Content uploaded by Moustafa Elshafei
Author content
All content in this area was uploaded by Moustafa Elshafei on May 04, 2021
Content may be subject to copyright.
Modern Distributed
Control Systems
Dr. Moustafa Elshafei
Professor of Control and Instrumentation Systems Engineering
King Fahd University of Petroleum and Minerals
dr.moustafa.elshafei@gmail.com
II
Copyright © 2016
All rights reserved.
ISBN:-10:153510385x
ISBN-13:9781535103855
Library of Congress Control Number: 2016911444
CreateSpace Independent Publishing Platform, North Charleston, SC
Modern Distributed Control Systems III
PREFACE
Distributed Control Systems (DCSs) are dedicated systems used to control
manufacturing processes that are continuous or batch-oriented, such as oil refining,
petrochemicals, power generation stations, pharmaceuticals, food & beverage
manufacturing, cement production, steel industry, pulp and paper industry. DCSs are
connected to the sensors and actuators in the plant, and use setpoint control to
control/regulate the flow/properties of material through the plant.
A DCS is a combination of hardware (I/O field instruments, terminal panels,
computer subsystems, and operator stations, etc.), networks (network topology,
protocols, gateways, data access control, etc.), and software (monitoring, logging,
reporting, and control). The computer subsystems modules are in fact intelligent
microprocessor-based boards where the control functions are embedded. Normal
control functions of an entire plant or a process are thus distributed among a large
number of these local control modules. The local control modules communicate with
the other units in the system on a variety of data communication highways.
The fast pace of technological advancement in the DCS demands that the control
and instrumentation professionals and process engineers be proficient in the highly
complex and fast-moving areas of computer hardware and software, and to cope with
the developments in their own field. This book is intended to be an up-to-date
reference source for professionals or textbook for undergraduate and postgraduate
students. It provides information to assist the designers, users and maintenance staff
of DCS in understanding how these systems function, and addresses important issues
in the design, implementation, and the operation of DCS systems. The book updates
the readers on the recent technological developments, future directions, and the
recently established standards related to the engineering and operations of DCS.
The material of this book was first developed and taught at a graduate level
course. Then part of the material was regularly-offered as undergraduate senior level
course. Teaching at the graduate level, with many part-time students having
considerable field experience in the oil and petrochemical industries, was very
helpful. It allowed me to focus on the real needs of practicing professionals and shape
the direction of this book. Based on their recent feedback, additional topics will be
covered in the next volume such as; Safety Instrumented Systems, OPC, Cyber
security, ISA95 standard, and process control techniques.
This Volume I consists of 9 chapters. Chapter 1 is a general introduction,
Chapter 2 is the most important chapter; it explains the main functions and
components of a DCS system, highlights the differences between a DCS system and a
SCADA system, and discusses the relationship between the DCS system and the plant
IV Preface
wide networks. Chapter 3 is a review of how sensors and actuators are connected to
the DCS systems and briefly introduces signal conditioning and A/D and D/A
conversion. Chapter 4 covers in detail the connectivity of the high performance
industrial computers at the board level, at the cabinet level, and at the peripheral
level. Chapters 5 and 6 cover computer networks and Internet with sufficient details.
Chapter 7 gives an overview of the most common field buses in the industry. Chapter
8 is dedicated to the emerging wireless technology and introduces the wireless HART
and ISA100.11a standards for industrial wireless instrumentation. Finally, in
Chapter 9, we provide a brief overview of the popular large scale DCS for the process
industries.
Volume II will address more advanced topics as OPC, Safety Instrumented
Systems, ISA 95, Alarm management, Project management, Cybersecurity, and
Advanced process control techniques.
Why is this book unique?
The only book that provides control and instrumentation professionals with a
comprehensive IT dose covering industrial computer hardware and buses,
computer interface standards, computer networks, and the Internet.
The only book that brings to control and instrumentation professionals up-to-
date knowledge on the important industry standards.
The only book that covers in detail the recent advances in DCS systems,
including field buses, Integration technologies FDT and EDD, Industrial
Ethernet, internet protocols in SCADA and DCS, IPv6, and wireless
instrumentation and control.
Target readers
The book thus serves as a reference volume for a variety of engineers and
professionals engaged in planning, design, and application of distributed control
systems for new or existing process control systems, and a panorama of DCS know-
how, which will be useful to persons who are new or involved in the operation of
DCSs. The following is a short list of target readers:
Engineering schools, where the book serves as a textbook for undergraduate
or graduate level courses in control and instrumentation major, electrical
engineering, or process control engineering majors.
Engineers and professionals involved in the operation or maintenance of DCS
systems, who want to learn the new developments in the hardware, software,
and networks of the DCS technology. A reference book on DCS technologies
for engineering and operations professionals, automation and control
Modern Distributed Control Systems V
engineers, process control and SCADA engineers, and for plant engineers.
Plant managers, engineering and operations management, project managers,
and plant engineers, who plan to upgrade, expand, or deploy new DCS
systems.
Control system developers who want to understand the requirements and
constraints of the new and emerging standards and state of the art of DCS
technologies, which could affect their future planning and current solutions.
A Note on the Structure of Book
To help readers find the information they need, and get the utmost benefit from
the book, every chapter starts with a table of contents, a preview, and a list of
expected learning outcomes. A summary is also included at the end of each chapter to
help the reader retrace the main concepts. For those who want further or deeper
information a list of references is also included with every chapter.
I have also provided three levels of exercises; the first level is multiple-choice
questions, and represents a straightforward application of the concepts of the chapter.
The second level includes problems that require extending the concepts of the chapter
to new situations or some problem solving/analysis athletics. The last level usually
involves open and challenging design problems. Finally, each chapter ends with a list
of terms and concepts.
Moustafa Elshafei, Ph.D.,
Professor of Control and Instrumentation Systems Engineering
King Fahd University of Petroleum and Minerals
April, 2016
VI Acknowledgment
ACKNOWLEDGMENT
I would like first to thank my students, the real motivators behind writing this
book, who have attended the graduate courses SE515 and SE516 since 2005, and the
senior courses SE438 and CISE 435, and who helped me by reviewing the class notes
and by their valuable suggestions and critical comments.
I must also acknowledge the support of my family who not only voluntarily
released me from the obligations of the family time, but also created a comfortable
working atmosphere at home. I am also indebted to my two sons who helped me in
drawing the artwork and illustrations.
Although the idea of this book started almost eight years ago. However,
undertaking the writing of such a multifaceted book was not possible under normal
every day life pressure. Moreover, it would have not been possible to embark upon
this endeavor without the support from my university in the form of a book-writing
grant. The book-writing grant, number IN090043, from King Fahd University of
Petroleum and Minerals, not only provided the initial financial support, but also
indirectly established the incentive and pressure to fulfill the promised book in spite
of the so many stumbling blocks.
Dr. Moustafa Elshafei
Modern Distributed Control Systems VII
Table of Contents
Chapter 1 INTRODUCTION.......................................................................1
1.1 Plant Instrumentation Systems ...............................................................................2
1.2 Components of Measurement Systems....................................................................4
1.3 Elements of Process Control Loop..........................................................................7
1.4 Features of Distributed Control Systems...............................................................11
1.5 Evolution of the Distributed Control Systems ......................................................14
Chapter 2 PLANT AUTOMATION HIERARCHY...................................23
2.1 Introduction...........................................................................................................24
2.2 Distributed Control Systems ................................................................................30
2.3 SCADA Systems...................................................................................................32
2.4 Computer Integrated Manufacturing (CIM)..........................................................33
2.5 PLCs and DCSs.....................................................................................................35
Chapter 3 SIGNAL CONDITIONING AND DATA ACQUISITION.......45
3.1 Introduction...........................................................................................................46
3.2 Static Characteristics of the sensing elements.......................................................47
3.3 Errors in Measurement Systems............................................................................57
3.4 Electrical bridges...................................................................................................64
3.5 Operational Amplifiers..........................................................................................72
3.6 Voltage-to-current Transmitters............................................................................78
3.7 Analog to Digital and Digital to Analog converters..............................................83
3.8 Intrinsic safety.......................................................................................................92
3.9 Smart sensors and actuators..................................................................................95
Chapter 4 COMPUTER BUSES AND INTERFACES............................107
4.1 Single-Board Computer for Control Applications...............................................108
4.2 Industrial Computer Buses..................................................................................111
4.2.1 PC/104.......................................................................................................113
4.2.2 VME bus....................................................................................................115
4.2.3 VXIbus......................................................................................................119
4.2.4 cPCI and PXI.............................................................................................119
4.3 Computer Interface Standards ............................................................................123
4.3.1 IDE/ATA....................................................................................................123
4.3.2 SCSI .........................................................................................................125
4.3.3 RAID Redundant Array of Independent Disks...........................................127
4.4 Fault Tolerant Architecture ................................................................................130
4.5 Serial Communication.........................................................................................137
4.5.1 RS-232-C...................................................................................................137
4.5.2 RS-422/423/485.........................................................................................142
4.5.3 Flow Control in Serial Communications:...................................................145
4.5.4 MODBUS..................................................................................................149
VIII Table of Contents
4.5.6 DNP3.........................................................................................................155
Appendix 4.A PC Computer Buses.......................................................................164
4.A.2 PCI ................................................................................................................164
4.A.3 PCI Express.....................................................................................................167
Appendix 4.B PC Peripheral Interface Standards..............................................172
4.B.1 Universal Serial Bus (USB).............................................................................172
4.B.2 FireWire (IEEE1394) ......................................................................................174
Chapter 5 LOCAL AREA NETWORKS.................................................176
5.1 Introduction.........................................................................................................177
5.2 LANs Transmission medium...............................................................................179
5.2.1 Characteristics of Transmission Media......................................................179
5.2.2 Twisted-Pair Cable.....................................................................................181
5.2.3 Coaxial Cables...........................................................................................185
5.2.4 Fiber Optic Cables......................................................................................188
5.3 Network Types....................................................................................................192
5.3.1 Network Topologies...................................................................................193
5.3.2 Circuit Switching and Packet Switching....................................................194
5.3.3 Asynchronous and Synchronous Transmission..........................................195
5.3.4 Signal Encoding Methods.........................................................................196
5.3.5 Media access methods................................................................................199
5.4 ISO - Open Systems Interconnection..................................................................202
5.5 Network Standards..............................................................................................207
5.6 Industrial Ethernet .............................................................................................212
5.6.1 Ethernet Background..................................................................................212
5.6.2 Industrial Ethernet Requirements...............................................................216
5.6.3 Approaches for Industrial Ethernet.............................................................218
5.6.4 Switched Ethernet.....................................................................................220
5.7 Network Components..........................................................................................223
Appendix 5.A Twisted Pair Categories, Classes, and AWG...............................234
Appendix 5.B Brief history of important developments in the IEEE 802.3x
standards........................................................................................235
Chapter 6 INTERNET..............................................................................236
6.1 Introduction.........................................................................................................238
6.2 Internet Architecture...........................................................................................239
6.3 IP Addresses and Domain Names.......................................................................243
6.3.1 IP Address Classes.....................................................................................244
6.3.2 Domain Name System (DNS)....................................................................245
6.3.3 Mapping Domain Names to IP Addresses .................................................248
6.4 Internet IP Layer.................................................................................................249
6.4.1 Address Resolution Protocol (ARP)...........................................................250
6.4.2 Reverse Address Resolution Protocol (RARP)...........................................251
6.4.3 Internet Control Message Protocol (ICMP)................................................251
6.4.4 IP Routing..................................................................................................251
6.4.5 Internet Protocol Version 6 (IPv6).............................................................252
Modern Distributed Control Systems IX
6.4.6 Private and Link-local addresses................................................................254
6.5 TCP Transmission Control Protocol....................................................................255
6.5.1 Ports...........................................................................................................256
6.5.2 Sockets.......................................................................................................258
6.6 UDP User Datagram Protocol.............................................................................259
6.7 Real-time Transport Protocol (RTP) ..................................................................260
6.8 Application Layer Protocols................................................................................261
6.8.1 HTTP: Hyper Text Transfer Protocol.........................................................261
6.8.2 File Transfer Protocol (FTP)......................................................................262
6.8.3 Simple Network Management Protocol (SNMP).......................................262
6.8.4 Bootstrap Protocol (BOOTP) (RFC 951)...................................................264
6.8.5 Dynamic Host Configuration Protocol (DHCP) ........................................265
6.8.6 Simple Mail Transfer Protocol (SMTP).....................................................265
6.8.7 Network Time Protocol (NTP)...................................................................267
6.9 Internet-Based SCADA Systems.........................................................................268
Chapter 7 INDUSTRIAL FIELDBUSES.................................................280
7.1 Introduction ........................................................................................................282
7.2 HART Communication Protocol.........................................................................283
7.2.1 The HART Physical Layer.........................................................................283
7.2.2 HART Data Link Layer (DLL)..................................................................286
7.2.3 The HART Application Layer....................................................................287
7.2.4 HART User Layer......................................................................................289
7.3 Integration Technologies.....................................................................................289
7.3.1 Device Description Language (DDL).........................................................289
7.3.2 Field Device Tool (FDT)............................................................................291
7.3.3 Recent Development, the FDI....................................................................293
7.4 Foundation Fieldbus............................................................................................295
7.4.1 FFB Communication Stack........................................................................296
7.4.2 The FFB Physical Layer.............................................................................296
7.4.3 The FFB Data Link Layer..........................................................................299
7.4.4 The FFB Layers 3-6...................................................................................302
7.4.5 The FFB Application Layer........................................................................302
7.4.6 The FFB User Layer...................................................................................305
7.5 Controller Area Network (CAN).........................................................................309
7.5.1 CAN Physical Layer...................................................................................310
7.5.2 CAN Data Link Layer................................................................................312
7.5.3 CAN Higher Layers Protocols....................................................................314
7.6 PROFIBUS.........................................................................................................315
7.6.1 PROFIBUS Protocol Architecture..............................................................316
7.6.2 PROFIBUS-PA..........................................................................................318
7.6.3 PROFIBUS-DP..........................................................................................320
7.6.4 PROFIBUS-FMS.......................................................................................321
7.6.5 PROFIBUS Application Layer...................................................................322
7.6.6 PROFIBUS User Layer Applications.........................................................323
7.6.7 PROFINET................................................................................................324
7.6.8 PROFIsafe..................................................................................................327
7.7 More Fieldbus Solutions.....................................................................................329
X Table of Contents
7.7.1 Actuator Sensor Interface (ASi).................................................................329
7.7.2 INTERBUS................................................................................................330
7.7.3 WorldFIP....................................................................................................330
7.7.4 LonWorks..................................................................................................330
7.7.5 DeviceNet FieldBus...................................................................................331
Appendix 7.A CANopen Fieldbus.........................................................................346
Chapter 8 INDUSTRIAL WIRELESS NETWORKS..............................349
8.1 Introduction.........................................................................................................351
8.2 Wireless Communications Basics.......................................................................351
8.2.1 Radio Propagation Characteristics..............................................................352
8.2.2 Modulation Techniques..............................................................................356
8.2.3 Link Budgeting..........................................................................................363
8.3 Spread-Spectrum Techniques..............................................................................365
8.3.1 Direct sequence spread-spectrum (DSSS):.................................................366
8.3.2 Frequency-Hopping Spread-Spectrum (FHSS)..........................................368
8.3.3 Orthogonal Frequency Division Multiplexing (OFDM).............................369
8.4 Wireless Transceivers.........................................................................................372
8.5 Wireless LAN Standards:....................................................................................377
8.5.1 Overview....................................................................................................377
8.5.2 IEEE 802.11x Architecture........................................................................379
8.5.3 IEEE 802.11 Physical Layer (PHY)...........................................................381
8.5.4 IEEE 802.11 MAC Layer...........................................................................384
8.6 Low Power Short Range Wireless Networks.......................................................386
8.6.1 Bluetooth...................................................................................................386
8.6.2 IEEE 802.15.4 & ZigBee Networks...........................................................391
8.7 Wireless HART...................................................................................................402
8.7.1 WLH Physical Layer..................................................................................403
8.7.2 WLH Data Link Layer...............................................................................405
8.7.3 WLH Network Layer.................................................................................407
8.7.4 Transport Layer..........................................................................................407
8.7.5 Security Architecture..................................................................................407
8.7.6 WLH Application and User layers.............................................................408
8.8 ISA 100 Wireless Networks for Automation.......................................................409
8.8.1 ISA 100.11a Physical Layer.......................................................................410
8.8.2 ISA100.11a Data Link Layer.....................................................................413
8.8.3 ISA100.11a Network Layer........................................................................416
8.8.4 ISA100.11a Transport Layer (TL)..............................................................417
8.8.5 ISA100.11a Application Sub-Layer...........................................................419
8.8.6 ISA100.11a System Management& Security.............................................419
Chapter 9 EXAMPLES OF MODERN DCS SYSTEMS.........................431
9.1 Introduction.........................................................................................................432
9.2 Yokogawa Distributed Control System (DCS)....................................................434
9.2.1 System Overview.....................................................................................434
9.2.2 CENTUM CS 3000 System Key Specifications:........................................435
9.2.3 CENTUM CS 3000 Components..............................................................435
Modern Distributed Control Systems XI
9.2.4 CENTUM Networking Components..........................................................438
9.2.5 Redundancy and Reliability.......................................................................438
9.2.6 Instrument Asset Management System (IAMS).........................................439
9.2.7 CENTUM VP.............................................................................................440
9.3 Honeywell ExperionSystem................................................................................441
9.3.1 System Architecture...................................................................................441
9.3.2 Basic Control System Topology.................................................................442
9.3.3 Process Communications...........................................................................443
9.3.4 Process Control Hardware..........................................................................444
9.3.5 Redundancy................................................................................................445
9.3.6 Instrument Asset Management System.....................................................446
9.4 Siemens PCS 7 system........................................................................................448
9.4.1 SIMATIC PCS 7 AS RTX with Software Controller.................................449
9.4.2 SIMATIC PCS 7 Modular Automation Systems........................................450
9.4.3 Tools and Software....................................................................................453
9.5 ABB Automation Control Systems.....................................................................454
9.5.1 System 800xA............................................................................................454
9.5.2 Freelance....................................................................................................455
9.5.3 Compact 800..............................................................................................456
9.5.4 Safety Systems...........................................................................................456
XII
Modern Distributed Control
Systems
1
CHAPTER 1
1INTRODUCTION
1.1 Plant Instrumentation Systems
1.2 Components of Measurement Systems
1.3 Elements of Process Control Loops
1.4 Features of Distributed Control Systems
1.5 Evolution of Distributed Control Systems
OVERVIEW
This chapter introduces plant automation systems, focusing on distributed
control systems-based process plant automation. The chapter also presents a road map
for the rest of book. It includes a simple example of liquid level control, upon which
we add desirable features until we end up with a full-fledged Distributed Control
System (DCS). Section 1.1 introduces the basic functions of plant instrumentation:
value and quality assessment, safety, control, and data acquisition. Section 1.2
describes the main components of a measurement system. In Section 1.3 we introduce
the concept of control loop and explain the various elements of a basic control loop.
In Section 1.4 we expand on the example of liquid level control by introducing some
of the key features of DCS control systems. Finally, Section 1.5 gives a historical
background on the evolution of the process control from World War II until now.
2 Modern Distributed Control Systems
LEARNING OBJECTIVES
After reading this chapter, you should be able to
List the basic functions of a plant instrumentation system.
Describe the role of the components of a measurement system (i.e., sensors, signal
conditioning, signal transmission, signal processing, and indicators).
Identify the various elements of a control loop, as controller, measurement system, set point,
final control element, controlled variable and manipulated variable.
State the fundamental architecture feature of DCSs.
List some of the basic functions of DCSs.
Describe why various communication methods are utilized in DCSs.
Recognize the current and future technological trends in DCSs.
1.1 Plant Instrumentation Systems
Plant automation systems are crucial for meeting the ever-increasing market
demand for lower production cost and better products quality. For large plants,
effective and reliable plant automation requires extensive use of computer-based
systems for monitoring and control of the various plant units. The purpose of process
monitoring is to improve our ability to assess values and qualities, maintain
equipment, and predict risks and reduce or eliminate adverse effects on life and
property. In contrast, the term control means methods to force parameters in the
process to have specific values.
In Distributed Control Systems (DCSs), the function of monitoring and control
of the entire plant is distributed among a large number of control modules and
subsystems. These modules or subsystems could also be physically distributed. A
DCS is a combination of hardware (I/O field instruments, terminal panels, computer
subsystems, and operator stations, etc.), networks (network topology, protocols,
gateways, data access control, etc.), and software (monitoring, reporting, and control).
The basic functions of a DCS and its relationship to the plant’s functions are
introduced in Chapter 2.
The hardware modules receive information from the field sensors and measuring
instruments, and transmit instructions to the control instruments in the field as
actuators, valves, and motors. The field instruments are the front end of any plant
automation systems. A detailed discussion of this subject is covered in Chapter 3. An
introduction to some of the standard hardware architecture of industrial controllers
and their interfaces are covered in Chapter 4, in addition to the common redundancy
configuration for high performance systems for critical applications.
The basic functions of plant instrumentation can be classified into the following
categories:
Value or quality assessment: This is probably the oldest purpose of
3
measurement in the history of civilization. A good example of a value assessment
instrument is the commercial balance. The balance compares with standard weights to
estimate the value of goods. Utility metering systems (for water and electricity) are
other examples. In industrial environment, many measurements serve the purpose of
value assessment and quality assurance.
Safety and protection: The objective here is to monitor the
environment/process for hazardous situations in order to take adaptive, protective, or
preventive actions. For example, the purpose of monitoring weather conditions is
usually to take adaptive actions, or protective actions. In some cases the measurement
system is made to trigger alarms, or take other actions such as opening a pressure
relief valve to prevent excessive pressure from causing a possible explosion.
Guidelines for installation of safety related instruments are covered in detail in
Volume II of this book series.
Automatic control: As stated earlier, the term control means methods to force
parameters in the environment to have specific values. This can be as simple as
maintaining room temperature at a desired value, or as complex as control of an oil
refinery plant. In general, all the elements necessary to accomplish the control
objectives, including the instrumentation system, are usually described by the term
automation system. In a DCS, the automatic control function of the entire plant is
distributed among many controllers or subsystems, each executing one or more basic
control function. One of the basic control functions is called a control loop. A basic
control loop involves taking measurements of a process value and comparing it with a
desired value. Then, based on the error between the desired value and the actual
value, a level of action is determined and sent to a field actuator to change the process
input in such a way as to reduce the error. Other basic control functions include logic
functions and timed sequence of actions. Switching controls using logic functions and
timed sequence of actions are traditionally performed using Programmable Logic
Controllers (PLCs). Chapter 2 provides an overview of DCS functions, and its
relationship to the overall plant information system. The chapter also compares DCS-
based and PLC-based automation solutions.
Data collection: One of the main components of a DCS is called a historian. Its
main function is to store all process measurements, control actions, alarms, and
operation-related actions/events in a real-time database. These data are then made
available for various management and reporting applications. Data are not always
collected and archived for immediate use in the operation of a system. The black box
in air-crafts, for example, collects and archives all possible flight information for no
immediate benefit to the control of the aircraft. However, the information stored in it
would be of great importance to trace back the sequence of events that lead to an
accident or malfunction. In industry, data are collected and archived for operation
monitoring, accounting, reporting, and also for legal and accountability purposes; for
example, they can be used to determine, in the case of an accident or a shut down, the
cause of the incident, and whether it was generated by an equipment defect, wrong
4 Modern Distributed Control Systems
maintenance procedure, or an operator mistake. In industry, data could also be
collected and archived for no immediate purpose. Hopefully, someone will develop
techniques to extract useful information and develop a better model for the process
under observation. Even in the industrial environment, where every piece of
instrument must be economically justified, we see in almost all the recent installations
that the process is provided with abundant data acquisition systems in anticipation of
future uses in new analysis and knowledge-based systems for better control of the
industrial process. The availability of this data has lead to a new generation of data-
driven plant automation software for dynamic modeling and simulation of the various
processes in the plant, decision support systems, asset managements, loop monitoring
and tuning, and for advanced process control and optimization. The DCS Historian
function is also introduced in Chapter 2.
1.2 Components of Measurement Systems
The purpose of a measurement system is to present in a readable or electronic
form the numerical values corresponding to the variable being measured. In general,
this numerical value or measured value does not equal the true value of the variable.
Thus the measured value of the flow rate in a pipe as presented on an indicator may
be 7.0 m3/hr, whereas the true flow may be 7.2 m3/hr; the measured speed of an
engine as indicated on a digital display is, say, 3000 r.p.m., whereas the true speed
may be 2950 r.p.m. The problem of quantifying the accuracy and precision of the
measured values is beyond the scope of this book. However, extensive discussion of
this subject can be found in Chapter 3. For the present purpose, it is sufficient to
realize that the input to the measurement system is the true value of the variable and
the output is the measured value (Figure 1.1), where yact is the actual value of the
process value, and ym is the indicated value of the process variable.
The measurement system consists of several elements or blocks. It is possible to
identify four types of elements, although in a given system one type of element may
be missing or may occur more than once. The five types are shown in Figure 1-1 and
can be defined as follows.
Sensing element
The sensing element is in contact with the process and gives an output that
depends in some way on the process variable to be measured. If there is more than
one sensing element in cascade, the element in contact with the process is termed the
primary sensing element; the others are called secondary sensing elements. The
output from a sensor could be a change in resistance, voltage, current, or frequency,
etc. The word sensor is preferred for the primary measurement element, while
transducer is used for a device that converts a signal from one form to another. Thus,
for example, a device that converts a voltage into a proportional current is called an
E/I transducer (Figure 1-1).
5
Sensing
Element
Signal
Conditioning
Signal
Processing
Input
Signal
transmission
Field Instrument
DCS I/O unit
To
control Loop
program
y
act
y
m
To data
Archiving
Data
Presentation
Figure 1.1 Block diagram of a measurement system.
Signal-conditioning element
This element takes the output from the sensing element and converts it into a
form suitable for further processing, usually a DC voltage, DC current or frequency
signal. Examples include a deflection bridge, which converts an impedance change
into a voltage change; an amplifier, which amplifies millivolts to volts; an oscillator,
which converts an impedance change into a variable frequency voltage. In the
majority of cases, the output of the signal conditioning element takes standard signal
levels; e.g., 0–10 volts or 0–5 volts. If the signal is to be transmitted over wires to a
control room, the output from the signal conditioning element is 4–20 mA. In this
case, the combination of the sensor and the signal-conditioning element is called a
transmitter. For a temperature transmitter which measures temperature, say, between
0–120C, an output of 4.0 mA corresponds to 0C, and an output of 20.0 mA
corresponds to 120C.
Since signal conditioning is a key component of every transmitter in the field,
the fundamental concepts of signal conditioning, and analog and digital signal
processing are discussed in more detail in Chapter 3.
Signal Transmission
Signal transmission is needed to convey the measured process value at the field
to the control room, and also to send back the control commands to the actuators.
6 Modern Distributed Control Systems
There are several signal transmission standards in the process industry. The most
common one is the 4–20 mA signal. A field sensor which is capable of sending its
measured value as a 4-20 mA is called “Transmitter”, e.g. Temperature Transmitter,
Pressure Transmitter, etc. The element which converts an electric voltage to a
proportional 4-20 mA signal is called E/I transducer.
Another important transmission signal in the process industry is the pneumatic
signal with varying air pressure from 3 to 15 psi. For switching control, a binary
electric signal is used to transmit two state signals as low/high or on/off. Digital
transmission, e.g., Fieldbus, is now gradually replacing the traditional techniques of
signal transmission.
In Distributed Control Systems there is a need for a wide range of signal
transmissions: 4-20 mA for conventional signal transmission is covered in Chapter 3;
high speed digital back-plane buses inside controller cabinets are covered in Chapter
4, along with serial digital communication and MODBUS for connection of remote
controllers;local area networks are covered in Chapter 5, Internet in Chapter 6, field
buses in Chapter 7, and wireless in Chapter 8.
Signal-processing element
This element receives the signal generated by the conditioning element and
converts it to a form suitable for presentation or for use by other programs as the
control loop function. The most important signal-processing element is the analog-to-
digital (A/D) converter. A/D converts a voltage into a digital form for input to a
computer. In DCSs, the A/D converters are traditionally located at the controller I/O
boards, but are now integrated into microcontroller chips. The microcontrollers can
perform further processing on the received signal, e.g., conversion of the received
normalized values to their engineering units, computation of total mass flow from the
volume flow rate and density data; analysis of the harmonic components of a
vibration measurement; filtering to remove measurement noise; compensation for
environmental effect; or correction for sensing element non-linearity. The measured
values can then be sent for archiving, or for a data presentation element, e.g., an
operator station in the control room. The measured value can also be sent to software
or firmware control loop functions to determine appropriate feedback control action.
The data presentation element
The data presentation or display devices include indicators, simple pointer-scale
indicators, printers, chart recorders, alphanumeric displays, and computer monitors.
In DCSs, one or more operator station can display hundreds of measured process
variables. In modern DCSs, the displayed values are presented in colorful animated
dials and indicators, trend charts, and associated with their sources in animated
graphics showing various levels of detail of the plant processes. A summary of the
functions of the DCS operator station is given in Chapter 2.
7
1.3 Elements of Process Control Loop
The technology of control systems was first developed using a human as an
integral part of the control action. When we learned how to use machines, electronics,
and computers to replace the human function, the term automatic control came into
use. In process control, the basic objective is to regulate the value of some process
variables. To regulate means to maintain that quantity at some desired value
regardless of external influences. The desired value is called the reference value,
desired value, or set point.
The following paragraphs introduce some basic terms and definitions (i.e., the
basic “jargon” of the field) by developing a specific process control example. Figure
1-2 shows the process to be used for this discussion. Liquid is flowing into a tank at
some input rate qin, and out of the tank at some rate qout. The liquid in the tank has
some height or level, h. Now, we want to maintain the level at a desired set point
value H, regardless of the input flow rate.
Manual Control: To regulate the level, the tank is provided with a glass “sight
tube,” S, as shown in Figure 1.2. The actual liquid level or height, h, is called the
controlled variable. In addition, a valve has been added so the output flow rate can be
changed by the operator. The output flow rate is called the manipulated variable. By
manipulating the valve position, the operator controls the liquid level of the tank as
close as possible to the desired level H. Here, the human operator uses his eyes as the
level sensing element.
Figure 1.2 Manual Level Control.
In general, in manual operation, the human senses constitute the measurement
system. In many cases, the human operator may be assisted by other sensors, e.g.,
level indicator, temperature indicator, or a pressure indicator. Based on the perceived
8 Modern Distributed Control Systems
difference between the desired level and the observed level, and possibly the rate of
change of this difference, the operator decides how much to open or to close the
valve, and how fast to do this action.
Figure 1.3 Automatic level control of liquid in tank.
Automatic Control: To provide automatic control, the system is modified as
shown in Figure 1.3, so machines, electronics, or computers replace the human
senses. An instrument called a level sensor is added that is able to measure the value
of the level and convert it into a proportional signal s. This signal is provided as input
to a machine, electronic circuit, or computer, called the controller. This controller
now performs the function of the human in evaluating the measurement and providing
an output signal, u(t), to change the valve position via an actuator (a motor or a
pneumatic system) connected to the valve by a mechanical linkage. This is a typical
example of automatic process control.
As mentioned before, one of the main functions of the DCS is to execute the
process control loops. In the following paragraphs we introduce some important
concepts about the control loops. Figure 1.4 shows a block diagram depicting the
basic elements of a process control loop. In the following discussion we will relate
the indicated blocks with the elements of liquid level control loop. The controlled
process variable, the liquid level in the previous example, is denoted by y in this
diagram, and its measured value is labeled. The set point is labeled.
9
Process
Control
element
Controller
+
Measurements
y
y
m
y
sp
E= y
sp
- y
m
V U
Figure 1.4 Block diagram of a process-control loop.
The main elements in a control loop are defined as follows:
Process or a Plant: In the previous example, the flow of liquid in and out of the
tank, the tank itself, and the liquid all constitute a process to be placed under control
with respect to the fluid level. In general, a process can consist of a complex
assembly of phenomena that relates to some manufacturing sequence. Many variables
may be involved in such a process, and it may be desirable to control all these
variables at the same time. A process which has a single controlled variable and a
single manipulated variable is called a single-input single-output system (SISO). In
contrast, a process which has many controlled variables and many manipulated
variables is called multi-input multi-output system (MIMO system).
Measurement: Clearly, to effect control of a process variable, we must have
information on the variable itself. Such information is obtained by measuring this
process variable as explained in Section 1.2.
Error Detector: The error detector is a subtracting-summing point that
produces an error signal to the controller for comparison and action.
Although the error detector is often a part of the controller device, it is important
to keep a clear distinction between the two.
Controller: The next step in the process-control sequence is to examine the
error and determine what action, if any, should be taken. The evaluation may be
performed by an operator (as in the previous manual control example), an electronic
circuit, a pneumatic signal processing device, or by a computer. Computers are
dominantly used in process control because computers are programmable, easily
adapted to the decision-making operations, and because of their inherent
computational capability and ability to multi-tasking. The controller requires a signal
representing the measured controlled variable, and a representation of the reference
value,, the set point, expressed in the same units.
10 Modern Distributed Control Systems
In Proportional plus Integral plus Derivative (PID) control, the control action,
u(t), which is used to bring the controlled variable to the set point value is found
using the formula
0
( ) ( ) ( )
t
p I D
dE
u t K E t K E t dt K dt
= + +
ò
(1.1)
where E=ysp-ym . The value of are determined based on the required dynamic
and steady state performance of the controlled variable. The control action u(t) is then
normalized and sent as a standard 4–20 mA signal (or in a digital form) to the control
element. Other forms and ramifications of this basic control strategy are also common
in industry.
Control Element: The control element in the process-control operation is the
device that exerts a direct influence on the process. It is the device which provides the
required changes in the controlled variable to bring it to the set point. This element
accepts an input (the control command), from the controller, which is then
transformed into some proportional operation performed on the process. In many
cases, the control element consists of two parts: the final control element, which is the
mechanical valve in our previous example, and an actuator, which is typically a
pneumatic assembly or an electric motor that moves the valve stem. The actuators
receive the 4- to 20-mA command signal from the controller, and set the valve
position accordingly. The valve modifies the output flow rate qout, which is now
represented by V in the block diagram.
The Control Loop: Notice in Figure 1.4 that the signal flow forms a complete
cycle from the process through measurement, error detector, controller, and final
control element. This is called a feedback loop, because we determine an error and
feed back a correction to the process. In analog or continuous control, the controlled
variable is continuously measured, and the analog controller continuously adjusts the
value of the control action. In digital control, the controlled variable is measured at
regular time intervals (i.e., sampled), and the control action is calculated and updated
at these regular intervals. The time interval between successive samples is called the
sampling period. The sampling rate, the number of samples per second, should be
taken much faster than the process dynamics.
A simple implementation for the automatic control system in Figure 1.3 is
shown in Figure 1.5. The level sensor sends its measurement as an electrical signal to
an electronic controller. The signal is typically sent as a current value between 4–20
mA. The controller is programmed to compare the received signal with the stored set
point value, H. The difference between the desired value and the measured value is
the control error, E. The controller then calculates a value for a signal to be sent to the
control valve/actuator unit to change the flow rate. Here also the control signal is
typically sent as a current value between 4–20 mA. The control signal is usually
calculated as a weighted sum of the error, its integral, and its rate of change as
11
explained before.
Level Controller
Control Valve
Level Sensor
Computer
Figure 1.5 Instrumentation of the automatic level control.
1.4 Features of Distributed Control Systems
In the following discussion, we will add more functionalities to the simple loop
control in Figure 1.3, until it becomes a fully fledged DCS. The first thing we need is
to connect the controller to a remote computer to enable the operator to change the set
point remotely, and to monitor and record the level of the tank. The use of a
computer can help us to have improved Human-Machine Interface (HMI) by adding
process graphics and possibly animation to indicate the variations in water level. The
operator should also be able to see and plot the level setpoint and the actual level over
a desired period of time. In a more realistic situation, we may need to generate alarms
to alert the remote operator if the level in the tank runs too high or too low, a situation
that could happen as a result of failure of the valve/actuator or broken pipe or crack in
the tank, etc. So, at a minimum, the software to be installed in this operator station
should provide interactive HMI and alarm monitoring. The computer can also save all
the measurements with their time stamps in a database for future use and for
preparing daily, weekly, and even yearly reports. The database can store also all the
alarms and operator actions. This database is called “Historian.”
In a typical oil refinery or petrochemical plant, there could be hundreds of such
control loops to regulate levels, flow, pressures, temperatures, etc. The function of the
electronic controller shown in Figure 1-5 is performed by a dedicated Single-Board
Computer (SBC), and hundreds of these boards are assembled in racks/cabinets in
control the plant. Each board is dedicated to one or more control loops. For reliability
purposes, the control functions are distributed among many hardware controllers. The
architecture aspects of industrial computers and other hardware issues are covered in
12 Modern Distributed Control Systems
detail in Chapter 4.
Conventional sensors and actuators are connected to the loop controllers by a 4-
20 mA current loops. Current loops are covered in detail in Chapter 3. Field
Programmable Logic Controllers (PLCs) and Remote Terminal Units (RTUs) are
usually connected by digital serial communication links that could extend hundreds of
meters. The serial communication links are also covered in Chapter 4.
The DCS controllers are linked together by various data communication means
and typically linked to one or more control stations (desktop computers or
workstations) by a Local Area Network (LAN). The operators can then monitor the
performance of these control loops, adjust their set points, respond to alarms, and
generate operation reports, while the engineers can adjust the controller parameters to
achieve the desired process performance. This kind of control hardware and software
is what is known as a distributed control system. Chapter 5 is dedicated to LAN
standards, and discusses the special requirements of industrial Ethernet. In modern
installations, communication between the workstation databases and other servers
could utilize the Internet TCP/IP protocols and other Internet open technologies. An
introduction to Internet protocols can be found in Chapter 6.
With the advance in electronics and microprocessor technologies, vendors now
offer a variety of smart sensors and actuators. Smart sensors and actuators can
provide plenty of information on the status of the device, and allow a device to be
remotely calibrated and configured. However, to utilize these additional features we
need to communicate digitally with the device. HART protocol was introduced to
provide a digital form of communication over the traditional 4-20 mA signal and
cable. Later on, a number of fieldbuses were introduced to allow digital
communication with smart sensors and actuators in a way similar to LANs; yet with
more restricted timing and deterministic behavior. Several fieldbuses are introduced
in Chapter 7, which vary in their capabilities and their intended domain of
applications.
Yet another important breakthrough in automation technology is the emerging
wireless industrial networks. Wireless sensor networks provide solutions for
collecting information by additional monitoring points, which had previously been
impractical or even impossible with conventional wired instruments. In general,
wireless network solutions are more attractive than wired ones, because they provide
substantial savings in engineering and installation costs, in addition to their scalability
and flexibility. An introduction to wireless networks technologies for industrial
automation is provided in Chapter 8.
Large automation applications may include many subsystems from various
vendors. Each vendor has his own proprietary method and protocol to communicate
with its own series of products. However, integrating heterogeneous subsystems
under one large scale automation system was very expensive and time consuming to
13
set up and to maintain. OLE for Process Control (OPC) is a series of specifications
defined by the OPC Foundation for supporting open connectivity in industrial
automation. OPC provides a common standard for software interfacing, enabling
horizontal integration of the automation solutions based on the client/server
paradigm. OPC has been designed to provide reliable communication of information
in process and manufacturing industries, such as petrochemical refineries, automobile
assembly lines and a paper mills. Fortunately, almost all automation hardware
vendors and PLC manufactures provide OPC connectivity of their hardware to enable
fast and low cost integration of their systems with any other systems. OPC will be
covered in Volume II of this series.
In critical applications, when a failure could cause a high risk for people,
property or environment, additional instrumentation and control logic are installed,
independent of the normal regulatory/control functions of the plant. When a
dangerous process limit is reached due to one reason or the other, the logic interferes
automatically to execute a safe shut down of the process. This system is called an
Emergency Shut Down (ESD) system , or Safety Instrumented Systems (SIS). The
guidelines for SIS implementation have been standardized by IEC and will be
covered in detail in Volume II.
In many applications, especially in the utility sector, there is a need for a central
control room to collect data from one or more remote facilities for monitoring, data
analysis, and data archiving; it might also be necessary to send limited control
commands or supervisory set points to the remote facilities. This kind of system is
known as Supervisory Control and Data Acquisition (SCADA). The SCADA system
is not directly involved in performing automatic control actions on remote systems.
Chapter 2 highlights the difference between DCS functions and SCADA systems.
Recently, there has been a growing interest in using the Internet and its associated
open technologies in SCADA systems. In fact, even many DCS vendors provide their
customers with the ability to use the Internet for remote monitoring, and remote
access for their maintenance crew, supervisors, and contractors. While these open
technologies may be good for business, they increase the potential risk to the cyber
security of the manufacturing automation and control systems. Because of the
importance of this issue,Volume II includes a dedicated chapter to cyber security for
the automation community. The objective of this material is to introduce the basic
concepts related to cyber threats, common security countermeasures, and to present
the basic steps towards establishing a cyber security management system.
Finally, In Chapter 9, we provide an example of DCS requirements and typical
criteria for bidder selection. In the subsequent sections, the key features of examples
of modern DCS/computerized automation systems are outlined. Specifically,
Yokogawa’s CENTRUM, Honeywell’s Expriron, Emerson’s DeltaV, Siemens’s
PCS7, and ABB’s 800xA are covered.
14 Modern Distributed Control Systems
1.5 Evolution of the Distributed Control Systems
In the late 1940s and early 1950s, analog instrumentation hardware was
generally based on pneumatic (air pressure) devices. Large-case (approximately 18 x
18 in.) is used for control and display. Each instrument was directly connected to a
process sensing point and usually located near that point. As a result, process
measurement and control were largely decentralized and the operator could only view
one section of one unit in the operation. With the development of pneumatic
transmission techniques, centralized control became possible, gradually permitting
more control hardware to be placed in one section of a control panel. However, the
instrumentation was still fairly large and was usually dedicated to the display and/or
control of one process variable, as illustrated in Figure 1.6.
The invention of the transistor in 1947 triggered a new revolution in
instrumentation. In the late 1950s, the miniaturization trend of the receiver
instrumentation continued at a high pace, and its case size had decreased to 6 x 6 in.
and eventually to 3 x 6 in. and 2 x 6 in. standards. Electronic instrumentation
hardware based on transistor technology started to replace pneumatic instrumentation.
This allowed for electronic transmission development and a consequent further
centralization of instrumentation on one control panel. This led to the birth of
centralized control rooms.
During the early 1960s, the digital computer was introduced to process control,
adding peripheral hardware to the control room. New interface hardware, such as
printers, typewriters, CRT screens and keyboards, were now introduced to the
operator, making the control room scene more complex, as all of the new hardware
was still backed by the conventional analog instrument panel. Thus, the operator had
to learn new techniques while recalling old ones in an emergency. This remained the
practice of control panel design during the 70s and even 80s.
During the late 70s and early 80s, a revolution in man-machine interface design
philosophy began, with the introduction of a distributed architecture based on
microprocessor hardware, as illustrated in Figure 1.7. This new hardware digitized the
usual analog hardware and made applicable new control modes. It also introduced the
communications network into the conventional analog loop and enabled the return of
some decentralization of control to the field, while at the same time centralizing more
information at the main control console(s). Extensive studies were conducted on the
human engineering aspects of information gathering, e.g., the ISA recommendation
(ISA-RP60.3-1977, revised in 1985) entitled “Human Engineering for Control
Centers.” These studies lead to a new revolution in human interfaces for computer
based measurement systems during the 80s and continuing in the present.
The distributed systems then made it possible to place all relevant process
information on these control consoles within easy reach of a seated operator. That,
essentially, is the revolution. Figure 1.6 illustrates the evolution in control panel
15
design from the 1950s to the current centralized overview CRT consoles.
These distributed systems were introduced by most of the major instrument
manufacturers; namely, Honeywell, Inc., Foxboro Corporation, Taylor Instrument
Company, the Bristol Company, Fisher Controls Corporation, EMC Corporation and
some others. Honeywell, Inc.’s “TDC2000” was one of the first introduced (“TDC”
stands for Totally Distributed Control). The system is based on microprocessor
hardware configured into a “data highway” network. During the 1990s, the display
station used high technology to enhance the human interface and enable the operator
to supervise larger amount of information. The display is based on the “Windows”
technology, animation, 3D display, icons, mouse pointers, touch screens, videos, and
virtual instruments. A typical control center during 90s is shown in Figure 1-7. The
future development for the twenty-first century will be in operator support software,
where intelligent software will be used to consolidate and analyze large amount of
data and provide the operator with intelligent summary, analysis, and expert advice.
The signal transmission during the 50s and 60s was based on pneumatic
techniques. In this system, the analog signal is transmitted through pipes as variable
air pressure between 3 and 15 psi. During the 70s, 80s, and 90s, the electric wire
standard 4–20 mA became the most popular method for signal transmission in the
instrumentation field. During the 90s with the advance in digital communications,
microelectronics, and networking, there were many attempts to introduce digital
transmission techniques. The sensors became more sophisticated and a new
generation of smart transmitters took a considerable market share. The fieldbus
technology was introduced in 1997. The fieldbus enables a single-wire cable to be
connected to many sensors in the field. The digital transmission enables faster
responses and increases the amount of information that can be transmitted over the
fieldbus. Digital transmission is expected to revolutionize the process instrumentation
with a much bigger scale than the revolution that was triggered by the electrical
transmission during the 70s and 80s, as illustrated in Figure 1-8. The intelligence is
also becoming distributed and embedded in the smart transmitters. The
instrumentation environment will be revolutionized by networking, fiber optics, solid-
state sensors, wireless sensor networks, and artificial intelligence technologies. A
summary of selected milestones in the development of DCS and instrumentation
technology is given in Table 1.1.
16 Modern Distributed Control Systems
Figure 1.6 Evolution of Control Panel and Instruments.
Figure 1.7 Typical Control Center during the 80s and 90s.
17
Figure 1.8 Evolution of the field instrumentation’s communication technology.
Table 1.1 Evolution events in DCS and instrumentation technology
Year Event
1900 to 1908 Manual control with gauges and valves
1910 to 1920 Large case instruments in the field
1920 to 1940 Pneumatic signal & instruments
1945 ISA ( Instrument Society of America) was founded
1947 Invention of Transistor at AT&T Bell lab
1948 First Pneumatic differential pressure Transmitter (Foxboro)
1948 National Bureau of Standards (NBS) developed a differential manometer to
compare pressure of gases, organic vapors, and non-corrosive liquids.
1950s Development of central control rooms
1951 UNIVAC, the first automatic control computer
1952 A. T. James and A. J. P. Martin developed the process of gas Chromatography
1954 Electromagnetic flowmeters (Foxboro)
1954 DIGITAC process control computer (Hughes Aircrafts)
1955 Ultrasonic flowmeters
1956 First commercial gas chromatograph (Beckman Instruments)
1957 Ultrasonic level sensors
1959 4 to 20 mA analog transmission (Honeywell)
1959 All Solid-state controller (Bailey meters Co.)
18 Modern Distributed Control Systems
1959 Discovery of superconductivity (Westinghouse)
1960’s DDC Direct digital Control, The IBM 1800
Introduction of Programmable Logic Controllers PLCs (General Motor)
1964 IBM mainframe system/360
1965 PDP-8 minicomputer (Digital Equipment Corporation)
1970’s minicomputers, PLCs, and Networking
1974 Remote sensing satellite
1974 MOS technology (RCA)
1975 Honeywell TDC2000, Yokogawa Centum, Fiber optics
1976 Interactive digital display
1977 First redundant computer configuration
1977 Distributed Control Systems (DCS)
1980 Bailey (now part of ABB) NETWORK 90, Fischer & Porter (now part of ABB[Ref
3]) DCI-4000
1981 Interactive color graphics workstation (US-DATA)
1980s Expert systems, neural networks, and artificial intelligence.
1981 IBM Personal Computer
1986 Network Manufacture Automation Protocol (MAP)
Computer Integrated Manufacturing (CIM)
1987 First AI controller (Foxboro), HART protocol
1990s Smart transmitters, fieldbus, digital transmission, networking, 3D Windows user
interface. Autotuning, fuzzy controllers
1990s InTouch interactive human interface (Wonderware). Open Architecture. MES
(Manufacturing Execution Systems). Powerful microprocessors, RISC Chips,
Pentium, Alpha, and PowerPC.
1995 ISA88 Batch control standard, Windows NT, OLE, OPC (Object-oriented Process
Control)
1997 Birth of fieldbus standard, Internet instrumentation.
2000+ Open System Architecture, Wireless LANs, Internet instrumentation.
Reliable PC architectures, real-time embed OS, RT Windows OS, Multiprocessors,
multi-core high-performance workstations, industrial Ethernet, Field bus
technology,.
2010+ Distributed intelligent systems, IPv6, RFID, wireless sensor networks, ISA100.,
cybersecurity.
19
SUMMARY
1. Plant instrumentation is the front end of the plant automation.
2. The main functions of the plant instrumentation system are: value and
quality assessment, safety and protection, control, and data collection.
3. An instrumentation system consists of five basic functional elements;
sensors, signal conditioning, signal transmission, signal processing, and
data presentation.
4. The main parts of a control loop are the process or the plant, the
measurement, error detector, controller, and the control element.
5. In DCSs, the control function of the plant is distributed among large
number of single board computers, assembled in racks and cabinets.
The DCS controllers are linked together by various data communication
means and typically linked to one or more control stations (desktop
computers or workstations) by a local area network.
6. The basic functions of DCSs are monitoring, control, alarm
management, storage of measurements and Alarm events in a Historian
database, and reporting.
7. The main technological trends in DCS are smart sensors and actuators,
Fieldbuses, cybersecurity, and wireless industrial networks.
References
[1] RP60.3-1985 Human Engineering for Control Centers, ISBN/ID:0-87664-897-9.
[2] John R. Bentley, Principles of Measurement Systems, 3rd ed. , Longman Group Limited,
1995.
[3] Smart A. Boyer, SCADA: Supervisory Control and Data Acquisition, 3rd ed., ISA, 2004.
[4] Samuel M. Herb, Understanding Distributed Processor Systems for Control, ISA, 1999.
[5] Dobrivojie Popovic, and Vijay P. Bhatkar, Distributed Computer Control Systems in
Industrial Automation, CRC, 1990.
[6] M.R. Skrokov, Mini-and Microcomputer Control in Industrial Processes, Van Nostrand
Reinhold Company, 1980.
20 Modern Distributed Control Systems
EXERCISES
(Straight forward applications of the concepts of the chapter)
E1.1] The “set point” is
a) The actual value.
b) The desired value.
c) The predicted value.
d) The safety limit value.
E1.2] Which is NOT correct
When a computer receives a measurement value from a sensor in the plant, it…
a) Triggers an alarm.
b) Displays it.
c) Sends it to a feedback controller.
d) Saves it.
E1.3] Which is NOT a purpose of plant instrumentation system
a) Assessment of product quantity
b) Assessment of product quality
c) Monitoring of the safety aspects of processes and machines
d) Assessment of production capacity and limits.
E1.4] Which is NOT an element of a measurement system
a) Signal conditioning
b) Signal transmission
c) Motors and valves
d) Indicators and numerical displays
E1.5] Which is the key feature of a Distributed Control System
a) It is distributed over a large geographic area
b) Its control function is executed by a large number of microprocessors.
c) It relies on a single central high performance computer
d) It relies on a large number of operators to monitor critical processes
E1.6] A device which converts voltage into a proportional current for signal transmission is called
a) E/I DCS
b) E/I transducer
c) E/I controller
d) E/I actuator
21
E1.7] Which is NOT an element of a control loop
a) A historian which generates the control action
b) Sensor to measure the process value
c) A control element which performs actions on the process to modify the process value.
d) A controller which calculates the desired control action
E1.8] PID stands for
a) Plant Instrumentation Data
b) Pneumatic Instrument Driver
c) Proportional + Integral + Derivative
d) Process Increase/Decrease
E1.9] During 70s, and 80, the most common signal transmission for control purpose was
a) Point to point Wireless transmission
b) 4.0- to 20.0 mA
c) Local Area network
d) Fibre optical cable
PROBLEMS
(Problems extend the concepts of this chapter to new situations)
P1.1] Explain using a block diagram the function of your home heating system.
P1.2] A chef places a pie in an oven with a glass window. Explain in terms of a block diagram the
man-process interaction. Suggest techniques to automate this backing process.
P1.3] Home laundry dryers usually operate on fixed timed cycles. However that scheme may not be
economical because if the material dries quickly, the machine continues to operate
unnecessarily to complete its cycles. On the other hand, for heavy cotton material it may
require attention and inspection several times to finish its job. Suggest a suitable measurement
system and propose an automatic system for the home laundry dryer. Explain your idea using
a block diagram.
P1.4] Shower water temperature control. One common bathroom problem is to get one’s desired
shower temperature. We usually try to achieve that by adjusting the hot water and the cold
water taps; however, in many cases after wasting a lot of hot water or with unnecessarily high
flow rate. It would be economical and convenient if you can design such automatic control
system. For efficient operation it needs to measure the temperatures of the inlet cold water,
the temperature of the inlet hot water, and the output temperature. Explain with the help of a
block diagram the operation of such system, indicating clearly the various elements of the
feedback control.
22 Modern Distributed Control Systems
TERMS AND CONCEPTS
Closed-loop feedback control system
A system that uses a measurement of the output and compares it with the desired output.
Control system
An interconnection of components forming a system configuration that will provide a desired response.
Distributed control system
A system which, while being functionally integrated, consists of subsystems which may be physically
separate and remotely located from one another.
Final control element
The device that directly controls the value of the manipulated variable of a control loop. Often the final
control element is a control valve or a motor.
Function blocks
Control programs can be described using a standard set of elementary function blocks. A function
block describes a function between input variables and output variables. Input and output variables are
connected to blocks by connection lines.
Open-loop control system
A system that utilizes a device to control the process without using feedback. Thus the output has no
effect upon the signal to the process.
Process
The device, plant, or system under control.
Sensor
The part of a loop or instrument that first senses the value of a process variable, and that assumes a
corresponding, predetermined, and intelligible state or output. The sensor may be separate from or
integral with another functional element of a loop. The sensor is also known as a detector or primary
element.
Set point
An input variable that sets the desired value of the controlled variable. The set point may be manually
set, automatically set, or programmed. Its value is expressed in the same units as the controlled
variable.
System
An interconnection of elements and devices for a desired purpose..
23
CHAPTER 2
2PLANT AUTOMATION HIERARCHY
2.1 Introduction.
2.2 Distributed Control Systems.
2.3 SCADA Systems.
2.4 Computer Integrated Manufacturing (CIM).
2.5 PLCs and DCS.
OVERVIEW
This chapter is an overview of the plant automation hierarchy, illustrating the
relationship between Distributed Control Systems (DCSs) and other enterprise
networks and functions. Sections 2 and 3 highlight the main functions of DCS and
Supervisory Control and Data Acquisition (SCADA) systems. Section 4 introduces
computer integrated manufacturing and explains how it is connected to the plant-
wide management network. Section 5 explains some of the differences between
programmable logic controllers (PLC) and DCS, highlighting the strengths of each as
well as their domains of application.
LEARNING OBJECTIVES
After reading this chapter, you should be able to do the following:
Understand the hierarchy of a plant automation/management system.
Recognize the main functions of each level of the plant
automation/management hierarchy.
Understand the role of the Management Information System, Supervisory
Control System, the Distributed Control System (DCS), the Emergency
Shutdown Systems (ESD), the Safety Instrumented Systems (SIS), and the
Field I/O.
Understand the main functions of a DCS system and a SCADA system.
Recognize the similarities and differences between a CIM and a DCS.
Understand the architectural difference between Programmable Logic
Controllers (PLCs) and DCS control systems.
Be familiar with the strengths of PLC-based and DCS-based control
solutions, and their domains of applications.
24 Modern Distributed Control Systems
2.1 Introduction
In modern automaton systems the plant instrumentation and control functions
are no longer standalone units; they are integrated parts of the complex plant
automation and management system. Instrumentation and control engineers must be
familiar with data communication and computer networks to ensure the integration of
the process control and instrumentation functions in an efficient, safe and reliable
way. The logical hierarchy of the plant automation and management functions reflect
the physical hierarchy of the plant computer networks. Figure 2.1 shows a typical
hierarchy of a plant automation system and how it is linked with the enterprise
Management Information functions. The ISA-95 “Enterprise-Control System
Integration” provides a comprehensive overview of this topic.
A typical plant automation/management network hierarchy system consists of
the following:
1- Enterprise Management Information System (MIS) (Level 4)
The enterprise-wide management information system (MIS) is usually housed in
a central location or near the plant operating management, and may involve the
oversight and coordination of several sites. The main functions at the enterprise MIS
level network include:
Management information and operations performance.
Supply chain management.
Sales and Marketing, and Customer Relations Management (CRM).
Accounting and Financing
Enterprise Resource Management (ERP).
HR and payroll.
Over all organization’s database.
Enterprise-wide data communication networks usually consist of a high speed
backbone network linking various buildings and departments. Geographically
dispersed plants and sites may be linked by leased lines, microwave links, or leased
fiber optics links. For inter and intra departmental computer communications, high
speed Ethernet-based local area networks are the most popular solution at the
enterprise level.
2- Plant Level Management (Level 3)
The plant computer/management level is responsible for coordinating
production activities across the various production areas in the plant. If the company
25
runs several factories at different locations, a plant level computer is usually needed
to supervise the production and management of each plant. The following is a
summary of the main functions at the plant level
Plant level Production Planning and Scheduling.
Warehouses and inventory control.
Receiving and Shipping.
Maintenance planning and scheduling.
Asset management.
Quality Control
Plant level management is usually served by an industrial Ethernet local area
network. Bridges and switches are commonly used to divide the network into smaller
networks serving the local needs of each department.
3- Supervisory Control System (Level 2B)
The supervisory control level is responsible for coordination, integration, and
monitoring of all the DCSs in one control room (one area). The supervisory control
level includes the following functions:
Coordination and execution of Multi-loop control functions.
Execution of Multi-variables control strategies, and advanced Process Control
methods.
Optimization of the set points of the control loops and the production level of
the processes or the production units.
Ensure that the Process parameters are kept within specification (quality
assurance).
Generation of the production reports.
Organization, supervision, and management of control and automation
activities.
Detection and analyses of process control, equipment status, and safety
systems abnormal condition or behavior.
Intervene / modify/ override DCS programs, if necessary.
Organization, and initiation of conditional, preventive and corrective
maintenance operations.
26 Modern Distributed Control Systems
Process
Supervisor 's
console
Supervisory
control level
Operator's
displays
DCS
level
ESD and Specialized dedicated
digital controllers
and PLC's
(Level 2B)
(Level 2A)
(Level 1)
Analog & Digital
communication
Control Signals
Plant Inputs
(Analog &
switching)
Plant
Production
Management
Production
Planning and
Scheduling
(Level 3)
Enterprise
Management
Management
Information
System
(Level 4)
Fieldbus
Digital
communication
DCS LAN
Plant LAN
Enterprise LAN
Figure 2.1 Functional levels of a plant control and management network.
4- Process Monitoring and Control (Level 2A)
Level 2 defines the activities of monitoring and controlling the physical
processes. This level covers all aspects of DCS systems, including controllers, data
acquisitions, PLCs, HMI, Historian, SCADA systems, as well as all aspects of
27
process monitoring and control.
In spatial terms it covers manufacturing units and cells, or zones. Large
operations like refineries, petrochemical plants and gas plants normally operate from
more than one control room. Each control room handles one or more operating area,
as shown in Figure 2.2. In Figure 2.2 each control room may house one or more
DCSs, and each DCS is dedicated to one production unit in this area of the plant. A
production unit could be a distillation column, Catalytic Cracker, Boiler-turbine unit,
etc. In a desalination/power generation plant, for example, the plant may contain
several areas; the power generation area may contain several boilers, each feeding a
turbine and a generator. Another control room may be dedicated to the water
desalination area, which may in turn have several production units. A third control
room may also be necessary for the control of water and air treatment units, and a
fourth for the management of the tank farm area.
In critical applications, redundant analog or digital control systems may coexist
with the main DCS as a back up to increase the availability of the control system in
case of a partial or total failure of the main DCS or one or more of its critical
components. More about the functions of the DCS is covered in Section 2.2.
Modern DCS systems use industrial local area networks to connect PLCs,
controllers, and operator stations. However, connection of the controllers with the
I/O units is usually through standard field buses or proprietary control networks with
special requirements to meet strict response times.
Emergency Shutdown Systems (ESD) and safety systems
An emergency shutdown system (ESD) or a safety instrumented system (SIS) is
an independent system composed of sensors, logic solvers (e.g., controllers), and
final control elements for the purpose of taking the process to a safe state when pre-
determined conditions are exceeded. The safety actions include:
Equipment and Instrumentation functional interlock and protection Systems.
Safety Critical Control Systems.
Emergency and safety Shutdown Systems.
An ESD is a highly reliable solid state, electromechanical or PLC-based logic
solver system, which operates as a standalone system to provide safety shutdown
features for operating units, major rotating equipment (compressors and pumps),
boilers (burner management system), and plant isolation devices. The system may be
linked to a DCS for remote activation and status indication. In critical applications,
the safety instrument system could represent 20–30% of the plant’s control and
instrumentation system.
28 Modern Distributed Control Systems
Safety Instrumented Systems (SIS) are engineered to perform “specific control
functions to fail safe or maintain safe operation of a process when unacceptable or
dangerous conditions occur. SIS are designed to achieve a risk based level of safety
and performance. SIS will be covered in detail in Volume II of this book series.
5- Plant Instrumentation (Level 1)
The bottom level in plant automation includes all the field instruments and their
associated wiring. In conventional instrumentation, analog measurements are brought
as 4–20 mA analog signals to the control room. Similarly, command and control
signals are sent from the control room to the field via a dedicated shielded twisted-
pair cable for each signal. Even for a medium-size plant, the number of cables could
run to several thousands, requiring substantial maintenance cost.
Fieldbus technology allows many devices to be connected on one cable, leading
to a great reduction in the wiring complexity. Other advantages of fieldbuses include
replacing the current 4–20 mA standard with a purely digital signal that reduces the
effect of noise and wiring cost (a 60–80% reduction). But the main advantage of a
fieldbus is its capacity for digital bidirectional communication with field instruments
and with the DCS. High-speed digital communication enables smarter field
instruments, which can exchange not only process measurements, but also
calibration, diagnostics and alarm information. Fieldbuses operate in two-level
hierarchies. The fieldbus nodes at Level 1 receive and transmit information from the
field I/Os digitally or by the conventional 4–20 mA signals, while they communicate
with and controlled by the DCS (level 2) digitally.
Specialized dedicated equipment
Level 1 may also include a front-line dedicated programmable logic controllers
(PLC) located on the manufacturing floor or in the field for tight monitoring and
control of critical equipment. Other control computers include those that often come
embedded in the machines as the CNC machine control. In remote sites the functions
of monitoring and control could be handled autonomously by remote terminal units
(RTUs). RTUs are connected and supervised by DCS and SCADA stations from the
control rooms.
29
Production Unit-1/Area-3
Production Unit-1/Area -1
Plant wide (site)
Production
management
System
Area-2
Superv.
CTRL
System
Area-1
Superv .
CTRL
System
DCS
for
PU-3
DCS
for
PU-2
DCS
for
PU-1
FIELD
I/O's
ESD/
SIS
PLC's/
RTUs
Area-3
Superv.
CTRL
System
DCS
for
PU-3
DCS
for
PU-2
DCS
for
PU-1
PLC's/
RTUs
ESD/
SIS
FIELD
I/O's
To
Enterprise
network
Plant-1
Area-1
Control
Room
Figure 2.2 Plant automation and management hierarchy.
6- Process Equipment (Level 0)
Level 0 is the actual physical process. It presents the actual process or
manufacturing equipment which performs the physical, chemical, spatial, or energy
transformation, e.g. reactors, heat exchanges, compressors, pumps in process
industry; or conveyors, machining equipment, motors, actuators, lifts, etc. in discrete
manufacturing.
30 Modern Distributed Control Systems
2.2 Distributed Control Systems
This section focuses on the DCSs. Distributed Control Systems are dedicated
systems used to control continuous or batch-oriented manufacturing processes, such
as oil refining, petrochemical and pharmaceutical production, power generation, food
& beverage manufacturing, cement production and steel and paper making. DCSs are
responsible for direct monitoring and control of the plant’s various processes.
Figure 2.3 Typical DCS LAN.
A DCS is a combination of hardware (I/O field instruments, terminal panels,
computer subsystems, and operator stations, etc.), networks (network topology,
protocols, gateways, data access control, etc.) and software (monitoring, reporting,
and control). DCSs are connected to sensors and actuators. The wiring from the field
instruments is fed into termination cabinets (Marshall Cabinets) in the control room.
The computer subsystems are vertically mounted cabinets that include power
supplies, distribution panels and card cages where subsystems modules are inserted.
The subsystems modules are in fact intelligent microprocessor-based boards, where
the control functions are embedded. Normal control functions are thus distributed
across a large number of these local control modules. The local control modules are
usually grouped under one or more control stations (CS). A CS could also coordinate
tight control and logic functions between its local control modules, and execute
multi-loop control algorithms. CSs communicate with the other units in the system
31
via data high ways, as shown in Figure 2.3.
A typical DCS consists of functionally and/or field-distributed digital control
stations capable of executing from 1 to 256 (or more) regulatory control loops. The
input/output (I/O) devices can be integrated with the controller or located remotely
using RTU. Today’s local controllers have extensive computational capabilities and,
in addition to proportional, integral, and derivative (PID) control, they can generally
perform logic and sequential control.
Data historian is a real time database and reliable data storage server which
efficiently collect and store time stamped process variables, control loops
performance, process changes and actions, alarms, and events. The stored
information is then made available for analysis and reporting by various application
programs.
DCS functions include:
1. Process monitoring and scanning. The scope of this function covers analog
signal filtering and conditioning, signal sampling, normalization, linearization,
upper/lower limit check and display of alarms and trends.
2. Data processing: operation control reports, operation analysis reports and data
compression and formatting for the supervisory computer or the MIS
3. Basic process control: PID, Cascade, Ratio control etc.
4. Generation and logging of the process and system alarms
5. Man-machine interface (MMI)
6. Data reduction and archiving.
7. Security and functional access control (operator station, engineering station,
supervisor station, maintenance stations).
8. Cyber security.
In a typical DCS, there may be multiple consoles with varying degrees of access
to data. In most cases, each operator, engineer or manager is given specific rights to
access and control of the system. The plant superintendent, for instance, may have
complete control over his facility, while an operator may only have access to specific
data on a particular process, and permission to change only the loop set points. An
engineer may have access to modify control loop parameters or other control
algorithms. These security measures are necessary to avoid accidents and process
upsets. Cyber Security tools and procedures are important to avoid software virus and
malicious software, and to ensure that only authorized personnel can access plant
information or operate the control systems.
DCSs require the highest reliability in comparison with the typical reliability of
office computing equipment. They are also required to have fast and deterministic
32 Modern Distributed Control Systems
response to ensure safe and reliable operation of the plant production system. Early
generations of DCSs were very much vendor-dependent and were supplied as
complete turn-key systems. The problems with these proprietary control systems
include vendor dictated pricing structures, non-common interfaces, higher integration
costs, higher costs of extension and enhancement, and the need for specific training
for operation and troubleshooting across multiple proprietary systems. However, the
start of the 21th century has witnessed an increasing interest by end-users and
vendors to adopt open architectures and standards to reduce development cost,
systems cost, and to facilitate integration of third parties components and software.
Examples of modern industrial DCSs are the Yokogawa CENTUM [Ref 1],
Honeywell Experion system (its older TDC3000) Ref 2], and Emerson Delta-V
system [Ref 3], ABB AC800 [Ref 4], and Siemens SIMATIC PCS7 [Ref 5].
2.3 SCADA Systems
Supervisory Control and Data Acquisition (SCADA) is a networked system that
allows an operator in a central control room to collect data from one or more remote
facilities for monitoring, data analysis, and data archiving; and possibly send limited
control commands or supervisory set points to the remote facilities. The SCADA
system is not directly involved in performing automatic control actions on the remote
sites. The work stations or host computers in the central control room are linked
together by a high-speed local area network, and could be linked to the remote sites
by various communication links. SCADA systems collect data and supervise
heterogeneous PLCs and RTUs scattered over large geographical areas. A SCADA
host computer, then, acts as a translator, acquiring process data from disparate, non-
homogeneous sources, and making process data available in a uniform and well-
defined format to applications running in other computers in the network.
The following is a summary of the functions of distributed SCADA systems:
1. Interface with the various external process data sources to perform acquisition
of timed process data.
2. Conversion to engineering units; if necessary, alarm checking and storage of
data in Real-Time Data Bases (RTDB).
3. Data reduction and archiving of current hourly average and daily average data
for all points.
4. Provide well defined access methods for external applications on the network
to access the RTDB values and attributes.
5. Monitoring and logging of the process and system alarms.
6. Man/Machine Interfacing.
33
7. Allow operator to send set point changes to remote RTUs and PLCs.
8. Allow operator to perform limited open-loop control functions as opening or
closing a valve.
Regular PCs can be very attractive as SCADA workstations in non-time-critical
applications, and when sophisticated backup mechanisms are not necessary. PCs are
indeed a very convenient tool for off-line data analysis, especially with the
availability of powerful software packages for Man-Machine Interface and supervisor
control functions.
But it should be very clear that PCs are not geared for real-time applications,
and have limited data acquisition features. In time-critical applications and where
reliability and availability are important, special attention should be given to the
selection of the computer hardware, the operating system and the communication
software.
2.4 Computer Integrated Manufacturing (CIM)
A similar DCS architecture exists in discrete manufacturing, known as
Computer Integrated Manufacturing (CIM). CIM is a computer-automated system in
which engineering, production, supply-chain, marketing and support functions of a
manufacturing enterprise are organized. Functional areas such as design, analysis,
planning, purchasing, cost accounting, inventory control and distribution are linked
through the computer with factory floor functions, such as materials handling and
management, providing direct control and monitoring of all process operations. A
CIM may require integration of the following subsystems:
CAD/CAM (Computer-aided design/Computer-aided manufacturing)
CNC (computer numerical control) machine tools
FMS (flexible machining systems)
ASRS (automated storage and retrieval systems)
AGV (automated guided vehicles)
Manufacturing Robots
Automated conveyance systems
Computerized scheduling and production control
Automated testing and quality assurance
34 Modern Distributed Control Systems
Factory Floor LAN
Numerical
Controls
Other
devices
PLCs
Bridge
Router
Management
console
Plant
computer
system
CAD workstations
Bridge
Router
Work
station
Robots
Cell Lan
Bridge
Router
Work
station
Robots
Cell Lan
Figure 2.4 CIM manufacturing and management network.
In FMS, the factory can be quickly modified to produce different products or the
volume of products can be quickly changed with the aid of computers. The
manufacturing floor is divided into cells. A common practice in CIM is to serve
individual work cells (as with DCSs), via a hierarchically structured network, as
shown in Figure 2.4. A fieldbus, such as Profibus, or a local area network could
directly interconnect intra-cell devices, though inter-cell components must
communicate via a factory level backbone network.
Although this approach does not need the services of mainframe computers as
switching nodes, the bridges in the inter-cell communication path are a source of
additional delay and possible congestion. An alternative approach to the network
35
architecture for integration of design and manufacturing systems is a single high-
speed network. This architecture allows all devices on the factory floor to
communicate with each other over a common network without any bridges or
routers. Such a networking approach could be advantageous in FMS when it allows
dynamic partitioning of the shop level facilities into several virtual cells. In the
dynamic environment of FMS the same robot or machine tool may be assigned to
different virtual cells from time to time.
2.5 PLCs and DCSs
Programmable Logic Controllers (PLCs) were traditionally designed to handle
switching on/off actions and to perform logic control sequences. The PLC
architecture consists of a system controller that communicates with input/output (I/O)
boards through a backplane bus, as depicted in Figure 2.5. The system processor
periodically scans the status of the input lines, performs the desired logic program
and updates the status of the output lines. This scanning is done periodically at a
specific rate, which depends on the processor speed, the number of (I/Os) and
complexity of the logic tasks. The system processor is also responsible for
communication with the outside world.
In contrast, DCSs were traditionally built to handle PID loop controls in highly
distributed architectures. Each loop is executed by a separate micro-controller board,
and every group of these boards is assembled in one or more racks called control
stations (CS), where a communication/control system processor provides
connectivity with the DCS control room via high speed data highway. The micro-
controller boards work autonomously and independently to regulate the assigned
control loop, even in cases of communication failure.
Because of these architectural differences, PLCs are cost effective for small
automation tasks, and for execution of fast logic control sequences on tightly
dependent I/Os. PID loop control can also be handled by the system controller, but
with substantial processor loading. PLCs have been used in discrete industries, such
as automotive, electronics assembly bottling facilities, machine parts manufacturing
and conveyor belt sorting and material movement, where they are configured or
programmed to do specific tasks. But the nature of continuous processes means they
are constantly changing. Variability of raw materials, ambient and environmental
conditions and constraints inherent in processing equipment are just some of the
physics-related elements that affect process variables in continuous or semi-
continuous/batch processes. In addition, there are daily variable factors such as
production rates, market conditions and product mix, which all require substantial
flexibility in the control and coordination of the various parts of the plant. These
requirements can only be met by the DCS systems.
36 Modern Distributed Control Systems
Backplane Bus
I/O card I/O card I/O card
PLC architectu re
System
processor
Serial data
communication
Digital I/O
Backplane bus
SBC SBC SBC
DCS control station
DCS high
speed
LAN
Communication
processor
Analog I/O
for loop
control
Figure 2.5 Traditional architecture of a PLC (top), and a DCS control station (bottom).
The following is a brief summary of the strong points of DCS and PLCs:
Advantages of DCS
1. Excellent for regulatory control applications.
2. Cost effective for medium and large/complex batch and continuous process
applications.
3. Pre-packaged integrated system of hardware and software, and hence, low
engineering time.
4. Robust multitasking system to handle large global common databases
5. Easy to interface with enterprise applications.
6. Easy to integrate Dynamic Simulation and Advanced Process application
packages.
7. Scalability: can be scaled for specific current control task, and expand in
future.
37
8. Standard HMI, with easy to change graphics and to tune PID loops.
9. Provides a pictorial representation of the entire plant.
10. Ability to work with fieldbuses as Hart protocol or Foundation Fieldbus.
11. HMI integrated with control capability, the network integration, Asset
Management and Historian software.
12. Superior system availability.
13. DCS systems are sold directly by the supplier and also Engineering of the DCS
is done by the Supplier
Advantages of PLCs
1. Excellent for sequential control.
2. A good fit for small to medium batch applications.
3. Rugged, fast & low cost I/O.
4. Cost effective entry solution.
5. Ladder logic understood by many people.
6. PLCs are sold by distributors and engineered by system integrators.
In this era of fast moving technology DCSs are scaling down in size while PLCs
are moving up in function, and both are trying to overlap each other’s domain. The
low cost powerful micro-controller chips make it now affordable to include
intelligent PID loops in the new generation of PLCs. With the introduction of open
standards, such as OPC, PLC vendors are claiming that they have already developed
HMI and other interfaces similar to those found in DCSs, and they also claim that
their PLC-based solution can perform the same functions as a DCS.
For medium automation tasks, 200 ~300 points, the PLC can be a cost-effective
competitor to the DCS. At the same time, the same fast-moving technology enabled
DCS to incorporate more structure redundancy for higher reliability, smaller foot
prints, and the ability to handle the same fast and complex logic control sequences as
PLCs.
In applications like batch control or SCADA systems, hybrid solutions could be
the most cost-effective solution, where distributed PLCs are linked to a central DCS
for unified HMI and integration with the enterprise management network. Yet many
experts believe that we have reached a new era in automation, where the lines
between DCS and PLC automation solutions have almost disappeared.
Programmable Automation Controllers (PACs)
Automation manufacturers have responded to the increased scope of modern
applications with industrial control devices that blend the advantages of PLC-style
38 Modern Distributed Control Systems
deterministic machine for process control with the flexibility and strengths of PC-
based systems. Such a device has been termed a programmable automation
controller, or PAC.
For many modern applications, interfacing with signals from simple sensors and
actuators is merely the starting point. Advanced control features, network
connectivity, device interoperability, and enterprise data integration are now typically
demanded in industrial applications. These modern requirements extend far beyond
the traditional discrete-logic-based control of input/output (I/O) signals, and
sequential control handled by a programmable logic controller (PLC).
A PAC, however, has the broader capabilities to perform advanced functions
like data acquisition, counting, latching, and enhanced PID loop controls. A PAC is
characterized by its modular design and construction, as well as the use of open
architectures to provide expandability and interconnection with other devices and
business systems. PACs combine and expands the PLCs control capabilities with PCs
connectivity and versatility. PACs typically include the following features:
1. Operate using a single platform in multiple domains, including logic, motion,
drives, and process control.
2. Employ a single development platform using common tagging and a single
database for development tasks across a range of disciplines.
3. Tightly integrate controller hardware and software.
4. Programmable using software tools that can design control programs to support
a distributed control over several machines.
5. Operate on open, modular architectures that mirror industry applications, from
machine layouts in factories to unit operation in process plants.
6. Employ de-facto standards for languages, protocols, and data exchange as part
of networked multi-vendor systems.
7. Support for Standard Communication Protocols like TCP/IP and MODBUS,
and provide LAN connectivity with the Enterprise Systems.
8. Provide fast and efficient processing and I/O scanning.
39
SUMMARY
1. There are 5 levels of managements/networks in a typical organization; the
enterprise level, the plant level, the supervisory control level, the DCS level,
and the field instrumentation level.
2. In a typical control room, the supervisory computer oversees several DCSs,
each DCS controls/monitors one production unit.
3. ESD/SIS is a standalone safety monitoring and control system, which
operates only in emergency situations.
4. SER or Historian is a real-time process history server.
5. Fieldbus replaces the traditional analog 4 – 20 mA., provides high-speed
digital communication, and reduces field wiring.
6. The main functions of a DCS are process monitoring, loop control, data
processing and archiving, alarm management, and MMI.
7. SCADA consists of one or more application computers connected to diverse
types of remote data sources as PLCs and RTUs for monitoring, data
processing and MMI.
8. CIM is a computer automated manufacturing system which integrates many
automation subsystems as robots and CNC machines.
9. PLCs are programmable devices connected to I/O modules, traditionally
designed to efficiently execute logic sequence control.
References
[1] www.yokogawa.com
[2] www.honeywell.com
[3] www.emersonprocess.com
[4] www.abb.com/product/us/9aac115756.aspx
[5] www.siemens.com/simatic-pcs7.
[6] ANSI/ISA–95.00.01–2000, Enterprise-Control System Integration: Part 1: Models and
Terminology, ISBN: 1-55617-727-5
[7] ISA-RP60.3-1985, Human Engineering for Control Centers, ISBN/ID:0-87664-897-9
[8] Smart A. Boyer, SCADA: Supervisory Control and Data Acquisition, 3rd ed., ISA, 2004.
[9] Dick Caro, Automation Network Selection: A Reference Manual, Second Edition, ISA, 2009.
[10] Samuel M. Herb, Understanding Distributed Processor Systems for Control, ISA, 1999.
[11] Dobrivojie Popovic, and Vijay P. Bhatkar, Distributed Computer Control Systems in Industrial
Automation, CRC, 1990.
40 Modern Distributed Control Systems
EXERCISES
(Straight forward applications of the concepts of the chapter)
E2.1] Which is NOT a function of a SCADA system?
a) Generation and logging of the process and system alarms.
b) Testing and calibration of the field instruments.
c) Man Machine Interface.
d) Normalization of data and conversion to engineering units.
E2.2] Which is NOT a function of DCS?
a) Process monitoring and scanning
b) Generation of operation control reports, and data reduction and archiving.
c) execution of the automatic control actions.
d) Safety Instrumented Systems and automatic emergency shut down
E2.3] Which of the following demands the highest computer reliability?
a) MIS
b) Plant wide planning and scheduling.
c) DCS.
d) Supervisory control
E2.4] Which is a function of the supervisory computer?
a) Generation and logging of the process and system alarms.
b) Advanced process control.
c) Emergency shut down.
d) Data reduction and archiving
E.5] Which is the key feature of a Distributed Control System
a) It is distributed over a large geographic area
b) Its control function is executed by a large number of microprocessors.
c) It relies on a single central high performance computer
d) It relies on a large number of operators to monitor critical processes
E.2.6] Which is the key feature of a SCADA System
a) It is distributed over a large geographic area
b) Its control function is executed by many microprocessors.
c) It relies on a single central high performance computer
d) It relies on a large number of operators to monitor critical processes
E2.7] Which is NOT True?
Alarm Management
a) is a function of the DCS system.
b) is Executed by the Management Information System (MIS).
41
c) displays alarms at the operator station.
d) generates reports and archives alarm time, type, and operator responses.
E2.8] Which of the following is NOT a function of the DCS operator station?
a) Display of the process graphics.
b) Production planning and scheduling.
c) Display of Alarms.
d) Normalization of data and conversion to engineering units.
E2.9] Which of the following requires the fastest computer response?
a) SCADA computer System
b) Management Information System
c) Distributed Computer Control Systems
d) Production Supervisory computer
E2.10] Which is a function of the DCS supervisory computer?
a) Data reduction and archiving
b) Determination of the production level of each process unit
c) Shipping and handling
d) Sales and Marketing
E2.11] Which is NOT True.
Alarm Management is
a) function of the DCS system
b) generates reports and archives alarm time, type, and operator responses.
c) function of the operator station.
d) function of the Emergency Shut down System.
E2.12] Which is NOT function of the plant level management
a) Production planning
b) Production scheduling
c) Execution of the automatic control algorithms.
d) Quality Control
E2.13] Which is NOT correct?
The advantages of PLC:
a) Excellent for sequential control.
b) A good fit for small to medium control applications.
c) Rugged, fast & low cost I/O.
d) Programmed by its manufacturer and comes ready for specific tasks.
42 Modern Distributed Control Systems
E1.14] Which is NOT True
a) PLC are traditionally designed for logic control.
b) DCS were traditionally built to handle PID loop controls
c) PLCs use one main processor while DCS use many small processors.
d) PLC are good for complex automatic control, DCS are best for SCADA systems.
PROBLEMS
(Problems extend the concepts of this chapter to new situations)
P2.1] Search the Internet for an example of application DCS in industrial automation and describe
the main components of the system.
P2.2] Search the Internet for an example of hybrid DCS/PLCs solution and state the advantage of
the selected solution.
P2.3] In one of the critical applications, the control system should run continuously (or until the
prescheduled plant shut down). But there is a need to frequently change or update the control
program. Accordingly, the system should be able to smoothly update the operating control
program in life mode, i.e., while the system is running, without disturbing or shut down of the
process operation. Can you recommend a PLC with this critical feature?
DESIGN PROBLEMS
(Design Problems emphasize the design task)
D2.1] A system is to be recommended for a small but critical process, requiring the highest possible
hardware reliability. The system consists of about 96 digital and analog I/Os. Recommend a
PLC for this application and justify your choice.
43
TERMS AND CONCEPTS
Area
A physical, geographical or logical grouping determined by the enterprise. It may contain process
cells, production units, and production lines. On the other hand, a site is usually a larger grouping,
which may contain one or more areas with production lines, process cells, and production units.
CIM
Computer Integrated Manufacturing.
Enterprise
An enterprise is a collection of one or more sites and may contain sites and areas. The enterprise is
responsible for determining what products will be manufactured, at which sites they will be
manufactured and in general how they will be manufactured.
ESD
Emergency Shut Down system.
Historian
A database for continuously storing/archiving process values, control parameters, alarms, and events.
HMI
Human-Machine Interface.
Hybrid system
A control system which combines PLCs and DCS systems.
Management information system (MIS)
MIS is a computerized system for collecting, processing, storing and disseminating data in the form of
information needed to carry out the operational activities in the organization. It also includes tools for
information analysis and decision making to help people do their jobs better.
Manufacturing operations and control domain (MO&C domain)
This domain includes all the activities in level 3 and information flows to and from levels 0, 1, and 2
across the boundary to level 4.
MMI
Man Machine Interface. (same as HMI).
44 Modern Distributed Control Systems
NIU
Network Interface Unit.
OPC
OLE for Process Control, also known as Open Process Control, and Open Platform Communication.
PAC
Programmable Automation Controller.
PLC
Programmable Logic Controller.
Production unit
Production units are the lowest level of equipment typically scheduled by the level 4 or level 3
functions for continuous manufacturing processes. Production units are composed of lower level
elements, such as equipment modules, sensors, and actuators. A production unit generally
encompasses all of the equipment required for a segment of continuous production that operates in a
relatively autonomous manner. It generally converts, separates, or reacts with one or more feed-stocks
to produce intermediate or final products.
Remote Terminal Units (RTUs)
RTUs are field-located dedicated monitoring and control equipment. RTUs can perform local control
tasks and send data digitally to the supervisor computer. The supervisor computer can send set points
to the RTUs. A PLC can work as an RTU, but RTUs are generally not versatile, flexible, and
configurable as PLCs.
SBC
Single Board Computer, usually based on high performance micro-controllers.
SCADA
Supervisory Control and Data Acquisition.
SER
Sequence of Events Recorder.
SIS
Safety Instrumented System.
45
CHAPTER 3
3SIGNAL CONDITIONING AND DATA
ACQUISITION
3.1 Introduction
3.2 Static characteristics of sensing elements
3.3 Errors in Measurement Systems
3.4 Electrical Bridges
3.5 Operational Amplifiers
3.6 Voltage to Current transmitters
3.7 Analog to digital and digital to Analog Converters
3.8 Intrinsic Safety
3.9 Smart Sensors and actuators
OVERVIEW
This chapter provides an overview of the various measurement stages from the
field sensor output to the process value in digital form at the DCS. It also presents the
processing stages for a digital value, determined by DCS applications, until it is
transmitted as a proportional 4-20 mA to a field actuator. Section 3.1 defines the road
map for this chapter. Section 3.2 introduces a generic static model of sensing
elements. The model is necessary to parameterize the input-output characteristics of
sensors and the environmental effects on the sensor output. Section 3.3 explains the
statistical characteristics of errors in measurement systems. Section 3.4 introduces
one of the most important elements of signal conditioning; the electrical bridge. Both
DC and AC bridges are introduced. Operational amplifiers and instrumentation
amplifiers are covered in Section 3.5. Section 3.6 focuses on the electronic circuits
for the 4-20 mA transmitters, their wiring, and their isolation techniques. Analog-to-
Digital (A/D) and Digital-to-Analog (D/A) elements are covered in Section 3.7. This
section covers flash, successive approximations, and dual slop A//Ds. Section 3.8
introduces the concept of intrinsic safety and explains the basic circuits of single-
channel and dual-channel Zener barriers. Finally,Section 3.9 introduces the main
components of smart sensors and their new features.
LEARNING OBJECTIVES
After reading this chapter, you should be able to:
Describe the static model of sensors, its linear part and its nonlinear part, and
the effect of interfering and modifying environmental factors.
46 Modern Distributed Control Systems
Recognize the types of errors in a measurement system.
Understand how to evaluate the output of an electrical bridge in response to
changes in sensor’s resistance, capacitance or inductance.
Describe how to use op-amps and instrumentation amplifiers for signal
amplification, range mapping, isolation, summing and subtracting signals,
building electronic integrators and differentiator circuits, and for building first
order and second order low pass filters and high pass filters.
Understand the theory of operation of various types of A/D and D/A.
Understand the techniques for current transmitters, types 2, 3 and 4 wiring,
and techniques for signal ground isolation.
Understand the concept of intrinsic safety, process classes and divisions.
Understand the theory of operation of the Zener barriers.
Recognize the main components of digital transmitters.
List the unique features of smart sensors and actuators.
3.1 Introduction
The function of signal conditioning is to manipulate an analog signal in such a
way that it meets the requirements of the next stage for further processing. In
industrial instrumentation, the signal conditioning converts the changes in the sensing
element into a standard range of current (4-20 mA) or voltage (0-10 volts) for analog
to digital conversion. The digital value corresponding to the measured process
variable is then presented to the DCS system for processing. The output of the signal
conditioning could also be frequency or binary switching levels. Signal conditioning
may include one or more of the following signal conversions:
1. Conversion of changes in sensor resistance, capacitance or inductance to
change in voltage.
2. Amplification/attenuation,which involves mapping a signal from one input
range to another output range.
3. Isolation of the power supplies and ground of the electronic and computing
devices from the field sensors.
4. Filtering unwanted noise.
5. Excitation. Providing the excitation voltages or current, or any special signal
wave form if required for the operation of sensing element.
Sensing elements can be broadly classified according to the physical principle
involved, for example:
1. Change of resistance due to change of temperature (platinum RTD,
thermistors)
2. Change of resistance due to change in strain (strain gauges, piezo-resistive
47
strain/pressure sensors)
3. Change in conductivity (conductivity sensors, light-sensitive resistors)
4. Change in capacitance (pressure sensors, level sensors).
5. Change in inductance (proximity switches, LVDT, tachometers, etc.)
6. Thermoelectric (thermocouples temperature sensors)
Although this chapter includes a few examples of sensing elements, the sensing
elements are not the focus of this book. The reference section offers a number of
good books on sensors types and characteristics. The following two sections first
present a framework for modeling the static characteristics of sensors and how to
quantify the accuracy of measurement systems in statistical terms. These two sections
are important to understand how smart sensors can achieve better accuracy and better
robustness against environmental changes. Section 3.4 focuses on electrical bridges.
Electrical bridges act as transducers, which convert changes in sensor resistance,
capacitance or inductance into a change in voltage. Section 3.5 introduces operational
amplifiers. Operational amplifiers are very versatile tools for linearly scaling an
electrical signal to a desired output range. They can also be used to combine or
subtract signals and build low pass and high pass filters. A brief introduction to the 4-
20 mA transmission circuits and signal isolation is discussed in Section 3.6. Section
3.7 provides a review of the A/D and D/A techniques. Intrinsic safety and Zener
barriers are introduced in Section 3.8. Section 3.9 concludes this chapter with a brief
overview of the components of modern smart sensors and outlines some of their new
features and functionalities.
3.2 Static Characteristics of the sensing elements
This section discusses the characteristics of typical sensing elements and their
effect on the overall performance of the system. The focus here is the static or
steady-state characteristics. These are the relationships that may occur between the
output y and input x of an element when x is either at a constant value or changing
slowly.
Systematic characteristics are those that can be exactly quantified by
mathematical or graphical means. These are distinct from statistical characteristics
which cannot be exactly quantified due to their random nature. Statistical
characteristics will be discussed in Section 3.3. First, consider some basic definitions
that will be frequently used here.
Range
The input range of an element is specified by the minimum and maximum
values of input x , i.e., xmin to xmax, , or [xmin , xmax, ]. The output range is specified by
the minimum and maximum values of output, i.e., ymin to ymax. Thus, for example, a
48 Modern Distributed Control Systems
pressure transducer may have an input range of 0 to 104 Pa ( Pascal or Newton/sqr
meter), and an output range of 4 to 20 mA; a temperature sensor may have an input
range of 100 to 250 oC and an output range of 4 to 10 mV. ymax which is usually
called the Full Scale (FS).
Span
Span is the maximum variation in input or output, i.e., input span is (xmax - xmin)
and output span is (ymax - ymin). Thus, in the above example, the pressure transducer
has an input span of 104Pa and an output span of 16 mA; the temperature sensor has
an input span of 150 oC and an output span of 6 mV. The output span is usually
referred to as the full scale deflection (f.s.d.).
Linearity
In both sensor and signal conditioning elements, the output is represented by
some functional relationship to the input. For simplicity of design, a linear
relationship between input and output is highly desirable. Linearity permits the
application of the practical principle of superposition. When a linear relationship
exists, a straight line equation can be used to relate the measured variable and the
measurement output.
An element is said to be linear if the corresponding values of the input x and
output y lie on a straight line. The ideal straight line connects the minimum point
A=(xmin, ymin ) to the maximum point B= ( xmax , ymax) as shown in Figure 3.1.
x
A
x
min
x
max
y
max
Ideal
Kx + a
B
y
y
min
Figure 3.1 Linear (x,y ) relationship between a minimum A and maximum B.
y = Kx + a (3.1)
Where K is called the linear sensitivity, and a is called the offset or the zero
bias.
49
K
y
y
x
x
max
min
max
min
(3.2)
minmin Kxy
a
(3.3)
EXAMPLE 3.1
A basic physical property of a metal is that its electrical resistivity changes with
temperature. Resistance Temperature Detectors (RTDs) are based on this
principle. A typical platinum RTD has a resistance of 100 Ohms at 0.0 C, 138.5
at 100 C, and 175.83 at 200C. Find a linear equation relating resistance and
temperature between 100 and 200 °C.
Answer
Using Equation (3.1), the desired equation would be of the form
R(T) = K T + Ro
K = (175.83 -138.5)/(200-100) = 0. 3733 Ohm/°C
Ro = 138.5 - 0. 3733(100) = 101.17Ω.
The equation relating resistance and temperature is therefore
R(T) = 0.3733T + 101.17
Non-linearity
In many cases the straight-line relationship defined by Equation (3.1) is not
obeyed and the element is said to be non-linear. Non-linearity can be defined in
terms of a function N(x) which is the difference between actual and ideal straight-line
behavior, as depicted in Figure 3.2:
N(x) = y (x) - (Kx + a) (3.4)
or
y (x) = Kx + a + N(x) (3.5)
max
max
% (100) . .
N
Nf s d
=
50 Modern Distributed Control Systems
Non-linearity is usually expressed in terms of the maximum non-linearity as a
percentage of full-scale deflection (f.s.d.), i.e., as a percentage of the output span.
Thus:the maximum non-linearity as a percentage of f.s.d is given by;
y
x
A
(x
min,
y
min
)
N(x)
x
max
y
max
Ideal
Kx + a
(xmax, ymax)
Actual
y(x)
B
N(x)
+
0
N
x
max
x
min
y
Figure 3.2 Definition of Nonlinearity.
In many cases y(x), and therefore N(x), can be expressed as a polynomial in x,
i.e.:
y x a a x a x a x
( ) ..
0 1 2
2
3
3
(3.6)
EXAMPLE 3.2
A thermocouple is a temperature sensor which produces electric voltage E in
microvolts, related to the temperature T in C by the relation
E(T) = 38.74 T + 0.0332 T2 + 0.000207 T3
The sensor is to be used to measure temperatures between 0 and 250 C.
a) Find a linear model for the sensor between 0 and 250 C.
b) Express the nonlinearity as a function of temperature.
c) Find the nonlinearity at 100 C as a percent of the f.s.d.
Answer
a) Emin = 0
V,
Emax = E(250)= 38.74(250) +0.0332(250)2+0.000207(250)3 = 14994
V.
Using equations (3.1-3.3) the linear relation EL(T) = 59.98 T
V.
51
b) Using Equation (3.4)
N(T) = 38.74 T + 0.0332 T2 + 0.000207 T3 - (59.98 T)
c) Using (3.4) or (3.5), N(100) = E(100)-59.98(100) = -1585
V.
%N =(100)( -1585)/14994=-10.57%
EXAMPLE 3.3
Calculate the maximum nonlinearity as a percent of the f.s.d. of the thermocouple
in Example 3.2.
Answer
Using Equation (3.4) again here
N(T) = 38.74 T + 0.0332 T2 + 0.000207 T3 -59.98 T (3.7)
To find the maximum, we differentiate the above equation and equate to zero. We
get the equation T2 +106.66T -34202.9 =0
Solving the above equation we obtain T = 139 C or T = -245.8 C. Clearly the
second answer is rejected. Now substituting T = 139 C in equation (3.7), we
obtain N= -1755
V. Hence, the maximum percent nonlinearity is given by
% ( )( ) / ( ) .N
100 1755 14994 117
%.
Sensitivity
Sensitivity is the rate of change in the output of an instrument with respect to a
change in its input. Generally speaking, high sensitivity is desirable in an instrument
because a large change in output for a small change in input implies that a
measurement may be easily taken. Thus, when a temperature transducer produces 5
mV per degree Celsius, the sensitivity is 5 mV/C.
Quantitatively,
Sx =
Sensitivity dy
dx KdN x
dx
( )
(3.8)
Thus for an ideal element
dy
dx K
, where K is the linear sensitivity.
52 Modern Distributed Control Systems
Hysteresis
When an instrument exhibits a different output reading for a specific input
(depending on whether the input value is approached from higher or lower values),
this effect is called hysteresis, and is shown in Figure 3.3, where the output of an
instrument has been plotted against input.
Figure 3.3 Hysteresis.
If the input is varied from low to high, the curve A gives the values of the
output. If the input is decreasing, then the output follows curve B. Hysteresis, H(x),
is the difference between these two curves:
H(x) = yB(x)-yA(x) (3.9)
Here again the hysteresis is usually quantified in terms of the maximum
hysteresis,, expressed as a percentage of f.s.d., i.e., span. Thus:
% = 100 x /(f.s.d.) (3.10)
Hysteresis is a common phenomenon in sensors based on magnetic properties. It
is also common in mechanical devices due to friction and backlash in gears.
Resolution
Resolution is defined as the largest change in the input,x,that can occur without
any corresponding change in the output, y. For example, in wire-wound
potentiometers in Figure 3.4(a), the slider moves across windings to vary resistance.
If one turn of the winding represents a change of R ohms, then the potentiometer
cannot provide a resistance change less than R. Thus, the potentiometer resolution
is said to beR. This is often expressed as a percentage of the input span:
%Resolution =
R
R
(100)
53
When the potentiometer is connected to a voltage source, say 10 V, as shown in
Figure 3.4(b), the output voltage
xo
R
R
V
10
, will also change incrementally. For
example, if the potentiometer has 1000 turns and a total resistance of 5000 Ohms, the
resolution in this case is
5
1000
5000
R
Ω. The percent resolution is
%1.0
1000
5
(100)
. The minimum change in the output voltage is then given by
V. 01.0)5(
5000
1010
xo
R
R
V
It is common to use the fuzzy terms “high resolution” or “low resolution” to
describe the resolution. High resolution means the span is divided into a large
number of steps, i.e., the resolution step is small. On the other hand,the device is said
to have a “low resolution” when the resolution step is large, and the number of steps
is small.
Vdc = 10 V.
Vo
R
R
x
o
o
o
(b)
Figure 3.4 Wire-wound sliding potentiometer.
EXAMPLE 3.4
An analog-to-digital (A/D) converter is a device which converts a voltage level to
a corresponding digital number that can be read electronically by microprocessors.
An 8-bit A/D converter has an input range from 0 to 10 volts. What is the
resolution of the A/D converter?
54 Modern Distributed Control Systems
Answer
The A/D converter produces binary numbers between 0 and 255, corresponding to
256 (28) discrete input voltage levels. Accordingly, the resolution is
V
10
256 0 039.
Volts.
EXAMPLE 3.5
A force sensor measures a range of 0-250 Newton with a resolution of 0.1% FS.
Find the smallest change in force that can be measured.
Answer
Because the resolution is 0.1% FS,
Force resolution = (0.001)(250 N) = 0.25N, which is the smallest measurable
change in force.
Environmental effects
In general, the output, y, depends not only on the signal input, x, but also on
environmental inputs such as ambient temperature, atmospheric pressure, relative
humidity, supply voltage, etc. Thus, if Equation 3.5 adequately represents the
behavior of the element under ‘standard’ environmental conditions1or laboratory
calibration condition, (e.g., 25 C ambient temperature, 100 kPa. atmospheric
pressure), 50% RH (relative humidity) and 10 V supply voltage, then the equation
must be modified to take into account the deviations in environmental conditions
from these nominal or calibration conditions.
There are two main types of environmental inputs. A modifying input causes
the linear sensitivity, K, of the element to change, causing a span error. Thus, if xM is
the deviation in a modifying environmental input from 'standard' value (xM is zero at
the standard conditions), then this produces a change in linear sensitivity from K to K
+ KMxM, Figure 3.5(a). On the other hand, an interfering input causes the intercept or
zero bias of the element to change. This kind of error is also known as zero shift.
Thus, if xI, is the deviation of an interfering environmental input from a 'standard' or
the calibration value (xI is zero at standard conditions), then this produces a change in
zero bias from a to (a + KI*xI), Figure 3.5(b).
The industry Standard Ambient Temperature and Pressure (SATP) is defined
as 25°C and 100,000.0 Pascal (1 bar). It is also known as the standard laboratory
condition.
55
The International Union of Pure and Applied Chemistry (IUPAC) established
standard temperature and pressure (STP) as a temperature of 273.15 K and an
absolute pressure of 100 kPa (1 bar),
The National Institute of Standards and Technology (NIST) uses a
temperature of 20 °C (293.15 K) and an absolute pressure of 101.325 kPa (1
atm).
The Society of Petroleum Engineering (SPE) defines the reference ambient
conditions to be 60 F and 14.696 psi.(15.6oC, 1atm.).
Figure 3.5 Environmental effects (a) modifying (b) interfering.
Km and KI are referred to as environmental coupling constants or environmental
sensitivities. Thus, we can now correct Equation (3.5) to account for these effects as
follows:
y(x) = Kx + a + N(x) + Km xm x + KI xI (3.11)
Figure 3.6 shows a block diagram to represent the static characteristics of a
measurement element as stated in Equation (3.11).
EXAMPLE 3.6
A pressure sensor produces displacement, d, linearly proportional to the measured
pressure, P. The linear sensitivity of the sensor is 0.1 mm/bar (1 bar = 100 kPa) at
an ambient temperature of Tref=25 C. The sensor was tested in the field at an
ambient temperature of Ta=35 C. The displacements were found to be d1=1.03
mm and d2=2.04 mm when the pressure was P1=10 bar and P2=20 bar respectively.
Find the sensor sensitivities to the ambient temperature.
56 Modern Distributed Control Systems
Answer
The linear model at 25 oC is given by
d= K*P= (0.1) P; d in mm and P in bars.
To find KM and KI, we use Equation (3.11)
( )
M a I a
d K K T P K T
= + D + D
10)10)(101.0(03.1
IM
KK
(3.12)
10)20)(101.0(04.2
IM
KK
(3.13)
Solving Equations (3.12) and (3.13) we get
CmmxKCbarmmK
o
I
o
M
/102 ,./10
34
Figure 3.6 Generalized static model of a measurement element.
M
I
m
I
Modifying Interfering
Input Output
K
m m
K
N( )
K
I
X
I
Static Model
57
3.3 Errors in Measurement Systems
This section presents definitions and requisites to describe and quantify errors in
measurement systems. It also develops statistical methodology to estimate the
accuracy of sensors and transducers, as well as the accuracy of the overall
measurement system.
Error: The most important quantity for evaluating the performance of measurement
systems is the error. Error is the difference between the measured indication of a
variable and its actual value.
Error = Indicated value - Actual Value
Nonetheless, the actual value is not usually known, and it is necessary to
develop methods to describe the size of the error and possibly quantify it in a
statistical framework. Consider, first, the concepts of accuracy and precision.
Accuracy: Accuracy is a qualitative term that refers to the degree of conformity
between the measured and the actual or a standard value or the degree of proximity
of a measured or calculated quantity to its actual (true) value. Precision, on the other
hand, refers to the exactness of successive measurements or the ability of a
measurement to be consistently reproduced. Precision could also be used to describe
the measurements obtained from a group of sensors; if that group has good precision
at several temperatures, it can be said that they are well matched. This is important
when interchangeability is a concern.
The relationship between precision and accuracy is illustrated by the target-
shooting example in Figure 3.7. Figure 3.7(a) illustrates good accuracy and good
precision, since the successive trials are both close together and close to the bull’s
eye. Figure 3.7(b) illustrates good precision, but bad accuracy, because the trails are
tightly clustered but wide of the target center. Figure 3.7(c) illustrates bad precision
and good accuracy, since successive trials are not tightly clustered but on the target,
while Figure 3.7(d) illustrates poor precision and poor accuracy.
Good Precision
Good A ccuracy
Good Precisi on
Bad A ccuracy
Bad Precisi on
Bad A ccuracy
Bad Precisi on
Good A ccuracy
(a) (b) (c) (d)
Figure 3.7 Accuracy and Precision.
58 Modern Distributed Control Systems
On the other hand, the term “uncertainty” is often used to specify quantitatively
the maximum overall error limits to be expected from a measurement device.
Because of the many definitions of precision and accuracy, the National
Institute of Standards and Technology (see Ref [13, D.1.2]), strongly discourages
quantifying these terms. Instead, numbers should be associated with measures of
uncertainty. Thus, one may write "the standard uncertainty is 2 µΩ" but not "the
accuracy is 2 µΩ."Similarly, the statement "the precision of the measurement results,
expressed as the standard deviation obtained under repeatability conditions, is 2 µΩ"
is acceptable, but the statement "the precision of the measurement results is 2 µΩ" is
not.
EXAMPLE 3.7
A temperature sensor has an input range of 20 to 250C. A measurement results in
a value of 100C for the temperature. Specify the error if the uncertainty is (a)
±0.5% FS, (b) 0.75% of span, and (c) 0.8% of reading. What is the possible
temperature in each case?
Answer
(a) Error = (0.005)(250C) = 1.25C. Thus, the actual temperature could be
anywhere in the range 98.75C to 101.25 C.
(b) Error = (0.0075)(250 - 20)C = ±1.725C. Thus, the actual temperature is in
the range -98.275 to 101.725C.
(c) Error = (0.008)(100) = ±0.8C. Thus, the actual temperature is in the range
99.2 to 100.8C.
The subsequent discussions explain show the accuracy of each element in a
measurement system should be described and how to estimate the overall uncertainty
of a measurement system from the knowledge of the uncertainty of its component
elements.
Repeatability: Repeatability is the ability of an element to give the same output
for the same input when repeatedly applied to it. Assume that we have a pressure
sensor with linear sensitivity K = 0.1 Volt/kPa. Suppose that the input, x, of this
pressure sensor is held constant at 10 kPa for several days. If a large number of
readings of the output,y, are taken, then the true value of 1.0 volt may not be obtained
on every occasion. Instead, one obtains a range of values scattered about the expected
value (such as 0.99, 1.01, 1.00, 1.02, 0.98, etc.). This effect is termed a lack of
repeatability in the element.
59
The most common cause behind a lack of repeatability in the output,y, are
random fluctuations with time in the environmental inputs xm, xI. Thus, random
fluctuations in ambient temperature cause corresponding time variations in the
resistance of a sensor or the output voltage of an amplifier. Similarly, random
fluctuations in the supply voltage of an electrical bridge affect the bridge output
voltage. The random fluctuations of these environmental effects are usually
described by statistical parameters such as the mean, the standard deviation, and the
probability distribution function.
Arithmetic Mean: If many measurements of some variable are taken, the
arithmetic mean is calculated to obtain an average value for the variable. The
arithmetic mean of a set of n values, given by y1, y2, y3,, is defined by the equation:
yny y y y
n
1
1 2 3
( ... )
(3.14)
Standard Deviation: Knowing the value of the arithmetic mean of a set of
measurements is often insufficient. To interpret the measurements properly, it may
be necessary to know something about how the individual values are spread out
about the mean. Thus, although the mean of the set (52, 49, 51, 48) is 50 and the
mean of the set (70, 40, 60, 30) is also 50, the second group of numbers is obviously
far more spread out. The standard deviation is a measure of this spread. Given a set
of n values y1, y2, y3…, the standard deviation, σ is defined by
2
1
1( )
n
i
y y
n
s
= -
å
(3.15)
2
is called variance and is also a measure of variability of the measurement
around the mean value.
EXAMPLE 3.8
Temperature was measured in eight locations in a room, and the values obtained
were 21.2, 25.0, 18.5, 23.1,19.7,27.1, 19.0 and 20.0 oC. Find the arithmetic mean
of the temperature and the standard deviation.
Answer
Using Equation (3.14), we have the average temperature
T
21.2 + 25 + 18.5 + 22.1 + 19.7 + 27.1 + 19 + 20.0
8
21.575 oC
The standard deviation is found from Equation (3.15):
60 Modern Distributed Control Systems
8
1
2
)(
8
1TT
= 2.8451 oC.
Interpretation of Standard Deviation: A more quantitative evaluation of spreading
can be made if certain assumptions are made about the set of data values used (i.e.,
that the errors are truly random and based on a large sample of readings). It is then
possible to claim that the standard deviation and data are related to a special curve
called the normal (or Gaussian) probability curve, shown in Figure 3.8. If this is
true, then the probability density function is fully described by the knowledge of the
mean and the standard deviation, which is given by:
p y y y
( ) exp[ ( ) ]
1
22
2
2
(3.16)
The probability F(y)of y lying between y1 and y2 is given by the integral:
2
1
1 2
( , ) ( )
y
y
F y y p x dx
=
ò
(3.17)
It can then be shown that:
1. 68% of all readings lie within
y
.
2. 95.5% of all readings lie within
2y
.
3. 99.7% of all readings lie within
3y
.
Figure 3.8 Normal probability density function
This gives us the added ability to make quantitative statements about how the
data is spread about the mean. Thus, if one set of pressure readings has a mean of 50
61
bar with a standard deviation of 5 bar, and a second with a mean of 50 bar with a
standard deviation of 1 bar, we know that the latter has a stronger peak around the
mean. In fact, 68% of all the readings in the second case lie between 49 and 51 bar,
whereas in the first case 68% of readings lie from 45 to 55 bar.
Example 3.9
A pressure of 10MPa(Mega Pascal) is measured by a pressure sensor. The
standard deviation of the fluctuations in the sensor reading was estimated
previously and found to be 0.5 MPa. What is the probability that the indicated
pressure is between 9 MPa and 11 MPa?
Answer
Assuming the mean value,
y
, of the indicated pressure is 10 MPa, and the
standard deviation is
y
05.
,then the specified range is
yy
2
. From the
properties of the normal distribution, the probability would be 0.955.
Let us now re-examine the definitions of precision and accuracy in terms of the
statistical characteristics. One can note that a precise measurement has a small
standard deviation and its normal probability density function is packed around its
mean value, while an accurate measurement system should have a small difference
between its mean value and its true value.
Error bands
In many cases, non-linearity, hysteresis, resolution error effects, and
environmental effects are so small that it is difficult to exactly quantify each
individual effect. In these cases, the manufacturer defines the performance of the
element in terms of error bands, as in Figure 3.9. Here the manufacturer states that
for any value of y, and within the specified operating conditions, the output,y, will be
within h of the ideal straight-line value yideal.
In this case the probability density function is rectangular, as in Figure 3.9:
p(y) = 1/2h ; yideal - h yyideal + h (3.18)
p(y) = 0 elsewhere
The standard deviation of rectangular probability is given by
h
3
(3.19)
62 Modern Distributed Control Systems
y
2h
1
/
2
h
y
IDEAL
h
h
P(y)
x
x
MIN
x
MAX
y
MIN
y
MAX
y
Figure 3.9 Error bands and the uniform probability density function.
Manufacturing tolerance
Suppose that a user buys a batch of similar elements, e.g., a batch of one
hundred resistance thermometers from a manufacturer. If he then measures the
resistance, R, of each thermometer at 0.0C, he may find that the resistance values
are not all equal to the manufacturer's quoted value of 100.0 Ω. A range of values
distributed around the quoted value is obtained(such as 99.8, 100.1, 99.9, 100.0
100.2Ω, etc.). This effect is due to small random variations in manufacturing and is
often specified by quoting tolerance limits, in this case,0.2Ω. Thus, in order to
satisfy these limits the manufacturer rejects all thermometers with R< 99.8 Ω, and
R>100.2Ω. The probability density function of the resistant thermometers bought by
the user is usually considered to be a rectangular probability density function for
practical purposes.
Computation of System uncertainty
An overall measurement system can be considered as a cascade of one or more
elements. For example, a temperature measurement system may consist of a sensor
and a signal conditioning element, such as an amplifier and a digital indicator. The
bottom line is that the indicated temperature Tm should be equal to the true
temperature Tt. The overall transfer characteristics may be expressed as,
aKTT
tm
(3.20)
If the true temperature is 100 C, the indicated temperature should ideally be
100. If the over all K does not equal 1, the system is said to have span error, and if a
does not equal zero, the system is said to have a bias error or, equivalently, a zero-
shift error. Span error and bias error are called systematic errors. For a specific
63
measurement system, systematic errors can be determined experimentally, and the
parameters of the individual elements can in general be adjusted or calibrated to
bring these systematic errors within a specified uncertainty.
EXAMPLE 3.10
A temperature measurement system consists of a sensor, an amplifier and a digital
display unit. The temperature sensor has a linear sensitivity KS = 20 V/C, and
the sensitivity of the digital display unit is KD= 50 C/V. What should be the gain
of the amplifier, KA.
Answer
The overall system gain should be exactly =1,
KD KAKS = 1
(50)(KA)(20x10-6) = 1.0 , Hence KA = 1000.
The probability density function, p(y), of the output, y, of a single element can
be represented by a Gaussian curve, Equation (3.16). While the mean value of the
output is given by
y Kx a N x K xx Kx
m m I
( )
(3.21)
Taking first order Taylor series expansion about the mean values,
yy
xxy
xxy
KK
m
M
( ) ( ) ... ( ) ..
(3.22)
The standard deviation of the output is given by
y x
m
xm K
y
x
y
x
y
K
( ) ( ) ... ( ) ....
2 2 2 2 2 2
(3.23)
The mean value,
y
, of the distribution is given by Equation (3.21), which
allows for non-linear and environmental effects. The standard deviation,
y
, is given
by Equation (3.23), which allows for statistical variations in inputs x, xm, xI, with
time, and statistical variations in the parameters K, and a, etc.,due to manufacturing
tolerance. These equations apply to each element in a measurement system.
EXAMPLE 3.11
Refer to Example 3.10 and assume that the amplifier gain changes to 997 instead
of 1000. When the data sheets of the sensor and the digital indicator are read
carefully, one sees that the manufacture states that the uncertainty in the sensor
sensitivity is 0.2 V/C and the uncertainty of the indicator is 0.1 C/Volt. Find
64 Modern Distributed Control Systems
the mean and the standard deviation of the indicated temperature when the actual
temperature is T =100 C.
Answer
Tm = KD KAKST
The mean value of temperature
T
= (50) (997)(20x10-6)(100) = 99.7 C
22
)()(
S
S
m
D
D
m
T
K
T
K
T
(3.24)
Assuming the manufacturing uncertainty has a uniform distribution, then
3
)1.0(
2
2
D
, and
3
)102.0(
26
2
x
S
. Now, substituting these values in Equation
(3.24) yields
T
0.587 degrees.
3.4 Electrical bridges
Electrical bridges are widely used to convert changes in resistance, capacitance
or inductance to a change in voltage.
A bridge circuit is shown in Figure 3.10, where Vs is the supply voltage for the
bridge, which could be DC or AC source. Z1, Z2, Z3, and Z4 are electrical impedances
and Eb is the bridge output voltage, which depends on the imbalance between the two
branches of the bridge.
Eb is given by
34
4
21
1
ZZ
Z
ZZ
Z
VE
sb
(3.25)
If the bridge output is connected to an external circuit or amplifier, it acts as
a Thevenin’s voltage source with the open circuit voltage given by Equation (3.20),
and internal impedance Zb given by
34
43
21
12
ZZ
ZZ
ZZ
ZZ
Z
b
(3.26)
The measuring instrument or the amplifier connected to the bridge output
should have its input impedance much greater than Zb to avoid measurement errors.
65
Figure 3.10 Bridge circuit.
Resistive bridges
A resistive bridge, also known as a Wheatstone bridge, is used to measure an
unknown electrical resistance by balancing two legs of a bridge circuit, one leg of
which includes the unknown component. If for example R1 is unknown, R2 can then
be adjusted until Eb =0. When the bridge is in a balanced condition (zero voltage as
indicated by the null detector), the ratio works out to be this:
4
3
1
2
R
R
R
R
(3.27)
Figure 3.11 Resistive bridge.
Any one of the four resistors in the above bridge can be the resistor of unknown
value, and its value can be determined by a ratio of the other three, which are
“calibrated,” or whose resistances are accurately known. In case the unknown resistor
is R1=Rx, it can then be determined from the known values of the other three resistors
as follows
66 Modern Distributed Control Systems
2
3
4
R
R
R
R
x
(3.28)
If we set R3=R4, and we adjust R2 until the bridge is balanced, then clearly the
unknown resistor will be equal to R2. In laboratory R2 is constructed and adjusted
using a decade resistance box.
For unbalanced bridge, with Rx being the unknown sensor resistance, the bridge
output is given by
34
4
2
RR
R
RR
R
VE
x
x
sb
(3.29)
The sensor resistance can the be obtained from the bridge output voltage using
the inverse bridge relation
)1(1
)1(
2
rv
rvr
RR
x
(3.30)
Where
sb
VEvRRr / and ;/
34
EXAMPLE 3.12
A resistive temperature sensor(RTD) is used to measure temperature between
50°C and 250°C. The sensor resistance changes with temperature according to the
following equation
)00385.01(100)( TTR
T
The sensing element is connected to bridge as shown in Figure 3.11, where
R1=RT,R3=10 kΩ, R4=1 kΩ, Vs=1.0 volt.
a) What is the minimum and maximum resistance of the sensing element?
b) What is the value of R2so that the bridge is balanced at 50°C ?
c) What is the output range of the bridge when R2 is set to the value obtained in
(b)?
Answer
a) At 50 C°RT(50) = 100(1+0.00385*50)=119.25Ω.
At 250 C° RT(250)= 100(1+0.00385*250)=196.25Ω.
67
b) For the bridge to be balanced
1
10
)50(
4
32
R
R
R
R
T
Therefore,
5.1192)50(10
2
T
RR
Ω.
c) Emin=0;
110
1
5.119225.196
25.196
)0.1(
1
max
E
=0.0504 Volts
When a single sensing element is connected to a bridge, this configuration is
sometimes called Quarter Bridge. When two sensors are used simultaneously in one
arm of a bridge, this configuration is called Half Bridge, and when 4 sensors are used
simultaneously, the configuration is called Full Bridge. The application of these
configurations is best illustrated with the case of strain gauge sensor.
A strain gauge is a sensing element for measuring strain, where the resistance of
the element changes due to the change in the dimension of the sensor. Strain gauges
are mounted on the bodies on which strain is to be measured. The resistance of a
strain gauge is given by
)1(
0
GeRR
g
.
o
o
Figure 3.12 Strain Gauge.
Where G is the gauge factor, and R0is the zero-strain resistance, and e is the
strain. Figure 3.12 shows a strain gauge made of metal foil grid, usually made of
constant an, embedded on a Polyimide carrier. A quarter bridge signal conditioning
connection is shown in Figure 3.13(a), where a single strain gauge is connected to the
bridge of a signal conditioning assembly. If the external fixed resistor is taken to be
equal Ro, the bridge will be balanced when the strain is zero.
Figure 3.14 shows strain gauges mounted on a cantilever. The cantilever is bent
under external force. The top strain gauges are subject to positive strain, while the
bottom strain gauges are subject to negative strain. For half bridge connection, strain
gauges number 1 and 2 can be connected as shown in Figure 3.13 (b).
Taking R3=R4, the bridge voltage is given by:
68 Modern Distributed Control Systems
Ge
V
GeRGeR
GeR
VE
s
oo
o
sb
22
1
)1()1(
)1(
(3.31)
Figure 3.13 Connection of quarter bridge (a), half bridge (b), and full bridge (c).
If all the strain gauges are included in a full bridge configuration, as shown in
Figure 3.13(c), the bridge output voltage is then given by
GeV
GeRGeR
GeR
GeRGeR
GeR
VE
s
oo
o
oo
o
sb
)1()1(
)1(
)1()1(
)1(
(3.32)
Equation (3.27) shows that the sensitivity of full bridge configuration is double
the sensitivity of a half bridge configuration.
Figure 3.14 Strain gauges mounted on a cantilever for force measurement.
One of the problems of the quarter bridge configuration is its nonlinear relation
between the changes in the sensor resistance (the input to the bridge), and its output
voltage. The nonlinearity can be reduced to any desired level by proper design of the
bridge; however, only at substantial reduction in the sensitivity of the bridge, see
problem D3.4. It should also be noted that the excitation current coming from the
bridge supply voltage and going through the sensor may cause self-heating of the
sensor. The rise of the sensor temperature could act as an interfering and/modifying
input to the sensor characteristics and, accordingly,may introduce measurement
errors. The bridge power supply should be chosen such that the sensor excitation
current is within the manufacturer’s recommended operation of the sensor, see
problem D3.6.
69
AC bridges
AC bridge circuits can be constructed to measure sensor capacitance or
inductance. AC bridges require an AC voltage source. The operating frequency of the
AC bridges varies, and is usually selected according to the range of the value of the
sensor capacitance or inductance. Referring to Figure 3.10, we must have the
following for the bridge to be balanced:
4
3
1
2
Z
Z
Z
Z
(3.33)
It should be noticed that the impedance quantities in the above equation are
complex, accounting for both magnitude and phase angle. It is insufficient to have
the impedance magnitude alone be balanced; without phase angles in balance as well,
there will still be voltage across the terminals of the null detector and the bridge will
not be balanced.
AC bridges are used in the laboratories to determine unknown impedances. The
unknown quantity is always “balanced” against a known standard, obtained from a
high-quality, calibrated component that can be adjusted in value until the null
detector device indicates a condition of balance. Depending on how the bridge is set
up, the unknown component's value may be determined directly from the setting of
the calibrated standard or derived from that standard through a mathematical formula.
A simple AC bridge circuit is shown in Figure 3.15for capacitance measurement.
Vs
R
R
C
s
C
x
NULL
Standard
Capacitance
Unknown
Capacitance
Figure 3.15 Null bridge for measuring unknown capacitor by comparison to a standard
capacitor.
The bridge circuit shown in Figure 3.15 is balanced by adjusting the standard
capacitance,Cs. In signal conditioning, two arms are usually reactive impedance and
two arms resistive impedance. Figure 3.16 shows the bridge to be used with a
capacitive pressure sensor.
70 Modern Distributed Control Systems
Figure 3.16 AC bridge for a capacitive pressure sensor.
Capacitive pressure sensors use a moving diaphragm and a stationary base as
two capacitor plates, as shown in Figure 3.17. When the diaphragm deflects due to
increasing pressure, the surfaces come closer and the capacitance value changes.
Consider the bridge circuit shown in Figure 3.16., where Cx is the sensor capacitance,
and C0 is fixed known capacitor.
Figure 3.17 Capacitive pressure sensor.
The bridge output is given by
2
1
/1
1
/1/1
/1
00
CC
V
RR
R
sCsC
sC
VE
s
s
s
s
sb
(3.34)
This relationship is independent of frequency.
A capacitive differential pressure sensor, shown in Figure 3.18, consists of two
fixed conducting electrodes, while the middle electrode is attached to a flexible
diaphragm. The diaphragm separates two champers, one is connected to a source of
Capacitor
electrodes Diaphram
Pressure
Vs
Eb
R
R
C
0
C
x
Capacitive
pressure sensor
oo
71
pressure P1, and the second chamber is connected to P2. The two electrodes together
with the middle one create two complementary capacitors, C1 and C2. When one
increases the second decreases;when the two pressures are equal, the middle
electrode will be at a distance d from each of the two fixed electrodes. When the
middle electrode is displaced a distance x, as shown in Figure 3.18, the capacitances
are given by
xd
A
C
c
0
1
and
xd
A
C
c
0
2
(3.35)
Where Ac is the area of the capacitor plate,
0
is the permittivity of the free space
= 8.85 pF/m., and
is the relative permittivity (or the dielectric constant) of the fluid
in the chambers.
The displacement is related to the differential pressure by
KxAPP
d
)(
21
(3.36)
Where K is the spring constant of the flexible diaphragm and Ad is the exposed
surface between the two pressure chambers.
Figure 3.18 Capacitive differential pressure sensor.
Vs
Eb
R
R
C
2
C
1
o o
Figure 3.19 Half bridge for the capacitive differential pressure sensor.
Capacitor
electrodes Diaphram
P2
x
d
d
P1
72 Modern Distributed Control Systems
A bridge circuit for a the differential pressure sensor is given in Figure 3.19.
The relationship between the bridge output and the differential pressure can be
derived as follows
2
1
/1
1
/1/1
/1
2121
1
CC
V
RR
R
sCsC
sC
VE
ssb
But,
xd
xd
C
C
2
1
, then
P
K
A
d
V
d
x
V
xdxd
xd
VE
ds
ssb
]
2
[
22
1
(3.37)
The bridge in this case provides direct linear relationship between the bridge
output voltage and the differential pressure.
3.5 Operational Amplifiers
Operational Amplifier (Op-amp) is a high gain, integrated circuit amplifier
designed to amplify signals from DC to tens of kHz. It is normally used with external
feedback networks to produce precise gain characteristics, which depend almost
entirely on the feedback network. Figure 3.20 shows the circuit symbol and a
simplified equivalent circuit for the operational amplifier. There are two input
terminals and one output terminal. The output voltage is proportional to the
difference between the voltages at the input terminals. The input terminals are
labeled as an inverting input (with a minus sign next to it), and a non-inverting input
(with a plus sign next to it).
Figure 3.20 Op-amp symbol and its simplified equivalent circuit.
73
The open loop gain AOL is typically of order of 100,000; input impedance from
several mega Ohms to more than 109 Ohms, and output impedance of 50-500 Ohms.
An ideal op-amp would have infinite open loop gain, infinite input impedance and
zero output impedance.
The most common circuit used for signal conditioning is the differential
amplifier circuit shown in Figure 3.21.
Figure 3.21 Differential amplifier circuit.
If ideal behavior is assumed, then the calculation of the gain characteristics of
operational amplifiers with feedback is considerably simplified. The calculation can
be modified if it is necessary to take into account the non-ideal behavior of practical
amplifiers.
Under the assumption of infinite gain, the output would be infinite for any non-
zero difference between V- and V+. Accordingly,V- and V+ must be virtually equal.
Since the input impedance is also assumed to be infinite, the input bias currents i+
and i-must be zero. Now applying superposition to calculate the output due to the two
inputs V1 and V2 yields
Assume V2=0;then
1
1
2
R
V
R
V
o
=>
1
2
1
R
R
VV
o
(3.38)
Now assume V1=0;
21
2
2
2
1
1
RR
R
V
RR
R
V
o
=>
1
2
2
R
R
VV
o
(3.39)
Now, combining Equations (3.38) and (3.39):
)(
12
1
2
VV
R
R
V
o
(3.40)
74 Modern Distributed Control Systems
Figure 3.22 shows the most common Op-amp configurations. Using an analysis
similar to the one used for Figure 3.21, the transfer characteristics of these
configurations can be derived.
Figure 3.22(a) is an inverting amplifier. It is the same as the differential
amplifier of Figure 3.21 when V2 is zero.
1
1
2
V
R
R
V
o
; and
21
21
RR
RR
R
Figure 3.22(b) is a non-inverting amplifier. It is again similar to differential
amplifier configuration when V1is zero and the potential divider at the non-inverting
input is removed.
2
1
2
)1( V
R
R
V
o
(3.41)
This non-inverting configuration has substantially higher input impedance than
the inverting configuration. Figure 3.22(c) is a unity gain buffer. It has high input
impedance and low output impedance. It is used as a buffer stage between successive
signal conditioning stages or filtering stages.
Finally, Figure 3.22(d) is a signal summing circuit, where the amplifier output
voltage is given by
)....(
2
k
k
c
c
b
b
a
a
o
R
V
R
V
R
V
R
V
RV
(3.42)
It is important to remember that the voltage swing of the output of the amplifier
is limited by the amplifier's power supply. For example if the power supply is ± 12
volts, the output is “clipped''or saturated when the amplifier output exceeds this level.
In practice, the saturation voltage is slightly less than the power supply voltage.
75
Figure 3.22 Common op-amp circuits.
Common Mode Rejection Ratio (CMRR)
In ideal operational amplifiers, the output depends only on the difference
between the inverting and the non-inverting inputs, irrespective of their common
mode voltage, where
VCM = (V-+V+)/2;
For a practical operational amplifier:
CMCMOLo
VAVVVV
)(
,
where ACM is the common mode gain.
For ideal amplifier ACM=0; and for practical amplifier ACM should be very small
compared to AOL. A commonly used term for the performance of op amp is the Common
Mode Rejection Ratio (CMRR),
CMRR = AOL/ ACM, which implies ACM=AOL/CMRR.
The CMRR ratio is usually expressed in decibels as 20 log10 (AOL / ACM). In
practical op amps this ratio is about 90-120 dB.
76 Modern Distributed Control Systems
Instrumentation amplifier
_
+
V
1
V
o
V
2
_
+
R
3
o
_
+
V
o
R
2
R
1
R
2
R
1
o
o
R
3
R
G
Figure 3.23 Instrumentation Amplifier.
An Instrumentation Amplifier, or In-Amp, is a closed-loop, differential-input
amplifier with an output that is single-ended with respect to a reference terminal. It
has closely-matched input resistances that are very high in value, typically greater
than 109 ohms. Like an operational amplifier, an instrumentation amplifier must have
very low input bias currents (currents flowing in or out the input terminals, typically
in the order of several nA.). The instrumentation amplifier circuit consists typically
of 3 or more operational amplifiers together with their feedback resistances in a
single package as shown in Figure 3.23. In-Amps are used in signal conditioning
applications for precision dynamic range modification, impedance transformation
and bandwidth reduction. In-Amps are characterized by:
1. Finite, accurate and stable gain, usually between 1 and 1000.
2. Extremely high input impedance.
3. Extremely low output impedance.
4. Extremely high CMRR.
5. Very low DC offset, low drift, and low noise.
While the Op-Amp domain of applications is generally analog active circuit
design, the Instrumentation Amplifier (a specialized kind of Op-Amp based design)
is the best choice for interfacing high impedance bridge sensors, because of its
balanced high impedance inputs, isolated feedback networks and excellent common
mode rejection. In-amp is dominantly used where great accuracy and stability of the
circuit both short- and long-term are required.
The main difference between an instrumentation amplifier and an operational
77
amplifier is the fact that an Op-Amp is an open-loop device, whereas an In-Amp
comes with a preset internal feedback resistor network that is isolated from its input
terminals. Because it is an open-loop device, an Op-Amp's function and gain are set
by providing it with external components that generally constitute a feedback circuit
between its output and its inverting input. On the other hand, the gain of an In-Amp
is either manufacturer-preset or may be set by the user using an external gain resistor
or by manipulating internal resistors via some of the In-Amp's pins.
Although the instrumentation amplifier is usually shown schematically identical
to a standard Op-Amp, the electronic instrumentation amp is typically composed of
three Op-Amps, as shown in Figure 3.23. These are arranged so that there is one Op-
Amp to buffer each input (+,−), and one to produce the desired output with adequate
impedance matching.
The overall differential gain of the circuit is:
))(21(
1
23
R
R
R
R
A
G
d
(3.43)
In-Amps built from individual Op-Amps could suffer from common-mode gain
caused by mismatches in the values of the equally-numbered resistors and by the
mismatch in common mode gains of the two input Op-Amps. On the other hand, an
IC instrumentation amplifier typically contains closely matched laser-trimmed
resistors, and therefore offers excellent common-mode rejection. Examples include
AD620, MAX4194 and INA128.
Comparators
Figure 3.24(a) contains an Op-Amp circuit called a comparator, which takes an
analog voltage and compares it to a threshold voltage, Vref. If Vin is less than the
threshold, the output of the circuit takes the highest possible output value (Vsat). If
Vinis greater than the threshold, the output of the circuit takes the lowest possible
value ( - Vsat). The output of the comparator will swing quickly and completely from
maximum output to minimum output (also called “rail to rail''). The main problem
with this circuit is that near the changeover point, even small amounts of noise will
cause the output to switch back and forth. Thus, near the changeover point there may
be several transitions at the output and this may cause problems elsewhere in the
overall circuit. The solution to this is to use a Schmitt Trigger.
78 Modern Distributed Control Systems
Output
high
Output
low
Output
Vref
V
o
_
+
V
+
V
-
R
2
R
1
o
o
Output
Output
high Output low
Schmitt
trigger
Upp er t hres hold
Low er thres hold
time
time
V
in
V
in
V
in
V
in
V
in
time
time
Vref
Vref
(c)
(b)(a)
(d)
V
o
Figure 3.24 (a) Op-Amp as comparator. (b) Input-Output transfer characteristics of the
comparator. (c) Comparator with Schmitt-trigger. (d) Transfer characteristics of
Schmitt trigger.
A Schmitt trigger can be realized using positive feedback as shown in Figure
3.24(c). Positive feedback can increase the switching speed of the comparator and
provide noise immunity in the same time.
The switching level for positive going input is
21
2
21
1
RR
R
VV
RR
R
V
refsatin
The negative going input is given by
21
2
21
1
RR
R
VV
RR
R
V
refsatin
In effect, the Schmitt trigger provides a noise rejection range equal to
sat
V
RR
R
21
1
within which the comparator cannot switch. Thus, if the noise amplitude is contained
within this range, the Schmitt trigger will prevent multiple triggering.
3.6 Voltage-to-current Transmitters
In instrumentation circuitry, DC signals are often used as analog representations
79
of physical measurements such as temperature, pressure, flow, weight and motion.
Most commonly, DC current signals are used in preference to DC voltage signals,
because current signals are exactly equal in magnitude throughout the series circuit
loop carrying current from the source (measuring device) to the load (indicator,
recorder or controller), whereas voltage signals in a parallel circuit may vary from
one end to the other due to resistive wire losses.
4-20 MA
V
in
1-5 volts
R=250 Ohms
R
loa d
Figure 3.25 Simple 4-20 mA transmitter
A simple Op-Amp circuit for a current transmitter is shown in Figure 3.25. The
input voltage to this circuit is assumed to be coming from some type of physical
transducer/amplifier arrangement, calibrated to produce 1 volt at 0 percent of
physical measurement, and 5 volts at 100 percent of physical measurement. The
standard analog current signal range is 4 mA to 20 mA, signifying 0% to 100% of
measurement range. The purpose of the 4.0 mA offset is to differentiate between
zero-level signal and wire disconnection fault. At 5 volts input, the 250 Ω (precision)
resistor will have 5 volts applied across it, resulting in 20 mA of current in the large
loop circuit (with Rload). It does not matter what resistance value Rload is, or how much
wire resistance is present in that large loop, so long as the Op-Amp has a high
enough power and supply voltage to output the voltage necessary to get 20 mA
flowing through Rload. The 250 Ω resistor establishes the relationship between input
voltage and output current, in this case creating the equivalence of 1-5 V input and 4-
20 mA output.
Another common name for this circuit is voltage to current (E/I) transducer.
Figure 3.26 shows an improved circuit for the E/I transducer, which allows a separate
24 volts power supply for the field loop current. The FET acts a buffer circuit and
enables higher operating voltage than the operating voltage of the Op-Amp.
There are certain recommendations for wiring current loops depending on
whether the field transmitter is self-powered or not, and whether the field actuator is
also self powered or not. Practitioners should consult the ISA recommendations
80 Modern Distributed Control Systems
ANSI/ISA-50.00.01-1975 (R2002) for detailed information. A summary is given
here for quick reference.
Figure 3.27(a) shows a type 2 field transmitter. The field transmitter is assumed
to have its own power supply in the field, i.e., it is field-powered. The transmitter
sources the current and sends it to the DCS side. The DCS terminates the current
loop with a proper resistance, which converts the current to voltage for further signal
processing. The signal common (COM) refers to a point in the signal loop which may
be connected to the corresponding points of other signal loops. It may or may not be
connected to earth ground.
VS 24 volts
4-20 MA
FET
V
in
1-5 volts
R=250 Ohms
Figure 3.26 E/I 4-20 mA transmitter with separate loop power supply.
Figure 3.27(b) illustrates type 3 transmitter (3-wire transmitter). The transmitter
needs power from the DCS side. This transmitter is called loop-powered or DCS
powered. The power is usually supplied by a dedicated 24 volt power supply and
shared by all loops. The third type is called Type 4 (4-wire transmitter). The field
transmitter uses four connection wires, excluding wire shielding, as shown in Figure
3.27(c), since it also requires a separate power source for other internal uses or it
requires AC power.
81
Figure 3.27 Wiring types for field transmitters.
If the DCS is the transmitting side, then the receiver could be self-powered in
the field. In this case, the DCS sends only the 4-20 mA signal in as in Type 2 wiring
of Figure 3.28(a). If the receiver needs power from the DCS, then we could have 3
wires or 4 wire connection as shown in Figures 3.28(b) and 3.28(c) respectively.
Figure 3.28 2,3, and 4 wire connections of DCS side 4-20 mA transmitters.
Isolation
Ground connection between dispersed instruments in the presence of a common
mode voltage could allow ground currents to circulate, leading in the best case to a
noisy representation of the signal under investigation. In the worst case, assuming
that the magnitude of common mode voltage and/or current is sufficient, instrument
destruction is likely.
Galvanic isolation is the principle of isolating functional sections of electrical
systems so that there is no electric current flowing directly from one section to the
next. Energy and/or information can still be exchanged between the sections by other
means, such as capacitance, induction, electromagnetic waves, or by optical, acoustic
or mechanical means.
82 Modern Distributed Control Systems
V
in
Signal
Com 1
+V
s1
-V
s1
Gnd 1
+V
s2
-V
s2
Gnd 2
V
out
Signal
Com 2
Isolation
Barrier
Figure 3.29 Isolation Amplifier.
Isolation amplifiers, as shown in Figure 3.29, are commonly used to provide
electrical isolation and an electrical safety barrier. The isolation barrier electrically
separates the front end part, which interfaces directly with the field signals, from the
DCS data acquisition components, providing protection from common mode
voltages, which are potential differences between instrument ground and signal
ground. The most common techniques for isolation are the following:
Magnetic Isolation
In magnetic isolation, transformers can magnetically pass analog-type AC
signals from the input section to the output section, while effectively sustaining high
common-mode voltages. Transformer coupling is also used to provide isolated power
to the input stage. Commercial instrument amplifier circuits with magnetic isolation
can provide several thousands of volts of common mode voltage isolation. Similar
instrumentation amplifiers are available for powering isolated bridges, cold junction
compensation and other special signal-conditioning requirements.
Optical Isolation
A basic optical isolation circuit is shown in Figure 3.30. The measured input
voltage signal is converted to a current, which activates a light-emitting diode within
an optical coupler. A light-sensitive transistor located adjacent to the diode, but on
the opposite side of a voltage barrier, converts the light signal back to a current that
the instrumentation amplifier can handle. The voltage barrier typically provides 750V
to 1.5kV of isolation between input and output. Optical isolation is now the most
commonly used method to couple digital signals.
83
LED
V
in
Photo
Transistor
Vcc
R
loa d
Figure 3.30 Electronic optical coupler.
Capacitive Isolation
A capacitor is a passive device that couples AC voltage from one stage to
another while blocking the DC component. The measured signal to be isolated is first
modulated and coupled through the capacitor to the receiving side. On the receiving
side, the AC signal is demodulated to restore the original signal. With digital
modulation the capacitive barrier characteristics do not affect signal integrity, which
results in excellent reliability and good high frequency transient immunity across the
barrier. Both the amplifier and barrier capacitors are usually housed in a hermetic
integrated circuit package. This technique is often applied to low-cost isolation
amplifiers where the coupling capacitor is composed of a common layer between two
isolated IC substrate sections. Signal isolation using these specialized ICs is rated as
high as 1,500 V. The main benefits of this approach are simplicity, low cost and
bandwidths as high as 50 kHz.
3.7 Analog to Digital and Digital to Analog converters
Analog to digital converters (ADC) can be divided into the following main
groups:
Flash ADC (parallel design);
Digital-to-Analog Converter-based design (e.g., ramp counter, successive
approximation, tracking);
Integrator-based design (e.g., single-slope, dual-slope);
Sigma-delta design (also known as delta-sigma, 1-bit ADC or oversampling
ADC).
84 Modern Distributed Control Systems
Each one of these main groups can have several different implementations.
Flash ADC
A reference voltage is divided by a series of equal resistors into 2n levels. The
input signal is compared with all the levels, the outputs of the comparators are then
fed to a logic circuit to code the number of activated outputs into an n-bit result.
Figure 3.31illustrates a 3-bit Flash ADC. The comparison is done by Op-Amps. All
resistors have the same value.
Priority Encoder
(8 to 3 line)
Digital Output
D0
D1
D2
Analog
Input
Vin
Vout
R
R
R
R
R
R
R
R
Figure 3.31 Illustration of a 3-bit flash ADC.
Even though Flash ADC uses a very simple design, it requires a lot of
components. The number of required comparators is 2n-1, where n is the number of
output bits. Thus, for an eight-bit Flash ADC, 255 comparators would be necessary
and for a 16-bit Flash ADC, 65,535 components would be required.
On the other hand, Flash ADC is the fastest ADC type available. The digital
equivalent of the analog signal will be available right away at it output (it will only
have the propagation delay inserted by the logic gates) – hence, it is named“flash.”
ADC Resolution
The voltage resolution of an ADC is equal to its overall voltage measurement
range divided by the number of discrete intervals as in the formula:
85
N
EE
Q
FSR
M
FSR
2
(3.44)
Where:
Q is resolution in volts per step (volts per output code),
EFSR is the full scale voltage range = VRefHi − VRefLow,
M is the ADC's resolution in bits.
N is the number of intervals, given by the number of available levels (output
codes), which is: N = 2M
For example, if the full scale measurement range is 0 to 10 volts, the ADC
resolution is 12 bits: 212 = 4096 quantization levels, then ADC voltage resolution is
(10V - 0V) / 4096 levels = 10V / 4096 codes = about 2.44 mV per step.
Digital-to-analogue converters (DACs)
A DAC gives an analogue output voltage which is proportional to an input
parallel digital signal, e.g., 8-bit signal b7b6…b0.
An operational amplifier is used to sum a number of currents which are either
zero or non-zero depending on whether the corresponding bit is 0 or 1. The current
corresponding to the most significant bit is twice that corresponding to the next
significant bit and so on. This is achieved in Figure 3.32(a) by using a network of
binary weighted resistors R, 2R, 4R and 128R. The problem with this arrangement
is that a very large range of resistance values is required. A better modular design is
the ladder network shown in Figure 3.32(b). The advantage of this circuit is that the
required current distribution can be obtained with only two values of resistance, R
and 2R.
86 Modern Distributed Control Systems
Figure 3.32 Digital to analog conversion circuits.
DAC-Based ADC Designs
The simplest design of DAC-based ADC is called digital ramp ADC, shown in
Figure 3.33(a). Vin is the analog input and Dn throughD0 are the digital outputs. The
basic idea is to increment the counter using a clock source, CLOCK. The DAC will
then produce a staircase output voltage that is continuously compared with Vin until
the DAC output voltage reaches the value of the analog signal Vin. The comparator
output then changes to low and stops the counter. The circuit requires a START pulse
to reset the contents of the counter at the beginning of conversion. The comparator
output is used as an END Of Conversion (EOC) notification signal to the host
computer or to the external digital hardware systems. The comparator output signal
drives also the “Control” input of the counter. The counter control input turns on the
counter when it is high and stops the counter when it is low.
87
Figure 3.33 DAC-based A/D converters, (a) basic converter, (b) successive
approximation converter.
The main problem with this circuit is that it is very slow: it would require up to
2n-1clock cycles to convert each sample. For an eight-bit ADC, it would take up to
255 clock cycles to convert a single sample. For a 16-bit ADC, it would take up to
65,535 clock cycles to convert one sample.
The second DAC-based ADC circuit in Figure 3.33(b) is called Successive
Approximation Analog to Digital Converter (SAADC). Vin is the analog input and Dn
throughD0 are the digital outputs. As you can see, it uses a buffer, so the digital data
is still available to be read by the computer while the converter is processing the next
sample. SAADC has the same control signals as the ramp counter ADC: START,
which commands the ADC to start the conversion, a CLOCK for timing the
conversion steps, and EOC,which tells the host computer that the conversion of that
particular sample has finished.
The SAADC Control Logic unit starts conversion by first setting the MSB in the
Successive Approximation Register (SAR). The comparison between Vin and the
DAC output will tell the control unit if this bit should remain set at 1 or should be set
at 0. The control logic performs the following sequential logic:
For i=n-1 to 0
{ Set bit_i=1;
If Vout>Vin {Reset bit_i}
}
The successive approximation ADC will find the correct digital value for Vin in
n clock cycles, where n is the number of bits used. For an eight-bit ADC, the digital
value for each sample can be found in eight clock cycles and, for a 16-bit ADC, the
digital value for each sample is found in 16 clock cycles (compared to 65,535 on the
previous circuit). Figure 3.33(b) illustrate an 8 bit A/D, and the number of clock
88 Modern Distributed Control Systems
cycles would be n=8.
Single-Slope ADC (SSADC)
The idea behind SSADC, shown in Figure 3.34(a), is to generate a ramp voltage
with a fixed rate, and measure the time it takes to reach the value of the input voltage.
The ramp voltage here is an analogue voltage generated by integrating a reference
voltage. The time is measured by a digital counter driven by a high speed digital
clock source.
The integrator output voltage is given by
The time, T, at which the integrator voltage equals Vin is given by
in
ref
V
V
RC
T
. (3.45)
Figure 3.34 (a) Single-Slope ADC, (b) Dual-Slope ADC.
When Vin is equal to the voltage achieved by the ramp waveform generated by
the integrator, the control circuit captures the last value produced by the counter (by
trigging the output buffer clock pin), which will be the digital value corresponding to
the analog sample being converted. At the same time, it resets the counter and the
integrator, starting the conversion of the next sample.
Like the successive approximation ADC, this circuit uses an output buffer,
meaning that the last converted value can be read while the ADC is converting the
current value. Even though its design is simpler than the DAC in Figure 3.33(a), it is
still based on a counter, and thus, it suffers from the same basic problem: speed. It
requires up to 2n-1 clock cycles to convert each sample. As with the digital ramp
counter, a 16-bit ADC would take up to 65,535 clock cycles to convert one sample.
0
0
t
ref ref
V V
V dt t
RC RC
= =
ò
89
Dual-Slope ADC
Another popular design is called dual-slope ADC, show in Figure 3.34(b). It
solves an inherent single-slope problem called calibration drift. The analog switch
first connects Vin to the integrator. The integrator then starts generating a ramp
waveform, and the switch position will remain set at Vin during a fixed number of
clock cycles. When this number of clock cycles is reached, the analog switch moves
its position to allow –Vref to enter the integrator. Since – Vref is a negative voltage, the
ramp waveform starts to decrease towards zero, using a number of clock cycles
proportional of the Vin value.
See Figure 3.35 for a better understanding, where the waveform at the integrator
output is shown. T1 is fixed, while T2’s duration is proportional to the value of Vin.
Vin sets the slope angle, where the higher Vin is, the higher the angle will be.
The principle of operation is based on allowing the input signal to drive the integrator
for a fixed time,T1,
1
0
1
1
T
in
dtV
RC
V
.
Since Vin is constant,
RC
TV
V
in 1
1
.
Generated using Vin
Generated using Vref
T1
(fixed)
T2
(proportional to Vin
V
t
Figure 3.35 Waveform found at the integrator output.
After time T1, the input to the integrator is switched to – Vref ,
t
RC
V
RC
TV
V
REF
in
1
2
.
When V2=0,
2
1
T
RC
V
RC
TV
REFin
; or
1
2
T
T
VV
REFin
(3.46)
which reduces the errors due to drift and uncertainty in R, C and clock duration.
90 Modern Distributed Control Systems
In many hand held devices (like multi-meters), T2 is measured by a counter
consisting of several digital decade counters, where each decade counter is connected
to a seven-segment numeric display for direct readout of the measured value. Four to
seven decimal digit display can be achieved.
Data Acquisition Cards
Many data acquisition systems are built using cards that can be placed inside
PCs or special propose computers, or that can be connected to a PC using USB,
Ethernet or wireless interface. Modern cards are loaded with multi-functions and
intelligently controlled by dedicated microcontrollers. The cards operate under the
control of a host computer program. The card is configured by setting/resetting
appropriate bits in control registers inside the control logic unit.
The following presents some of the generic functions commonly found in these
data acquisition cards. Figure 3.36 depicts a block diagram of a typical data
acquisition card.
The analogue input (AI) unit consists of multiplexer, amplifier and an A/D
converter. The multiplexer allows many analog input channels to share the same
amplifier and use only one A/D converter. Typical multiplexers accept 8 or 16 AIs.
The internal logic selects which channel to be connected to the output of the
multiplexer at any time. The selection of channels is performed by setting channel
selection address bits, three bits for 8-channel multiplexer, and four bits for 16-
channel multiplexer. Many cards allow pairing of the analog channels for differential
input channels. For differential AI, the card would contain two separate 8-channel
multiplexers. Each input of a differential channel goes to a different multiplexer, so
they can be both selected at the same time. The outputs of the two multiplexers are
then connected to the two differential inputs of an instrumentation amplifier.
The instrumentation amplifier gain is determined by selecting one of a number
of feedback resistors, RG; e.g., the selection of a particular gain can be done by
setting appropriate bits in the card control registers. The card may also contain
Digital inputs and Digital outputs DI/DO interface. DIs usually accept TTL level
inputs. The DO lines typically provide TTL levels (0-5 volts) as well. Some cards
may include open-collector DOs for interfacing to higher voltage and higher current
driving capabilities, or have on board micro-electromechanical relays.
Data acquisition cards may also include analog output AO channels. AOs with
8, 12, and 16 bit D/A converters are typically provided in industrial I/O cards. Some
cards provide selectable reference voltages for the A/D and the D/A units. They may
also provide a choice between using the internal references or external voltage
reference. The cards may include a clock source and a number of timers/counters.
The clock/timer/counter can be set to provide the sampling rate for the A/D
91
converter, timed DO actions, or it can act as counter for selected DI lines.
Multi plexer
D/A
Digital I/O
V
o
Am pli fier
Programmable
gain
Analog to
Digital
converter
Clock/Timer
/Counter
Digital Bus Interface Logic
O
O
Programmable
Control Logic
Reference
voltage
O
O
+V
ref
-V
ref
Vcc
Figure 3.36 Typical structure of a data acquisition card.
The host computer communicates with the card via a digital interface unit. This
interface logic could be by way of a PCI bus, a VME bus, a USB bus or an Ethernet
or a wireless connection. The host computer program is responsible for acquiring the
data collected from the card in a timely manner, and to respond to the card’s
notification signals and requests. Modern cards contain embedded controllers and on
board memories for storing information and possibly performing additional on-board
signal processing, releasing the host computer from many low level detailed
functions.
92 Modern Distributed Control Systems
3.8 Intrinsic safety
Since the early days of the industrial age, using electricity in potentially
explosive areas has been problematic. Electrical equipment may generate arcs,
sparks, or hot surfaces, which could cause an explosion. Explosions are exothermic
reactions that require fuel, oxidizer, and ignition energy simultaneously. Fuel could
be flammable liquids,flammable vapors, gases, combustible fibers or dusts; oxidizer
is the oxygen in air; and ignition energy could be electrical, mechanical, or thermal.
Eliminating one or more of these factors reduces the risk of an explosion.
Hazardous locations are identified by class and division. A Class refers to types
of hazardous atmosphere. Division or Div refers to the likelihood of a hazardous
atmosphere being present. North American standards identify hazardous areas by
class, division and group, or optionally by class, zone and gas group. Europe and
other regions that follow IEC or CENELEC standards designate these areas byzones
and group.
According to NFPA [Ref 15] standards, hazardous area classifications are as follows:
Class I: Gas or vapor,
Class II: Dust,
Class III: Fibers or filings;
Division 1: An explosive concentration of hazardous material may be
continuously, intermittently or periodically present under normal operating
conditions.
Division 2: An explosive concentration of hazardous material is present only
under fault conditions, and if such a condition occurs, it will exist only for a short
period of time.
On the other hand, the International Electrotechnical Commission (IEC)
published a three zone classification based on the work of the CENELEC, the
European Committee for Electrotechnical Standardization.
Zone 0 is defined as an area where an explosive air/gas mixture is continuously
present or present for a long period.
Zone 1 is an area where an explosive air/gas mixture is likely to exist under
normal operating for short periods.
Zone 3 is an area where an explosive air/gas mixture is not likely to occur under
normal operating conditions and if such a condition occurs, it will exist only for a
short period.
93
Further classifications by groups are also specified based on the gas or the
atmosphere ignition capabilities. Hazardous area apparatusesare also classified
according to the maximum surface temperature produced under faulty conditions.
The primary safety goal is avoiding having a source of ignition occur in the
presence of a hazardous atmosphere. To accomplish this, the three recognized
methods of preventing injury or damage from an explosion are:
Containment: the methods/procedures ensure that if an explosion occurs, it is
confined in an enclosure built to resist the excess pressure created by the
internal explosion.
Segregation: these methods don’t allow the dangerous air/gas mixture to
penetrate the electrical equipment enclosure. The enclosure is pressurized
with an inert gas, such as nitrogen.
Limitation: these method reduce the amount of energy contained in the
equipment or circuitry that could cause an ignition of the dangerous air/gas
mixture.
Intrinsic safety principle
There are national and international standards as well as codes of practice for
equipment design and installation for these three techniques. For instrumentation
applications, the simplest and most cost effective technique is intrinsic safety.
According to ISA-RP12-6 an intrinsically safe instrument is equipped and wired to
be incapable of releasing sufficient electrical or thermal energy under normal or
abnormal conditions to cause ignition of a specific hazardous atmospheric mixture in
its most easily ignited concentration.
Intrinsically safe standards apply to all equipment that can create one or more of
these potential explosion sources, including electrical sparks, flames and hot
surfaces, static, electromagnetic radiation, chemical reactions, mechanical friction
and impacts, compression, acoustic energy and ionizing radiation.
In an intrinsically safe system, electrical equipment in the hazardous area and
the interconnected instrumentation in the safe area should be designed to reduce
energy. An intrinsically safe apparatus is designed to intrinsic safety standards and
approved by third-party testing laboratories. This means that the open-circuit voltage
and short-circuit current are reduced to values that will not cause an ignition by
opening, closing or grounding the circuit or any parts of the circuit.
Simple apparatus devices are low energy and do not need certification. A simple
apparatus is a device in which none of the following values are exceeded:
1.2 Volts,
94 Modern Distributed Control Systems
0.1 Ampere,
20 micro Joules,
25 milli Watt.
Simple apparatus examples include passive sensors such as resistance
temperature detectors (RTDs), light-emitting diodes (LEDs), thermocouples and
photocells. These devices can be directly mounted in the hazardous location and do
not require certification or labeling, but they must be connected to an intrinsically
safe barrier either directly or indirectly.
Zener Barriers
In intrinsically safe electronic systems Zener barrier devices are used to limit
the amount of electrical energy produced in hazardous areas under any possible fault
condition. Figure 3.37(a)shows a basic positive single-channel Zener barrier with
negative ground, while Figure 3.37(b) shows a positive dual-channel Zener barrier
with floating leads. Zener barrier modules are usually located in a safe area like a
control room. A signal conditioning process or data presentation element such as an
amplifier, computer or recorder will be connected across terminals 1 and 2.
Terminals 3 and 4 will be connected via a cable to a sensor, transducer, or transmitter
located in the hazardous area.
The barrier is designed such that electrical energy in the hazardous area is
limited to less than the minimum ignition energy of the explosive gas mixture under
a fault condition (where a high voltage up to 250 V.rms is applied across 1 and 2). In
Figure 3.37(a), the fuse F and resistors R1 and R2protect the Zener diodes D1 and D2.
The surge current rating of the fuse should be significantly less than the surge current
rating of the diodes, so that if a high fault current occurs, the fuse F blows before
either D1 and D2 burn out. D1 provides a safe path to earth for the AC fault current;
the corresponding r.m.s voltage across D1 is limited to the Zener breakdown or
avalanche voltage Vz of the diode. A second diode D2 is connected in parallel with
D1 for increased reliability, so that even if D1 fails, the rms voltage across D2, and
therefore across terminals 3 and 4, is again limited to Vz. The resistor R2limits the
fault current in external hazardous area circuit to a maximum value of Vz/R2.
In all cases the intrinsically safe barriers and equipment must be wired as per an
approved drawing. The capacitance and inductance of the wiring must be included in
the loop evaluation. The barrier GND terminals should be connected to an intrinsic
safety ground bus, which is properly connected to one or more true ground point.
95
Figure 3.37 Zener Barrier (a) Positive Single Channel with negative ground, (b)
Positive dual-channel Zener Barrier.
3.9 Smart sensors and actuators
Figure 3.38 Block diagram of a measurement system.
According to the IEEE 1451.2 specifications, a smart sensor or actuator is
defined is a sensor “that provides functions beyond those necessary for generating a
correct representation of a sensed or controlled quantity.”
In modern digital transmitters, the elements and stages of measurement systems
are different from the traditional sequence of stages presented in the introductory
section 1.2. For digital transmitters, the sensing element may or may not be
integrated with the digital transmitter.
Yet there is a new spectrum of integrated circuit sensors and microelectro-
mechanical machined (MEMS) sensors that naturally integrate with digital
transmitters. In addition, the digital transmitter includes the signal conditioning
function, signal processing,a digital communication element and an embedded
96 Modern Distributed Control Systems
microcontroller to execute the communication protocol, coordinate the internal
functions, and interpret the received digital commands and respond with appropriate
messages, as shown in Figure 3.38.
In classical transmitters the process value is sent as a one-way continuous 4.0 to
20.0 mA analog value. In digital transmitters, the process value is transmitted as a
message. The digital transmission allows two-way traffic. There could be many
classes of messages. Some of the standard message classes will be covered with Field
Buses in later chapters.
Smart sensors usually perform more functions than primary measurements. The
following are some of the features found in smart sensors/actuators:
Plug and play (PnP). PnP describes the characteristic of a device specification,
which facilitates for the DCS system or host system to immediately discover the
device once it is plugged in without complicated setup, and to automatically
configure the device and assign resources. PnP allows sensors to be installed,
upgraded, replaced or moved with minimum effort.
1. Embedded device self-description, called Transducer Electronic Data Sheet
(TEDS), which can be uploaded to the host system in a standard format.
2. Bi-directional digital communication.
3. Sensor linearization by interpolation or look up tables.
4. Advanced digital signal processing as digital filtering to remove unwanted
noise with possibly ability to setup the desired bandwidth.
5. Programmable amplifier gain.
6. Configurable sensor input range.
7. Self testing and reporting.
8. Alarm reporting and programmable alarm levels.
9. Cold Junction Compensation (CJC) for thermocouples.
10. Elimination of wiring in the case of wireless sensors.
11. System time-stamping of measurements.
12. Sensing environmental conditions and compensation for the interfering and/or
modifying inputs, leading to higher accuracy and precision.
An example of commercial smart sensors is the smart thermocouple temperature
transmitter. The transmitter can be connected to various types of thermocouples B, E,
J, K, L, N, R, S, T, U, etc. The user can set up the transmitter with software to choose
the proper thermocouple table or interpolation polynomial. The user can also specify
the input temperature range, the transmitter then uses appropriate linearization
polynomial for the specific range, and proper gain such that the entire span of the
output range corresponds to the desired input range. The system also includes cold
97
junction compensation, where it has an on-board temperature sensor for the
environment, and performs the proper cold junction compensation. It also includes
remote configuration via hand-held terminal or via PC, on-line and off-line
configuration, local LCD display and optional PID control function with
programmable setpoint curve.
98 Modern Distributed Control Systems
SUMMARY
This chapter presented the fundamental concepts of several important
characteristics of field equipment and their interfacing to the DCS. These
concepts are necessary to understand the I/O functions of the DCS, and will also
be needed later during the discussions of the DCS software. The following are
the main points of this chapter:
1. Static characteristics of a sensor can be represented by a general model,
which includes a linear model which is basically determined from the
input range and output range of sensor, nonlinearity and the effect of
changes in the environmental conditions on the sensor transfer
characteristics.
2. The uncertainty in the measurement can be estimated from the statistical
characteristics of the measured variable, the environmental factors, and the
uncertainty in the sensor parameters due to manufacturing tolerance.
3. Electrical bridges are used to convert changes in sensor’s resistance,
capacitance, or inductance to electric voltage. When two sensors are
connected to a bridge, this configuration is called a half bridge, and when
four sensors are connected to bridge it is called full bridge. Half bridge
and full bridge configurations, whenever possible, have higher bridge
sensitivity and compensate for environmental changes in the sensors.
4. Op-Amps are used to change the signal levels from one voltage range to
another voltage range. They are also used for impendence buffering to
separate one processing stage from another processing stage.
Instrumentation amplifiers consist typically of three well-matched Op-
Amps with precision feedback configurations to provide very high input
impedance, precision gain and high CMRR.
5. The basic electronic circuits for the 4-20 mA current transmitters are
presented and their connection and isolation are also discussed. Type 2,
Type 3, and Type 4 wiring for current transmitters were also briefly
covered. The principle and techniques of Galvanic isolation for ground
isolation functional sections of electrical systems were also introduced, so
that ground current due to common mode voltage cannot move from one
section to another.
6. Various types of analogue to digital converters as successive
approximation A/D, and dual slop A/Ds were introduced in Section 3.7.
7. The concepts of intrinsic safety and process area classifications into
99
classes and divisions, or zones are briefly introduced. Area classification
is very important criterion for selecting the appropriate certified
instrumentation and DCS. The basic structure and functions of Zener
barriers are also introduced in this chapter.
8. Finally, the structure and functions of smart sensors and actuators were
introduced. The main features of smart transmitters are PnP, embedded
TED, digital communication, embedded controller, and inclusion of signal
conditioning, amplification, signal processing, A/D and D/A conversion,
and possibly other advanced signal processing techniques for higher
accuracy and precision.
References
[1] John Bentley, Principles of Measurement Systems, Prentice Hall; 4th ed. 2004.
[2] E. O. Doebelin, Meaurement Systems, application and design, Fifth edition, McGraw Hill, 2004.
[3] Curtis D. Johnson, Process Control Instrumentation Technology, Prentice Hall; 7th ed., 2002.
[4] Béla G. Lipták, Instrument Engineers' Handbook, 4th Edition, Vol. 1: Process Measurement
and Analysis, ISA/CRC, 2003.
[5] NIST, Guidelines for Evaluating and Expressing the Uncertainty of NIST Measurement Results,
http://physics.nist.gov/Pubs/guidelines/appd.1.html.
[6] Ronald H. Dieck, Measurement Uncertainty, 4th Edition, ISA, 2007.
[7] S. Franco, Design with Operational Amplifiers and Analog Integrated Circuits, McGraw-Hill,
3rd edition, 2001.
[8] Coughlin R.F. & Driscoll F.F., Operational Amplifiers and Linear Integrated Circuits, Prentice
Hall, 6th edition, 2000.
[9] Smither, Pugh and Woolard: “CMRR Analysis of the 3-op-amp instrumentation amplifier”,
Electronics letters, 2nd February 1989.
[10] ANSI/ISA-RP12.06.01-2003 Recommended Practice for Wiring Methods for Hazardous
(Classified) Locations Instrumentation Part 1: Intrinsic Safety.
[11] ISA-RP12.12.03-2002 - Recommended Practice for Portable Electronic Products Suitable for
Use in Class I and II, Division 2, Class I Zone 2 and Class III, Division 1 and 2 Hazardous
(Classified) Locations
[12] ANSI/ISA-TR12.24.01-1998 - (IEC 60079-10 Mod) - Recommended Practice for Classification
of Locations for Electrical Installations Classified as Class I, Zone 0, Zone 1, or Zone 2.
[13] Randy Frank, Understanding Smart Sensors, Artech House, 2nd Ed., 2000.
[14] ISO/IEC Guide 99:2007 International vocabulary of metrology -- Basic and general concepts and
associated terms (VIM), http://www.iso.org/iso/catalogue_detail.htm?csnumber=45324.
[15] National Fire Protection Association, www.nfpa.org.
100 Modern Distributed Control Systems
EXERCISES
(Straight forward applications of the concepts of the chapter)
E3.1] A resistance temperature sensor is to be used to measure temperatures between 100 and 350 °C.
The resistance is given by
),1085.50391.01()(
27
TxTRTR
o
with Ro=100 Ω.
a) What is the input range of this sensor?
b) What is the output range of this sensor?
c) What is the input span and the output span?
E3.2] Consider again the RTD of problem E3.1,
a) What is the resistance of the sensor at 200 °C.
b) Find K and a of the linear model.
c) What is the estimated resistance of the sensor at 200 °C using the linear model?
d) What is the nonlinearity at 200 °C?
E3.3] Consider the thermocouple of Example 3.2. The sensor is be used to measure temperatures
between 200 and 500°C. What is the nonlinearity at 350°C as percent of f.s.d.?
E3.4] An 8-bit DAC uses a reference voltage of 5.0 volts. What is the smallest change in the voltage
that can be achieved with DAC?
E3.5] A wire wound potentiometer has 2000 turns. The potentiometer is used as a potential divider to
produce variable output voltage using a fixed voltage source of 10 volts. What is the minimum change
in the output voltage?
E3.6] Consider the pressure sensor of Example 3.6.
a) Find the displacement at 30 bar if the ambient temperature =Tref,
b) Find the displacement at 30 bar if the ambient temperature = 40°C.
c) What is the percent error?
E3.7] A temperature sensor has a linear sensitivity, K, of 5 mV/C with uncertainty of 1%. (a) Find
the possible range of K. (b) What is the expected range of the output voltage at 200 °C?
E3.8] A resistive temperature sensor is used to measure temperatures between 0 and 150°C. The
sensor resistance changes with temperature according to the following equation:
)00385.01(100)( TTR
T
The sensing element is connected to a bridge as shown in Figure 3.11, where R1 = RT ,
R3 =R4=R2=100 Ω, Vs=1.0 volt.
a) Determine the input range and output range of the bridge.
b) What is the measured temperature if the output of the bridge is 0.02 volts?
101
E3.9] A resistive temperature sensor is used to measure temperatures between 50 and 250°C. The
sensor resistance changes with temperature according to the following equation
)00385.01(100)( TTR
T
The sensing element is connected to a bridge, as shown in Figure 3.11, where R1 = RT , R3 =R4=100 Ω..
a) Select a value for R2so that the bridge is balanced at 50°C.
b) Select a value for the bridge supply voltage so that the output range of the bridge is between
0- 0.5 volt.
c) Calculate the power dissipation in the sensor.
E3.10] A differential pressure capacitive sensor is used to measure differential pressure from 0 to 50
Kpa. The sensor is connected to a half bridge as shown in Figure 3.19. The sensor has the following
parameters
Ad = 5 cm2; K= 5 x 104, d=1.0 mm. Assume Vs=1 volt ac, calculate the output range of the bridge.
E3.11] A summing circuit as shown in Figure 3.22(d), with R2=10k Ω, is used to add 3 sources such
that
)52(
cbao
vvvv
. Determine all the necessary resistors to complete the Op-Amp function.
E3.12 ]An Instrumentation amplifier is shown in Figure 3.23 with R1=R2=R3=10 kΩ. Show how to set
the gain to be 20.0.
E3.13] An Op-Amp is connected as shown in Figure 3.21 with v2=10.1 V., v1=10 V.; R2=100 k Ω,
R1=1kΩ
CMRR =120 dB, find Vo.
E3.14] Consider the comparator of Figure 3.34 (c), the Op-Amp rail to rail voltage is ± 10 volts. Draw
the input/output relation for increasing input voltage and decreasing input voltage for R2 = 9 kΩ, R1 =
1 kΩ, and Vref =0;
E3.15] Obtain the data sheet of ADC0808, an 8-bit ADC converter. What is the maximum conversion
clock frequency? What is the minimum conversion time? What is the total error at 25°C?
E3.16] In a dual slop integrator A/D converter T1 is fixed to 5 msec, Vref=5.00 volts, and a clock
frequency of 10 MHz is used to measure T2. What is the resolution of this converter?
E3.17] Explain the difference between Class I, Div2 and Class 2, Div1
E3.18] Explain the role of Zener barriers in preventing ignition in the presence of air/gas mixture in
hazardous areas.
E3.19] State 5 characteristics of smart sensors.
102 Modern Distributed Control Systems
PROBLEMS
(Problems extend the concepts of this chapter to new situations)
P3.1] An E/I transmitter is tested in the lab. The following measurements were taken.
Input voltage 0 10 5 0
Ambient temperature 23 23 40 40
Current mA 4.0 20.0 12.1 4.05
a) Estimate the linear model.
b) Is the ambient temperature interfering or a modifying input?
c) Find the static model of the sensor.
P3.2] A platinum RTD is used to measure temperature between 50°C and 250°C. The sensor
resistance changes with temperature according to the following equation
)00385.01(100)( TTR
T
The RTD is connected to bridge as shown in Figure 3.11,where R1 = RT , R3 =R4=100 Ω. R2is
selected so that the bridge is balanced at 50°C.
a) Derive an expression for the nonlinearity of the bridge output as a function of
temperature.
b) Find the maximum nonlinearity as a percent of f.s.d.
c) Draw an Instrumentation amplifier circuit which can be connected to the bridge and
show how to set its gain such that the output range will be from zero to 10 volts.
P3.3] Derive Equation (3.30).
P3.4] A capacitive pressure sensor is used to measure pressure absolute pressure from 1 to 25 bar.
The sensor is connected to a quarter bridge as shown in Figure 3.16. The sensor has the
following parameters
Ac =5 cm2; Ad = 6 cm2; K= 5x104; d=1mm. Assume dielectric constant of 1.
a) What is the minimum and maximum value of the sensor capacitance?
b) Select a value for Coso that the bridge will be balanced at 1 bar pressure.
c) What is the % nonlinearity in the bridge output at 12 bar?
P3.5] The circuit shown in Figure P3.1 below is a voltage to current transmitter
a) What is the range of the voltage U?
b) For an input voltage range vi from zero to 1 volt, Find RF and R2,given that you have a
DC voltage source =0.2 volts for bias voltage, so that the circuit produces the desired 4-
20 ma.
103
Figure P3.1
P3.6] A three-wire platinum RTD is connected in a bridge as shown in Figure P3.2
Assume Vs = 1 volt, R = 100Ω. The sensor resistance is given by
),1085.50391.01()(
27
TxTRTR
o
with Ro=100 Ω.
a) Find the output of the bridge at 100 °C, neglecting the cable resistance Rc.
b) Find the bridge output when the cable resistance is Rc = 2 ohms.
c) What is the percent error in the bridge output due to cable resistance?
Figure P3.2
P3.7] A voltage to current transducer (E/I) is widely used in industry either separately or embedded
in transmitters. The purpose of this transducer is to convert voltage to a proportional current
between 4 mA to 20 mA. This current signal is transmitted over electric wires to the control
room. The receiving circuits convert the current to appropriate voltage range to be read by a
computer, recorder, or an indicator. A common E/I transducer accepts a voltage between 0 to
10 volts. The ideal relation is given by
i = K v + a
Where in this case K =1.6 mA/V, and a = 4.0 mA at the normal operating conditions of 20
C room temperature and power supply voltage of 12.0 volts.
However, K slightly changes with power supply, and a is affected by the environmental
temperature.
10K
U
4-20 mA
500
ohm
R
3
V
b
V
in
V
b
= 0.2
volts
10K
R
4
10K
R
F
R
2
_
+
V
s
R
o
RTD R
R
c
R
o
o o
oo
o o
R
c
R
c
Sensor
in the field
Cables
104 Modern Distributed Control Systems
The manufacture states the sensitivity of the parameters to the environmental changes is
given by KI = 0.005mA/C per Volt and KM = 0.05 mA/V.
During the operation of the E/I transducer The temperature of the room is reported an
average of 24 degrees with a standard deviation of 1 C, while the supply voltage has a zero
mean (deviation from nominal regulated value), and a standard deviation of 0.25 Volts.
Estimate the expected value and the standard deviation of the received current due to the
manufacturing tolerance and the environmental effect at input = 5 volts.
DESIGN PROBLEMS
(Design Problems emphasize the design task)
D3.1] The signal coming from a pressure transmitter to the control room is a 4- 20 mA. The
current loop is terminated by a 250 Ohms resistance. Design Op-Amp(s) circuit with a high
impedance input to produce an output of 0 to 10 volts, assuming a reference source of 0.500
volts available for generating the bias voltage.
D3.2] A bridge produces a voltage between 0 and 0.25 Volts. Design a suitable Op-Amp based
circuit and a current transmitter circuit to produce 4.0 to 20.0 mA, assuming a reference
source of 0.500 volts available for generating the bias voltage.
D3.3] A 4-Wire RTD is connected to bridge as shown. The RTD resistance is given by
)00385.01(100)( TTR
T
R3
R1
R4
Rc
Rc
Rc
Rc
R
T
Sensor in
the field
E
Th
V
s
Bridge circuit in
control room
Dumm y L eads
Sensor L ead s
Figure D3.1
Assume
4
R
=
3
R
and Vs=2.5 volt,
a) What is the value of R1 for the bridge to be balanced at T=50 C?
b) What is the bridge output if the temperature is 200 C and Rc=1?
c) What is the indicated temperature for the above bridge output, if we neglect the cable
resistance?
105
TERMS AND CONCEPTS
Area
A physical, geographical or logical grouping determined by the site. It may contain process cells,
production units, and production lines.
ADC: Analogue-to-Digital Converter
Converts an analogue signal (such as a voltage signal from a temperature sensor) into a digital signal
suitable for input to a computer.
CJC: Cold Junction Compensation.
The reference junction of a thermocouple which is supposed to be kept at 0°C, can be left at ambient
temperature. The ambient temperature can then be measured and a proportional voltage is added to the
thermocouple to compensate for the floating reference junction.
CMS: Common-Mode Signal
A signal applied simultaneously to both inputs of a differential amplifier.
CMRR: Common-Mode Rejection Ratio
The ability of the differential amplifier to obtain the difference between the + and - inputs while
rejecting the signal common to both.
D/A: Digital-to-Analogue Converter
A D/A is used to produce analogue output signals in proportion to a given binary number.
Drift
Slow variation of a performance characteristic such as gain, frequency or power output due to, for
instance, temperature or ageing.
Dynamic Range
The ratio of the largest to the smallest signal that can be measured at one time. Normally expressed in
Decibels (dB).
Isolation to Earth or System
A high transient voltage at one input may damage not only the input circuit, but the rest of the data
acquisition hardware, and, by propagating through the signal conditioning and A-D circuits,
eventually damage the computer system as well. This type of damage can be prevented by isolating
the input from the earth of the data acquisition and computer hardware.
106 Modern Distributed Control Systems
Repeatability
The ability of an instrument to give the same reading under repeated identical conditions.
Resistance Temperature Device (RTD)
Resistance temperature devices (or detectors) rely on the principle that the resistance of a metal
increases with temperature. When made of platinum, they may be known as platinum resistance
thermometers (PRTs).
Resolution
A measure of the smallest change that can be detected.
Sampling Rate
The number of samples, or readings, per second of an analogue signal.
Slew Rate
The maximum rate of change of an output signal.
Strain
When a material is distorted by forces acting on it, it is said to be strained. Strain is the ratio of change
in dimension to original dimension.
Strain Gauge
A sensor that experiences a change in resistance when it is stretched or strained. It is attached to the
body subjected to the strain.
Transducer
A device which converts a physical quantity into another physical form or energy from one form to
another. Most sensors are also transducers.
TTL
Transistor-Transistor Logic. TTL refers to logic circuits consisting of two or more directly
interconnected transistors that provide conditional switching capability.
TTL-Compatible Levels
For digital input circuits, a logic 1 is obtained for inputs of 2.0 to 5.5 V which can source 40 microA,
and a logic 0 for inputs of 0 to 0.8 V which can sink 1.6 mA. For digital output signals, a logic 1 is
represented by 2.4 to 5.5 V with a current source capability of at least 400 microA; and a logic 0 by 0
to 0.6 V with a current sink capability of at least 16 mA.
107
CHAPTER 4
4COMPUTER BUSES AND INTERFACES
4.1 Single-Board Computers for Control Applications.
4.2 Industrial Computer Buses
4.2.1 PC/104
4.2.2 VME Bus
4.2.3 VXI
4.2.4 cPCI and PXI
4.3 Computer Interface Standards
4.3.1 IDE/ATA/SATA
4.3.2 SCSI
4.3.3 RAID Redundant Array of Independent Disks
4.4 Fault Tolerant Architecture
4.5 Serial Communication Standards
4.5.1 RS-232
4.5.2 RS-422, RS-423, and RS-485
4.5.3 Flow Control in Serial communications
4.5.4 MODBUS
4.5.5 DNP3
Appendix 4.A PC Computer Bus
4.A.1 PCI
4.A.2 PCI Express
Appendix 4.B PC Peripheral Interface Standards
4.B.1.Universal Serial Bus (USB)
4.B.2.FireWire (IEEE1394)
OVERVIEW
This chapter introduces industrial computer architecture and peripheral
interfacing. It starts with a brief introduction to the components of single-board
computers for embedded control applications. The second section covers the internal
computer buses which extend from 0.1 meters to about a meter, located on the same
mother board with the CPU or extend inside the computer cabinet in the form of a
backplane bus. Section 4.2 focuses on high reliability backplane buses for industrial
automation applications, specifically VME bus, VXI, CompactPCI, and PXI. A
review of PC relevant computer buses is also given in Appendix 4.A. In Section 4.3
we cover the interfacing standards which connect a motherboard to the internal
computer devices, such as hard disks and CD/DVDs. These devices could be located
inside the same computer cabinet or inside a nearby cabinet. The popular computer
peripheral interface standards, USB and IEEE1394, are covered in Appendix 4.B. An
108 Modern Distributed Control Systems
introduction to fault tolerant architectures and redundant systems is covered in
Section 4.4. Finally, in Section 4.5 the serial communication standard, RS-232, is
presented and its evolution as the RS-422/RS-423/ and RS-485 standards. Section 4.5
includes as well a brief introduction to data flow control, MODBUS, and DNP3.
LEARNING OBJECTIVES
After reading this chapter, you should be able to do the following:
Describe the functions of the main components of an embedded single board
computer.
Describe the hierarchical architecture of various computer buses and
connections.
Understand the main features of the various computer backplane buses used
in the industrial automation, as VME, VXI, cPCI, and PXI buses.
Recognize the desirable features of industrial computer buses.
Understand the strengths and weaknesses of the various computer buses and
peripheral interfaces.
State the various RAID mass storage configurations.
Understand how the Serial Communication Standards RS-422/RS-485 are
used for the industrial serial data transmission and their limitations.
Explain MODBUS transmission modes and message structures.
4.1 Single-Board Computer for Control Applications
In DCS, critical control functions are distributed among many microprocessor-
based electronic boards, which are required for reliability purpose to continue
executing their assigned control functions almost independently, even in case of
failure of one or more of the other boards. These boards are assembled in
racks/cabinets to control the plant. Each board is dedicated to execute one or more
control loops. These control boards are linked together by various data
communication means and typically linked to one or more HMI operator stations
(desk top computers or work stations) by a local area network.
In this section we provide an introduction to the organization and internal
working of a typical Single Board Computer (SBC) for control applications. The
model used is generic, but the concepts discussed are applicable to a large spectrum
of control applications.
A typical outline of a SBC is shown in Figure 4.1. The Central Processing Unit
CPU is a microprocessor or a microcontroller. The microprocessor communicates
with the on-board components through three buses; the data bus DB, the address bus
AB, and the control bus CB. A computer bus is a group of parallel signal lines, which
109
provide a physical electrical interface where many devices share the same electric
connection. This allows signals to be transferred between devices. On a typical SBC
these buses are made by the printed circuit copper.
The data bus is a bidirectional, carrying the digital information to/from the CPU
to the other chips on the board. The width of the data bus could be 8, 16, or 32 bit
depending on the size of the CPU. In most of the DCS applications 8 or 16 bit
microcontrollers are sufficient to carry out a loop control or several loop control
simultaneously. A field control station or a PLC could use a 16 bit, 32, or 64 bit
microprocessor. The address bus carries the address of the device or the memory
location from/to which the information is to be read/written. The address bus is
unidirectional. The AB signals are normally generated by the CPU.
The control bus, CB, carries signals from the CPU to instruct the addressed
device to receive or to send data on the data bus. It also contains signals, called
interrupt signals, generated by the devices to alert the processor for urgent need for
CPU attention. Some CPUs have special signals for memory management and others
for handling Input/Output devices (I/O).
The board may include a Read Only Memory (ROM), which contains
permanently stored operating systems and the operating programs. These embedded
programs and data are sometimes called firmware. A flash memory or a non-volatile
memory is used to store information or programs that could be changed, but should
not be lost in case of power cut-off. Random Access Memories (RAM) are used to
store temporary parameters and measurements until they sent to the host computer.
The board may contain as well a number of timers/counters. Timers are used to
generate precise time delays or periodic clocks. One of the important timer is a real-
time clock. A real-time clock is usually needed for time stamping the measurements,
process related events and other control actions. A timer can also be configured to
work as a counter of external signals or events, or as frequency meter. Another
important timer is known as watch-dog timer. If the CPU is working properly, it
should send periodic commands to reset this timer before it overflows or reaches a
maximum count. However, if this timer overflows, it produces an external signal to
activate a backup board and to produce a board failure alarm.
Another important component of a SBC is the Communication Interface Unit
(CIU) or a chip for serial communication with a host or other boards. The serial
interface could be used for uploading data, downloading set points and control
programs and their parameters. It could be used also for testing and trouble shooting.
Classically, the CIC unit could support one or more of the serial communication
standards as RS-232, RS-422, or RS 485. In modern SBCs it could support USB or
Ethernet communication.
110 Modern Distributed Control Systems
The interfacing with the field instrumentation is performed through the A/D,
D/A, and Digital I/O units. The A/D (Analogue-to-Digital) unit converts one or more
analogue input signals, typically 0-10 volts, to digital words, typically 12 or 16 bits.
The A/D unit includes a sample-and-hold circuit to sample the analogue signal and
hold the value until the A/D circuit finishes conversion. In process industry the
sampling rate is usually 1 sample per second (sps) to 1 sp minute for slow processes.
However, most of the new A/D converters are capable of sampling at hundreds of
thousand of samples per seconds. The high speed sampling is usually needed for
monitoring rotating equipment, turbines and compressors, for control of coordinated
motor drives for precise motion, and other fast dynamic systems.
D I/O
CPU
RAM ROM FM
T/C
A/D D/A
CIU
BIU
DB
AB
CB
Figure 4.1 Components of a SBC for control applications.
The digital-to-analogue (D/A) unit coverts a digital value to an analogue signal,
typically 0-10 volts. The signal is usually converted to current 4-20 mA by E/I
(voltage-to-current) transducer to be sent to the field actuators and other control
elements. The Digital I/O unit can receive and produce switching signals. The digital
signals produced by the I/O chips is usually in the TTL level (transistor-transistor
Logic), that is 0-0.8 for a low level signals, and 2.6-5.0 for high level signals. The
TTL logic has also very limited current capabilities. The TTL output signals are
converted to 0-24 volts for field operation using power transistors, or used to drive
relays or electronic switches for AC power switching. The switching signals from the
field are converted first to the TTL level before it could be presented to the digital
inputs of the board. A single board can typically handle from 8 to 32 digital I/O
signals. In high performance SBCs, the digital and the analogue signals from/to the
field are optically isolated to protect the SBCs from faults in the field.
111
The SBC may also include a Bus Interface Unit (BIU). The BIU connects the board
to the external I/O bus or to the system backplane bus. The external bus provides
high speed communication with other SBCs in the computer cabinet or the same
rack, or to interface the SBC to additional memory resources, or field interface units.
In modern systems many or all of the above mentioned functional units are
integrated with the CPU in one chip, called microcontrollers, leading to significant
reliability improvements and reduction in footprint. As an example, a DCS board for
loop control would require a microcontroller with only one or two analogue input
channels for process variables per loop, a single analogue output channel for the
manipulated variable, a T/C for periodic execution of the control algorithm and for
time-stamping, and a BIU for digital communication purpose. Modern
microcontrollers could come with other special function electronics, e.g., a pulse
width modulation unit for motor and power control, encoders interface units EIU for
motor speed measurement, an LCD driver for local display, a video capturing and
processing system, high speed serial communication, internet protocol, and real-time
embedded operating systems.
In many microprocessor systems data can be transferred quickly from/to a
device or a digital module to/from the system memory without intervention of the
CPU. This feature is called Direct Memory Access (DMA). While most data that are
input or output from the SBC are processed by the CPU, some data do not require
processing, or can be processed by another device. In these situations, DMA can save
processing time and is a more efficient way to move data from the computer's
memory to other devices. Systems like the ADC, DAC and PWM all require frequent
and regular movements of memory out of their respective systems. The DMA can be
configured to handle moving the collected data out of the peripheral module into
memory locations (like arrays). In order for devices to use direct memory access,
they must be assigned to a DMA channel. Each type of port on a computer has a set
of DMA channels that can be assigned to the connected device. For example, a PCI
controller and a hard drive controller each have their own set of DMA channels.
In the next section we will cover in detail some of the standard system buses for
high performance computer control systems.
4.2 Industrial Computer Buses
A bus is a set of parallel wire lines or conductors on which information (data,
addresses, control, and other information) travels inside a computer. Information
travels on buses as a series of electrical pulses, each pulse representing a one bit or a
zero bit or a high impedance state.
An internal bus is inside the processor. It moves data, addresses, instructions
and other information between memory, registers and other internal components or
112 Modern Distributed Control Systems
digital units.
A local bus is outside the processor (but on the same board with the processor).
It moves data, addresses, and other information between the processor and its
primary support components, such as the computer RAM. A local bus connects
closely located support chips to the processor, that can run at or near the same speed
as the processor itself. Although local buses can support only a few devices, they
provide very fast throughput and run at the processor speed. Local bus may also be
available to one or more slots on the expansion bus. The local bus consists of a data
bus, address bus and control bus. A data bus carries data. An address bus carries
address information. The control bus includes additional signal lines for timing and
managing the data transfers.
A system bus, I/O bus or expansion bus connects a processor to its major
system components, such as internal hard drives, CD-ROM derives, sound cards,
external media, A/D and D/A cards using expansion slots. Typically the connection
is to controllers rather than directly to devices. These buses are located on the
processor’s motherboard and connect the processor to the expansion slots on the
motherboard or on backplane. The expansion slots allow functionalities to be added
to the computer beyond the basic built-in features of the computer. Important issues
to consider when comparing computer buses are the number of data and address
lines, transfer rates, number of DMA channels, number of allowable expansion slots,
expansion board size, data transfer rate, error detection, power distribution, and
configuration scheme.
The size or width of a bus is determined by the number of data bits it carries in
parallel. Common bus sizes for instrumentation purpose are: 8 bits, 16 bits, 24 bits,
32 bits, and 64 bits.
The speed of a bus is rate at which it moves data along the path. This is usually
measured in Mega Hertz (MHz) or millions of times per second.
The capacity or the Band Width of a bus is how much data it can carry in a
second. In theory this is determined by multiplying the size of the bus by the speed of
the bus. But in practice, there are many factors that slow down a bus, including wait
cycles (i.e., waiting for a slow device to have information ready).
Some recent buses move two sets of data through the bus during each cycle (one
after the other). This is called double pumping the bus.
A bus standard defines:
1. The mechanical dimensions, number of pins and connectors, and connections
media.
2. The electrical specifications determine the electrical signal levels, timings,
113
clock, functions and power requirements and distribution.
3. Protocol and arbitration between various devices on the bus.
A bus master is typically a microchips with internal firmware that controls the
movement of information over a bus. The internal software (if any) is contained
inside the bus master and is separate from the main processor.
Data can be transferred asynchronously or synchronously. Synchronous
transmission requires data transfer to be synchronized with the bus clock, which is
usually provided by a dedicated signal line.
Among the important features of high performance computer buses is “Plug
and Play” or “PnP,” which is the ability to add a new component to a system and
have it work automatically without having to do any manual configuration.
Another critical feature for high performance control computers is Hot
Swapping and hot-plug. Hot swapping is a term used to describe the functions of
replacing system components without shutting down the system. Hot swapping is
important feature for control applications because it enables changing or replacing
CBCs and I/O cards without significant interruption to the operation of the controlled
process.
The main emphasis in this chapter is on the industrial computer buses, such as
VME and PXI buses. These open industry standards are used to build customized,
special purpose computers for many heavy duty industrial applications, including
machine control, telecommunication equipment, instrumentation, PLCs and DCS
systems. Standard buses are supported by a large number of manufacturers, providing
varieties of CPUs, I/O cards, special function cards and cabinets at competitive
prices.
4.2.1 PC/104
In 1981, IBM introduced IBM PC with internal system bus known as ISA
(Industry Standard Architecture). The original standard was an 8 bit bus that ran at
4.77 MHz. In 1984, with the introduction of the IBM AT computer based on Intel
80286 processor, ISA was expanded to a 16 bit bus that ran at 8.3 MHz. This 16 bit
bus became also known as IBM AT bus. The AT remains a popular choice for many
years for building a wide spectrum of instrumentation cards covering A/D and D/A
conversion, Digital I/O, Timer/Counter cards, motor controllers and encoder
interfaces, network connections, etc.
PC/104 is a de facto standard (adopted by an industrial group) since 1992 for a
reduced form-factor implementation of the popular PC buses for embedded
applications. The original main objective in defining PC/104 was to utilize the
standard ISA PC/AT bus electrical specification and protocol, and its widely used
114 Modern Distributed Control Systems
low cost support chips in embedded applications. The following are some of the
attributes of the PC/104 that made it very successful in embedded applications,
namely:
Compact form factor 3.6 by 3.8 inches (90 x 96 mm) module size, see Figure 4.2.
Self-stacking facilitates expansion without backplanes or card cages.
Pin-and-socket bus connector provides rugged and reliable 64- and 40-contact
male/female headers, replacing the standard PC's edge-card connectors for
reliable operation in harsh environments .
Four-corner mounting holes providing strong resistance to shock and
vibration.
Low power consumption and low heat generation (1-2 Watts per module).
Fully PC compatibility reduces development costs and fast time-to-market.
0
3.6"
0
3.8"
J1
P1
(opt.) J1
0.6
Figure 4.2 Form factor of the PC/104 (original ISA bus).
The PC/104 modules are self-stacking. In this approach, the modules are used
like ultra-compact bus boards, but without needing backplanes or card cages. Stacked
modules are spaced 0.6 inches apart. PC/104 has been evolving over years keeping
the same compact form factor, but adapting new bus technologies. PC/104-Plus was
introduced in 1997 to include a PCI bus connector on the boards in addition to the
traditional ISA connector for downward compatibility. Then in 2003 PCI/104 came
with only the PCI connector. The latest members of the family are PCI-104 express,
and PCIe-104 which support the latest PCI express bus technology.
Although the stackable cards have the advantage of compact space, they are
115
difficult to trouble shoot, and you need to disassemble the entire system to replace or
remove a card. However, PC/104 modules are widely used in embedded machine
control systems, mobile and airborne instruments, and military applications, where
the stacked and compact size contributes to the ruggedness of the form factor under
shock and vibration. More information on these buses can be obtained from
www.pc104.org.
4.2.2 VME bus
The VME (Versatile Multibus Extensions) bus standard was originally created
by Motorola under the name ‘VERSA bus’ in 1979. It was designed based on the
MC68000 microprocessor bus signals and timing; however, it was later standardized
by the IEC as ANSI/IEEE 1014-1987. It is based on Eurocard sizes, mechanicals and
connectors (DIN 41612), but uses its own signaling system, which Eurocard did not
define. VMEbus boards were available for almost all types of high performance
processors. Many off the shelf peripheral boards exist including networking, data
acquisition, video processors and memory. VME bus modules are widely used to
build custom-made powerful and rugged computer systems for many applications in
the instrumentation industry. VME bus boards have data bus sizes of 16, 32, or 64
bits and are designed to be plugged into a backplane that has up to 21 slots for VME
modules. These modules can be CPU boards or peripheral boards providing various
functions. We will start first with the original VME bus, as it laid down the main
architecture features of the VME bus.
Original VME Bus:
The original VME spec was IEEE 1014-1987, which defined two three-row
connectors, providing 32-bit data transfer rate at 40 MB/second. A VME bus board,
Figure 4.3, can be either single or double height. The standard connector is 96 (3x32)
pins. A single height board is 100mm x 160mm with one 96 pin DIN 41612
connector called P1 Figure 4.4 (left). A double height board is 233mm x 160mm and
may have a second 96 pin DIN connector named P2, Figure 4.4 (right). A single
height board is also known as a 3U and a double height as a 6U form factors, Figure
4.4. The front edge or face of a typical board is 20mm wide and may incorporate
communication connectors, switches and indicator lights. The backplane can have up
to 21 slots.
116 Modern Distributed Control Systems
Figure 4.3 P1/P2 96 pin connector (left), and ME Bus double height card. (right).
As depicted in Figure 4.5, three main types of cards reside on the bus:
a Controller, which supervises bus activity,
Masters which Reads/Writes data to a Slave board,
Slaves, which simply allows data to be accessed via a Read or Write from a
Master.
The VME bus uses a master-slave architecture. Functional modules called VME
masters transfer data to and from functional modules called slaves. Since many VME
masters can reside on the bus, it is called a multiprocessing bus. Before a bus master
can transfer data it must first acquire the VME bus using a central arbiter. This VME
bus arbitration function is part of a module called the VME bus system controller,
Figure 4.5. The bus controller's function is to determine which master gets access to
the bus. All activities take place on five VME sub-buses. These are called the VME
Data Transfer Bus, the VME Data Transfer Arbitration Bus, the VME Priority
Interrupt Bus, the VME Utility bus, and the VME Serial Bus.
117
Figure 4.4 6U and 3U VME cards form factors.
Controller:
The VMEbus Controller 'controls' access to the bus. The VMEbus System
Controller Module provides arbitration and monitors the system's state. Upon
receiving a "Bus Request" signal from a bus Master, the Controller will Bus Grant
that Master access to the bus. The Controller also handles Interrupts on the bus.
When an Interrupt is received on one of the interrupt request (IRQ) lines, the
Controller will process that Interrupt by accessing the Interrupting card, and then
acknowledging the Interrupt. Only one Controller may reside on the VME bus.
Master
Takes control of
the Data bus
Reads or Writes
data from/to Slaves
Controller
Controls access to
the bus
Handles Interrupts
Slave
Allows Masters to
Read/Write access
Generates
Interrupts
Data Bus
Address Bus
Interrupt Bus
R/W
Bus Grant/Request
Figure 4.5 VME Bus signals and cards.
Masters:
VMEbus Masters can read and write data to or from a Slave board. All CPU
based boards are bus masters, as are most disk drives and network devices. All
Direct Memory Access capable devices are also bus masters. The Master initiates a
118 Modern Distributed Control Systems
"Bus Requests" access to the VME bus from the Controller. Once the Controller
"Bus Grants" the Master access, the Master controls the Address and Data bus to
perform a data transfer to a Slave board. Any number of bus Masters may reside on
the VME bus, but only one may have control of the bus at any one time.
Slaves:
A VMEbus Slave interface simply monitors the Address and Data bus for reads
or writes sent to it. Once a correctly decoded address is received, the Slave will either
receive information (for a write), or output information onto the Data bus in the case
of a read. The bus Master continues to control the Data bus during either interface. A
Slave may also generate Interrupts over any of 7 IRQ lines. The Interrupts are
acknowledged by the bus Controller. Any number of Slave boards may reside on the
VME bus.
Subsequent VME standards increased the data bus width to 64 bits and added
hot-swapping, plug-and-play, and other new capabilities such as:
a) A 5-rows 160 contacts in the P1/P2 connectors family.
b) A 95 pin P0/J0 connector.
c) Higher bandwidth bus cycles (up to 160 Mbytes/sec).
d) 141 more user-defined I/O pins.
e) More +5 VDC power supply pins.
f) 3.3 V power supply pins.
g) Geographical addressing.
h) Rear plug-in units (transition modules).
i) Live insertion / hot-swap capability.
j) Injector /ejector locking handles.
For more information on VME family of standards, see Vita (VME International
Trade Association), http://www.vita.com/Specifications.
With the switched interest from the traditional parallel lines bus standards to the
high speed serial/switching standards like PCI express, a new standard called VPX
was developed. VPX, formerly known ANSI/VITA 46.0-2007) standard that
provides VMEbus-based systems with support for switched fabrics over a new high
speed connector. Switched fabrics technology supports the implementation of
multiprocessing systems that require fast communications between multiple
processors (e.g., digital signal processing applications, radars and machine vision
applications). VPX retains VME's existing 6U and 3U form factors. VPX has been
designed specifically for the defence industry with superior performance, however it
has been applied in a wide range of critical civilian applications requiring ruggedized
119
high performance computers. For example, in 2015 a new standard, called
SpaceVPX ANSI/VITA 78.00, was released describing the details of an open
standard for high performance fault tolerant, high reliability backplanes and modules
for space crafts and a wide variety of use across the aerospace industry. VPX is the
choice for ruggedized high performance multiprocessor systems that demand
stringent shock and/or vibration requirements for mobile applications.
4.2.3 VXIbus
VXI is an instrumentation bus based on the VMEbus. It is an open architecture
and is useful for automated test systems and data acquisition. VXIbus is an acronym
for "VMEbus eXtensions for Instrumentation."
VXI added two more board sizes in addition to the VMEbus single and double
sizes:
Table 4.1 VXI card sizes and number of connectors.
Size Height Dimensions(mm) Connectors Slot Spacing
A Single 100x160 P1 0.8 inch
B Double 233x160 P1 & opt P2 0.8 inch
C Double 233x340 P1 & opt P2 1.2 inch
D Triple 366x340 P1, opt P2, P3 1.2 inch
P1, P2 & P3 are the same 96 pin DIN connector as in the VMEbus.
The increased width of the C and D sizes, Table 4.1, are to accommodate thick
analogue modules and EMI shielding. The VXIbus uses the same pin assignments on
P1 and the centre P2 pins as the VMEbus. The two rows (A & C) on P2 that were
user defined on the VMEbus are assigned on the VXIbus. Features added include
ECL (emitter coupled logic) and TTL trigger signals, a 10 MHz ECL clock, more
supply sources (+-24, -2 and -5.2 volts), an analogue summing bus, local bus lines
and a module identification line. The optional P3 available on the D size board offers
the same type of resources as P2 but at a speed of 100 MHz (P2 is only 10 Mhz). A
VXIbus system can have up to 13 modules consisting of a central timing module in
Slot 0 and a maximum of 12 additional instrumentation modules. The issue of
electromagnetic radiation is part of the VXIbus specification.
4.2.4 cPCI and PXI
The Peripheral Component Interconnect (PCI) bus is one of the most commonly
120 Modern Distributed Control Systems
used computer buses for personal computers and work stations. The bus has
important high performance features such as support of automatic configuration (for
“plug and play”), automatic detection of data transfers errors, and the use of PCI
bridges for PCI-PCI connections or connections to other buses. The wide availability
of the PCI bus components and drivers makes it a cost effective solution for high
performance automation systems. More information on PCI is given in Appendix
4.A.2.
Compact PCI (cPCI), www.picmg.org, is a rugged PCI-based platform for
high-performance and low-cost deployment for measurement and automation
systems. Although cPCI uses the Euro (VME) card 3U/6U format, Figure 4.6, it
introduces many new features, for example:
a) cPCI is electrically identical to the PCI specification.
b) Unlike the original VME bus, which use connectors with a 0.1 inch (2.54
mm) pin spacing, cPCI cards use a 2-millimeter pin spacing.
c) 3U cards are 100mm x 160mm x 1.6mm, while 6U cards are 233.35mm x
160mm x 1.6mm.
d) 3U cPCI boards have a 110-pin (5x22) connector (J1), which carries the 32-
bit PCI bus signals, and an optional 110-pin connector (J2), which carries
either user-defined I/O or the upper 32 bits of an optional 64-bit PCI bus,
Figure 4.6.
e) In 6U cards J2 is always used for 64-bit PCI,
f) Pins are arranged in 5 rows (5x22), labelled A,B,C,D,E. An extra F row, may
exist with slightly longer pins to provide proper grounding when devices are
inserted and removed.
g) 6U has additional J3, J4, and J5 connectors for user-defined I/O, Figure 4-6.
h) cPCI bus uses 8, 16, 32, or 64 bit transfers at up to 264 MBps.
i) cPCI supports Hot-plugging, an important feature for maintenance while the
system is in continuous operation.
j) cPCI connectors follow the IEC 1076 standard.
cPCI serves applications such as military and aerospace, industrial automation,
machine monitoring, automotive and manufacturing test stations. Additional features
of cPCI include: live insertions support (hot-swap), and two independent buses on the
backplane (on different connectors).
PXI (PCI eXtensions for Instrumentation), www.ni.com, is an industrial
standard platform derived from CompactPCI. It was originally introduced in 1997 by
National Instruments, and it is supported by a consortium of many manufacturers.
PXI defines cPCI for instrumentation and adds enhancements over cPCI. It basically
121
adds additional signals and chassis requirements, like VXI adds to VME. PXI adds a
number of additional signals over the cPCI bus, including a 10MHz system reference
clock, an 8-bit trigger bus and a 13 bit star-trigger bus.
Figure 4.6 3U and 6U cards for the cPCI/PXI bus.
System Reference Clock:
The PXI 10 MHz system clock (PXI_CLK10) is distributed to all peripheral
modules in a system. This common reference clock can be used for the
synchronization of multiple modules in a measurement or control system.
Trigger Bus:
The trigger bus consists of eight trigger lines. The trigger bus is highly flexible
and can be used in a variety of ways. For example, triggers can be used to
synchronize the operation of several different PXI peripheral modules. In other
applications, one module can control carefully timed sequences of operations
performed on other modules in the system, allowing precisely timed responses to
asynchronous external events that are being monitored or controlled.
Star Trigger:
The PXI star trigger bus offers ultra-high performance synchronization features
to users of PXI systems. The star trigger bus implements a dedicated trigger line
between the first peripheral slot (adjacent to the system slot) and the other peripheral
slots. A star trigger controller can be installed in this slot and can be used to provide
very precise trigger signals to other peripheral modules.
Local Buses:
PXI implements a daisy-chained local bus between adjacent peripheral modules.
The local bus is a user-definable bus (13 lines wide) that can be used for a wide
variety of applications. The range of applications may vary from passing an analog
signal between two modules to high-speed data movement that does not affect the
PXI bandwidth.
PXI is suitable for a wide spectrum of industrial instrumentation and control
applications. High reliability PXI-based instrumentation systems can be made by
122 Modern Distributed Control Systems
introducing redundancy at the board level. Besides featuring in modularized
instrumentation, open architecture and hot-swap functionality, the PXI is also
equipped with high-speed network transmission, built-in counter and simultaneous
triggered data transmission interface. PXI systems have been successfully and
extensively applied in the automotive testing, semiconductor testing, aviation and
military applications.
Figure 4.7 20-slots PXI rack-mount chassis.
System Expansion with PCI-PCI Bridge Technology:
A PXI system can be extended over more than one bus segment by using
standard PCI-PCI bridge technology. The bridge device takes up one PCI load on
each of the bus segments that it links together. Thus, a system with two 8-slot bus
segments offers 13 expansion slots for PXI peripheral modules.
(2 bus segments) x (8 slots per segment) - (1 system controller slot)
- (2 slots for PCI-PCI Bridge) = 13 available expansion slots
Similarly, a three-bus segment system would offer 19 expansion slots for PXI
peripheral modules. A controller with 19+ expansion slots in a rack-mount PXI
enclosure is shown in Figure 4-7.
PXI Express:
The recent version of PXI is called PXI Express and combines the PCI Express,
cPCI, and PXI standards into a new backplane standard. Its specification retains the
form factor described in the cPCI standard, the EMI standards from the PXI standard
and adopts the low signal count of the PCIe standard. The software remains
compatible with the change from PCI and PCIe, so the movement from PXI to PXIe
should also be software independent. PXIe is suitable for instrumentation application
and specialized test equipment requiring very high sampling rate or streaming at very
123
high throughput.
PCI Express provides each device with its own dedicated data pipeline. Data is
sent serially in packets through pairs of transmit and receive signals called lanes,
which enable 250 MB/s bandwidth per direction, per lane. Multiple lanes can be
grouped together into x1 (“by-one”), x2, x4, x8, x12, x16, and x32 lane widths to
increase bandwidth to the slot. PCI Express dramatically improves data bandwidth
compared to PCI buses, minimizing the need for on board memory and enabling
faster data streaming. For instance, with a x16 slot, users can achieve up to 4 GB/s of
dedicated bandwidth as opposed to the 132 MB/s shared across all devices of the 32
bit, 33 MHz PCI. The system controller slot provides a total of 6 GB/s bandwidth to
the PXI backplane, representing more than a 45X improvement in PXI backplane
throughput..
PXI Express hybrid slots are capable of delivering signals for both PCI and PCI
Express by taking advantage of the available pins on the high-density PXI backplane.
These PXI Express hybrid slots provide backward compatibility that is not available
with desktop PC card-edge connectors, where a single slot cannot support both PCI
and PCI Express signaling.
These open standards can be used for building DCS for critical process control
and automation applications.
4.3 Computer Interface Standards
This section reviews the main features of some popular peripheral interface
standards. The focus is on IDE, SATA and SCSI. IDE was mainly developed to
interface hard disk drives to PCs. Later on SCSI was developed to interface a wider
range of peripherals to various PC platforms. The new generations, SATA and Serial
SCSI, reduce the number of pin connections and deliver high-performance, high-
speed computer interface. These hard disk communication standards are determining
factors of the performance of DCS operator stations, application servers, and
historian.
4.3.1 IDE/ATA
IDE is an established hard disk interface standard for PCs. IDE is the
abbreviation for intelligent drive electronics, an indication that the connected drives
are intelligent on their own. The IDE interface was initiated by Compaq in 1984.
Later on several systems, drives and software manufacturers founded an interest
group, which elaborated a standard with the name ATA (Advanced Technology
Attachment) in March 1989, which is a synonym for IDE.
124 Modern Distributed Control Systems
The original ATA-1 interface was a very simple interface. It consists of two sets
of I/O registers, mostly 8-bit, for passing command and status information. The
physical interface contains just enough signals for a 16 bit data transfer bus, five
register address bits and a few control signals like read register, write register and
reset.
User data is recorded in 512 byte sectors. Each sector has a sector address.
There are two ways to express sector addresses: by cylinder/head/sector (CHS) or by
logical block address (LBA). CHS is the standard, LBA is optional. The ATA
interface allows up to 65,535 cylinders, 16 heads and 255 sectors, which is about 136
GB (137GB if LBA is used).
For connecting the drives, only a single 40-wire flat conductor cable is used,
which connects the host adapter and the drives. The IDE interface can serve a
maximum of two drives, one of which must be the master and the other the slave. It
was generally be necessary when adding a new disk to a system to set a switch or
connector on the disk to indicate if it is to function as master or slave.
The IDE/STA went through many improvements. The latest is known as ATA-
6. It introduced 48-bit addressing, increasing the limit to 144 petabytes. As a
consequence, any ATA drive of capacity larger than 137 gigabytes must be an ATA-
6 or later drive. ATA drives have several power (down) modes:
Active: normal drive operation.
Idle: the electronics power down but still receives commands.
Standby: the drive spins down and the electronics power down.
Sleep: everything is powered down, the electronics will not respond except
for a power reset.
SATA serial ATA, 2002, High Speed Serialized AT Attachment , is the serial
version of the IDE/ATA specifications, providing a simpler interface using a 7-bin
signal cable, and speed up to 1.5G b/sec. However, the power cable is 15 pin with
multi-pin for ground, 3.3 V, 5 V and 12V. SATA uses 4 signal conductors in two
differential pairs (Tx/Rx), plus an additional three grounds pins and a separate power
pin. See Table 4.2. Data runs at 150MBps (1.5GHz]) using 8B/10B encoding and
250mV signal swings. Serial ATA is not compatible with the IDE because the
connectors are different, the voltage levels are different, and data format is different.
The second generation of SATA boosted the speed to 3Gbps, while the third
generation achieves 6 Gbps. The speed is expected to continue doubling every 2-3
years. Modern desktop computers and notebooks typically use SATA interface for
internal hard disk drives, and USB, eSATA, and FireWire connections for external
devices.
125
Table 4.2 SATA signal cable pinout.
Pin #
Signal
Name
Signal
Description
1GND Ground
2A+ Transmit +
3A- Transmit -
4GND Ground
5B- Receive -
6B+ Receive +
7GND Ground
4.3.2 SCSI
Small Computer Systems Interface (SCSI), is a standard for connecting devices
to a computer. The simplest configuration is a SCSI hard drive connected to a SCSI
host controller with a SCSI is a 50 conductor ribbon cable. SCSI was originally
invented by Shugart Associates Systems Interface.
SCSI-I was the original 1986 SCSI standard that only supported a few devices
at a maximum 5 MB/s transfer rate. SCSI bus connects drives as shown in Figure 4-
8, and usually requires terminations. SCSI-1 interface includes eight data bits, one
parity bit, and nine control signals. All signals are active low. In the Classic SCSI
bus, there are 25 signals, each represented by a pair of wires (50 wires all together).
SCSI is a peer to peer interface: the SCSI protocol defines communication from host
to host, host to a peripheral device, and peripheral device to a peripheral device. Any
SCSI unit can initiate data transfer to a target unit, and take control of the SCSI bus
by using specific control signals. Devices use the bus only for command and data
transfer; otherwise, the bus is free and can be used by other SCSI units.
Since 90s, the SCSI standard went through many evolution stages to increase its
clock speed and its transfer rate. The latest popular version is Ultra 320 SCSI, 2002,
also known as Ultra-4, which achieves transfer rate of 320MB per second. The next
published parallel SCSI standard is known as Ultra-640 SCSI, 2003, Ultra-5, which
was planned to achieve transfer rate of 640MB per second.
Serial Attached SCSI (SAS):
As of 2008, SCSI Parallel interface is being replaced by Serial Attached SCSI
(SAS), which uses a serial design, and performs data transfer via serial
communication, but retains other aspects of the technology. Serial SCSI uses the
same connectors and cables as Serial ATA. It is a point-to-point serial peripheral
interface in which controllers are linked directly to disk drives, and enables multiple
126 Modern Distributed Control Systems
devices (up to 128) of different sizes and types to be connected simultaneously with
thinner and longer cables; its full-duplex signal transmission supports 3.0Gb/s. In
addition, SAS drives can be hot-plugged. Serial interfaces have a number of
advantages over parallel SCSI, including higher data rates, simplified cabling, longer
reach, and improved fault isolation. Moreover, SAS offers compatibility with SATA
devices, providing a much broader range of options for high performance data
storage subsystems.
SCSI systems are popular on high-performance workstations, servers, and data
storage systems. RAID subsystems, see next section, on servers had almost always
used some kind of SCSI hard disk drives (initially Parallel SCSI, recently SAS),
though a number of manufacturers offer SATA-based RAID subsystems as a cheaper
option. Another key feature for SCSI and SAS devices is the addition of two data
ports for building redundant hard disk storage systems. If one path fails, there is still
communication along a separate and independent path.
A primary deciding factor in the SCSI vs. IDE/ATA question is the number of
devices you plan to use (or use in the future) in your system. IDE/ATA is a low cost
solution if you are using a few devices, say three or less such as hard disks or CD-
ROMs. If you are using many devices, over four, then SCSI is a better solution. It
should be also noticed that IDE/ATA disk must be mounted inside the computer.
There is no provision for the IDE/ATA ribbon cable to run to external devices. SCSI
devices can be internal or external to the computer. They can be mounted in
individual boxes, or can be mounted together in larger tower enclosures. SCSI is
viewed as the preferred high-performance storage interface, and is the interface of
choice for servers, RAIDs, high-performance tape drives and other high-end storage
systems.
Figure 4.8 SCSI Configuration.
127
4.3.3 RAID Redundant Array of Independent Disks
RAID is a technology that employs the simultaneous use of two or more hard
drives to achieve greater levels of performance, reliability, and/or larger data volume
sizes. RAID is traditionally built using SCSI bus; however, a SATA bus has recently
been used to build high performance RAID systems. RAID's various designs involve
two key design goals: increased data reliability and increased input/output
performance. When several physical disks are set up to use RAID technology, they
are said to be in a RAID array. This array distributes data across several disks, but
the array is seen by the computer user and operating system as one single disk.
Software RAID enables user to setup RAID without need for a dedicated
hardware RAID controller. Fortunately, some RAID capability is inherent in the
operating system. Windows 8's Storage Spaces feature and Windows 7 (Pro and
Ultimate editions) have built-in support for RAID.
RAID technology offers several levels; the basic levels are called RAID-0 to
RAID-6.
RAID Level 0:
This level is known as disk striping or integrated stripping. Data is striped
across drives, resulting in higher data throughput for noncritical applications.
Reading and writing data is performed concurrently across several disks as shown in
Figure 4-9. Since no redundant information is stored, performance is very good, but
failure of any disk in the array results in data loss. In Figure 4.9 a block of data ABC
is striped into three sub-blocks and saved in three parallel disk drives. The three sub-
blocks can be read concurrently from the three disk drives.
RAID Level 1:
Raid-1 is also known as Integrated Mirroring (IM). IM provides data protection
for the system volume. The purpose is to safeguard critical information. IM can be
set up with two hard drives to maintain high performance, as well as data availability
and fault tolerance, as shown in Figure 4.10. If one drive fails, the hot swap drive
mechanism allows the system to maintain operation while the failed drive is replaced.
In addition, the hot spare capability enables the system to automatically replace the
defective drive with a standby disk. In Figure 4.10 the entire ABC data is stored in
one drive, while a mirror image of the data, A’B’C’ are stored in the second drive.
128 Modern Distributed Control Systems
Controller
B
CPU
Computer
SCSI BUS
C
A
Figure 4.9 RAID-0 Data Striping.
Controller
CPU
Computer
C’
B’
A’
Disk2
C
B
A
Disk 1
Figure 4.10 RAID-1 Data Mirroring.
A combination of Raid-0 and Raid-1, known as RAID 10, could also be used to
achieve both high throughput by striping and reliability by Mirroring, but only at
much higher cost, as shown in Figure 4.11.
129
Controller1
CPU
Computer
Controller2
C’B ’A’
Mirroring
CBA
Striping
Figure 4.11 RAID-0&1 Data striping and Mirroring.
RAID Level 2:
This configuration uses Hamming error correction codes, is intended for use
with drives which do not have built-in error detection. All SCSI drives support built-
in error detection, so this level is of little use when using SCSI drives.
RAID Level 3:
RAID-3 stripes data at a byte level across several drives, with parity stored on
one extra drive.
RAID Level 4:
Raid-4 stripes data at a block level across several drives, with parity stored on
one drive. The parity information allows recovery from the failure of any single
drive.
RAID Level 5:
Raid-5 uses striping with rotating or distributed parity. Data is striped across a
minimum of three hard drives (max of 32), and RAID-5 parity is distributed across
these drives. Raid-5 provides redundancy, therefore: should a single drive fail, data
on the failed drive can be rebuilt from the remaining working drives, but the failure
of more than one hard drive in the array results in loss of access to the entire array.
RAID-5 is illustrated in Figure 4.12.
RAID Level 6:
RAID 6 is similar to RAID 5, but provides even better robustness solutions.
RAID 6 uses one more parity block than RAID 5, providing fault tolerance against
simultaneous failure of any two hard disks. The system can remain operational and
automatically recover data even if two disks fail. RAID level 6 is the preferred choice
for enterprises and government applications.
130 Modern Distributed Control Systems
Controller
CPU
Computer
B4
A3
Parity -2
B1
Disk2
A4
Parity -3
A2
A1
Disk 1
Parity -4
B3
B2
C1
Disk 3
C4
C3
C2
Pari ty-1
Disk 4
Figure 4.12 RAID-5 Distributed parity.
4.4 Fault Tolerant Architecture
Fault tolerance is the ability of a system to respond gracefully to an unexpected
hardware or software failure. Failure describes the situation to be avoided, while fault
describes the problem to be avoided or to be mitigated. If a bit in memory becomes
stuck at one, that is a fault. If this bit causes the computer to halt, that is a computer
system failure.
A fault may have one of several effects:
a) It may disappear with no perceptible effect.
b) It may remain in place with no perceptible effect.
c) It may lead to a sequence of additional faults that result in a failure in the
system’s delivered service (propagation to failure).
d) It may lead to a sequence of additional faults with no perceptible effect on the
system (undetected propagation).
e) It may lead to a sequence of additional faults that have a perceptible effect on
the system but do not result in a failure in the system's delivered service
(detected propagation without failure)
The degree of fault tolerance of a system can be specified quantitatively or
qualitatively.
131
Qualitative Goals
One way for specifying a system's reliability characteristics is to specify them
qualitatively. Typical specifications would include:
Fail-safe: Design the system so that when it endures a specified number of
faults, it fails in a safe mode. For instance, the system executes an emergency
shutdown sequence.
Fail-op: Design the system so that when it sustains a specified number of
faults, it still provides a subset of its specified behavior.
No single point of failure: Design the system so that the failure of any single
component will not cause the system to fail. Such systems are often designed
so that the failed component can be replaced or repaired before another failure
occurs.
Fault tolerance involves the following actions:
Fault Detection: The process of determining that a fault has occurred.
Fault Diagnosis: The process of determining what caused the fault or exactly
which subsystem or component is faulty.
Fault Containment: The process that prevents the propagation of faults from
their origin in a system to a point where they can have an effect on the service
to the user.
Fault Masking: The process of insuring that only correct values get passed to
the system boundary in spite of a failed component.
Fault Compensation: If a fault occurs and is confined to a subsystem, it may
be necessary for the system to provide a response to compensate for output of
the faulty subsystem.
Fault Repair : The process in which faults are removed from a system.
Quantitative Goals
A quantitative reliability goal is usually expressed as the maximum allowed
failure-rate. For example, the reliability figure usually stated as a goal for computer
systems in commercial aircraft is less than 10-9 failures per hour. Before discussing
fault tolerance assessment techniques, the following background may be useful.
132 Modern Distributed Control Systems
The mean life is a measure of the average time of operation to failure. The
Mean Time To Fail (MTTF) is an index of reliability performance, but does not
give any information on the failure distribution of the device or system.
Another very close definition is MTBF, Mean Time Between Failures. The two
metrics are identical when the failure rate of the component or system is constant.
MTBF only becomes meaningful when dealing with repairable systems, because the
mean time-to-fail between repairs could change, depending on the extent of repair
and the type of repair.
A third system performance indicator is the Availability of the system.
Availability is defined to be
Availability =MTBF/(MTBF+MTTR),
where MTTR is the mean time to repair. Clearly, the shorter the time to repair the
system, the higher the availability of the system.
Let F(t) be the probability of failure of a component up to time t, and let its
probability density function (pdf) be f(t). Where t is the time to failure. The pdf is
usually represented by the exponential distribution, and is mathematically defined as:
t
etf
)(
(4.1)
In this definition, t is a random variable representing time and (lambda)
represents the failure rate.
Reliability of the system (or component) refers to its ability to operate properly
according to a specified standard. Reliability is described by the reliability function
R(t), which is the probability that a system (or component) will carry out its mission
through time t. Thus, the reliability function is defined by
R(t)=1-F(t)
t
t
edetR
0
1)(
(4.2)
The Mean Time To Failure (MTTF) is then given by
1
.)(.
00
dtetdttftTMTTF
t
(4.3)
where is the failure rate. It can also be shown that
133
0
)( dttRMTTF
EXAMPLE 4-1
The MTTF of a given field instrument is 100,000 hours. What is the Reliability of
the instrument in the first six months, and what is the probability of failure?
Answer
R(6 months)=exp(-24*30*6/100000) = 0.95772
PF= 1-R= 0.04228
For a system consisting of n-independent components. The system fails if any of
the components fails, then the reliability of the system is
n
i
i
t
ns
eRRRtR
1
.....)(
21
(4.4)
The MTTF of the series system is given by
n
i
s
s
MTTF
1
11
(4.5)
On the other hand, in parallel systems, the system fails only if all the components
fail; in that case, the reliability of the parallel system is then given by
).......(11
21 npp
QQQQR
(4.6)
)1)...(1).(1(11
21 npp
RRRQR
(4.7)
where Qi is the probability of failure of the ith component.
For n identical parallel components
n
i
p
i
MTTF
1
11
(4.8)
EXAMPLE 4-2
Consider a DCS consisting of two control stations A and B, and where there is a
redundant control station for each control station. The reliability of each
RA=RB=0.995. What is the reliability of the system without and with
134 Modern Distributed Control Systems
redundancy?
Answer
First, if no redundancy is employed, then the system requires both control stations
to be operational. Accordingly, the reliability of the system without redundancy
RS= 0.995*0.995= 0.990025
Now, the reliability of the redundant control stations
RAr= 1- (1- RA )*(1- RA)=0.999975
Similarly, RBr = RAr =0.999975
The system reliability becomes RSr = RAr * RBr =0.99995
Fault Tolerance Mechanisms
1- Space redundancy:
Space redundancy provides separate physical copies of a resource, function or
data item. Since it has been relatively easy to predict and detect faults in individual
hardware units, such as processors, memories, and communications links, space
redundancy is the approach most commonly associated with fault tolerance. It is
effective when dealing with persistent faults, such as permanent component failures.
For example, double redundancy is achieved by providing backup I/O boards,
processor boards, communication links, power supplies, or by providing complete
control station backup. In well-designed fault tolerant systems, when for example a
control board fails, the system switches automatically to its backup. This leaves the
faulty board unusable because of residual faults. If subsequent faults occur, the
system may be unable to cope because of this loss of resources, unless these out-of-
service boards are quickly reclaimed through repair or replacement, which insures
that no faults remain in system resources. A special attention must be given to
common mode failures. A common-mode failure results from a single fault (or fault
set). Computer systems are vulnerable to common-mode resource failures when they
rely on a single source of power, cooling, or I/O.
When there is one redundant loop control card, B, for each active loop control
card, A, the scheme is called 1:1 redundancy. If A fails, card B will become the
active unit in the configuration. When the fault in A is cleared, A once again
becomes active, and B returns back to standby (idle) mode. In the 1+1 scheme, when
the fault at A is cleared, device B remains as the active device indefinitely (unless a
fault occurs at B). No reversion takes place.
In controllers with identical multifunction cards, a 1:N (N+1) scheme is usually
135
employed where there is one backup card per N active cards, so one failure can be
tolerated (Figure 4.13b). Once the faulty card is repaired, it takes over control and
resumes its usual operation. If the repaired card returns as the backup, the redundant
scheme is called N+1.
In the 1:N (or N+1), the system usually keeps a database of the configuration of
each card in a master controller card or in a shared state memory card and possibly
the current process values. When a failure in any of the cards is detected, the system
loads the faulty card configuration and its current values from the state memory card
to the standby card.
In DCSs the 1:1 scheme or 1:N schemes may also be employed at the
controller/PLC level, in addition to the redundancy scheme at the card level.
Moreover, use of 1+1 power supply for each controller is a common practice in
DCSs. In critical systems, multiple power sources are usually made available as well.
Figure 4.13 (a) 1:1 redundancy, (b) 1:N redundancy.
2- Time Redundancy:
Time redundancy attempt to reduce the amount of extra hardware at the expense
of additional time. Time redundancy involved performing a computation more than
once and checking the results in order to increase reliability. Time redundancy is
effective for transient faults, when the transient fault affects only one set of acquired
or computed values. For example if a packet is received with error, the receiver
requests from sender to resend the packet. Additionally, if the sender did not receive
an acknowledgement from the receiver, it resends the packet.
3- Encoding:
Encoding is the primary technique in the fault tolerance of computer and
communication systems. Low-level encoding decisions are made by memory error
detection and correction mechanisms for memories and data buses. Communications
protocols provide a variety of detection and correction options. Fault detection is
136 Modern Distributed Control Systems
usually the first step in fault tolerance. Even if other elements of a system prevent a
failure by compensating for a fault, it is important to detect and remove faults to
avoid the exhaustion of a system’s fault tolerance resources. For example, the error
detection and correction scheme in a computer memory can detect and correct a
transient bit error. However, if the error persists, the memory must be replaced.
Fault detection:
Acceptance tests are the more general fault detection mechanism in that they can
be used even if the system is composed of a single (non-redundant) processor. The
program or sub-program is executed and the result is subjected to a test. If the result
passes the test, execution continues normally. A failed acceptance test is a symptom
of a fault. An example of sensor fault detection is to test if its value is stuck or it
returns above or under normally expected values, or if there is unusual high
fluctuation in the sensor output.
Comparison is an alternative to acceptance tests for detecting faults. If the
principal fault source is processor hardware, then multiple processors are used to
execute the same program. As results are calculated, they are compared across
processors. For critical measurements, two, three or more sensors could be used. A
mismatch indicates the presence of a fault. This comparison can be pair-wise, or it
may involve three or more processors simultaneously. In the latter case, the
mechanism used is generally referred to as voting. If software design faults are a
major consideration, then a comparison is made between the results from multiple
versions of the software in question, a mechanism known as n-version programming.
Key to system designs that provide high-availability is the option to hot-swap
devices; in other words, perform "live" insertion and removal of hardware without
disrupting the host system or application. An example would be pulling out the CPU
or I/O board and replacing it with another, with no downtime of either hardware or
software anywhere in the system. Not only can you replace failed devices in a hot-
swap system, but online upgrades are also possible. For example, one can upgrade an
entire single-board computer within the system, or increase the memory on a
particular board, simply by swapping out the cards.
137
4.5 Serial Communication
This section focuses on RS-232, RS-422 RS-423, and RS-485, which are
standard serial interfaces approved by the former Electronic Industries Association
(EIA)1 for connecting serial devices. They are communication standards providing
asynchronous communication capability with hardware flow control, software flow
control and parity checks. This chapter begins with RS-232 for historical reasons,
and then covers its derivatives RS-422/RS-423/RS-485. In particular, RS-422 and
RS-485 are very common in industry for connecting remote terminal units and PLCs.
The technology used in RS-485 was adopted at the physical layer of many Field
buses and Local Area networks. The focus here is mainly on the physical layer which
deals with the physical media, connectors, and signals. Later on, in this section we
cover a popular protocol known as MODBUS for message transfer between PLCs
and host computers, mainly in one-to-one connection. A more comprehensive
coverage of local area networks will follow in Chapter 5, while Fieldbuses will be
covered in Chapter 7.
1-EIA changed in 1997 to Electronic Industries Alliance, then it was dissolved in 2011, and replaced
now by Electronic Components Industry Association (ECIA), http://www.ecianow.org/
4.5.1 RS-232-C
The RS-232 was introduced by EIA in 1962 for the purpose of standardizing the
interface between data terminal equipment (DTE), e.g., a Video Display Terminal,
and data communication equipment (DCE), e.g., modem, as shown in Figure 4.14.
The emphasis is on interfacing a modem unit and data terminal equipment (for
example, a PC or a card reader to a modem). This standard is also applicable to serial
interfacing between various types of data terminal equipment. The revised RS-232C,
'C' indicates current revision, is widely accepted for single-ended data transmission
over short distances with low data rates. RS-232C communication has been virtually
the standard for many years in industrial and laboratory short-distance computer
communications with the majority of computer hardware and peripherals, such as
modems, PLCs, bar code readers, printers etc. RS-232C standard defines physical
and electrical connections, the interrelationship between the signals, and the
procedures to be used for exchanging information.
The ‘D’-type 25, and D 9-pin, Figure 4-15, connectors have become universally
associated with RS-232 communications, and at least one is provided on most
programmable controllers, computers and peripheral devices.
138 Modern Distributed Control Systems
D
R
R
D
R D
D
RD
R
Remote
Monitor
Short Lines Short Lines
Sho rt Lines
Remote
Data
Terminal
(DCM)
Modem
Long (Telecom) Lines
Modem
(DCE)
(DTE)
Data
Terminal
(DCE)
RS232C
RS232C
Figure 4.14 RS-232C drivers and receivers in a basic data communications system.
The International Telecommunication Union (ITU, formerly CCITT)
recommendation V24 is almost identical to RS-232, being common in Europe. But
V24 defines only the procedures for information exchange, requiring another
recommendation, V28, to define the pin allocations and signal voltages. In general,
RS-232 and V24 can be regarded as equivalent. RS-232 and RS-422 are also similar,
except for the differences in voltage level of the outputs, and in the potential
transmission rates.
139
1 2 3 4 5
6 7 8 9
Pin Signal Pi
n
Signal
1 Data Carrier
Detect
6 Data Set
Ready
2 Received
Data
7 Request to
Send
3 Transmitted
Data
8 Clear to
Send
4 Data
Terminal
Ready
9 Ring
Indicator
5 Signal
Ground
Figure 4.15 RS-232C signals (left) on a D 25-pin connector, (right) on a D 9-pin
connector.
Table 4.3 shows the signals on a D-25 connector for interfacing a DTE
equipment ( a PC, a card reader, or a remote RTU) to a DCE ( a modem).
1
2
3
PC
4
5
6
7
8
20
22
1
2
3
4
5
6
7
8
20
22
DTE DCE
Transm itted Data
Protective Groun d
Received Data
RTS
CTS
DSR
Signal Ground
DCD
DTR
RI
RTS: Request To Send
DTR: Data Terminal Ready
CTS: Clear to Sen d
RI: Ring Ind icator
DCD: Data Carrier Detect
DSR: Data Set Ready
Mo dem
140 Modern Distributed Control Systems
Table 4.3 RS-232 signals on D25 connectors.
Origin
Name Abbre-
viation Typical purpose DTE DCE D25
pin
Data
Terminal
Ready
DTR DTE is ready to receive, initiate, or
continue a call. ● 20
Data Carrier
Detect DCD DCE is receiving a carrier from a
remote DCE. ● 8
Data Set
Ready DSR DCE is ready to receive commands or
data. ● 6
Ring
Indicator RI DCE has detected an incoming ring
signal on the telephone line. ● 22
Request To
Send RTS DTE requests the DCE prepare to
transmit data. ● 4
Ready To
Receive RTR
DTE is ready to receive data from
DCE. If in use, RTS is assumed to be
always asserted.
● 4
Clear To
Send CTS DCE is ready to accept data from the
DTE. ● 5
Transmitted
Data TxD Carries data from DTE to DCE. ● 2
Received
Data RxD Carries data from DCE to DTE. ● 3
Common
Ground GND Zero voltage reference for all of the
above. common 7
Protective
Ground PG Connected to chassis ground. common 1
141
Standard communications requirements:
There are three aspects that must be considered in serial communication. First,
the rate or speed of the transmission; that is, the number of bits per second that are to
be sent over the communications link and the duration of each of these bits. Second,
the logic levels must be considered; in other words, what signal represents logic 1
and 0, together with the order in which the information will be transmitted. Finally, a
method of synchronizing the data to enable the receiving device to understand the
transmission must be considered. The sequence of transmitted bits in RS-232 is
described in Figure 4.16. Here, a start bit is used as a logic 1 pulse for one bit
duration, telling the receiving device that data are following. The data are then
transmitted, followed by the stop bits. RS-232 allows the inclusion of data-checking
characters, called parity bit. Parity is a method for checking the number of 1s or 0s in
a data word and adding a 'parity' 1 or 0 to make total number of ones odd or even,
depending on the type of parity checking in use, odd or even parity.
RS-232 allows the selection of six, seven or eight data bits at transmission
speeds ranging between 75 bps to to 56k bps (the theoretical maximum modem
speed). Common standard bit rates include also 300, 600, 1200, 2400, 4800, 9600,
14.K, 36K, and 56K, but a higher speed up to 112 kbps can be achieved on direct
connections between devices over short distances.
Obviously, the sending and transmitting devices must be operating at the same
data rate, and with the same data format; otherwise, the transmitted data can not be
received correctly.
Transmission distances:
RS-232 has a maximum effective distance of approximately 30 m at 9600 baud,
due to the amount of stray capacitance in the cable, and its effect on signal transition
time between the recognized limits. An RS-232 transmitter produces a voltage
between + 5 and + 25 V for one of the two possible signal states (space), and a
voltage of between - 5 and - 25 V for the other (mark) signal (normally ± 12 V).
Operating distance can be extended up to 100 m when using screened cables and a
lower data rate.
Referring to Figure 4.15, not all RS-232 signals are used in every application,
but the minimum requirements for interfacing are as follows: transmit data, receive
data and signal ground.
142 Modern Distributed Control Systems
Start Parity
1 2 3 4 5 6 7 8
Logic 1
Logic 0
Start
Stop
Stop
+12V
0 V
-12V
(a)
(b)
Data Bits
Figure 4.16 (a) Serial data bits for 8-bit data, one start bit, one parity bit and one stop
bit; (b) RS-232 Signal voltage levels.
4.5.2 RS-422/423/485
The RS-423 standard specifies the electrical characteristics of unbalanced
voltage-mode digital interface circuits normally used for interchange of serial binary
signals between DTE and DCE. Unlike RS-232, RS-423 allows one driver and up to
10 receivers on a single data line. The output voltage of the driver is specified
between 3.6 min to 6 V max. It also specifies the allowable pulse rise time. The
cable is a twisted pair with characteristic impedance of 120 Ohms. Each line is
terminated in its characteristic impedance at the most remote end of the line, see
Figure 4.17.
RS-422 overcomes some of the drawbacks of RS-232/RS-423, as well as
combining some of the advantages of current loop systems. RS-422 uses two wires
for each signal direction, a balanced electrical interface with differential input and
output lines to provide a greater distance and higher data rate than RS-232, as shown
in Figure 4-18. Differential data transmission provides much greater noise immunity
than single-ended transmission. Differential transmission on balanced lines is
preferred if interconnecting lines are too long for effective unbalanced operation, or
if transmission lines are exposed to large electrostatic or electromagnetic noise levels.
143
Data
Terminal
Equipmen
t
Circuit
Terminating
Equipment
R
R
T
D
Interconnecting Cable
Basic RS-423-A Unbalanced Digital Interface
Figure 4.17 RS-423 unbalanced twisted-pair cabling.
RS-422 has a much narrower signal transition region (0.4 V against 6 V in RS-
232), allowing the interface to be implemented using the 5 V supply from most
microprocessor-based equipment.
Data
IN
Data
Out
Receiver
62
Ω
62
Ω
Driver
120 Twisted Pair
Ω
Figure 4.18 RS-422 Balance pair cabling.
Virtually all PLCs with a serial communication facility have RS-232 V24 ports,
often with an additional RS-422 port derived from the RS-232 lines. The RS-232 port
is used for short-distance links, say to a VDU, printer or computer in close proximity.
The RS-422 ports are used for longer distance links, often between PLCs in a
distributed system and the control room, at data rates in the range of 100kpbs to 10
Mbps.
The EIA standard RS-485, introduced in 1983, is an upgrade of EIA RS-422.
Increasing the use of balanced data transmission lines in distributing data to several
system components and peripherals over relatively long lines brought about the need
for multiple driver/receiver combinations on a single twisted pair cable. RS-485 is
144 Modern Distributed Control Systems
similar to RS-422, but it allows for multiple driver/receiver combinations on a single
twisted pair line, Figure 4.19.
The features of the RS-485 drivers include:
a) one driver can drive as many as 32 unit loads and a total line termination
resistance of 60 Ohm or more (one unit load is typically one passive driver
and one receiver).
b) The driver should be capable of providing a differential output voltage of
1.5V to 5 V with common mode line voltage from -7 to 12 volt.
c) Drivers must have self protection against contention (multiple drivers
contending for transmission line at the same time).
RS-485 can also operate over two pairs of cable where a master can drive all
stations on one cable, while all the slave stations can respond on the second cable.
R
T
R
T
Tx
Tx
Tx
Rx
Rx
Driver
Receiver Transceiver
Driver
R
T
: termination resistance, 120 Ohms.
Twiste d pair cable
Figure 4.19 RS-485 multi-point balanced digital interface.
Table 4.4 summaries the main features of the EIA RS-232, RS-422, RS-423 and
RS-485.
145
Table 4.4 comparison between RS-232, RS-423, RS-422, and RS-485.
PARAMETER RS-232-C RS-423-A RS-422-A RS-485
Mode of
operation
Single-ended Single-ended Differential Differential
Number of
drivers and
receivers
1 driver
1 receiver
1 driver
10 receivers
1 driver
10 receivers
32 drivers
32 receivers
Maximum cable
length (ft)
50 4000 4000 4000
Maximum data
rate bits per
second
20k 100k 10M 10M
Maximum
common-mode
voltage
± 25 V ± 6 V 6 V
-0.25 V
12 V
-7 V
Driver output ± 5 V min
± 15 V min
± 3.6 V min
± 6.0 V min
± 2 V min ± 1.5 V min
Driver load 3 kΩ to 7 kΩ 450 Ω min 100 Ω min 60 Ω min
Driver slew rate 30 V/µs max Externally
controlled
NA NA
Driver output
short circuit
current limit
500 mA Vcc or
GRD
150 mA to GRD 150 mA to GRD 150 mA to GRD
250 mA to -8 V
or 12 V
Receiver input
resistance Ω
3 kΩ to 7 kΩ 4 kΩ 4 kΩ 12 kΩ
Receiver
sensitivity
± 3 V ± 200 mV ± 200 mV ± 200 mV
4.5.3 Flow Control in Serial Communications:
In communications between any microcomputer, mainframe or programmable
controller, one must consider flow control, the direction of data flow, and whether
the transmission is in one or both directions at the same time.
Simplex operation is where data flows in only one direction at a time, one
device always being the transmitter and the other device the receiver; for example, a
PLC or computer talking to a printer or data logger (recorder). The data logger never
needs to talk to the PC; thus, the PLC is always the transmitter and the recorder is a
receiver. Where two intelligent devices such as programmable controllers or
computers are involved, it may be necessary for two way communication to occur. In
146 Modern Distributed Control Systems
Half Duplex, only one device talks at a time, while in Full Duplex both can talk
simultaneously on the same channel.
To provide complete and correct communications between two devices, the
flow of data must be controlled, so that one device can signal the other to start or to
stop sending data. For example, if a PC is sending data to a printer at a faster rate
than it can print and its buffer becomes full, the PC must be signalled to stop
transmission or pause until the printer is ready to receive more data. Flow control or
protocol is handled either by using additional signal lines or by sending control
characters on the communications channel.
It is common to use two extra signal (or handshaking) wires connecting the
transmitting and receiving devices: one to signal the receiver that the transmitter is
Ready to Send (RTS), and the other to tell the transmitter that the receiver is ready to
receive data, Clear To Send (CTS). One device requests transmission by deriving
RTS low, then data are transmitted until CTS is turned off (high) by the receiver, as
depicted in Figure 4-20. RTS/CTS lines are provided in RS-232 links, and are
commonly used in PC intercommunication.
Programmable
controller or
microcomputer
Transmit
Receive
RTS
CTS
PC/microcomputer
Request to send (RTS) - Clear to send (CTS)
Figure 4.20 RTS/CTS hardware handshaking protocol.
Two very common forms of protocol using additional control characters on the
transmit/receive wires are known as XON/XOFF and ENQ/ACK.
With XON/XOFF, when a receiving device wishes to stop receiving data, it
transmits an XOFF command (decimal 19, DC3 or Control-S) to the sending device,
which then stops transmitting and waits to receive an XON command (decimal 17,
DC1 or Control-Q) before resuming transmission. On the other hand, in the
ENQ/ACK protocol, the transmitter appends data 'packets' with a query character-
147
ENQ (05 hex). This character marks the end of a data packet, and once the receiver
has processed the data it requests another packet from the transmitter by sending
back an ACK (acknowledge) command (06 hex). In some computers, the characters
ETX/ACK are used instead of ENQ/ACK. These simple character-oriented protocols
are illustrated in Figure 4-30.
80 ASCII characters
ENQ
‘I’ve just sent
you 80
characters. Are
you ready for 80
more?’
Sending
(talking)
Receiving
(listening)
‘I am receiving
data ...looking
for ETX (or
ENQ)
character’
ACK
‘I am listening
for you to tell me
you are ready’
Sending
(listening)
Recievi ng
(talking)
‘I’ve stored the
80 characters
and I am ready
for more’
(No extra signal lines used)
Single character
Wait until the receiver has
sorted out the 80 characters
ENQ = ‘Enq uiry’
ETX = ‘E nd of text’ = 03 hex
ACK = ‘Acknowledge’ = 06 hex
81
st
character
Control
bytes
Figure 4.21 Software flow control.
There are more special purpose non-printable codes, known as control
characters, used to perform device-to-device protocol and commands. Thirty two
(0x0-0x1F hex) plus (DEL and SP) are defined in the ASCII code (American
standard code for information interchange) and listed in Table 4.5.
148 Modern Distributed Control Systems
Table 4.5 ASCII code table.
American Standard Code for Information Interchange (ASCII)
b7b6b5
b4b3b2b1000 001 010 011 100 101 110 111
0000 NUL DLE SP 0 @ P ` p
0001 SOH DC1 ! 1 A Q a q
0010 STX DC2 " 2 B U b r
0011 ETX DC3 # 3 C R c s
0100 EOT DC4 $ 4 D S d t
0101 ENQ NAK % 5 E T e u
0110 ACK SYN & 6 F U f v
0111 BEL ETB ' 7 G V g w
1000 BS CAN ( 8 H W h x
1001 HT EM ) 9 I X i y
1010 LF SUB * : J Y j z
1011 VT ESC + ; K Z k {
1100 FF FS , < L [ l |
1101 CR GS - = M \ m }
1110 SO RS . > N ] n ~
1111 SI US / ? O _ o DEL
Control
Characters
NUL Null DLE Data-link escape
SOH Start of heading DC1 Device control 1
STX Start of text DC2 Device control 2
ETX End of text DC3 Device control 3
EOT
End of
transmission DC4 Device control 4
ENQ Enquiry NAK
Negative
acknowledge
ACK Acknowledge SYN Synchronous idle
BEL Bell ETB
End-of-
transmission
block
BS Backspace CAN Cancel
149
HT Horizontal tab EM End of medium
LF Line feed SUB Substitute
VT Vertical tab ESC Escape
FF Form feed FS File separator
CR Carriage return GS Group separator
SO Shift out RS Record separator
SI Shift in US Unit separator
SP Space DEL Delete
4.5.4 MODBUS
MODBUS is a messaging structure, widely used to establish master-slave
communication between intelligent devices. Since Modbus is just a messaging
structure, it is independent of the underlying physical layer. It is traditionally
implemented using RS-232, RS-422, or RS-485. The wide use of Modbus in industry
is due to its flexibility and easy implementation. Not only are intelligent devices like
microcontrollers, PLCs, etc., able to communicate by Modbus, many intelligent
sensors are also equipped with a Modbus interface to send their data to host systems.
While Modbus was previously mainly used on wired serial communication lines,
there are also extensions to the standard for wireless communications and TCP/IP
networks. Modbus is used to monitor and program devices, to monitor field devices
using PCs and HMIs, and for communication between intelligent devices and sensors
and instruments. Modbus is also an ideal protocol for RTU applications where
wireless communication is required.
Transmission Modes:
Serial Modbus connections can use two basic transmission modes, ASCII or
RTU, remote terminal unit. The transmission mode in serial communications defines
the way the Modbus messages are coded. With Modbus/ASCII, the messages are in a
readable ASCII format, which makes it easy for a human operator to monitor the data
traffic. The Modbus/RTU format uses binary coding, which is more efficient for
device-to-device direct communication, but makes the message unreadable for
human monitoring. Modbus/RTU reduces the size of each message, which allows for
more data exchange in the same time span. All nodes on one Modbus network
segment must use the same serial transmission mode. A device configured to use
Modbus/ASCII cannot understand messages in Modbus/RTU and vice versa.
When using Modbus/ASCII, all messages are coded in hexadecimal values,
represented with readable ASCII characters. Only the characters 0...9 and A...F are
150 Modern Distributed Control Systems
used for coding. For every byte of information, two communication-bytes are
needed, because every communication-byte can only define 4 bits in the hexadecimal
system. With Modbus/RTU the data is exchanged in a binary format where each byte
of information is coded in one communication-byte.
Modbus Message Framing:
A message frame is used to mark the beginning and end of a message, allowing
the receiving device to determine which device is being addressed and to know when
the message is completed. It also allows partial messages to be detected and errors
flagged as a result. A Modbus message is placed in a message frame by the
transmitting device. Each word of this message (including the frame) is also placed
in a data frame that appends a start bit, stop bit and a parity bit. The various fields of
a Modbus message are listed in Table 4.6.
In ASCII mode, the word size is 7 bits, while the word size is 8 bits in RTU
mode. Thus, every 8 bits of an RTU message is effectively 11 bits when accounting
for the start, stop, and parity bits of the data frame.
ASCII Mode Message Frames:
ASCII Mode messages start with a colon (ASCII 3AH) and end with a carriage
return-line feed pair of characters (CR-LF, ASCII 0x0D & 0x0A). The only
allowable characters for all other fields are hexadecimal 0-9 & A-F. The Modbus
ASCII Mode data ‘byte’ or character is only 7 bits long.
For ASCII Mode transmission, each character requires 7 data bits. Thus, each
character is 10 bits when accounting for the start bit, parity bit and stop bit of the data
frame.
In ASCII Mode, all network devices continuously monitor the network for the
‘start of message’ colon. When it is received, every network device decodes the next
field to determine if it is the addressed device.
Table 4.6 Modbus message fields.
Field Description
Device address Address of the receiver
Function code Code defining message type
Data Data block with additional information
Error check Numeric check value to test for communication errors
151
RTU Mode Message Frames:
RTU mode messages start with a silent interval of at least 3.5 character times
implemented as a multiple of character times at the baud rate being used on the
network. The first field transmitted is the device address. A networked device
continuously monitors the network, including the silent intervals, and when the first
field is received (the address) after a silent interval of at least 3.5 character times, the
device decodes it to determine if it is the addressed device. Following the last
character transmitted, a similar silent interval of 3.5 character times marks the end of
the message and a new message can begin after this interval.
The entire message must be transmitted as a continuous stream. If a silent
interval of more than 1.5 character times occurs before completion of the frame (i.e.,
not a continuous stream), the receiving device flushes the incomplete message and
assumes the next byte will be the address field of a new message.
In similar fashion, if a new message begins earlier than 3.5 character times
following a previous message, the receiving device assumes it is a continuation of the
previous message. This will generate an error, as the value in the final CRC field will
not be valid for the combined messages.
MODBUS messaging structure
A Modbus message contains the address of the slave, the "command" (e.g.,
"read register" or "write register"), the data, and a check sum (LRC or CRC). The
basic structure of a MODBUS frame is shown below:
The address field of a message frame contains two characters (ASCII) or eight
bits (RTU). A master addresses a slave by placing the slave address in the address
field of the message. Valid slave device addresses are in the range of 0 ... 247
decimals. When the slave sends its response, it places its own address in this address
field of the response to let the master know which slave is responding.
The function code field of a message frame contains two characters (ASCII) or
eight bits (RTU). Valid codes are in the range of 1 ... 255 decimals. When a message
is sent from a master to a slave device, the function code field tells the slave what
kind of action to perform, including to read the ON/OFF states of a group of discrete
inputs, to read the data contents of a group of registers, to read the diagnostic status
of the slave, to write to designated registers, or to allow loading, recording or
verifying the program within the slave.
When the slave responds to the master, it uses the function code field to indicate
either a normal (error-free) response or that some kind of error occurred (called an
exception response). For a normal response, the slave simply echoes the original
function code. For an exception response, the slave returns a code that is equivalent
to the original function code with its most significant bit set to a logic 1.
152 Modern Distributed Control Systems
Table 4.7 Sample Modbus function codes.
Common Modbus function codes
Code Description
1Read coil status
02 Read input status
03 Read holding registers
04 Read input registers
05 Force single coil
06 Preset single register
07 Read exception status
15 Force multiple coils
16 Preset multiple registers
17 Report slave ID
* In Modbus language, a coil is a discrete I/O value.
Modbus Data Field:
The data field provides the slave with any additional information required by the
slave to complete the action specified by the function code. The data is formed from
a multiple of character bytes (a pair of ASCII characters in ASCII Mode), or a
multiple of two hex digits in RTU mode, in range 00H-FFH. The data field typically
includes register addresses, count values and written data. If no error occurs, the data
field of a response from a slave will return the requested data. If an error occurs, the
data field returns an exception code that the master’s application software can use to
determine the next action to take.
Modbus Error Checking :
MODBUS networks employ two methods of error checking:
1. Parity checking of the data character frame (even, odd, or no parity)
2. Frame checking within the message frame (Cyclical Redundancy Check in
RTU Mode, or Longitudinal Redundancy Check in ASCII Mode).
A Modbus device can be configured for even or odd parity, or for no parity
checking. This determines how the parity bit of the character’s data frame is set. If
even or odd parity checking is selected, the number of 1 bits in the data portion of
each character frame is counted. Each character in RTU mode contains eight bits.
The parity bit will then be set to a 0 or a 1, to result in an even (even parity), or odd
153
(odd parity) total number of 1 bits. The contents of the message frame error check
field is determined using two kinds of error-checking methods depending on the
transmission mode.
When ASCII mode is used for character framing, the error checking field
contains two ASCII characters. The error check characters are the result of a
Longitudinal Redundancy Check (LRC) calculation that is performed on the message
contents, exclusive of the beginning colon and terminating CRLF characters. The
LRC characters are appended to the message as the last field preceding the CRLF
characters.
When the RTU mode is used for character framing, the error checking field
contains a 16-bit value implemented as two eight-bit bytes. The error check value is
the result of a Cyclical Redundancy Check calculation performed on the message
contents. The CRC field is appended to the message as the last field in the message.
When this is done, the low-order byte of the field is appended first, followed by the
high-order byte. The CRC high-order byte is the last byte to be sent in the message.
Modbus Exceptions:
If an unsupported function code is sent to a module, then the exception code 01
(Illegal Function) will be returned in the data field of the response message. If a
holding register is written with an invalid value, then exception code 03 (Illegal Data
Value) will be returned in the response message.
Table 4-8 Comparison of Modbus transmission modes .
ASCII RTU
Characters ASCII 0...9 and A..FBinary 0...255
Error check LRC Longitudinal
Redundancy Check
CRC Cyclic
Redundancy Check
Frame start character ':' 3.5 chars silence
Frame end characters CR/LF 3.5 chars silence
Gaps in
message
1 sec 1.5 times char length
Start bit 1 1
Data bits 7 8
Parity even/odd none even/odd none
Stop bits 1 2 1 2
154 Modern Distributed Control Systems
MODBUS/TCP:
Modbus/TCP is a communications protocol for automation equipment. It is a
derivative of the almost universal MODBUS protocol. MODBUS/TCP is a
communication protocol designed to allow industrial equipment such as
Programmable Logic Controllers, computers, operator panels, motors, sensors and
other types of physical input/output devices to communicate over a network. The
internet TCP protocol is described later in Chapter 6.
In the Modbus/TCP, instead of having a dedicated cable between the client
(master) and server (slave), an Internet standard TCP ‘connection’ is used. A single
device may have many such connections active at the same instant, some acting in
the role of client, some acting in role of server. These connections may be established
and broken on a repetitive and continual basis, or they may be left active for long
periods.
The standard TCP frame is changed to incorporate a Modbus frame that gives
information such as the address of the target device, a function code and whatever
data is being transmitted. This is a connection-oriented transaction, which means
every query expects a response. A diagram to illustrate this is depicted in Figure 4-
22.
Transaction
Identifier
Protocol
Identifier
Length
Feild
Modbus
Frame
Address Function
Code DATA Checksum
TCP
Frame
Modbus
Frame
Figure 4.22 Modbus/TCP frame structure.
Modbus/TCP was invented by Modicon/Group Schneider and is today one of
the most popular protocols embedded inside the TCP/IP frames. Modbus/TCP
basically embeds a Modbus frame into a TCP frame in a simple manner. This is a
connection-oriented transaction, which means every query expects a response.
The Modbus/TCP protocol is basically the command/response Modbus RTU
protocol wrapped up in a TCP packet. The Modbus/TCP protocol is an application-
layer protocol, and as such, resides on top of the TCP/IP and Ethernet layers.
155
4.5.6 DNP3
DNP3 (Distributed Network Protocol) is mainly used in SCADA systems for
communication between SCADA Master Stations (Control Centers), and Remote
Terminal Units (RTUs), and Intelligent Electronic Devices (IEDs). It is highly
standardized, with relatively high compatibility and inter-operability between devices
from different manufacturers. Primary applications are SCADA systems for process
automation in the electric, water, oil and gas, and transportation industries.
DNP3 was adopted by IEEE Standard for Electric Power Systems
Communications – Distributed Network Protocol (DNP3). It was first released as
IEEE Std 1815TM-2010, then modified in IEEE Std 1815-2012, which was released
Oct. 12, 2012. The updated DNP3 standard contains many changes, including DNP3
Secure Authentication v5, which defines a protocol mechanism that enables a DNP3
outstation/master to unambiguously determine that it is communicating with the
correct user/outstation. The new version is capable of using Public Key
Infrastructure, and it facilitates remote key changes.
DNP and MODBUS protocols are widely used over a variety of physical layers,
including RS-232, RS422, RS-485, and TCP/IP. Modbus has a separate specification
for use over TCP/IP (Modbus-TCP), while DNP3 is simply encapsulated within
TCP/IP.
Features of DNP3:
large number of data types. Within each type multiple variations may be
supported; e.g. data can be sent as 16-bit or 32-bit integral values; 32-bit or
64-bit floating point values; with or without time stamps; and with our
without quality indicators (flags).
Multiple methods of reading inputs individually or as a group.
Multiple types of data can be encapsulated in a single message to improve
efficiency.
Time stamps and data quality information can also be included.
Supports change events. Only values that have changed are reported (Report
by Exception )..
Unsolicited reporting: Slave devices can send updates as values change,
without having to wait for a poll from the Master.
Output objects are read/write; reading the output object returns the last
command that was written).
The actual value of the control point can be monitored via a Binary or Analog
input.
High-security two-step control operations. With these operations, a “Select”
156 Modern Distributed Control Systems
request is sent first. Once it is confirmed by the Slave device, the actual
“Operate” request is sent. The select/operate sequence insures the integrity of
the control command.
DNP3 also supports a variety functions commonly used on control
applications, such as pulsed and paired outputs.
The quality flags reported by DNP3 give important output quality status
information, including whether the point is offline, if it is being controlled
locally (e.g., local override), etc.
157
SUMMARY
Figure 4.23 Overview of computer connectivity technology.
1. A single-board computer consists of a microprocessor/microcontroller,
digital I/O, analogue I/O, timers/counters, watch-dog timer, bus interface
unit and/or serial communication unit.
2. System buses are used to connect CPU to I/O devices. Examples of PC
system buses are the old ISA/EISA, PCI and the recent PCI Express.
3. Industrial PCs are constructed using PC/104 and its derivatives (for
embedded applications), VME, VXI, and PXI buses.
4. High-performance industrial PCs require plug & play, and hot-swapping,
in addition to the ability to use redundant configurations.
5. The cPCI and PXI combine the ruggedness of VME and the electric
technology of PCI.
6. cPCI-express and PXIe are the recent standards of high performance, high
throughput, industrial computers. The combine the mechanical ruggedness
of VME and the PCI-express technology.
7. PCs use IDE/ATA and more recently SATA buses to connect HD and
CD/DVD derives within the same cabinet.
158 Modern Distributed Control Systems
8. SCSI is a high-performance intelligent peripheral bus for connection of
HD and CD/DVD drives within the same cabinet or in a nearby standalone
cabinets.
9. High-performance data storage systems can be built using Redundant
Array of Independent Disks (RAID). There are seven basic RAID
configurations known as RAID0 to RAID6.
10. Reliability of devices can be quantified in terms of the mean time to fail
(MTTF). Reliability of the system can be improved by employing
redundant components. 1:N redundancy means one online backup unit for
every N identical units.
11. Serial communication standards RS-422/RS-485 are derivatives of the
classical RS-232. RS-422/RS-485 can be used for up to 4000 ft and for
speeds up to 10 Mbps to connect remote RTUs and PLCs.
12. MODBUS is a messaging protocol system, which is widely used in
industry to establish a master-slave communication between intelligent
devices in industrial applications.
13. An overview of the capability of various computer connectivity
technology is shown in Figure 4.32. The comparison is based on two
performance parameters; the latency (delay), and the bandwidth in MBps.
14. USB and FireWire are high-performance, high-speed serial interface bus
that can connect up to 127 devices with a room (about 5 meters).
References
[1] William Buchanan, Computer Busses: Design and Application, Butterworth-Heinemann Ltd.,
2000.
[2] Edward Solari , ISA & EISA Theory and Operation, Annabooks/Rtc Books, 1992.
[3] VMEbus Standards and Specifications, VITA {VMEbus International Trade Association}
http://www.vita.com/
[4] Mindshare Inc., Ravi Budruk, Don Anderson, Tom Shanley, PCI Express System Architecture,
Addison-Wesley Professional, 1st ed., 2003.
[5] A nice summary table of computer buses
http://www.interfacebus.com/Design_Interface_table.html.
[6] CompactPCI Express PICMG EXP.0 R1.0 Specification, PCI Industrial Manufacturers Group,
July 27 2005. http://www.picmgeu.org/specs/available_specifications.htm
[7] PXI-5 PXI Express Hardware Specification Revision 0.5, PXI Systems Alliance, 15 July 2005,
http://www.pxisa.org/
[8] SCSI Trade Association: http://www.scsita.org
[9] Friedhelm Schmidt, The SCSI Bus and IDE Interface: Protocols, Applications and
Programming, Addison-Wesley Professional, 1998.
159
[10] Jan Axelson, USB Complete: Everything You Need to Develop Custom USB Peripherals, 3 rd
Edition, Lakeview Research; 2005.
[11] J. H Lala, R. E Harper, “Architectural Principles for Safety-Critical Real-Time Applications”,
Proc. IEEE, V82 n1, Jan. 1994, pp25–40.
[12] Victor P. Nelson, “Fault-Tolerant Computing: Fundamental Concepts,” Computer, Vol. 23, no.
7, pp. 19–25, Jul., 1990.
[13] System Analysis Reference: Reliability, Availability and Optimization,
http://www.weibull.com/systemrelwebcontents.htm
[14] Some VME/VME64 details: http://www.interfacebus.com/Design_Connector_VME.html
EXERCISES
(Straight forward applications of the concepts of the chapter)
E4.1] Which of the following computer buses does not support hot insertion of boards?
a) VME
b) PXI
c) cPCI.
d) VME64
E4.2] Which of the following computer buses is NOT for industrial Instrumentation applications?
a) PXI
b) PCI
c) cPCI
d) VME
E4.3] Which of the following computer buses is the best for data intensive applications?
a) cPCI
b) PCI
c) ePCI
d) VME
E4.4] Which statement is NOT true for the VME bus?
a) VME allows 32 bit data transfer.
b) P1/P2 connectors consist of 2 rows of 32 pin each.
c) The backplane can have up to 21 slots.
d) The half height P1 cards are known as “Euro Cards” DIN 41612.
E4.5] Which statement is NOT true for the VME bus?
a) Bus access is managed by a bus controller
b) Bus access is based on token passing
c) Multiple bus masters can coexist on the bus.
d) Bus access by demand
160 Modern Distributed Control Systems
E4.6] Which statement is NOT a true SCSI feature?
a) SCSI can be used to connect devices outside the computer cabinet.
b) Transfer data directly to the computer memory without CPU involvement.
c) Supports unlimited number of devices.
d) Supports almost any type of drives.
e) Supports synchronous and asynchronous data transmission.
E4.7] Which statement is NOT true for IDE/ATA-xx?
a) Logical block address up to 137 GB.
b) Transfer data directly to the computer memory without CPU involvement.
c) Supports up to 7 hard disk drives.
d) Multi-access by intelligent devices.
E4.8] Which statement is TRUE for the VME connector?
a) 96 pin connector.
b) Standard D25.
c) 24 pin.
d) Similar to a printer cable.
E4.9] Which of the following computer buses has the fastest data transfer rate?
a) cPCI
b) PCI
c) ePCI.
d) VME
E4.10] The RS-485 defines the specification of...
a) OSI layer 1 only
b) OSI layers 1 and 2 only
c) OSI layers 1, 2, and 7 ( no layers 3,4,5 , and 6)
d) Non of the above
E4.11] Which of the following computer buses is NOT a 32-bit bus?
a) EISA
b) ISA
c) CompactPCI.
d) AGP
E4.12] Which of the following computer buses supports 64 bits data transfer?
a) EISA
b) CompactPCI
c) PCIExpress.
d) PC/104
161
E4.13] Which statement is TRUE?
SCSI-I interface includes
a) 8-bit data bus and 8 control signals.
b) 8-bit data bus and 9 control signals.
c) 16-bit data bus and 8 control signals.
d) 16-bit data bus and 9 control signals.
PROBLEMS
(Problems extend the concepts of this chapter to new situations)
P4.1] Compare between VME64, and PXI in the following aspects:
a) width of the data bus
b) width of address bus
c) Electrical signal levels
d) data transfer modes and speed
e) control lines & handshaking
f) bus arbitration
g) hot swapping
h) plug and play
i) noise immunity
j) number of slots
P4.2] A PLC with MTTF of 50,000 hours is used for control application. To increase the reliability
of the system a hot swappable identical PLC is used in 1:1 redundant configuration. What is
the MTTF of the control system function?
P4.3] A critical control loop consisting of a level switch, a PLC, and a valve, with MTTF of 20000,
100000, 50000 hours respectively. What is the probability of failure in 6 months?
DESIGN PROBLEMS
(Design Problems emphasize the design task)
D4.1] A machine vision system is to be used in an assembly line to test the conformity of the cross
section of plastic tubes. The system consists of a high speed camera connected to a video
capturing board, an industrial computer and a small PLC. Pictures taken are processed and
compared with the nominal dimensions. If a deformation is detected which exceeds specific
limits, a signal is sent to the PLC, which activates in turn a solenoid which rejects the
product.
Search the internet to specify an industrial PC system with suitable bus for this application.
The hardware should also include an interface to the plant network through a LAN or RS-
485, and a suitable connection to the PLC. Justify your design.
162 Modern Distributed Control Systems
TERMS AND CONCEPTS
ATA Bus
IDE/ATA Personal Computer cable Bus used for hard drives, Floppy and CD drives. Top bus speed is
133MBytes/sec over an 18 inch Parallel cable. IDE: [Integrated Drive Electronics], ATA: [Advanced
Technology Attachment]. ATA is being replaced by the Serial ATA bus which uses 4-wires instead of
40.
CompactPCI Bus (cPCI)
cPCI bus is an embedded PCI bus using the Euro-card form factor; Mechanical description and pin
outs provided. CompactPCI Express (PCI Express PCIe) on a 3U x 160mm form factor in a
CompactPCI (cPCI) environment.
Cyclic redundancy check (CRC)
A method of detecting and correcting bit errors in a packet of information by adding a calculated set of
values to the packet. The values are derived from an original packet of data.
Differential transmission
Differential signaling uses two wires carrying a signal which is 180 degrees out of phase. The main
benefit is a reduction in susceptibility to induced noise.
8b/10b encoding
A scheme for encoding signals with an embedded clock. The encoding serves two purposes. First, it
ensures that there are enough transitions in the data stream for clock recovery and, second, that the
number of 0s and 1s is matched, maintaining DC balance in AC-coupled systems.
Eurocard
European Packaging Specifications (IEC 60297, IEEE 1101.1, IEEE 1101.10, IEEE 1101.11).
IEEE 1014-1987{VME}
The original VME Spec. {3 row P1/P2, 32 bit Xfers, 64 w/ the address bus Multiplexed,
40MBytes/second (Replaced by ANSI/VITA 1-1994; VME64).
Industry Standard Architecture (ISA)
A bus standard for PCs introduced in 1984 that extended the XT bus architecture to 16 bits. It is
designed to connect peripheral cards to the motherboard. It is also referred to as the AT bus.
LVD
Low Voltage differential protocol.
163
PCI Express
An evolutionary version of PCI that maintains the PCI software usage model and replaces the physical
bus with a high-speed (2.5 Gb/s) serial bus serving multiple lanes.
PCISIG
PCI Special Interest Group, http://www.pcisig.com/home
Peripheral component interconnect (PCI)
A high-speed parallel bus originally designed by Intel to connect I/O peripherals to a CPU.
PICMG – PCI Industrial Computer Manufacturers Group
The group of member companies that maintains current specifications for CompactPCI and PCI.
https://www.picmg.org/
Serial ATA Bus (SATA)
A four-wire serial data bus for hard drives, set to replace the IDE/ATA bus standard. Serial ATA uses
only 4 signal pins, improving pin efficiency over the parallel ATA interface. The 4 lines are used for
transmitting and receiving differential pairs, plus an additional three grounds pins and a separate
power pin. SATA has a maximum bus length of 1 meter with Data running at 150MBps, SATA uses
LVDS.
VISA
Virtual Instrument Software Architecture
VITA
VMEbus International Trade Association. http://www.vita.com/
VME—Versa Module Europe
VMEbus specification governed by the VITA Standards Organization (VSO).
VXI
VME Extensions for Instrumentation
164 Modern Distributed Control Systems
Appendix 4.A
4.A PC Computer Buses
4.A.1 PCI
4.A.2 PCI Express
OVERVIEW
This additional material is intended for those who desire more IT related background to get
better grip on the subject of computer backplane buses. The appendix provides a brief review of the
main evolution steps in computer buses, starting with the bus used in the early IBM PC, and ending at
the most recent high performance PCI Express. The wide spread use of these buses made them cost
effective solutions with ruggedized mechanical/physical modification to meet industrial automation
requirements. The marriage between the electronics and software of PC type backplane busses and the
industrial ruggedized construction lead to the high performance VXI, cPCI, PXI, and PXI express.
4.A.2 PCI
The Peripheral Component Interconnect (PCI) bus was one of the most commonly used
computer buses for many years. The wide availability of the PCI bus makes it a top choice for data
acquisition systems. PCI was created by Intel in 1993. The PCI specification covers the physical size
of the bus (including wire spacing), electrical characteristics, bus timing, and protocols. The
specification can be obtained from the PCI Special Interest Group (PCI-SIG). It defines a system bus
that allows multiple PCI-compliant expansion cards to be plugged into the computer. One of these
cards must be the PCI controller card, but the others can include a video card, network interface card,
SCSI interface, or any other basic I/O function. The PCI controller exchanges information with the
computer's processor as 32 or 64 bits, and allows intelligent PCI adapters to perform certain tasks
concurrently with the main processor by using bus mastering techniques.
PCI is available in both a 32 bit version running at 33 MHz bus (133MBps), and a 64 bit version
running at 66 MHz (266MBps), or (532MBps).
The following are some of the key feature of the PCI Bus:
Supports automatic configuration (for “plug and play”).
Automatically checks data transfers for errors.
Uses a burst mode, increasing bus efficiency by sending several sets of data to one address.
Operates either synchronously or asynchronously with the "Mother Board" bus rate. While
operating asynchronously the bus can operate at any frequency from 66MHz down to (and
including) 0Hz. Flow control is added to allow the bus to operate with slower devices on the
bus, allowing the bus to operate at their own speed.
5 V and /or 3.3 Volt signaling.
32-bit or 64-bit bus width. Figure 4-24 shows a PCI connector and a PC motherboard with
five 32-bit PCI slots.
165
Figure 4.24 PCI I/O connector (left), and slots on a PC motherboard (right) for 32-bit
PCI.
A Bus-Master is required to implement a timer, called the Latency Timer, that limits the time
that device can hold the PCI bus. The timer starts when the device gains bus ownership, and
counts down at the rate of the PCI clock. When the counter reaches zero, the device is
required to release the bus. If no other devices are waiting for bus ownership, it may simply
grab the bus again and transfer more data
PCI provides two separate 32-bit or 64-bit address spaces corresponding to the memory and
I/O port address spaces of the x 86 processor families. Addresses in these address spaces are
assigned by software.
