BS EN 61784-3-2:2017 – TC:2020 Edition
$280.87
Tracked Changes. Industrial communication networks. Profiles – Functional safety fieldbuses. Additional specifications for CPF 2
| Published By | Publication Date | Number of Pages |
| BSI | 2020 | 559 |
IEC 61784 3-2:2016 specifies a safety communication layer (services and protocol) based on CPF 2 of IEC 61784-1, IEC 61784-2 and IEC 61158 Type 2. It identifies the principles for functional safety communications defined in IEC 61784-3 that are relevant for this safety communication layer. This safety communication layer is intended for implementation in safety devices only. This third edition cancels and replaces the second edition published in 2010. This edition constitutes a technical revision. The main changes with respect to the previous edition are listed below (and highlighted in yellow in this document): – Added detailed requirements for use of FSCP 2/1 in conjunction with CP 16/3 (see 4.1, 6.4.3, 6.5.3, 8.2, 8.13, and miscellaneous references when referencing CPF 2 networks); – Defined object class section keywords for safety to EDS file definition in 8.10.2.1; – New sections on safety CRC overview in 7.1.2.1 and Rollover counts for EF format in 7.4; – Corrections to PFH calculations in 9.5.2; – Change from MACID to NodeID as general reference to network identifier.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 281 | National foreword |
| 286 | English CONTENTS |
| 296 | FOREWORD |
| 298 | Figures Figure 1 – Relationships of IEC 617843 with other standards (machinery) |
| 299 | Figure 2 – Relationships of IEC 617843 with other standards (process) |
| 301 | 1 Scope 2 Normative references |
| 303 | 3 Terms, definitions, symbols, abbreviated terms and conventions 3.1 Terms and definitions 3.1.1 Common terms and definitions |
| 308 | 3.1.2 CPF 2: Additional terms and definitions 3.2 Symbols and abbreviated terms 3.2.1 Common symbols and abbreviated terms |
| 309 | 3.2.2 CPF 2: Additional symbols and abbreviated terms |
| 310 | 3.3 Conventions 4 Overview of FSCP 2/1 (CIP Safety™) 4.1 General 4.2 FSCP 2/1 |
| 311 | 5 General 5.1 External documents providing specifications for the profile Figure 3 – Relationship of Safety Validators |
| 312 | 5.2 Safety functional requirements 5.3 Safety measures |
| 313 | 5.4 Safety communication layer structure Tables Table 1 – Communications errors and detection measures matrix |
| 314 | 5.5 Relationships with FAL (and DLL, PhL) 5.5.1 General 5.5.2 Data types 6 Safety communication layer services 6.1 Introduction Figure 4 – Communication layers |
| 315 | 6.2 Connection object 6.2.1 General 6.2.2 Class attribute extensions 6.2.3 Service extensions Table 2 – New class attributes |
| 316 | 6.2.4 Explicit message response format for SafetyOpen and SafetyClose 6.3 Connection Manager object 6.3.1 General Table 3 – Service extensions Table 4 – SafetyOpen and SafetyClose response format |
| 317 | 6.3.2 ForwardOpen for safety |
| 318 | Figure 5 – ForwardOpen with safety network segment |
| 319 | 6.3.3 Safety network segment Table 5 – Safety network segment identifier Table 6 – Safety network segment definition |
| 320 | Figure 6 – Safety network target format |
| 321 | Table 7 – Safety network segment router format Table 8 – Safety Network Segment Extended Format |
| 322 | 6.3.4 Originator rules for calculating the connection parameter CRC 6.3.5 SafetyOpen processing flowcharts |
| 323 | Figure 7 – Target Processing SafetyOpen with no configuration data(Form 2 SafetyOpen) |
| 324 | Figure 8 – Target Processing for SafetyOpen with configuration data(Form 1 SafetyOpen) |
| 325 | 6.3.6 Checks required by Multipoint producers with existing connections Figure 9 – Originator logic to determine which format to use |
| 326 | 6.3.7 Electronic key usage for safety 6.3.8 RPI vs. API in safety connections 6.3.9 Application path construction for safety Table 9 – Multipoint producer parameter evaluation rules |
| 327 | 6.3.10 Safety Validator connection types |
| 328 | Table 10 – ForwardOpen setting options for safety connections |
| 330 | 6.3.11 Application reply data in a successful SafetyOpen response Table 11 – Network connection parameters for safety connections Table 12 – CP 2/3 Safety target application reply (size: 10 octets) |
| 331 | Table 13 – EF CP 2/3 Safety target application reply (size: 14 octets) Table 14 – SafetyOpen target application reply (size: 18 octets) |
| 332 | 6.3.12 Unsuccessful SafetyOpen response Table 15 – EF SafetyOpen target application reply (size: 22 octets) Table 16 – New and extended error codes for safety |
| 333 | Table 17 – SafetyOpen error event guidance table |
| 334 | 6.3.13 ForwardClose for safety 6.4 Identity object 6.4.1 General 6.4.2 Changes to common services |
| 335 | 6.4.3 Extensions for CP 16/3 devices 6.5 Link objects 6.5.1 DeviceNet object changes Table 18 – Identity object common service changes Table 19 – Identity object extensions for CP 16/3 devices Table 20 – New DeviceNet object instance attribute |
| 336 | 6.5.2 TCP/IP Interface object changes 6.5.3 SERCOS III Link object Table 21 – New TCP/IP Interface object instance attribute Table 22 – SERCOS III Link object class attributes |
| 337 | 6.6 Safety Supervisor object 6.6.1 General Table 23 – SERCOS III Link object instance attributes Table 24 – SERCOS III Link Object Common Services |
| 338 | 6.6.2 Safety Supervisor class attributes 6.6.3 Subclasses 6.6.4 Safety Supervisor instance attributes Table 25 – Safety Supervisor class attributes |
| 339 | Table 26 – Safety Supervisor instance attributes |
| 342 | 6.6.5 Semantics |
| 343 | Table 27 – Device status attribute state values Table 28 – Exception status attribute format |
| 344 | Table 29 – Common exception detail attribute values |
| 345 | Table 30 – Exception detail format summary |
| 347 | Table 31 – Summary of device behavior for various CFUNID values |
| 348 | 6.6.6 Subclasses 6.6.7 Safety Supervisor common services |
| 349 | Table 32 – Safety Supervisor common services Table 33 – Safety Supervisor object specific services |
| 351 | Table 34 – Configure_Request message structure Table 35 – Validate_Configuration message structure Table 36 – Validate_Configuration success message structure |
| 352 | Figure 10 – Applying device configuration Table 37 – Validate_Configuration error code Table 38 – Validate_Configuration extended codes |
| 353 | Figure 11 – Configure and Validate processing flowcharts |
| 354 | Table 39 – Set_Password message structure Table 40 – Reset_Password message structure |
| 355 | Table 41 – Configuration_Lock/Unlock message structure Table 42 – Mode_Change message structure |
| 356 | Table 43 – Safety_Reset message structure Table 44 – Safety Supervisor safety reset types Table 45 – Attribute bit map parameter |
| 357 | Table 46 – Reset processing rules for reset types Table 47 – Propose_TUNID service |
| 358 | Table 48 – Apply_TUNID service |
| 359 | 6.6.8 Safety Supervisor behavior Figure 12 – UNID handling during “Waiting for TUNID” |
| 360 | Figure 13 – Safety Supervisor state diagram Table 49 – Safety Supervisor events |
| 361 | Table 50 – State event matrix for Safety Supervisor |
| 364 | Figure 14 – Configuration, testing and locked relationships Table 51 – Configuration owner control vs. device state |
| 365 | Table 52 – State mapping of Safety Supervisor to Identity object Table 53 – Safety Supervisor object event mapping |
| 366 | 6.7 Safety Validator object 6.7.1 General 6.7.2 Class attributes Table 54 – Identity object event mapping |
| 367 | 6.7.3 Instance attributes Table 55 – Safety Validator class attributes Table 56 – Safety Validator instance attributes |
| 369 | Table 57 – Safety Validator state assignments |
| 370 | Figure 15 – Safety connection types Table 58 – Safety Validator type, bit field assignments |
| 371 | Table 59 – Multipoint producer SafetyOpen parameter evaluation rules |
| 372 | 6.7.4 Class services Table 60 – Safety Validator class services |
| 373 | 6.7.5 Instance services 6.7.6 Object behavior Table 61 – Safety Validator instance services Table 62 – Safety Validator Get_Attributes_All service data |
| 374 | Figure 16 – Safety Validator state transition diagram |
| 375 | Table 63 – Safety Validator state event matrix |
| 376 | 6.8 Connection Configuration Object 6.8.1 General 6.8.2 Class attribute extensions 6.8.3 Instance attributes, additions and extensions. Table 64 – State mapping between Safety Supervisor and Safety Validator objects Table 65 – Connection configuration object class attribute extensions Table 66 – Connection Configuration Object instance attribute additions/extensions |
| 379 | 6.8.4 Instance attribute semantics extensions or restrictions for safety Table 67 – Connection flag bit definitions |
| 380 | Table 68 – O-to-T connection parameters |
| 381 | Table 69 – T-to-O connection parameters |
| 382 | Table 70 – Data map formats |
| 383 | 6.8.5 Special Safety Related Parameters – (Attribute 13) Table 71 – Data map format 0 Table 72 – Data map format 1 |
| 385 | Table 73 – Target device’s SCCRC values Table 74 – Target device’s SCTS values |
| 386 | Table 75 – Time correction connection parameters for multipoint connection |
| 387 | Table 76 – Format Type attribute meaning |
| 388 | Figure 17 – Logic for Auto-detecting format type Table 77 – Format Status attribute meaning |
| 389 | 6.8.6 Object-specific services 6.8.7 Common service extensions for safety Table 78 – Connection Configuration Object-specific services Table 79 – Get_Attributes_All Response service data (added attributes ) |
| 390 | Table 80 – Get_Attributes_All Response service data (added parameters ) Table 81 – Set_Attributes_All Request service data (added attributes) Table 82 – Set_Attributes_All Response service data (added parameters ) |
| 391 | 6.8.8 Object behavior Figure 18 – Connection Configuration Object state diagram Table 83 – State Mapping between Safety Supervisor and the CCO objects |
| 392 | 7 Safety communication layer protocol 7.1 Safety PDU format 7.1.1 Safety PDU encoding Figure 19 – Connection Configuration Object data flow |
| 393 | Figure 20 – Format of the mode octet Table 84 – Connection sections and PDU formats |
| 394 | Figure 21 – 1 or 2 octet data section, Base Format Table 85 – Mode octet variables |
| 395 | Figure 22 – 1 or 2 octet data section, Extended Format Figure 23 – 3 to 250 octet data section format, Base Format |
| 396 | Figure 24 – 3 to 250 octet data section format, Extended Format |
| 397 | Figure 25 – Time Stamp section format, Base Format Table 86 – Time Stamp variables |
| 398 | Figure 26 – BF Time Coordination message encoding Figure 27 – EF Time Coordination message encoding Table 87 – Time Coordination message variables |
| 399 | Figure 28 – BF Time Correction message encoding Figure 29 – EF Time Correction message encoding |
| 400 | Table 88 – Time Correction Message variables |
| 401 | Figure 30 – 1 or 2 octet point-to-point PDU encoding Figure 31 – 1 or 2 Octet multipoint PDU encoding |
| 402 | Figure 32 – 1 or 2 Octet, multipoint, Format 2 safety connection format Figure 33 – 3 to 250 Octet Point-to-point PDU encoding |
| 403 | Figure 34 – 3 to 248 Octet Multipoint PDU encoding Figure 35 – 3 to 248 Octet, Multipoint, safety connection format |
| 404 | 7.1.2 Safety CRC Figure 36 – CRC Calculation order for Extended Format messages Table 89 – CRC polynomials used |
| 405 | 7.2 Communication protocol behavior 7.2.1 Sequence of safety checks 7.2.2 Connection termination 7.2.3 Cross checking error Table 90 – Connection sections and message formats |
| 406 | 7.3 Time stamp operation Figure 37 – Time stamp sequence |
| 407 | 7.4 Rollover counts in the EF 7.5 Protocol sequence diagrams 7.5.1 General 7.5.2 Normal safety transmission Figure 38 – Sequence diagram of a normal producer/consumer safety sequence |
| 408 | 7.5.3 Lost, corrupted and delayed message transmission Figure 39 – Sequence diagram of a normal producer/consumersafety sequence (production repeated) |
| 409 | Figure 40 – Sequence diagram of a corrupted producer to consumer message |
| 410 | Figure 41 – Sequence diagram of a lost producer to consumer message |
| 411 | 7.5.4 Lost, corrupted or delayed message transmission with production repeated Figure 42 – Sequence diagram of a delayed message |
| 412 | Figure 43 – Sequence diagram of a corrupted producer to consumer message with production repeated |
| 413 | 7.5.5 Point-to-point ping Figure 44 – Sequence diagram of a connection terminated due to delays Figure 45 – Sequence diagram of a failure of safety CRC check |
| 414 | 7.5.6 Multipoint ping on CP 2/3 Safety Figure 46 – Sequence diagram of a point-to-point ping – normal response |
| 415 | 7.5.7 Multipoint ping on CP 2/2 safety networks Figure 47 – Sequence diagram of a successful multipoint ping, CP 2/3 safety |
| 416 | 7.5.8 Multipoint ping – retry with success Figure 48 – Sequence diagram of a successful multipoint ping, CP 2/2 safety |
| 417 | 7.5.9 Multipoint ping – retry with timeout Figure 49 – Sequence diagram of a multipoint ping retry Figure 50 – Sequence diagram of a multipoint ping timeout |
| 418 | 7.6 Safety protocol definition 7.6.1 General 7.6.2 High level view of a safety device 7.6.3 Safety Validator object Figure 51 – Safety device reference model entity relation diagram |
| 419 | 7.6.4 Relationship between SafetyValidatorServer and SafetyValidatorClient 7.6.5 Extended Format time stamp rollover handling Figure 52 – Two devices interchanging safety data via a SafetyValidatorClient and a SafetyValidatorServer |
| 421 | Figure 53 – Point-to-point, originating consumer. target producer |
| 422 | Figure 54 – Point-to-point, originator producer, target consumer |
| 423 | Figure 55 – Multi-point, originator consumer, target producer |
| 424 | 7.6.6 SafetyValidatorClient function definition Figure 56 – Safety production data flow |
| 432 | 7.6.7 SafetyValidatorServer function definition |
| 433 | Figure 57 – Consumer safety data monitoring |
| 434 | Figure 58 – SafetyValidatorServer – application triggered |
| 435 | Table 91 – Data reception – Link triggered Table 92 – Time_Correction reception – Link triggered Table 93 – Data reception – Application triggered |
| 436 | Table 94 – Time_Correction reception – Application triggered Table 95 – Consuming application – Safety data monitoring |
| 445 | 7.7 Safety message and protocol data specifications 7.7.1 Mode octet |
| 446 | 7.7.2 Time Stamp Section 7.7.3 Time Coordination Message |
| 447 | 7.7.4 Time correction message 7.7.5 Safety data production |
| 448 | Table 96 – Producer connection status determination |
| 455 | 7.7.6 Producer dynamic variables |
| 457 | 7.7.7 Producer per consumer dynamic variables |
| 458 | 7.7.8 Consumer data variables |
| 459 | Table 97 – Consuming safety connection status |
| 460 | 7.7.9 Consumer input static variables |
| 461 | 7.7.10 Consumer dynamic variables |
| 463 | 8 Safety communication layer management 8.1 Overview 8.2 Definition of the measures used during connection establishment Table 98 – Connection establishment errors and measures to detect errors |
