Controller State Versus Hot Standby System State

The state of the Hot Standby system depends on the operating state of the controller. These Hot Standby states are supported:

This list describes the Hot Standby states:

• Primary: The controller controls the system processes and devices:

  • It executes program logic in a non-safety-related controller, and both process and safety-related program logic in a safety controller.

  • It receives input from, and controls output to, distributed equipment and RIO drops.

  • If connected to a controller in standby state, the primary controller verifies the status of, and exchanges data with, the standby controller.

  In a Hot Standby network, both controllers can be primary if both the Hot Standby and Ethernet RIO links are not functioning. When either of these two links is restored, the controller does one of the following:

  • Remains in the primary state.

  • Transitions to the standby state.

  • Transitions to the wait state.

• Standby: The standby controller maintains a state of readiness. It can take control of system processes and devices if the primary controller cannot continue to perform these functions:

  • It reads the data and the I/O states from the primary controller.

  • It does not scan distributed equipment, but receives this information from the primary controller.

  • It executes program logic. You can configure the standby controller to execute:

    - The first section of program logic (the default setting); or

    - Specified sections of program logic, including all MAST and FAST task sections.

    NOTE: You can specify if a section is to be executed in the Condition tab of the Properties dialog box for each section.

  • On each scan, it verifies the status of the primary controller.

  NOTE: When a controller is in Standby mode, both the module health status (MOD_HEALTH) and the channels health status (CH_HEALTH) of safety I/O modules are set to FALSE in the Standby controller DDDT. In this case, you can diagnose the health of safety I/O modules by monitoring their status in the Primary controller DDDT.

• Wait: The controller is in RUN mode, but cannot act as either primary or standby. The controller transitions from the wait state to either the primary or standby state, when the preconditions for that state exist, including:

  • The state of the Hot Standby link.

  • The state of the Ethernet RIO link.

  • The presence of at least one connection with an Ethernet RIO drop.

  • The position of the A/B rotary selection switch on the rear of the .

  • The state of the configuration. For example:

    - If a firmware mismatch exists, the FW_MISMATCH_ALLOWED flag is set.

    - If a logic mismatch exists, the LOGIC_MISMATCH_ALLOWED flag is set.

  In the wait state, the controller continues to communicate with other modules on the local backplane, and can execute program logic, if configured to do so. You can configure a controller in wait state to execute:

  • Specific sections of program logic in a non-safety-related controller (or process program logic in a safety controller), specified in the Condition tab of the Properties dialog box for each section.

  • The first section of program logic in a non-safety-related controller (or the first section of process program logic in a safety controller).

  • No program logic for a non-safety-related controller (or no process program logic for a safety controller).

• INIT: Both the controller and the Hot Standby system are initializing.

• STOP: The controller is in STOP mode. On the STOP to RUN transition, the controller may move to the wait, standby, or primary state. This transition depends on the state of the Ethernet RIO and Hot Standby links, and on the position of the A/B rotary selection switch on the rear of the controller.

Controller Functions by Hot Standby System State

A controller performs these functions, depending on its Hot Standby state: