Controller; O Network Redundancy - GE Mark VIe Instruction Manual

4 Controller

A single-board controller is the heart of the system. It includes the main processor and three Ethernet drivers for
communications with networked I/O and two additional Ethernet drivers for the control network. One, two, or three
controllers are provided as required for redundancy.
Some suppliers support redundant processors and communication boards in a common rack with a split backplane for
improved fault tolerance. Another form of redundancy has two controllers with two processors in each of the two controllers
in a quad configuration. If one of the processors has a partial failure, there will be a discrepancy between the data from the
two processors on one board, and the other board takes control.
A key evaluation point for any redundant control system is the failover time from one controller to the other. If one controller
normally drives the control valve and the other is on standby in a hot-backup configuration, then there is a finite time for the
backup to determine that the main controller has failed so that it can take over. This failover time is critical to the process.
Another method is to have both controllers continuously reading inputs, running application software, and providing outputs
to the control valves and relays, so there is no failover time between controllers. Somewhere between the controllers and the
control valves / relays a decision is made to follow the commands from one controller or the other. This decision point is a
critical item in determining failover time, failure mode, and overall system fault tolerance.
5 I/O Network Redundancy
All control systems have internal communications between the main processor(s) and the I/O regardless of whether the I/O is
separate from the controller board rack, or mounted inside the rack with communication on the backplane. The I/O network
consists of active electronics at both ends and multiple failure modes, so its redundancy is just as important as the main
processors and the I/O electronics that interface with field devices.
In a Mark VIe control system, IONET provides communication between the main processor(s) in the controller(s) and the
local processors in the I/O packs that are located on the I/O modules. This communication architecture is a star configuration
with the network switch(s) in the middle. Switches manage communication traffic to eliminate data collisions and increase
network determinism. Networks conform to IEEE 802.3 for 100Base-Tx and 100Base-Fx (fiber).
Typically, simplex controls have one IONet, dual controls have two IONets, and triple redundant controls have three IONets.
However, even in simplex controls a second IONet is often provided.
Switches send their input data to all controllers, which are continuously online. Each dual redundant controller uses the data
from its designated switch, but uses the data from the other switch, with no delay, if the data from the first switch is not
received or if the data has a bad checksum. Each triple redundant controller receives data from all three switches, individually
votes the data from contact inputs, and selects the median value of analog inputs. In addition, diagnostics identify any
discrepancy between the three inputs. This is important to minimize MTTR and enable online repair.
Output data is sent from each controller to its designated switch and then to the output electronics. The methodology for
selection of output data from the redundant controllers for driving control valves, solenoids, and other components varies
widely between control systems and is significant for determining the system reliability. These details are discussed in the
next section.
Instruction Guide GEI-100728A 7
Public Information