[RQ4.3] For the realization of OPC UA Safety, the following measures shall be implemented:
- MonitoringNumber
- Timeout with receipt in the SafetyConsumer
- Set of IDs for the SafetyProvider
- Data Integrity check
Together, these safety measures address all possible transmission errors as listed in IEC 617843:2017, Clause 5.5, see Table 3.
[RQ4.4] The safety measures shall be processed and monitored within the SCL.
Table 3 – Deployed measures to detect communication errors
|
Communication error |
Safety measures |
|||
|
|
MonitoringNumber a |
Timeout with receipt b |
Set of IDs for SafetyProvider c |
Data integrity check d |
|
Corruption |
– |
– |
– |
X |
|
Unintended repetition |
X |
X |
– |
– |
|
Incorrect sequence |
X |
– |
– |
– |
|
Loss |
X |
X |
– |
– |
|
Unacceptable delay |
– |
X |
– |
– |
|
Insertion |
X |
– |
– |
– |
|
Masquerade |
X |
– |
X |
X |
|
Addressing |
– |
– |
X |
– |
|
a Instance of "sequence number" of IEC 617843. b Instance of "time expectation" (Timeout) and "feedback message" (Receipt) of IEC 617843. c Instance of "connection authentication" of IEC 617843. d Instance of "data integrity assurance" of IEC 617843, based on CRC signature. |
||||
The SafetyConsumer is specified in such a way, that for any communication error according to Table 3, a defined fault reaction will occur.
In all cases, the faulty SPDU will be discarded, and not forwarded to the safety application.
Moreover, if the error rate is too high, the SafetyConsumer is defined in such a way that it will cease to deliver actual process values to the safety application but will deliver fail-safe substitute values instead. In addition, an indication at the Safety Application Program Interface is set which can be queried by the safety application.
In case the error rate is still considered acceptable, the state machine repeats the request, see Clause 11.4.