|
<< Click to Display Table of Contents >> HC900 Redundant Controller and SpecView |
  
|
|
<< Click to Display Table of Contents >> HC900 Redundant Controller and SpecView |
|
The Honeywell HC900 Redundant Controller has the model number C70R
There are two modes of failure that the Honeywell C70R is designed to protect against:
| 1) | Failure of the CPU, which results in a switch from one CPU to another, keeping the same IP address throughout – i.e. communication is switched from one E1 port to the other E1 |
| 2) | Failure of the External Network Infrastructure, which can cause a switch from the E1 port to the E2 port. |
SpecView can be setup to handle both scenarios, but some care needs to be taken to ensure that the desired behavior occurs. For example, in case (1) above, although the IP address remains constant while the CPU switches from the Lead to the Reserve, the External Network Switch may take some time to notice this change, and during this time, SpecView may see an effect very similar to an External Network Failure.
To set it up follow these steps:
| - | Run SpecView and select the project and go into Edit mode |
| - | Open the Templates List |
| - | Scroll down to IP Fail To in the list and click the ‘+’ sign next to it |
| - | Double-click the item called IP Address Fail To |
| - | Enter a suitable name, choose TCP/IP for the port |
| - | Enter an address that is the Primary IP Address, then the letter 'B' and then the Secondary IP Address. For example, to failover from 192.168.1.254 to the second address of 10.10.0.10 then enter the address: 192.168.1.254B10.10.0.10 |
| - | For the failover to work, the parameter inside this IP Fail To instrument must be placed on an open screen – to do this: |
| - | Find the new instrument just added in the Variables List |
| - | Click the + sign to open its list of parameters. |
| - | Double-click the Active IP Address parameter and place it somewhere on a screen that will be opened at Runtime. This parameter will also show which IP address is being used. |
| - | Note: It is useful to also put the SpecView variables: SpecView.GoodComms, SpecView.CommsErrors, SpecView.CommsErrorCode, SpecView.CommsErrorDescription & SpecView.CommsErrorItem onto the screen in order to be able to monitor comms. |
This will enable the failover mechanism inside the Modbus driver with some default values:
| - | The Active IP address parameter must be on an open screen at some point before the failure happens. To make this more reliable see below. |
| - | Once failed over, the connection will remain with the secondary, unless that too fails, where it will switch back to the primary IP address. |
| - | If a CPU failover happens, then there is a chance that SpecView will switch to the secondary IP address as well, because of Network Switch activity. For further information see below. |
| - | If a 'write' was in progress at the time of the failover, then it cannot be guaranteed that the 'write' actually succeeded. If this is important see below for more details. |
How it works:
The Default Scenario:
If SpecView sees a break in communications while communicating with the C70R, then SpecView will attempt to re-establish the connection a number of times (Connect Retries). When this amount of connect retries is exhausted, SpecView will flip to the Secondary IP address specified and try to resume communications. SpecView will then remain talking to the Secondary IP address until instructed otherwise. If SpecView was issuing a write to the controller at the time the failure occurred, then, depending on the exact timing of the failure, the message will either have got through to the C70R or not, and SpecView will report CommsError for that value.
Things that can be altered:
The 3 most common things that can be altered from the default scenario are:
| 1) | SpecView can be told to switch to the secondary IP address without retrying – this could be useful if speed is an issue. SpecView can be made to flip very quickly to the Secondary IP at any failure of the Primary Network, including a CPU failover where the External Network Switch does not recognize the failover quickly. |
| 2) | SpecView can be told to monitor the Primary IP address while talking to the Secondary IP address so that when the Primary Network connection is once again available, SpecView will ‘fail-back’ to the Primary IP address. |
| 3) | SpecView can be told to retry the 'write' that was in progress at the time of the failure. This could have the consequence that the 'write' is seen by the C70R coming twice. In the case of momentary signals, this could appear as two requests, in which case it is recommended that momentary requests are not used in this case. |
Turning on Redundancy in SpecView:
SpecView maintains in internal table of primary and secondary IP addresses for the failover, but this table must be initialized correctly. It can only be initialized by having a parameter on a screen somewhere that instructs SpecView to initialize the table.
There are 2 ways to initialize the table:
| 1) | Use the Special “IP Fail To” instrument inside SpecView – this has the added advantage that this instrument reports back which IP address is in use at all times. Create the Instrument and give it the address: <Primary>B<Secondary> For example, to failover from 192.168.1.254 to 10.10.0.10 enter: 192.168.1.254B10.10.0.10 as the address of this instrument. The “IP Address in use” parameter of this instrument must be on a screen that is open at some point during runtime to initialize the table correctly. Until this parameter is viewed (or logged), the Redundancy is not operating. |
| 2) | Add the Secondary IP address to one or more actual instruments that have values on commonly open screen, or values that are logged – this causes the table to be initialized any time the variables that are important are requested. To add the Secondary Address, go to the instrument and add the “B<Secondary address>” to the end of the existing address, for example, if the instrument was already addressed as 192.168.1.254,1,1 then to add the secondary address of 10.10.0.10 to it, change it to: 192.168.1.254,1,1B10.10.0.10 . |
Here are the common commands to alter the default behaviour of the Redundant support.
Each command is entered in the Setup COM port section.
To make the driver fail-back to the Primary address when the primary address becomes available again:
TCPFAIL2PRI = 1 (TCP Fail to Primary - the default setting is 0)
This causes the driver to check every 5 seconds to establish a link back to the primary address. If it succeeds, then it will switch back to the primary address.
To make the driver switch over quickly without attempting to retry the first connection:
TCPERBS = 0 (TCP Exhaust Retries Before Switch - the default setting is 1)
To make the driver retry a few times to keep the primary connection before resorting to the secondary (the opposite behaviour to above)
TCPLCTOR = 5 (TCP LAN Connect TimeOut Retries - the default is 2 retries)
TCPERBS = 1
To make the driver be fault tolerant including writes in progress at the time of failure:
TCPFFLTTLR = 1 (TCP Full FauLT ToLeRance – the default setting is 0)
Note that this would have the side-effect such that while any write is in progress to any TCP/IP address, the reading of other TCP/IP addresses will be halted for the duration of the write. This could slow down throughput. Also, if the write succeeded just before the failure, but SpecView was unable to gain acknowledgement of this, then the write will go through twice with this command.
For more information please read the following TechNote, which can be downloaded from SpecView's FTP site:
SVD1950 SV Support for redundant Modbus TCP IP addresses.doc