The AC500 High Availability system performs a switch-over whenever the primary PLC is powered off, crashed or stopped or if the primary PLC loses fieldbus communication (cut of ETH or defect MRP switch) while the secondary PLC still has connection.
In the following figure the different use cases and reaction times are outlined.
The below use case table with reaction and diagnosis messages are based on the setup where Sync is via SCADA network, “lifecom2” over field network and PLC A is primary.
|
Case |
Use case |
Reaction |
Diagnosis message on *) |
|---|---|---|---|
|
1 |
Primary PLC is powered off, crashed or stopped. |
Switchover to secondary PLC. CI52x outputs are frozen during switchover period. |
Secondary |
|
2 |
Secondary PLC is powered off, crashed or stopped. |
No switchover, process continues. |
Primary |
|
3 |
Primary PLC loses connection to fieldbus CI52x modules while secondary PLC still has a connection. |
Switchover to the secondary PLC. CI52x outputs are frozen during switchover period. |
Primary |
|
4 |
Secondary PLC loses connection to one or more CI52x modules. |
No switchover, process continues. |
Secondary |
|
5 |
CI52x module is stopped/ powered off. |
No switchover, process continues. |
Primary and secondary |
|
6 |
Connection lost in Field Ethernet network. |
Depending on Ethernet network structure, and redundancy mechanisms used a reconfiguration time exists. |
“lifecom2” lost and CI module lost errors will be generated in primary and secondary. |
|
7 |
Sync is broken and “lifecom2” is connected (CI connected). |
Sync is broken 1- no switchover, process continues. |
“lifecom2”Primary lost and Sync lost error will be indicated. |
|
Sync 1 is broken 2 and Sync switches to Sync 2, no switchover, Sync data passes trough the other onboard PLC port. |
Primary and secondary. Runtime error 16#4096 will be generated. |
||
|
Sync is connected and “lifecom2” is broken (CI connected). |
“lifecom2” is broken 3. If “lifecom2” and CI module are configured in the same port, switchover to secondary PLC. |
CI module lost and “lifecom2”Primary Primary lost errors will be indicated. |
|
|
“lifecom2” is broken4. If “lifecom2” and CI module are configured in different ports, no switchover. |
“lifecom2”Primary Primary lost error will be indicated. |
||
|
Sync and “lifecom2” are broken |
Both PLCs go to primary |
Other CPU not active, “lifecom1” is lost, “lifecom2” is lost, Sync is lost |
|
|
8 |
Primary PLC loses Sync is broken and “lifecom2” is connected (CI connected). connection to SCADA. |
SCADA is responsible to detect and to switch over. |
- |
|
9 |
Secondary PLC loses connection to SCADA. |
SCADA is responsible to detect and to switch over. |
- |
|
10 |
SCADA is broken |
SCADA is responsible to detect and to switch over. |
- |
|
11 |
Manual switchover by the user. |
Switchover to the secondary PLC. CI52x outputs are frozen during switchover period. |
- |
|
*) Diagnosis description, see function block description. 1) Dual Sync disabled. 2) Dual Sync enabled. 3) “lifecom2” and CI module configured in the same ETH port. 4) “lifecom2” and CI module configured in different ETH ports. |
|||