c13 – profibus and profinet network design - andy verwer, vtc

36
PROFIBUS and PROFINET System Design Andy Verwer, Verwer Training & Consultancy Ltd UK PITC PROFIBUS & PROFINET UK Conference, Stratford-upon-Avon 23/24 June 2015

Upload: the-profibus-group

Post on 16-Aug-2015

59 views

Category:

Engineering


8 download

TRANSCRIPT

  1. 1. PROFIBUSand PROFINET SystemDesign Andy Verwer, Verwer Training & Consultancy Ltd UK PITC PROFIBUS & PROFINET UK Conference, Stratford-upon-Avon 23/24 June 2015
  2. 2. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 SystemDesign WhatdowemeanbySystemDesign? WearetalkinghereaboutNetworkDesign,i.e.PROFIBUS, PROFINET,andtheintegrationofothertechnologiessuch asstandardEthernet,ASi,IOLinketc. Choosingandputtingtogetheracollectionofavailable partstoachievethedesiredautomationfunctions, performance,reliablyandattheminimumcost. Itshouldbesimple: 1. Understandthedesiredfunctions. 2. Understandwherecostsareincurred. 3. Understandwhatmakessystemsreliable/unreliable. 4. Selectsuitableparts. 5. Assembleaccordingtothespecifications.
  3. 3. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 SystemCosts Mostsystemdesignersandprojectmanagerslookatthe projectprocurement,installationanddeploymentcostswhen theypriceajob. However,thecostsofanautomationsystemspreadoverthe lifecycleoftheplantandshouldincludemaintenance,fault findingandhealthchecking. Perhapsmostimportantisthecostintermsoflossof productionshouldfaultsdevelopduringthelifetimeofthe plant.Spendingalittlemoreatprocurementtimecanrepay manytimesover. Alsogoodfaulttolerantdesignneednotbemoreexpensive. Sometimesfaulttolerancecanbeachievedatnoadditional cost. 3
  4. 4. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 Lifecyclecosts 4 Theprocurement, installationand commissioning costsareonly incurredatthestart oftheproject. Costsfromdevice failuresincreaseas equipmentgets older. Whensystem overhaulis undertakenthiscan partiallyresetthe increasingcostof failures. System overhaul
  5. 5. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 ControlSystemDesign Controlsystemdesignnormallyproceedsbybuildingonthe experienceobtainedfrompreviousdesigns. But,designswhicharebasedonbadlydesignedsystemswillbe bad! Onlybyusingexperiencefromoperationsandmaintenance staffcanwedevelopgoodsystemdesigns. Inmyexperienceitisrareforsuchfeedbackmechanismstobe present.Particularlywhendesigniscarriedoutbysub contractors. Designersmustknowaboutmistakesthathavebeenmadein thepast. Feedbackfromoperationsandmaintenanceisessential. Thecontractliabilitythreatandaccompanyingblamecultureis oftenresponsibleforpreventingthisfeedback.
  6. 6. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 SystemCosts Maximisingplantavailabilityiscriticalinreducingthetotal costsofthesystem. ItisessentialthattheSystemDesigner understands: Thatminimisingplantdowntimewhenfaultsinevitably occur(i.e.maximisingplantavailability)isakey requirement. Theimpactofthenetworklayoutonplantreliability. Thattheincorporationofnetworkhealthcheckingand faultfindingfacilitiesareessential. Howtoappropriatelyusefeaturessuchasredundancyand networkmonitoringandrapidfaultlocationandrepairto improveplantavailability. 6
  7. 7. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 7 Introduction Thepartsofacontrolsystem willfailwhilstinservice. Theconsequencesoffailures areoftenpredictable,butthe failuresthemselvesare unpredictable. Thedesignofareliable controlsystemisnotsimple. andshouldbe accompaniedbyanalysisof howpartsfailandofthe consequencesofthese failures.
  8. 8. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 Minimisingthefailurefootprint Therearethreebasicwaystominimisetheimpactoffaults: Makefailureslesslikely Minimisefailurefrequency. Restricttheeffectsofanyfailuresthatwillinevitablyoccur. Provideforrapidfaultdetectionorperformancedegradation, rapidlocationandrapidrepair Minimisefailureduration. Agoodnetworkdesignwillminimisetheeffectonproduction wheninevitablefailuresoccur. Wecanspeakofminimisingthefailurefootprint. Fault frequency Fault effect Fault duration
  9. 9. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 Minimisingthefailurefootprint Understandandimplementthedesignandinstallationrules. Improvereliability useofwelltested(certified)andreliable devices,connectorsandnetworkcomponents. ForPROFIBUSusethelowestpossiblebitratethatgivesthe requiredperformance. 1. Makefailureslesslikely Minimisefailurefrequency.
  10. 10. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 Minimisingthefailurefootprint 2. Restricttheeffectsofanyfailuresthatwillinevitablyoccur Minimisefailureextent. Wellthoughtoutnetworklayoutanddesign. Thinkaboutusing: Separate networks or different masters (distributed control), Different segments (segmentation), Dealing with common cause failures.
  11. 11. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 Minimisingthefailurefootprint 3. Provideforrapidfaultdetectionorperformance degradation,rapidlocationandrapidrepair Minimisefailureduration. Provide facilities in the design for rapid fault diagnosis and fault location. Provide in the design for hot device swapping without reconfiguration. Use designs that allow for a quick fix. Provide redundancy when appropriate. Needs to be well thought out! Use standardised, vendor independent solutions rather than being locked into manufacturer specific solutions.
  12. 12. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 Techniquesforminimisingfaultimpact Pluggabledevicesthatcanberemoved/replacedwithout impingingonnetworkoperation. Appropriatenetworkdesignandsegmentationsothatphysical layerfaultsallowcriticalplantoperationtocontinueinthe eventoffailureordevicereplacement. Layoutforrapidtroubleshootingandfaultisolation. Useappropriatesolutionsforredundancy. ForPROFIBUSsystemsuse: connectorsystemsandlayoutsthatdonotbreakthebus orlooseterminationwhendisconnected. Terminationsolutionsthatallowdevicestoberemovedor replaced.
  13. 13. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 Reliabilityandavailability Reliabilityisameasureofhowacomponent,assemblyor systemwillperformitsintendedfunction,withoutfailure,for therequireddurationwheninstalledandoperatedcorrectlyin aspecifiedenvironment. Availabilityisameasureofreliabilityindicatingthefractionof timeinwhichadeviceorsystemisexpectedtooperate correctly. Itisimportanttorememberthatreliabilityisastatistical measure:itwillnotpredictwhenaparticulardevicewillfail, onlytheexpectedfailureratebasedonaverageperformance ofabatchoftestdevicesoronpastperformance. 13
  14. 14. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 Somedefinitions MeanTimeBetweenFailures(MTBF)istheexpectedor averagetimethatadevicewillbefreeoffailure. TypicalMTBFforawelldesignedandmanufacturedelectronic devicemightbe10to20years. MeanTimeToRepair(MTTR),isthetimetakentorepaira faileddevice. Inanoperationalsystem,MTTRgenerallymeanstimeto detectthefailure,diagnoseandlocatetheproblemand replacethefailedpart. 14
  15. 15. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 Availability AvailabilitycanbecalculatedfromMTBFandMTTR: MTTRMTBF MTBF ty,Availabili A Rememberthatavailabilityisastatisticalmeasureand representsanaverageprobabilityofbeinginoperation. Thereislittlepointintryingtobeaccuratewiththesefigures sinceactualfailuresareunpredictable. Availabilityistypicallyspecifiedinninesnotation.For example3ninesavailabilitycorrespondsto99.9% availability.A5ninesavailabilitycorrespondsto99.999% availability.
  16. 16. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 Availability,A D=(1A) Downtime 0.9=90%(1nine) 0.1(101) 36.5days/year 0.99=99%(2nines) 0.01(102) 3.7days/year 99.9%(3nines) 0.001(103) 8.8hours/year 99.99%(4nines) 0.0001(104) 53minutes/year 99.999%(5nines) 0.00001(105) 5minutes/year 99.9999%(6nines) 0.000001 (106) 5minutes/10years 99.99999%(7nines) 0.0000001(107) Notfeasible! 99.999999%(8nines) 0.00000001(108) Impossible! Downtimeisanalternativewayofunderstandingthe availability: MTTRMTBF MMTR AD )1(Downtime, AvailabilityandDowntime
  17. 17. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 Availability/Downtime Notethattheavailabilityofadevicecanbeimprovedby decreasingtheMTTR. Thiscanbeaccomplishedinseveralways: Fasterdetectionandlocationoffaults.(Accomplishedby diagnosticreportingfacilities,availabilityoffaultfinding toolsandtrainingofmaintenancepersonnel). Fasterrepairofthefault.(Accomplishedbyavailabilityof sparesandalloftheabove). Faulttolerantdesign.
  18. 18. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 Example ConsideraremoteIOunitwithaMTBFof10years. Whenthedevicefails,itcouldtakeseveraldaysto recognise,diagnoseandlocatethefaultandthen,ifnot heldasasparepart,severalmoredaystoobtaina replacement.TheMTTRcouldbeoneweek,givingan availabilityof: 998.0 73650 3650 736510 36510 MTTRMTBF MTBF A I.e.~3ninesavailability,oradowntimeof about16hours/year. ConsidertheavailabilitywhentheMTTRisreducedtoday: 0.99986 5.036510 36510 A Theavailabilityisnow~4ninesandthedowntimehas reducedtoabout1hour/year.
  19. 19. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 Reliabilitymodellingandanalysis Thesystemdesignermustunderstandthemethodsof modellingandanalysisofreliabilityandavailabilityinsystems. Inparticularhowsystemavailabilitycanbepredictedfromthe individualparts. Alsounderstandhowstandbysystems,redundantsolutions andcommoncausefailuresimpacttheoverallsystem reliability. Weoftenfindthatredundancyisinappropriatelyusedand sometimesresultsinnorealimprovementinsystem availability. Carefulnetworklayoutcanhaveamajoreffectonthefault footprintandsignificantlyimprovetheoverallavailabilityof theplant. 19
  20. 20. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 Standbyandredundantsystems Often,weseestandbysystemsusedtoimprovetheplant availability. Herewehavetwoormoredevicesworkinginparallel. Shouldafaultoccurintheoperationaldevicethenthestandby devicecanbestarted. Theswitchovercanbemanuallyactivatedorcanbe automatic.Theswitchingtimeshouldbeconsideredwhen estimatingtheoverallsystemavailability. Thisschemeiscalledaoneoutoftwo(1oo2)system. Thisschemeachieveshighavailabilitybecausethesystem functionismaintainedwhilstrepairingthefaileddevice.
  21. 21. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 Example Consideracoolingsystemforaprocess: Thepumpscanbeoperatedasaduty/standbypair. Shouldthepressurefallorthetemperaturegohighthen thestandbypumpcanbeautomaticallystarted. TheeffectiveMTTRforthesystemistheexpectedtimeto detectafailureandforthestandbypumptogetupto speed,afractionoftherealMTTR,orperhapsevenzero. PumpB PumpA Coolingwater ProcessPS Nonreturn valves TS
  22. 22. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 Standbyandredundantsystems Wemaythinkthattheavailabilityofsuch1oo2systemswhere theswitchovertimeisnegligiblemightbe100%,butthisisnot correct,sincewhilstonepumpisfailed,theredundancyisno longerprovided.Thereisstillachancethattheseconddevice mightfail. Itisimportantthatthesystemdesignerunderstandshowto analysethesystemavailabilitywhenstandbyorredundant solutionsareconsidered. Component1 Availability,A1 Component2 Availability,A2 Redundantsolutionseffectively haveavailabilityofthetwo redundantpathsinparallelsothat thesystemcanfunctioneven whenonepathfails.
