[RQ5.2] For an implementation of this document, the following measures shall be implemented: MonitoringNumber; timeout with receipt in the SafetyConsumer; set of IDs for the SafetyProvider; Data Integrity check.
Together, these safety measures address all possible transmission errors as listed in IEC 617843, 5.5, see Table 2.
[RQ5.3] The safety measures shall be processed and monitored within the SCL.
Table 2 – Deployed measures to detect communication errors
|
Communication error |
Safety measures |
MonitoringNumber a |
Timeout with receipt b |
Set of IDs for SafetyProvider c |
Data integrity check d |
|
Corruption |
– |
– |
– |
X |
|
Unintended repetition |
X |
X |
– |
– |
|
Incorrect sequence |
X |
– |
– |
– |
|
Loss |
X |
X |
– |
– |
|
Unacceptable delay |
– |
X |
– |
– |
|
Insertion |
X |
– |
– |
– |
|
Masquerade |
X |
– |
X |
X |
|
Addressing |
– |
– |
X |
– |
|
aInstance of “sequence number” of IEC 617843. bInstance of “time expectation” (Timeout) and “feedback message” (Receipt) of IEC 617843. cInstance of “connection authentication” of IEC 617843. dInstance of “data integrity assurance” of IEC 617843, based on CRC signature. |
||||
The SafetyConsumer is specified in such a way that for any communication error according to Table 2, a defined fault reaction will occur.
In all cases, the faulty SPDU will be discarded, and not forwarded to the safety application.
Moreover, if the error rate is too high, the SafetyConsumer is defined in such a way that it will cease to deliver actual process values to the safety application but will deliver fail-safe substitute values instead. In addition, an indication at the Safety Application Program Interface is set which can be queried by the safety application.
In case the error rate is still considered acceptable, the state machine repeats the request, see 9.4.