equal theSystem Time501′ for the system to function properly. However, because each device has a hardware clock oscillator that is not perfect,Local Time502 will eventually drift out of synchronization withSystem Time501′.

FIG. 6 shows the process of correcting for the drift in accordance with an embodiment of the present invention. In particular, when a macrocycle ends instep601, theHSE SMK220 will test theSync Flag510 inHSE MIB271′ instep602. IfF510 is not true, the process ends instep606.

If, on the other hand, it is determined instep602 above thatF510 is true,HSE SMK220 computes the offset betweenLocal Time502 andSystem Time501′ instep603, and sets theLocal Time502 to equal theSystem Time501′ within a value specified in a desired time sync class (See Reference Set 1 of Appendix A herein) instep604.

Once theLocal Time502 is synchronized, instep605, the start time (To)520 (shown inFIG. 5) is aligned with start time of other devices.

The start time alignment will now be described with references toFIGS. 7A and 7B.FIG. 7A shows the macrocycle offset of a device, e.g., device N, before the time synchronization, in which the offset720 represents the error that must be corrected in the HSE Device N. As shown, the HSE Device N now has the correct Local Time, but the start time (To)520′, ofSystem Macrocycle700′ is not aligned with other devices in the distributed system.

FIG. 7B shows the macrocycle offset of a device, e.g., device N, after the time synchronization. TheHSE SMK220 of the Device N delays the start time (To)520′ of theSystem Macrocycle700′ by Offset720 so that the System Macrocycle begins at the same time (To)520 as, e.g.,System Macrocycle700 inHSE Device1. HSE Device N System Macrocycle is now synchronized with the System Time, and the synchronization process ends at step606 (shown inFIG. 6).

B.4: Local Area Network Redundancy Entity

Referring toFIG. 4, each HSE Device and HSE Linking Device has a HSE Local Area Network (LAN) Redundancy Entity (HSE LRE)230. The HSE LRE provides fault tolerance to single failure through the use of redundancy.

HSE LRE periodically sends and receives Redundancy Diagnostic Messages overlocal interface296.HSE FDA Agent290 maps the Diagnostic messages onlocal interfaces291 and292 (See HSE Redundancy Specification FF-593 listed in theReference Set 2 of Appendix A herein for the Redundancy Diagnostic Message Formats.)

The Redundancy Diagnostic Messages are sent concurrently onEthernet Network140 andEthernet Network140′. Each device receives the Redundancy Diagnostic Messages onEthernet Network140 andEthernet Network140′ and constructs a local Network Status Table (NST)231. The NST provides detailed status on the condition of every HSE device connected toEthernet Network140 andEthernet Network140′. TheHSE LRE 230 controls which

Ethernet Network

140 or140′ the HSE Device will use for message transmission.

With this method, all of the network transmission and device switchover decisions are distributed into the HSE Devices and the system uses standard, COTS Ethernet equipment.

FIG. 8 illustrates the general topology supported by the redundancy aspect of the present invention. The topology shown is only an example, showing one of many possible topologies. Any topology may be used as long as behavior of the equipment providing

Ethernet Networks

140 and140′ is standard, COTS Ethernet equipment.

HSE redundancy supports both Ethernet Network redundancy and HSE Linking Device redundancy.

B.4.1.: Ethernet Network Redundancy

Referring toFIG. 8,HSE Devices120′ and HSELinking Device Pairs110′ have interfaces to bothEthernet Network140 andEthernet Network140′. In this example,Ethernet Network140 is provided byCOTS Ethernet equipment130 andEthernet Network140′ provided byCOTS Ethernet equipment130 andEthernet Network140′ is provided byCOTS Ethernet equipment130′. A single failure of any one of the Ethernet Networks or one of the Ethernet interfaces on a HSE device would cause the HSE LRE previously described to force communications on the remaining functional network.

B.4.2.: HSE Linking Device Redundancy

TheHSE LRE 230 supports HSE Linking Device redundancy. Redundant HSELinking Device Pair160 comprises primaryHSE Linking Device110, and standbyHSE Linking Device110′.H1 Devices170 are connected byH1 Networks150 to the Redundant HSELinking Device Pair160. If primaryHSE Linking Device110 fails, standbyHSE Linking Device110′ will assume control. AHSE device120′ may be made redundant in the same manner as theHSE linking device110, except in a HSE device H1 interface(s) is (are) not present.

The present invention provides the necessary diagnostic message format to allow an open and interoperable switch-over of the redundant high speed Ethernet networks and/or the redundant HSE linking devices (or HSE devices).

The redundancy method for backup of each H1 Network is described in the '178 application, and by the specifications listed inReference Set 1 of Appendix A herein.

As can be appreciated, the distributed control system architecture in the foregoing description provides an open, interoperable solution optimized for integration of distributed control systems and other control devices in a high performance backbone, provides an open, interoperable solution that provides system time synchronization suitable for distributed control applications operable over a high performance backbone, and provides an open, interoperable solution that provides a fault tolerant high performance backbone as well as fault tolerant devices that are connected to the backbone.

The preferred embodiments set forth above are to illustrate the invention and are not intended to limit the present invention. Additional embodiments and advantages within the scope of the claimed invention will be apparent to one of ordinary skill in the art.

Moreover, while the invention has been described with reference to the exemplary embodiments thereof, those skilled in the art will be able to make various modifications to the described embodiments of the invention without departing from the true spirit and scope of the invention. The terms and descriptions used herein are set forth by way of illustration only and are not meant as limitations. In particular, although the method of the present invention has been described by examples, the steps of the method may be performed in a different order than illustrated or simultaneously. Those skilled in the art will recognize that these other variations are possible within the spirit and scope of the invention as defined in the following claims and their equivalents.

APPENDIX A


Number	Revision	Specification

A.1Reference Set 1

FF-801	FS 1.4	Network Management
FF-806	FS 1.0	Data Link Protocol - Bridge Operation Addendum
FF-821	FS 1.4	Data Link Services Subset
FF-822	FS 1.4	Data Link Protocol Subset
FF-870	FS 1.4	Fieldbus Message Specification
FF-875	FS 1.4	Fieldbus Access Sublayer
FF-880	FS 1.4	System Management
FF-890	FS 1.4	Function Block Application Process-Part 1

A.2Reference Set 2

FF-803	FS 1.0	HSE Network Management
FF-586	FS 1.0	HSE Ethernet Presence
FF-588	FS 1.0	HSE Field Device Access Agent
FF-589	FS 1.0	HSE System Management
FF-593	PS 2.0	HSE Redundancy

APPENDIX B


RFC Number	RFC Title

768	User Datagram Protocol (UDP)
791	Internet Protocol (IP)
	Amended by:
	IP Subnet Extensions, RFC 950
	IP Broadcast Datagrams, RFC 919
	IP Broadcast Datagrams with Subnets, RFC 922
792	Internet Control Message Protocol (ICMP)
793	Transport Control Protocol (TCP)
826	Ethernet Address Resolution Protocol (ARP)
894	Ethernet Framing of IP Datagrams over Ethernet
1042	IEEE 802.2&3 Framing of IP Datagrams over Ethernet
1112	Internet Group Management Protocol (IGMP)
1122	Requirements for Internet Hosts - Communication Layers
1155	Structure and Identification of Management Information
1157	Simple Network Management Protocol (SNMP)
1213	Management Information Base-II (MIB II)
1533	DHCP Option and BOOTP Vendor Extensions
1541	Dynamic Host Configuration Protocol (DHCP)
1643	Definitions of Managed Objects for the
	Ethernet-like Interface Types
2030	Simple Network Time Protocol (SNTP)