  23. 23. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 CommonCauseFailures Evenwhenwehavewhatappearstobeafullyredundant system,therewillalwaysbecertainfailuresthatwillcause bothredundantroutestofailatthesametime. Examplesofsuchcommoncausefailuresinclude: Powersupplyfailure,blackout,brownoutetc. Commonsourceinterference,lightningstrikesetc. Mechanicalfailure,driveshaftfracture,jammingetc. Processfailure,pipeburst,blockagesetc. Redundant device Redundant device Common causefailure Intermsofthereliability model,anycommoncause failureiseffectivelyinseries withtheredundantpaths, bypassingtheredundancy.
  24. 24. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 MultipleMaster/ControllerSystems MultiplePROFIBUSmastersorPROFINETcontrollerswith automaticdutystandbyswitchingareavailablefromanumber ofsuppliers. Thesecandrivedifferentnetworkstoprovideredundancy downtothefieldlevel.However,separatepowersupplyand networkcableroutingareadvisabletominimisecommon causefailures. Sometimesdualslavescanbeusedinthefieldwithasimple wiredORvotingsystemdrivingthefinalactuatoror connectingtworedundantsensors. However,moreoftenwefindsuchredundantcontrollersare usingthesamefielddevicesandactuators.
  25. 25. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 RedundancysolutionsforPROFIBUS SolutionsforredundantPROFIBUScablingareavailablefrom manymanufacturers: SiemensYLink PROCENTECProfiHubs ABBRedundancy LinkModule MoorHawke RedundancyforPA COMbricksmodules
  26. 26. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 Slavewith integrated redundancy Y Slave4 Slave 3A Slave 3B Mechanically combinedoutputs Redundant slaves WiredOR outputs Slave 2A Slave 2B Y Redundant masters Master B Y RedundancysolutionsforPROFIBUS Properlydesignedredundant solutionscanproviderobustness againstawideselectionoffaults andconditions. 26 Master A Redundantcables PSUA PSUB Redundant power supplies Y Slave 1 Redundant linksorhubs Y
  27. 27. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 PROFINETsystemlayout PROFINETsystemscanbelaidoutinanumberofways: 27 Starandtreetopologies usingswitches: Linetopologyusingtwoportdevices: Oracombinationofboth. Switches
  28. 28. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 PROFINETsystemlayout Thereisaclearadvantageofthestartopologyintermsof systemavailabilityinthatanydevicecanbereplacedwithout affectingtheotherdevices. However,thesystemcostwillbesignificantlygreaterbecause ofthenumberofswitchesrequired. Thelinetopologyismuchlowercost,becauseseparate switchesarenotrequired. Butremovalorreplacementofanydevicewillcauseall downstreamdevicestofail. 28
  29. 29. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 PROFINETandRedundancy OneofthebigadvantagesofPROFINETisthatitincorporates aspecificationformediaredundancy. Thestandardised MediaRedundancyProtocol(MRP)provides manufacturerindependentredundancywhichcanbeused overcopperorfibre cables. PROFINETredundancycanprovide: Controllerredundancy. Transmissionmediaandswitchredundancy. IOdeviceredundancy. RedundantPROFINETsystemsarerelativelyeasytoimplement andcanbeusedacrossdifferentmanufacturers.
  30. 30. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 PROFINETredundancysolutions 30 StandardisedMediaRedundancyProtocol(MRP)canbeused onPROFINETsystemstogivemediaredundancy. IO Controller with MRP IO Devices with MRP Switch with MRP IO Device without MRP Butthesystemmuststillbeproperlydesigned,considering allpossiblefailuresandtheirlikelihood.Commoncause failuresmustbeproperlydealtwith.
