Introduction

This topic presents visual examples of several Hot Standby system states. The focus of each example is the condition of the:

• Hot Standby link between controller A and controller B

• Ethernet RIO link between controller A and controller B

• Ethernet RIO connections between each controller and one or more (e)X80 EIO adapter modules over the RIO main ring

In each example, controller A is the module with its A/B/Clear rotary selector switch set to A; controller B is the module with its A/B rotary switch set to B.

Each example presumes that every other necessary precondition exists for Hot Standby system operation. For example:

• If a firmware mismatch exists, the FW_MISMATCH_ALLOWED flag is set.

• If a logic mismatch exists, both the LOGIC_MISMATCH_ALLOWED flag and the Online modification in RUN or STOP parameter are set.

• For safety PACs only: If a logic mismatch and safe logic mismatch exist, the LOGIC_MISMATCH_ALLOWED flag, the Online modification in RUN or STOP parameter and the Maintenance mode are set.

All Communication Links are OK for both Controllers

In this example, all Hot Standby system connections are operational:

1 Hot Standby fiber optic link between controller A (CPU A) and controller B (CPU B)

2 Ethernet RIO main ring

In this example, controller A and controller B enter the following Hot Standby states:

Hot Standby Link is Not OK for both Controllers

In this example, the Hot Standby link is not operational in both directions, from controller A to controller B and from controller B to controller A. All other Hot Standby system connections are functioning:

1 Hot Standby fiber optic link between controller A (CPU A) and controller B (CPU B)

2 Ethernet RIO main ring

X Indicates a broken communication link

In this example, controller A and controller B enter the following Hot Standby states:

Hot Standby Link is Not OK for One Controller and is OK for the Other Controller

In this example, a one-directional break exists in the fiber optic cable used to implement the Hot Standby link. controller A receives transmissions from controller B over the Hot Standby link, but controller B does not receive transmissions from controller A over the link. All Ethernet RIO connections are OK for both controllers:

1 Operational Hot Standby fiber optic link from controller B (CPU B) to controller A (CPU A)

2 Broken Hot Standby fiber optic link from controller A (CPU A) to controller B (CPU B)

3 Ethernet RIO main ring

X Indicates a broken communication link

In this example, controller A and controller B enter the following Hot Standby states:

One Break Exists in the Ethernet RIO Main Ring

In this example, a single break exists in the Ethernet RIO main ring. Although the break occurs in the segment between the two controllers, in this example, the break could be located at any point along the Ethernet RIO main ring (2). All other Hot Standby system connections are functioning:

1 Hot Standby fiber optic link between controller A (CPU A) and controller B (CPU B)

2 Ethernet RIO main ring

X Indicates a broken communication link

In this example, controller A and controller B enter the following Hot Standby states:

Two Breaks in the Ethernet RIO Main Ring Isolate One Controller

In this example, two breaks in the Ethernet RIO main ring have the following effects:

• Loss of the Ethernet RIO link between the controllers

• Isolation of controller A from the (e)X80 EIO adapter modules on the Ethernet RIO main ring

The Hot Standby link remains operational.

1 Hot Standby fiber optic link between controller A (CPU A) and controller B (CPU B)

2 Ethernet RIO main ring

X Indicates a broken communication link

In this example, controller A and controller B enter the following Hot Standby states:

This example occurs due to a double RIO cable break. (The first fault was not diagnosed or not treated.) The M580 Hot Standby system is not multi-RIO cable break-tolerant. Instead, the primary controller (A) isolates from the RIO drops, and the standby controller (B) can still view the primary controller and, therefore, cannot take control. controller A must check all drops before surrendering its primary role and during this phase, may read default input values (flagged by input or drop health diagnostics), which are transferred to the standby controller (B) and reused by controller B when it becomes primary.

To summarize:

• Consider the health diagnostics when you design the logic.

• Perform maintenance as soon as possible when a first fault is detected.

• Delay the last valid value of the inputs in the logic if this type of scenario is required.

Two Ethernet RIO Main Ring Breaks Cause Controllers to be Connected to Different Sets of Ethernet RIO Devices

In this example, two breaks exist in the Ethernet RIO main ring, causing the loss of the Ethernet RIO link between controller A and controller B. The location of the breaks cause each controller to be connected to a different collection of (e)X80 EIO adapter modules on the Ethernet RIO main ring. The Hot Standby link remains operational:

1 Hot Standby fiber optic link between controller A (CPU A) and controller B (CPU B)

2 Ethernet RIO main ring

X Indicates a broken communication link

In this example, controller A and controller B enter the following Hot Standby states: