Industrial fail-safe, node-to-node communication

CIP Safety, for functional safety applications on EtherNet/IP and DeviceNet networks, provides fail-safe communication between nodes, such as safety I/O blocks, safety interlock switches, safety light curtains, and safety PLCs in safety applications up to Safety Integrity Level (SIL) 3.

By Katherine Voss July 13, 2017

For safety applications, nodes may be safety I/O blocks, safety interlock switches, safety light curtains, and safety PLCs in safety applications up to Safety Integrity Level (SIL) 3, pursuant to International Electrotechnical Commission (IEC) 61508 standards and as certified by TÜV Rheinland. Since 2005 Common Industrial Protocol (CIP) Safety devices have been working in the field. CIP Safety has been adopted by Sercos International as the only safety protocol for Sercos III networks, in addition to use in EtherNet/IP (the ODVA Ethernet protocol) and DeviceNet (ODVA device communication).

The capability eases integration and increases flexibility, because with CIP’s safety application coverage, applications can mix safety devices and standard devices on the same network or wire. Single channel (non-redundant) hardware can be used for the data link communication interface because the safety application layer extensions do not rely on the integrity of the underlying standard CIP services and data link layers. This same partitioning of functionality allows standard routers to route safety data. Because the end device is responsible for ensuring the integrity of the data, routing safety messages is possible. The end device will detect the failure and take appropriate action if an error occurs in data transmission or in the intermediate router. Without gateways, but by incorporating safety functionality into each device, safety devices from multiple manufacturers can communicate across EtherNet/IP or DeviceNet networks. To better meet application needs, users also can design a network architecture with or without a safety PLC.

This routing capability allows the creation of CIP Safety cells with quick reaction times on one network, such as DeviceNet, to be interconnected with other cells via other networks, such as EtherNet/IP. Only the safety data that is needed is routed to the required cell, which reduces the individual bandwidth requirements. The combination of fast-responding local safety cells and the inter-cell routing of safety data allows users to create significant safety applications with fast response times.

CIP, an object-based protocol, encompasses a comprehensive suite of messages and services for the collection of industrial automation applications-control, safety, energy, synchronization and motion, information and network management-and allows users to integrate these applications with enterprise-level Ethernet networks and the Internet. EtherNet/IP—the adaptation of CIP on standard Ethernet technology (Institute of Electrical and Electronica Engineers (IEEE) 802.3: Standard for Ethernet combined with the transmission control protocol (TCP)/internet protocol (IP) suite)—provides users with the network tools to deploy industrial automation applications while enabling internet and enterprise connectivity, resulting in data anytime and anywhere.

Because CIP Safety devices have CIP functionality, CIP Safety is connected through a CIP object: the safety validator object. This object is the interface between link layer connections and safety application objects, and it ensures the integrity of safety data transfers. CIP Safety does not prevent communication errors from occurring. Instead, the safety validator object detects communication errors and allows devices to take appropriate actions while ensuring transmission integrity.

CIP Safety uses safety cyclic redundancy checks (CRCs), data cross-checking, and timestamps to ensure the integrity of the safety information. These measures detect the possible corruption and/or delay of safety data that is transmitted. In addition, the use of end-to-end safety CRCs eliminates certification requirements for intermediate devices, allowing the safety protocol to be independent of the network technology. While individual link CRCs are not relied on for safety, they still provide an additional level of protection and noise immunity by allowing data retransmission for transient errors at the local link.

With networked motion applications growing as a critical area for safety technology, ODVA, the organization that manages the CIP Safety technology, expanded application coverage of CIP Safety to include safe motion. Using the safety functions defined in IEC 61800-5-2: (Adjustable Speed Electrical Power Drive System — Part 5-2: Safety Requirements — Functional as a framework, ODVA defined the requirements to use safe motion in systems deploying CIP Safety, allowing users to deploy networked motion control systems using EtherNet/IP and Sercos III in applications requiring safe motion functions, such as safe torque off and safety limited positions. The resulting CIP Safety services for safe motion include support for drives on EtherNet/IP and Sercos III. Devices that succeed in meeting the requirements for ODVA’s CIP Safety conformance test and are certified by an authorized competent body for full compliance with IEC 61508 will receive a Declaration of Conformity from ODVA indicating compliance with The CIP Safety Specification.

ODVA’s conformance testing process provides general industry with the vendor-independent assurance that products built to the CIP Network specifications comply with those specifications. Products built to CIP Safety are required to hold a Declaration of Conformity from ODVA to demonstrate to industry that the device has been successfully exercised against tests designed to help ensure compliance with the specification and with interoperability with other products. Due to demand, ODVA has expanded the number of test service providers it has authorized to test CIP Safety devices. Vendors can now submit products to multiple labs in Germany and in the United States to receive a Declaration of Conformity for CIP Safety.

Katherine Voss is ODVA’s president and executive director. Edited by Emily Guenther, associate content manager, Control Engineering, CFE Media, eguenther@cfemedia.com.

MORE ADVICE

Key Concepts

  • CIP’s safety application coverage
  • The benefits of CIP safety on EtherNet/IP
  • CIP safety technology requirements.

Consider this

In addition to networked motion applications, how is safety technology growing to address safety concerns?

ONLINE extra

For other recent ODVA developments from Control Engineering, see a related article linked below.

Learn more from the network organizations, ODVA and Sercos.

https://www.odva.org/Technology-Standards/Common-Industrial-Protocol-CIP/CIP-Safety 

https://www.sercos.org/technology/