| 464 | Table 99 – SNN Date/Time allocations Table 100 – SNN legal range of time values |
| 467 | 8.3 Originator-Target relationship validation 8.4 Detection of mis-routed connection requests Figure 59 – Target ownership |
| 468 | 8.5 SafetyOpen processing 8.6 Ownership management Figure 60 – SafetyOpen forms |
| 469 | 8.7 Bridging different physical layers Figure 61 – Connection ownership state chart Figure 62 – SafetyOpen UNID mapping |
| 470 | Figure 63 – Common CPF 2 application layer Figure 64 – End-to-End routing example |
| 471 | 8.8 Safety connection establishment 8.8.1 Overview 8.8.2 Basic facts for connection establishment 8.8.3 Configuring safety connections |
| 472 | Table 101 – Safety connection parameters |
| 473 | 8.8.4 Network time expectation multiplier Figure 65 – Sources for safety related connection parameters |
| 474 | 8.8.5 Establishing connections Figure 66 – Parameter mapping between originator and target |
| 475 | Table 102 – SafetyOpen summary |
| 476 | Figure 67 – CP 2/3 Safety connection establishment in targets for Form 2a SafetyOpen |
| 477 | 8.8.6 Recommendations for consumer number allocation Figure 68 – General sequence to detect configuration is required |
| 478 | 8.8.7 Recommendations for connection establishment 8.8.8 Ownership establishment |
| 479 | 8.8.9 Ownership use cases |
| 482 | 8.8.10 PID/CID usage and establishment 8.8.11 Proper PID/CID usage in multipoint and point-to-point connections Figure 69 – PID/CID exchanges for two originator scenarios |
| 483 | Figure 70 – Seed generation for multipoint connections |
| 484 | 8.8.12 Network supported services Figure 71 – PID/CID runtime handling |
| 485 | 8.8.13 FSCP 2/1 safety device type |
| 486 | Table 103 – Originator/Target service mapping Table 104 – Unsupported originator/target service types |
| 487 | Figure 72 – Connection categories and supported services |
| 488 | Figure 73 – Recommended connection types Figure 74 – Logic-to-logic supported services |
| 489 | 8.9 Safety configuration process 8.9.1 Introduction to safety configuration 8.9.2 Configuration goals Figure 75 – Recommended connection types for logic to logic |
| 490 | 8.9.3 Configuration overview Figure 76 – Configuration data transfers Table 105 – Configuration goals |
| 491 | 8.9.4 User configuration guidelines |
| 492 | 8.9.5 Configuration process SIL3 justification Figure 77 – Protection measures in safety devices |
| 493 | 8.9.6 Device functions for tool configuration 8.9.7 Password security 8.9.8 SNCT interface services 8.9.9 Configuration lock |
| 494 | 8.9.10 Effect of configuration lock on device behavior Figure 78 – Configuration, testing and locked relationships |
| 495 | 8.9.11 Configuration ownership 8.9.12 Configuration mode 8.9.13 Measures used to ensure integrity of configuration process Table 106 – Configuration owner control vs. device state |
| 496 | Figure 79 – Originator’s configuration data |
| 497 | 8.9.14 Download process |
| 498 | Figure 80 – SNCT to device download process |
| 499 | Figure 81 – SNCT Downloads to originators that perform Form 1 configuration |
| 500 | 8.9.15 Verification process |
| 501 | Figure 82 – Protection from locking and ownership Figure 83 – Example of read back and comparison of original and printout |
| 502 | 8.9.16 Verification process Figure 84 – Diverse display without full data read back |
| 503 | 8.9.17 Configuration error analysis Figure 85 – Verification process including all alternatives |
| 504 | Table 107 – Errors and detection measures |
| 507 | 8.10 Electronic Data Sheets extensions for safety 8.10.1 General rules for EDS based safety devices |
| 508 | 8.10.2 EDS extensions for safety Table 108 – Object Class section keywords |
| 509 | Table 109 – Safety Classx entry format Table 110 – Parameter class keywords |