  31. 31. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 Otherwaystoimproveavailability Thecarefuldesignofnetworkedsystemscanimprovetheir availability. Inparticularbyorganisingthesystemsothatselectedpartsof thesystemcanbeindependentlyshutdownformaintenance withoutaffectingtheremainingproduction. Asimpleexampleofthisisseenwithstreamedproduction. 31 Astreamcanbetakenoutofservicewithoutaffectingthe otherstream. Butonlyifthesystemdesignallowsthis. Process1 Process2 Process3 StreamA Process1 Process2 Process3 StreamB
  32. 32. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 AutomationIslandsorUnits TheconceptofdividingtheplantintoAutomationIslandsor AutomationUnitsiswellestablished. Eachautomationunitisconsideredasbeingfunctionally separatedfromtherestoftheplantsoallowingittooperate (andtobeshutdown)independently. Agoodnetworkdesignwillfacilitatetheisolationofthese automationunitsusing: Differentcontrollers; Differentnetworksorsubnetworks; Segmentation. Carefulchoiceofvariousarchitecturesforautomationunitsis akeystageinthedesignprocesswhichcanimpactonthe overallreliabilityandmaintainabilityofthecontrolsystem. 32
  33. 33. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 Whoneedstrainingandwhy? Peoplewhoareinvolvedwithnetworkinstallation 33 Commissioningandmaintenancepersonnel a) Needtoknowthewiring/layoutrulesand reasonsforthem. b) Needtoknowhowtousediagnostictoolsto identifyfaultsandlocateproblems. c) Needtobeabletohealthchecksystemsand verifynetworkquality. a) Needtoknowthewiring/layoutrules andreasonsforthem. b) Needtobeabletomakeupandtest cables,connectorsanddevices.
  34. 34. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 Whoneedstrainingandwhy? Systemdesignersandpeopleinvolvedinthespecification, procurementandmanagementofacontrolsystemproject 34 Devicedevelopersanddesigners a) Needtoknowthewiring/layoutrules andreasonsforthem. b) Needtounderstandtheprotocoland profilesandwhattheseoffer. a) Needtoknowthewiring/layoutrules andreasonsforthem. b) Needtounderstandtheimpactofdesign decisionsonthereliabilityand availabilityoftheplant. c) Mustbefamiliarwithdrawingand documentationstandards. d) Needtounderstandthewholelifecycle costsinvolvedinaproject.
  35. 35. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 PICertifiedtraining PICertifiedtrainingcurrentlyincorporatesthefollowing internationallyaccreditedcourses: CertifiedPROFIBUSInstallercourse(1day) CertifiedPROFIBUSEngineercourse(3days) CertifiedPROFINETInstallercourse(1day) CertifiedPROFINETEngineercourse(3day) TheCertifiedInstalleriswidelyacceptedastheminimum standardforanyoneinvolvedatatechnicallevelwith PROFIBUSorPROFINET. TheEngineercourseprovidesindepthtreatmentofthe protocolandprofiles.Usefulfordevelopersandformore difficultproblems. 35
  36. 36. PROFIBUS & PROFINET System Design, Andy VerwerPROFIBUS & PROFINET Conference, June 2015 CertifiedSystemDesigncourses ThisyearwestartedtoruncertifiedPROFIBUSSystemdesign coursesintheUK.Thesecoursesarecurrentlyaccreditedwithin theUKbytheUKPROFIBUSGroup. Theobjectivesandlearningoutcomesforthesecourseshave beendevelopedbyaninternationalteamofexperiencedtrainers andconsultantsoveraperiodofthreeyears. TheUKwaterindustryinparticularhasbeenaskingforthis certifieddesignertrainingsothattheycanensurethatsub contractdesigniscarriedoutbysuitablytrainedstaff. ThecourseshavebeenrunbyVTCandwillsoonalsobeavailable fromMMU. ThecoursehasbeenacceptedinprinciplebyPIanditisexpected thatinternationalaccreditationwillbeapprovedwithinafew months. CertifiedPROFINETsystemdesigncoursesarealsoplanned. 36