10 Safety communication layer management ToC Previous Next

10.2 Safety function response time part of communication ToC Previous Next

The part of safety function response time, which is attributable to an OPC UA Safety communication, SFRTOPCSafety, is specified in Equation 1.

Equation 1 Calculation of safety function response time part of OPC UA Safety

SFRTOPCSafety <= SafetyConsumerTimeOut + ConsumerCycleTime

SFRTOPCSafety Part of the Safety function response time attributable to the OPC UA Safety communication.

SafetyConsumerTimeOut Watchdog timer running in the SafetyConsumer. It is started whenever a new RequestSPDU is sent (T14 or T26). If the timer runs out while the SafetyConsumer is waiting for the ResponseSPDU (S17), a timeout-error is triggered (T18).

ConsumerCycleTime the maximum time for the cyclic update of the SafetyConsumer, see Clause

readme_files/image026.png Figure 22 – Overview on the delay times and watchdogs

SafetyConsumerTimeOut is a parameter of the SafetyConsumer. ConsumerCycleTime depends on the maximum sample time of the SafetyConsumer application. At commissioning, the integrator should be advised to design it shorter than half of the target SFRTOPCSafety. If the watchdog time SafetyConsumerTimeOut is too small, spurious trips may occur. For avoiding this, SafetyConsumerTimeOut should be chosen as shown in Equation 2.

Equation 2 Selection of the watchdog parameter SafetyConsumerTimeOut

SafetyConsumerTimeOut >= T_CD_RequestSPDU + SafetyProviderDelay + T_CD_ResponseSPDU + SafetyConsumerDelay


T_CD_RequestSPDU: The worst-case communication delay for the RequestSPDU.

T_CD_ResponseSPDU: The worst-case communication delay for the ResponseSPDU.

SafetyProviderDelay: The worst-case SafetyProvider delay in error free operation. Typically, one scan time period of the SafetyProvider.

SafetyConsumerDelay: The worst-case SafetyConsumer delay in error free operation. Typically, one scan time period of the SafetyConsumer.

NOTE to Equation 2: the reason why SafetyConsumerDelay is part of the summation is, because in a cyclic call of SafetyConsumer State S18, it may take one cycle after the asynchronous reception of ResponseSPDU to execute the checks.

[RQ10.1] To support the calculation of SafetyConsumerTimeOut the SafetyProvider shall provide the SafetyProviderDelay as an attribute in the OPC UA information model, see Figure 6.

System manufacturers may provide their individual adapted calculation method if necessary.

Previous Next