| 510 | Table 111 – New Connection Manager section keywords for safety |
| 511 | Table 112 – Connection Manager field usage for safety |
| 512 | Table 113 – Connection parameter field settings for safety |
| 513 | 8.11 Requirements for CP 2/2 8.11.1 EPI rules for safety messages that travel over CP 2/2 8.11.2 Default safety I/O service 8.11.3 Duplicate IP detection 8.11.4 Priority for safety connections |
| 514 | 8.12 Requirements for CP 2/3 8.12.1 Allocation of CP 2/3 identifiers Table 114 – CP 2/3 ID assignment rules |
| 516 | 8.12.2 Additional requirements 8.13 CP 16/3 requirements 8.13.1 General architecture for CPF 2 on CP 16/3 |
| 517 | 8.13.2 Baseline FSCP 2/1 on CP 16/3 device Figure 86 – Baseline FSCP 2/1 on CP 16/3 device |
| 518 | 8.13.3 Supported objects and services in CP 16/3 devices 8.13.4 Transport layer requirements |
| 520 | Figure 87 – FSCP 2/1 Adaptation Layer and SMP interaction |
| 521 | 8.13.5 FSCP 2/1 and the CP 16/3 device model Figure 88 – FSCP 2/1 Adaptation |
| 522 | 8.13.6 UNID assignment on CP 16/3 Figure 89 – CP 16/3 device model |
| 524 | Figure 90 – Adding a standard module to a modular device |
| 525 | 9 System requirements 9.1 Indicators and switches 9.1.1 General indicator requirements 9.1.2 LED indications for setting the device UNID 9.1.3 Module Status LED Table 115 – LED indications for setting UNID |
| 526 | 9.1.4 Indicator warning 9.1.5 Network Status LED Table 116 – Module Status LED Table 117 – Network status LED states |
| 527 | 9.1.6 Switches |
| 529 | 9.2 Installation guidelines Figure 91 – Safety device NodeID processing logic |
| 530 | 9.3 Safety function response time 9.3.1 Overview 9.3.2 Network time expectation Figure 92 – Safety function response time |
| 531 | 9.3.3 Equations for calculating network reaction times Table 118 – Connection reaction time type – producing/consuming applications |
| 532 | Figure 93 – Safety function response time components |
| 533 | 9.4 Duration of demands 9.5 Constraints for calculation of system characteristics 9.5.1 Number of nodes 9.5.2 Network PFH Figure 94 – Network protocol reliability block diagram (RBD) |
| 535 | Figure 95 – Network PFH summary |
| 536 | 9.5.3 Bit Error Rate (BER) Figure 96 – Extended Format PFH summary |
| 537 | 9.6 Maintenance 9.7 Safety manual 10 Assessment |
| 538 | Annex A (informative) Additional information for functional safety communication profiles of CPF 2 A.1 Hash function example code |
| 552 | A.2 … |
| 553 | Annex B (informative) Information for assessment of the functional safety communication profiles of CPF 2 |
| 554 | Bibliography |
Related products
-
BSI 19/30383931 DC:2019 Edition
BS EN IEC 61788-22-2. Superconductivity – Part 22-2. Normal state resistance and critical current measurement.…
-
BS EN IEC 61784-5-12:2018 – TC:2020 Edition
Tracked Changes. Industrial communication networks. Profiles – Installation of fieldbuses. Installation profiles for CPF 12…
-
BS EN IEC 61784-5-18:2018 – TC:2020 Edition
Tracked Changes. Industrial communication networks. Profiles – Installation of fieldbuses. Installation profiles for CPF 18…
-
BS EN 62453-302:2017 – TC:2020 Edition
Tracked Changes. Field device tool (FDT) interface specification – Communication profile integration. IEC 61784 CPF…
-
BS EN IEC 61784-5-2:2018 – TC:2020 Edition
Tracked Changes. Industrial communication networks. Profiles – Installation of fieldbuses. Installation profiles for CPF 2…
-
BS EN IEC 61784-2:2019 – TC:2020 Edition
Tracked Changes. Industrial communication networks. Profiles – Additional fieldbus profiles for real-time networks based on…
-
BS EN IEC 62453-302:2023 – TC 2024
Tracked Changes. Field device tool (FDT) interface specification – Communication profile integration. IEC 61784 CPF…
