Controller Redundancy
To increase the availability of the system, you can use a second controller with a redundant PROFINET controller combined with CODESYS Redundancy. CODESYS Redundancy acts as a "backend" to synchronize the application on the two controllers. The native PROFINET system redundancy (SR) ensures smooth data exchange with the field devices.
With the PROFINET system redundancy, both controllers each maintain a connection (AR = application relation) to each PROFINET field device which supports S2 system redundancy. One of the connections has the PRIMARY role, and the other connection has the BACKUP role. Here, only the connection with the PRIMARY role transmits valid data. If the connection with the PRIMARY role fails, then it is possible to smoothly switch to the connection with the BACKUP role, which now becomes the new PRIMARY connection, in the shortest possible time. Mixed operation with PROFINET field devices which do not support S2 system redundancy is possible. However, in this case data transmission is briefly interrupted when the connection fails because a complete, new connection is established. PROFINET system redundancy can be extended with other redundancy mechanisms, such as MRP ("line redundancy").
Configuration of the CODESYS Runtime
[CmpRedundancyConnectionIP] Link1.IpAddressLocal=192.168.56.1 ; IP address of redundancy link of local PLC Link1.IpAddressPeer=192.168.56.101 ; IP address of redundancy link of peer PLC Link1.Port=1205 [CmpRedundancy] BootupWaitTime=5000 TcpWaitTime=2000 StandbyWaitTime=50 ; This timeout depends on the quality of real time task and communication system LockTimeout=20 ; Maximum time of timer lock Bootproject=Application ; Name of your CODESYS application RedundancyTaskName=MainTask ; Task name in your CODESYS application DataSyncAlways=1 PlcIdent=1 ;// Redundant Controller = 2 !!! SyncWaitTime=100;
Configuration in the project
In the project, the settings such as IP address and controller station name for the PROFINET controller also need to be configured on the second controller (PLC 2).
When the Redundancy Configuration object is inserted into the project, there are additional settings for the EtherNet Adapter on PLC 2 at the EtherNet Adapter device.
In the configuration of the controller, an additional System Redundancy tab is displayed for the settings which should be used on PLC 2. Field devices which support S2 system redundancy are automatically set to this mode.
Important
The CODESYS Redundancy allows only the synchronization of a single task. In this task, all PROFINET I/O data should be used, whereby the I/O mapping should be done only to existing variables. Because only the PROFINET controller with the PRIMARY connection receives valid I/O data, no PROFINET I/O data should be processed on a BACKUP controller. PROFINET function blocks for acyclic services (for example, RDREC, WRREC) or alarm processing (for example, RALARM) must not be used within the synchronized task or the synchronized data areas.
The priority of the redundant task must be significantly lower than that of the PROFINET I/O task.
The standard behavior of the PROFINET controller during operation:
When the role of the controller is "Active", the PROFINET controller (and all connections) are
PRIMARY.When the role of the controller is "Standby", the PROFINET controller (and all connections) are
BACKUP.When the role of the controller is "Standalone" at the time of startup, only the PROFINET controller on PLC 1 is the
PRIMARYcontroller.When the role of the controller changes to "Standalone" (redundancy connection interrupted or failure of the other PLC), the PROFINET controller retains its current role.
The RedundancyManager function block extends the standard behavior with useful error handling:
When the connections of a
PRIMARYcontroller are terminated (complete shutdown of all connections or single connection termination), the standby controller switches to "Active" and its PROFINET controller becomes the newPRIMARYcontroller.When the PROFINET controller on one of the two controllers has a failure (for example, no network), this controller is switched to "Simulation".
Attention: The RedundancyManager must not be defined in a synchronized area, but for example in a global variable list.