PCI devices have on board PCI configuration space (256-byte configuration space), which
contains a small amount of device type information, which helps an operating system choose
device drivers for it, via PCI Configuration Space) to find out what devices are present and
what system resources (memory space, I/O space, interrupt lines, etc.) each needs. It then
allocates the resources and tells each device what its allocation is.
PCI bus includes four interrupt lines, all of which are available to each device.
A third address space, called the PCI Configuration Space, which uses a fixed addressing
scheme, allows software to determine the amount of memory and I/O address space needed
by each device
A PCI bridge allows, Figure 4.4, PCI-PCI connections, or connections to other buses. In
Figure 4-25, the PCI close to the CPU acts as a local CPU bus and operates at the maximum
achievable speed, while the second PCI bus acts as an I/O bus and it could operate in the
asynchronous mode to allow slower boards to be connected to the bus. A bridge is also used
to allow the legacy ISA bus or other buses to be included in the mother boards.
166 Modern Distributed Control Systems
Figure 4.25 PCI bridges for buses interconnection.
However, there are some other advantages and disadvantages to consider. First of all, a PCI-
based system is not easily expandable. If you need more PCI-based devices than you have PCI slots in
your computer, your options for expansion are limited. Additionally, adding cards yourself requires
opening up the computer; they are not hot-pluggable. On the other hand, PCI offers high-speed
transfers with a theoretical bus bandwidth of up to 1,056 Mbits/s. For this reason, applications with
high-speed data streaming may prefer to use PCI over some of the other bus choices.
The PCI specification has been ported to a number of other form factors. These include:
PCI: The original specification 'Peripheral Component Interface', Rev 2.2.
PCI-X (PCI eXtended): PCI-X 2.0 permits a 266 MHz rate (peak transfer rate of 2133 MB/s)
and also 533 MHz rate (4266 MB/s — 32× the original PCI bus), expands the configuration space to
4096 bytes, adds a 16-bit bus variant (allowing smaller slots where space is tight), and allows for 1.5
volt signaling.
cPCI, Compact PCI, and PXI: PCI in a VME form factor, for instrumentation.
PC/104-Plus: PCI add-on to the PC/104 form factor.
P2CI: PCI on the VME64 P2 connector.
Card Bus: 32 bit PCI on the PC Card (PCMCIA) Format.
Each of these additional specifications rely on the PCI spec., normally only the mechanical
(form factor) definition changes. Unlike earlier PC buses, the PCI bus is processor independent.
CPU
PCI – ISA
Bridge Video PCI – PC I
Bridge
I/O
Controller SC S1 Ethernet
PCI BusISA Bus
PCI Bus
Upstream
Downstream
167
4.A.3 PCI Express
PCI Express, designed to replace the older PCI, PCI-X, and AGP standards, was launched in 2004. It is a
high-bandwidth, low pin count, serial, point-to-point interconnect technology. PCI Express
architecture provides a high performance I/O infrastructure for Desktop Platforms with transfer rates
starting at 2.5 Gbps transfers over an x1 channel, see Figure 4.26..
PCI Express (PCIe) supports 1x (2.5Gbps), 2x, 4x, 8x, 12x, 16x, and 32x bus widths (transmit/
receive pairs). This provides a nominal bandwidth of about 250 MB/s in each direction per PCI
Express lane. Table 4.10 gives the bandwidth of the PCIe for various number of lanes. Once overhead
is taken into account, about 200 MB/s of this is usable by the device for data movement in each
direction. This rate represents a twofold to fourfold increase over most classic PCI devices. Because
the same level of bandwidth can be allocated to each device using PCI Express, rather than sharing
bandwidth among devices with PCI, PCI Express devices can achieve higher performance levels than
their PCI counterparts. For measurement applications, this means higher sampling and data throughput
rates.
Although PCIe is software compatible with the PCI bus, there is a major difference between
them at the hardware level. PCI is a Multi-drop bus. Multi-drop refers to the ability of parallel buses
to have more than one device or card attached to a particular bus segment. On the other hand PCIe is
Point-to-point interconnect technology, which refers to a one-to-one relationship between a particular
bus segment and device attached. Multi-drop topologies afford easier and better expansion for add-
ons. But multi-drop arrangements mean greater bus latency and reduced overall performance in certain
cases. Moreover, since the number of pins (or data and address lines) used by parallel buses are
typically greater than pins required by serial I/O interconnect, packaging and routing penalties are
essentially magnified by multi-drop configurations.
The following is a summary of the key features of the PCIe.
Point-to-point serial interconnect technology
Address/Data Bus: 64bit Address; 64bit Data, Time Multiplexed
System Bus: 2bits; Clock/Reset
Interface Control Bus: 7bits; Ready, Acknowledge, Stop
Parity Bus: 2 bits, 1 for the 32 LSBs and 1 for the 32 MSB bits
Errors Bus: 2 bits, 1 for Parity and 1 for System
Command/Byte Enable: 8 bits (0-3 @ 32bit, and 4-7@ 64bit Bus)
64MHz Control: 6 bits; (2) Enable/Running, (2) Present, (2) Ack/Req
Cache Size: 2 Bits
Interrupt bus: 4 bits
JTAG Serial Bus: 5 Bits
Power Supply: +5, +3.3, +12, -12v, GND
168 Modern Distributed Control Systems
Table 4.10 Bandwidth of PCI-express versus the number of lanes.
PCIe x1 500MB/s (Single Data Lane - Both Directions)
PCIe x2 1000MB/s (Dual Data Lane - Both Directions)
PCIe x4 2000MB/s (Quadruple Data Lane - Both Directions)
PCIe x8 4000MB/s (Eight Data Lanes - Both Directions)
PCIe x12 6000MB/s (Twelve Data Lanes - Both Directions)
PCIe x16 8000MB/s (16 Data Lanes - Both Directions)
The PCI Express specification also offers both hot-swap and hot-plug. In addition, the variety of
formats for PCI Express devices greatly increases the ability to add high-performance peripherals in
servers and notebooks.
PCI Express provides important, advanced standardized features for enabling vital Reliability,
Availability, Serviceability (RAS) capabilities that are not available with parallel PCI. Key advanced
RAS features support end-to-end error detection and link-level reliability in hardware. This is enabled
through the use of:
1. Reliable 8b/10b signal encoding
2. Packet sequence protection
3. 32-bit CRC plus link-layer recovery for all transaction phases
4. Credit-based flow controller that prevents buffer overflows and underflows
Advanced RAS features also include standardized error forwarding messages that allow for the
prediction of an impending failure to host system software. In addition, monitoring/management
software can assist technicians conducting a hot swap operation.
Each lane of a PCI Express connection contains two pairs of wires; one to send and one to
receive. Packets of data move across the lane at a rate of one bit per cycle. A x1 connection, the
smallest PCIe connection, has one lane made up of four wires. It carries one bit per cycle in each
direction. An x2 link contains eight wires and transmits two bits at once, a x4 link transmits four bits,
and so on. Other configurations are x12, x16 and x32. The connector sizes for 4x and 8x PCI Express
are also different, for the same reason. The PCIe 1x connector has 36 signal pins, the 4x connector has
64 signal pins, the 8x connector has 98 signal pins, and the 16x connector has 164 signal pins as
shown in Figure 4-26. A PCI Express card is upward compatible, so a 1x card will fit in any card slot,
a 4x card will fit into an 8 or 16x port and so on. An adapter card using 16x lanes will only fit in a x16
size connector.
The clocking information is embedded in the signal. PCI Express utilizes 8b/10b encoding to
ensure that strings of consecutive ones or consecutive zeros are limited in length. This is necessary to
prevent the receiver from losing track of where the bit edges are. In this coding scheme, every 8
(uncoded) payload bits of data are replaced with 10 (encoded) bits of transmit data. This coding
feature not only checks for valid characters; it also limits the difference between the number of zeros
and ones transmitted, thus maintaining a DC balance at both the transmitter and receiver and
significantly enhancing electromagnetic compatibility (EMC) and electrical signal performance.
169
PCI Express Example Connectors
X1
Bandwidth:
Single direction: 2.5
Gbps/200 MBps
Dual direction: 5
Gbps/400 MBps
X4
Bandwidth:
Single direction: 10
Gbps/800 MBps
Dual direction: 20
Gbps/1.6 GBps
X8
Bandwidth:
Single direction: 20
Gbps/1.6 GBps
Dual direction: 40
Gbps/3.2 GBps
X16
Bandwidth:
Single direction: 40
Gbps/3.2 GBps
Dual direction: 80
Gbps/6.4 GBps
Figure 4.26 PCI express connector examples.
In addition to describing the mechanical and the electrical aspects of the bus, the standard
describes in detail the framing of the data, error detection and recovery, and communication protocols.
These functions correspond to the the second layer of the OSI 7 layer mode, which will be covered in
detail in the next chapter. The second layer is known as the Data Link Layer. The Data Link Layer
ensures reliable data exchange, error detection via a 32-bit Cyclic Redundancy Code (CRC) and an
acknowledgment protocol (ACK/NACK signaling) and retry, flow control credit (FCC) initialization
and update, and power management services. To accomplish these functions, the Data Link Layer
generates and processes Data Link Layer Packets (DLLP). DLLPs are used to synchronize links,
exchange and update link credit information, acknowledge the receipt of packets, and to exchange link
state information. DLLPs are fixed 64-bit packets that are covered by a 16-bit CRC. After accounting
for the K-code delimiters, up to 32 bits. PCI Express implements split transactions (transactions with
request and response separated by time), allowing the link to carry other traffic while the target device
gathers data for the response.
The Transaction Layer (corresponding to layers three and four in OSI reference model, will be
170 Modern Distributed Control Systems
covered in the next chapter) creates outbound and receives inbound Transaction Layer Packets (TLPs).
A Transaction Layer Packet includes a header, an optional data payload, and an optional ECRC. The
TLP is either a request or a response to a request (completion) and is always a multiple of 4 bytes (1
DWORD). The header specifies the transaction type, priority, address, routing rule, and other packet
characteristics. The transmit Transaction Layer builds packet headers and optionally adds ECRC and
gates packet transmission until sufficient remote flow control credits are available. The receive
Transaction Layer checks TLP format and headers. It also optionally checks ECRC. End-to-end
Cyclic Redundancy Check (ECRC) is 32-bits, Local Cyclic Redundancy Check (LCRC) is 32-bits
The frame format for PCIe is shown in Figure 4-27 below. The frame is made up of a 1-byte
Start-of-Frame, 2-byte Sequence Number, 16 or 20-byte Header, 0 to 4096-byte Data field, 0 to 4-byte
ECRC field, 4-byte LCRC, and 1-byte End-of Frame. The smaller the number of bits transferred in the
data field the greater the over-head becomes. A zero byte data field results in a 100 percent over-head,
because no data was transferred.
Frame SEQ # Header DATA CRC Frame
Transition Layer
Data Link Layer
Physical Layer
Figure 4.27 PCI Express Data Frame.
Technically speaking, according to some experts, PCI Express is not a bus. A bus is a data path
where you can attach several devices at the same time, sharing this data path. PCI Express is a point-
to-point connection, i.e. it connects only two devices and no other device can share this connection.
Just to clarify, on a motherboard using standard PCI slots, all PCI slots are connected to the PCI bus
and share the same data path. On a motherboard with PCI Express slots, each PCI Express slot is
connected to the motherboard chipset using a dedicated lane, not sharing this lane (data path) with
other PCI Express slots. In name of simplification, we are calling PCI Express as a "bus", since for
laymen “bus” is easily recognized as “data path between devices.
Interconnection of these highways is performed using PCIe switches, Figure 4-28. The PCIe
switch could logically be thought of as a collection of PCI-to-PCI bridges in which one bridge is the
upstream bridge, which is then connected to a private local bus via its downstream side to the
upstream sides of a group of additional PCI-to-PCI bridges as shown in Figure 4-28.
The speed of PCIe is expected to double every 2-3 years following the known Moor’s law. PCI
Express 3.0 will carry a bit rate of 8 Gbps.
The PCI Express serial connectivity technology has been considered by VME industrial Trade
Association in a new standard called VPX (VITA 46). VPX is a proposed ANSI standard which
171
breaks out from the traditional connector scheme of VMEbus to integrate the latest in connector and
packaging technology with the latest in bus and serial fabric technology. VPX is being proposed for
military, aerospace and avionic applications, and many other applications requiring computational
power with high ruggedness to meet stringent shock and vibration requirements.
Virtual
PCI-PCI
Bridge
Virtual
PCI-PCI
Bridge
Virtual
PCI-PCI
Bridge
Virtual
PCI-PCI
Bridge
Virtual
PCI-PCI
Bridge
Virtual PCI Bus
PCI Express
Switch
PCI Express Links
Downstream
Ports
Upstream Ports
Subordinate
Bridges
PCI Express Links
Figure 4.28 PCI express switch based on virtual PCI bridges.
172 Modern Distributed Control Systems
Appendix 4.B
4.B PC Peripheral Interface Standards
4.B.1 Universal Serial Bus (USB)
4.B.2 FireWire (IEEE1394)
OVERVIEW
Modern computer peripheral connections for short distances as USB and IEEE1394 are now
part of almost every HMI work station, servers, and laptops. They are used to connect printers, data
loggers, mobile data storage, video imaging, and handheld maintenance electronic equipment. This
appendix is intended to give a brief introduction to these two interfacing standards. The two standards
replace the legacy RS-232 for almost all short distance applications, can support a wide range of
devices, and feature plug-and-play and hot swap capabilities.
4.B.1 Universal Serial Bus (USB)
The Universal Serial Bus (USB) was originally designed to connect peripheral devices, such as
keyboards and mice, with PCs. However, it has proven useful for many other applications, including
measurement and automation. USB delivers an inexpensive, yet easy to use and operate connection
between data acquisition devices/instruments and PCs.
The USB bus embodies several characteristics that make it easier to use than some of the
traditional PC connections. Devices that connect using USB are hot-pluggable, so they eliminate the
need to shut down the PC to add or remove a device. The bus also has automatic device detection,
meaning that the user does not have to manually configure his device once he plugs it in. The
operating system software should detect and install the device on its own. Hi-Speed USB 2.0 uses a
"Master-Slave" architecture in which the computer handles all arbitration functions and dictates data
flow to/from and between the attached peripherals (adding additional system overhead and resulting in
slower data flow control). Both USB 1.x and USB 2.0 allow the use of two separate types of
connectors, Type A and Type B, depending on the requirements of the device itself. Type A
connectors are almost always used on the host side (computer or hub), while Type B connectors are
smaller and are frequently found on the device side in printers, scanners, cameras, and other similar
hardware, as shown in Figure 4-29.
Figure 4.29 USB Cables.
173
There are four different protocols for data transfer; Control, Interrupt, Isochronous and Bulk.
Control—intended to support configuration, command, and status communication between the
host software and the device. Control transfers support error detection and retry. Control transfers are
typically used for command and status operations. Control transfers are typically bursty, random
packets which are initiated by the host and use best effort delivery. The packet length of control
transfers in low speed devices must be 8 bytes. High speed devices allow a packet size of 8, 16, 32 or
64 bytes and full speed devices must have a packet size of 64 bytes.
Interrupt—used to support small, limited-latency transfers to or from a device such as
coordinates from a pointing device or status changes from a modem. Interrupt transfers support error
detection and retry. Interrupt transfers are typically non-periodic, small device "initiated"
communication requiring bounded latency. An Interrupt request is queued by the device until the host
polls the USB device asking for data. Interrupt transfer includes error detection and next period retry.
Measurement and control systems commonly require the ability to respond to events. USB allows any
device to generate an asynchronous event. Asynchronous transport guarantees accurate delivery, and
devices with urgent messages can be given priority over all other devices. Applications for
asynchronous transport include delivering control messages and changing device parameters.
Isochronous—used for periodic, continuous communication between the host and the device,
usually involving time-relevant information such as audio or video data streams. Isochronous transfers
do not support error detection or retry. With isochronous transfers, the bus guarantees bandwidth with
time-based delivery of data packets. Isochronous transport guarantees that a transmission is completed
within a given amount of time, but it does not guarantee that the transmission is received error-free.
The USB protocol guarantees devices that have requested isochronous bandwidth a predetermined
number of data packets in each frame. It also guarantee a Bounded latency. Isochronous includes error
detection via CRC, but no retry or guarantee of delivery. Isochronous transfers operate on Full & high
speed modes only.
Bulk—intended for non-periodic, large-packet communication with relaxed timing constraints
such as between the host software and a printer or scanner. Bulk transfers support error detection and
retry. Bulk transfers can be used for large bursty data. Such examples could include a print-job sent to
a printer or an image generated from a scanner. Bulk transfers provide error correction in the form of a
CRC16 field on the data payload and error detection/re-transmission mechanisms ensuring data is
transmitted and received without error.
Bulk transfers will use spare un-allocated bandwidth on the bus after all other transactions have
been allocated. If the bus is busy with isochronous and/or interrupt then bulk data may slowly trickle
over the bus. As a result Bulk transfers should only be used for time insensitive communication as
there is no guarantee of latency.
Summary of USB 2.0
USB version 2.0 was released in 2000, upping the theoretical maximum transfer rate by a factor
of 14 to 480Mbps. USB 2.0 devices are backwards-compatible with USB 1.x devices and controllers,
and can fall back to "Full" or "Low" speed in order to coexist with older devices.
1.5 Mbit/s 12Mbit/s 480Mbit/s supported.
USB controller is required to control the bus and data transfer.
The maximum data payload size for low-speed devices is 8 bytes.
Maximum data payload size for full-speed devices is 64 bytes.
174 Modern Distributed Control Systems
Maximum data payload size for high-speed devices is 1024 bytes.
High-speed data and control applications benefit from the ability of USB to deliver data
through either synchronous or asynchronous data transfers.
Balanced twisted pair wires.
Cable up to 5 m.
Up to 127 devices supported.
Power supply to external devices is 500 mA/5V (max).
Full compatibility with USB 1.1 devices.
USB 3.0
USB 3.0 new major feature is the SuperSpeed bus, which provides a fourth transfer mode at 4.8
Gbit/s. The raw throughput is 4 Gbit/s, can achieve 3.2 Gbit/s or more after protocol overhead. When
operating in SuperSpeed mode, full-duplex signaling occurs over 2 differential pairs separate from the
non-SuperSpeed differential pair. This results in USB 3.0 cables containing 2 wires for power and
ground, 2 wires for non-SuperSpeed data, and 4 wires for SuperSpeed data, and a shield (shield was
not required in previous specifications).
4.B.2 FireWire (IEEE1394)
In December of 1995, the IEEE released an official Firewire specification, dubbed IEEE 1394.
This specification, sometimes referred to as 'Firewire 400', describes a hot-swappable peripheral
interface with transfer speeds of 100 Mbps, 200 Mbps, and 400 Mbps. During the late 1990s, this
standard found its way into Sony electronics (mainly digital camcorders). In January of 1999, Apple
released what was probably the first personal computer system to include Firewire ports by default:
the Blue PowerMac G3.
FireWire, uses a Peer-to-Peer (P2P) architecture in which the peripherals are intelligent and can
negotiate bus conflicts to determine which device can best control a data transfer. The P2P capability
increases the effective throughput higher than USB2.0. Many bench mark tests showed that FireWire
400 outperformed USB2.0 running at 480 Mbps.
Summary of IEEE1394 Standard:
100 Mbit/s 200Mbit/s 400Mbit/s supported.
Works without control, devices communicate peer-to-peer.
Cable up to 4.5 m.
Up to 63 devices supported.
Power supply to external devices is 1.25A/12V (max.).
FireWire cables come in two variations a 4-pin and 6-pin. 6-pin cables provide up to 30V of
power, allowing for fully bus-powered devices. 4-pin cables do not provide power.
175
In April of 2002, the IEEE released an updated Firewire standard, dubbed IEEE 1394b. IEEE
1394b allows for theoretical maximum transfer rates of up to 3.2Gbps. Apple commercially released
a subset of this new standard under the title 'Firewire 800' in 2003. Firewire 800 devices support a
maximum transfer speed of around 800Mbps. Firewire 800 adds a new cable type 9-pin cables (also
called 'beta' cables), which support the full speed of Firewire 800. Firewire 800 is backwards-
compatible with Firewire 400 when (9-pin to 6- or 4-pin) cables are used. Firewire 400 devices will
still run at Firewire 400 speeds, even when connected to a Firewire 800 host. FireWire 800 (IEEE
1394b) allows the use of various types of cabling, each offering different speed/distance capabilities.
A FireWire 800 cable will connect devices up to 32 feet away, while a FireWire 800 optical repeater
will connect devices up to 1000 meters (3300 feet) away, making it suitable for factory automation
application.
176 Modern Distributed Control Systems
CHAPTER 5
5LOCAL AREA NETWORKS
5.1 Introduction
5.2 LANs Transmission medium
5.2.1. Characteristics of Transmission Media
5.2.2. Twisted-Pair Cables
5.2.3. Coaxial Cables
5.2.4. FiberOptic Cables
5.3 Network Types
5.3.1. Network Topologies
5.3.2. Circuit Switching and Packet Switching
5.3.3. Asynchronous and Synchronous Transmission
5.3.4. Signal Encoding Methods
5.3.5. Media Access Methods
5.4 Open Systems Interconnection (OSI)
5.5 Network Standards.
5.6 Industrial Ethernet
5.6.1. Ethernet Background
5.6.2. Industrial Ethernet Requirements
5.6.3. Approaches for Industrial Ethernet
5.6.4. Switched Ethernet
5.7 Network Components
Appendix 5.A Twisted Pair Categories, Classes, and AWG
Appendix 5.B Brief history of important developments in the IEEE 802.3x standards
OVERVIEW
This chapter is dedicated to the basic principles of the common types of local
area networks (LANs), as Ethernet, Token ring and Token bus. It starts with a brief
introduction to the domain of applications of LANs as a major player in data
communications in SCADA and DCS systems. Section 5.1 covers the LANs
transmission media, including twisted-pair cables, coaxial cables and fiber optic
cables. A technical overview of the various network types and topologies is presented
in Sections5.2 and 5.3. The Open Systems Interconnection (OSI) reference model for
data communication layers is detailed in Section 5.4. Section 5.5 presents the open
network standards, mainly IEEE and ANSI standards. The use of Ethernet for
automation is discussed in detail in Section 5.6. Finally, in Section 5.7 the network
components as hubs, switches, gateways, routers, etc., are briefly covered.
177
LEARNING OBJECTIVES
After reading this chapter, one will understand
The role of local area networks in data communication.
The types of twisted-pair cables.
The characteristics and limitations of twisted-pair cables, coaxial cables and
fiber optic cables.
The types of fiber optic cables and list the advantages of fiber optic cables.
The different network topologies; bus, star, ring, and mesh configurations.
The basic mechanisms involved in resolving contention, such as CSMA token
passing and polling media access control methods.
The difference between a datagram service and a virtual circuit.
The concept of layered communications model.
The functions of each layer in the OSI reference model.
The structure and the IEEE 802.xx series of standards.
The difference between office environment and industrial environment with
regard to the communication needs and devices.
The main approaches to industrial Ethernet.
The advantages and limitations of switched Ethernet in automation
applications.
The function of repeaters, hubs, bridges, routers and gateways.
5.1 Introduction
Computer communication has changed tremendously in the last four decades,
from something known only to large organizations where heavy data processing was
the main task to a widespread tool, used in offices and houses, to connect smaller and
stronger computers to many types of communications networks. Local area networks
(LANs) provide data transmission systems linking computers and associated devices
within a restricted geographical area (about 1 km).
LAN are commonly used in business applications to allow several users to share
costly software packages, databases and peripheral equipment such as printers and
hard disk storage. There are many different networks available, for example,
Ethernet, Token Ring, FDDI, wireless networks, etc., each having different physical,
electrical and protocol standards.
An organization’s data network may consist of one or more levels of networks
to meet different communication requirements. On the top, there is usually a very
high speed network, called “backbone,” linking all the departments in one
geographical area. The ability to transfer large data files, graphics, multimedia, and
178 Modern Distributed Control Systems
possibly video conferencing are typical requirements. These networks are usually
built using fiber optic cables or giga bits Ethernet networks. On a lower level, each
department in the organization may also have one or more smaller LANs to serve the
intradepartmental data communications and shared work. These networks extend
geographically, typically over one office floor or one building, and serve a limited
number of users. Such requirements can be met easily by a 100Mbps network using
twisted pair cables or coaxial cables.
On the other hand, LANs for factory floor automation are intended to support
real-time control applications, carrying the control and data signals to and from
programmable controllers, robots, CNC machines, etc. At this level, communication
is mainly short messages with critically timed control data. This is in contrast with
the office LANs, which have high data rates and carry large amounts of data in large
packets. Timeliness is not a primary concern in office LANs, and real-time behavior
is not required as well. Automation networks, by contrast, have low data rates, since
they transport mainly process data. The size of the data packets is small, and real-
time capabilities are important.
Traditionally, at the factory level, DCS and other industrial automation systems
are arranged in two level communication hierarchies; a proprietary data highway for
connections of I/O units, basic controllers, and local monitoring stations, and a Local
Control Network (LCN) with higher bandwidth for connecting the supervisory
computer, history units, application stations, PLCs, and interconnection of the data
highways. Modern DCS systems adopt open international standards, where the lower
level is typically a fieldbus, and the upper level is a higher speed LAN with real time
features. Fieldbus is used for connecting field sensors and actuators, while a faster
network is used for connecting controllers, PLCs, and workstations. Application
servers, historian, and connectivity with the plant network may be served with a third
network layer serving as a production level network.
This chapter is intended to give an overview of the LAN technology and
standards. The concepts are necessary to understand the Fieldbus technology and the
technologies for integration of the factory automation networks with the business
information system networks. Networks for industrial applications will be covered at
the end of this chapter. Fieldbuses will be covered in Chapter 7.
179
5.2 LANs Transmission medium
Data transmission medium refers to the physical characteristics of the cable
used to transfer the digital data bit stream. The network’s physical environment also
affects the choice of medium. Electrical ‘noise’ has always been a problem in the
manufacturing industry, where the electrical plant and the welding and cutting
machines produce electromagnetic radiation. When communications cabling passes
close to these noise sources, it may be difficult to obtain reliable high speed data
transmission. The most common LAN transmission media are twisted pair cables,
coaxial cable, fiber optic cables and wireless.
5.2.1 Characteristics of Transmission Media
Attenuation:
Attenuation is the decrease in magnitude of a signal as it travels through any
transmission medium, such as a twisted-pair wire cable or a fiber optic cable, as
shown in Figure 5.1 (a). Attenuation is measured in dB per unit of length.
Attenuation increases with frequency. Cable attenuation is severe at high frequencies.
Figure 5.2 shows typical attenuation versus frequency characteristics for coaxial and
Category 5 twisted-pair cables, over 30- and 300-meter lengths. If Viis the level of the
transmitted signal, and Vr is the level of the received signal, then the cable
attenuation is defined as:
Attenuation is a function of both the length of the cable and the frequency. The
frequency and the length of the cable must then be stated with the attenuation value.
Figure 5.1 Illustration of attenuation, distortion and cross talk.
)(20
i
r
V
V
LogAttn
Transmit
level
Receive
level
Amplitude
Signal transmitted
from source at
time = 0
Signal received at
station at time = T1.
Signal is attenuated,
distorted, and delayed
Time
(a)
Hub
Transmit
V
i
V
n
Receive
V
r
(b)
180 Modern Distributed Control Systems
Figure 5.2 Cable attenuation versus frequency of CAT 5 twisted-pair cables and coax
cables, for 30 and 300 meters.
Source: http://i.cmpnet.com/planetanalog/2006/11/C0107-Figure2.gif
Crosstalk:
Crosstalk is the coupling of unwanted signals from one pair within a cable to
another pair. Crosstalk can be measured at the same (near) end or far end with respect
to the signal source. See Figure 5.1(b) for an illustration of crosstalk. Crosstalk
occurs in two ways. Near-end crosstalk (NEXT) happens when a signal from a
transmitter at one end of a cable interferes with a receiver at the same end of the
cable. Far-end cross talk (FEXT) occurs when a signal interferes with a receiver at
the opposite end of the cable from the transmitter. NEXT is defined as follows:
Where Vi is the transmitted signal level and Vn is the leaked noise level at the
receiving port, as shown in Figure 5.1(b).
Attenuation Crosstalk Ratio (ACR):
The ACR is the difference between attenuation and crosstalk, measured in dB,
at a given frequency. A quality factor for cabling to assure that signals sent down a
twisted pair is stronger at the receiving end of the cable than any interference
imposed on the same pair by crosstalk from other pairs.
20 ( )
n
i
V
NEXT Log V
= -
181
20 ( ) 20 ( ) 20 ( ) 20 ( )
i i
r r r
n i n i n
V V
V V V
ACR Log Log Log Log Attn NEXT
V V V V V
= = = + = - +
Characteristic Impedance
Characteristic impedance is the impedance that an infinitely long transmission
line would have at its input terminal. If a transmission line is terminated in its
characteristic impedance, it will appear (electrically) to be infinitely long, thus
minimizing signal reflections from the end of the line.
Dispersion:
Dispersion is the phenomenon where light photons passing through fiber optic
cables arrive at a distant point in different phase than they entered the cable.
Dispersion causes signal distortion that ultimately limits the bandwidth and usable
length of the fiber optic cable. The two major types of dispersion are 1) mode (or
modal) dispersion caused by differential optical path lengths in a multimode fiber
and 2) material dispersion caused by differing transmission times of different
wavelengths of light in the fiber optic material.
Distortion:
Distortion is any undesired change in a wave form or signal.
Shunt Capacitance (pF/ft):
This is the value of equivalent capacitive load of the cable, expressed in Pico
Farad per unit length. Cable shunt capacitance is a limiting factor for the usable cable
length. Applications requiring long cables need cables with low capacitance per unit
length.
Propagation velocity (% of c):
The speed at which an electrical signal travels in the cable. The value is usually
given as a percent ( or a ratio) of the speed of light.
5.2.2 Twisted-Pair Cable
Unshielded Twisted Pair (UTP) transmission media is a pair of copper wires
with diameters of 0.4-0.8mm twisted together and wrapped with a plastic coating.
The twisting increases the electrical noise immunity and reduces the bit error rate
(BER) of the data transmission. A UTP cable contains from 2 to several hundred
pairs. UTP is a very flexible, low cost media, and can be used for either voice or
data communications. Its greatest disadvantage is the limited bandwidth, which
restricts long distance transmission with low error rates.
182 Modern Distributed Control Systems
Figure 5.3 Ethernet 4-pair UTP.
More recent standards reflect advances in cable and connector design and test
methods. They covers 150 ohm shielded twisted pair and 100 ohm unshielded
twisted pair.
American National Standards Institute/Electronic Industries Association
(ANSI/EIA) Standard 568 is one of several standards that specify "categories" (the
singular is commonly referred to as "CAT") of Unshielded Twisted Pair (UTP)
cabling systems (e.g., wires, junctions and connectors) in terms of the data rates they
can sustain. The specifications determine the cable material as well as the types of
connectors and junction blocks to be used in order to conform to a category. There
are currently 7 twisted-pair cable standards. See Appendix 5.A .Figure 5.3 shows a
cable of 4 pairs of UTP, typically used in Ethernet local area networks.
Twisted pair cables are often shielded to prevent electromagnetic interference.
Because the shielding is made of metal, it may also serve as a ground; though a
shielded or a screened twisted pair cable usually has a dedicated grounding wire
added, called a drain wire.
Screened unshielded twisted pair (S/UTP): when shielding is applied to the
collection of pairs, this is referred to as screening, which is also known as Foiled
Twisted Pair (FTP) or screened UTP cable (ScTP).
Shielded twisted pair (STP or STP-A): STP cabling includes metal shielding
over each individual pair of copper wires. This type of shielding protects cable from
external EMI (electromagnetic interferences).
Screened shielded twisted pair (S/STP or S/FTP): S/STP cabling, also known
as Shielded Foiled Twisted Pair (S/FTP), is both individually shielded (like STP
cabling) and it also has an outer metal shielding covering the entire group of shielded
copper pairs (like S/UTP). This type of cabling offers the best protection from
interference from external sources, and also eliminates alien crosstalk.
183
Unshielded Twisted Pair (UTP): As in Figure 5.4, UTPs are similar to the
ordinary telephone wire. They are the cheapest and easiest to install, but they suffer
from external EM interference. In contrast, the metal braid or sheathing on STP
cables (Figure 5.5)reduces interference, but they are more expensive and harder to
install.
Figure 5.4 Standard UTP construction and Foiled/Shielded Twisted-pair cable.
Figure 5.5 Shielded Twisted Pair Cable.
Figure 5.6 shows the standard RJ45 connectors for Ethernet 4-pair UTP cables.
184 Modern Distributed Control Systems
Figure 5.6 Ethernet 4-pair RJ45.
Table 5.1 gives the main features of CAT 5 UTP cables as an example of UTP
specifications.
Table 5.1 Attenuation and NEXT measurements for a CAT 5 UTP and STP.
Attenuation (dB per 100 m) Near-end Crosstalk (dB)
Frequency
(MHz)
CAT 5 UTP 150-ohm STP CAT 5 UTP 150-
ohm
STP
1 2.0 1.1 62 68
25 10.4 6.2 41 47.5
100 22.0 12.3 32 38.5
Cables for industrial applications must also withstand the harsh environments
and mechanical stresses typically present in factories and plants. Industrial-grade
cables provide more stable electrical performance with less attenuation and greater
resistance to EMI/RFI. In addition, they are usually made with protection against
penetration and degradation by solvents, oils, chemicals and moisture, resistance to
UV radiation and temperature variations (-25 to 75 °C). They may also be required to
have superior mechanical stability to withstand shearing forces, abrasion, crushing,
cut-through and burial. UTP cabling is commonly used on the factory floor, but often
has to be routed through grounded steel conduit to obtain satisfactory
communications. Connectors, like RJ45 are required to be sealed up to the IP67
standard as defined in IEC60529 (See Appendix 5.B).
Table 5.2 provides a sample of the recommended cables for control and
instrumentation applications.
Table 5.2 Recommended instrumentation cables.
4-20 mA For signal and control applications, 16-22 AWG depending on
the distance. Twisted pair, PVC insulation, braid (preferable)
or foil shield, with drain wire, PVC jacket.
185
Individual twisted pair cables (recommended), or multi-pairs
cables. Color coded. Rated voltage of 300/500 volts, operating
temperature -30 to +80 C.
*RS422 The RS-422 specification recommends 24AWG twisted pair
cable with a shunt capacitance of 16 pF per foot and 100 ohm
characteristic impedance. Cables Come as 2 pairs, foam
polyethylene
insulation, overall foil shield and tinned copper braid shield
with 24 AWG tinned copper drain wire,
RS485 Similar to RS-422 specifications, except with recommended
impedance of 120 Ohms.
RS232 AWG 24, individual, total load capacitance should be less than
2500 pF including the connectors capacitance.
Foundation Field
Bus
22, 18, 16 and 14 AWG stranded tinned copper conductors
Standard multi-pair cables in 2 or more pairs. With foil shield
and braid shield, Easily identifiable Orange jacket.
Ethernet LAN CAT 5 or higher
* For protection against electromagnetic interference (EMI), cables have usually a combination
shields consisting of an overall foil shield layer with drain wire and a woven braid shield layer. The
drain wire is provided to easily terminate and ground the foil shield. A second shield layer consists of
a woven braid for minimizing low frequency interference while providing superior structural strength
to the overall cable. The combination foil/braid shielded cables provides effective EMI shielding
across larger frequency spectrum compared to single layer shielded cables.
5.2.3 Coaxial Cables
Coaxial cable is a two-conductor constant impedance transmission cable in
which one conductor forms an electromagnetic shield around the other. The two
conductors are separated by insulation, as shown in Figure 5.7. Coaxial cables can
operate at higher data rates than twisted pairs, and do not require additional shielding.
Transmissions may be simple base band, without the use of a carrier, and with only
one channel defined in the system. The cable allows bidirectional signal propagation.
A new connection can be established along a coaxial cable by using low cost T
connector. Obviously, the main advantages of base-band coaxial cable are its low
cost, ease of maintenance and repair and speed of transmission (typically 1-
20Mbps).Shorthand has been developed to describe the types of cabling used in
LANs, especially Ethernet type networks.
186 Modern Distributed Control Systems
Figure 5.7 Coaxial cable.
The 10Base5 is referred to as trunk or “thick wire,” because of its relatively
large cable(0.405 in.). This cable has a bandwidth of 10 Mbps using base band
transmission on a cable of (maximum)500 meters and the cable type is known as RG-
11 (13 AWG stranded core, 50 Ohms) and RG-8 (12 AWG solid core).RG-8 cable is
inflexible and difficult to work with. The cable has a characteristic impedance of 50
ohms. Cables must be terminated at both ends. The standard termination is 50 +/-2
ohms. Connection to the workstation is made with a Medium Attachment Unit
(MAU) or Transceiver. The MAU physically and electrically attaches to the coaxial
cable by a cable tap. The cable is pierced and a connection is made by a screw to the
center conductor. The MAU is connected to the Network Interface Card(NIC) by the
Attachment Unit Interface(AUI) cable. Maximum AUI cable length is 50m, as
illustrated in Figure. 5.8.This AUI cable is a stranded, 20-gauge, 4-twisted-pair,
shielded cable terminated at each end by a DB15 connector.
MAU
AUI Cable
With DB15 connector
10Base5
Coax cable
Termination
resistor
Figure 5.8 Cable RG-11 with termination at two ends, connection of MAU transceivers,
AUI cables, and NIC network interface cards for 10Base5 network.
Alternatively, a broadband system may be used, which has several channels
multiplexed in frequency across the wide bandwidth of the coaxial cable, in a similar
way as the TV signal is transmitted on a cable TV. Broadband is relatively
unaffected by noise, and is therefore ideally suited to the factory environment. A
187
broadband network has a much greater bandwidth and can support video, voice and
data transmission over longer distances as well. Nevertheless, it is many times more
expensive than a base band system, due mainly to the need for frequency
modulations/demodulation (RF modems) at each node.
Figure 5.9 BNC connector, T connector and cable terminator.
BNC
T-connector
Figure 5.10 Base2 used a thin coaxial cable attached to each node using BNC T-
connectors.
The 10Base2 is a thinner,RG-58 (50-52 Ohms) type cable with a diameter of
0.188 in. and is referred to as “thin wire.” It supports 10 Mbps using baseband
transmission and a maximum cable segment of 200m.The most common type of
connector used with thin coaxial cables is the Bayone-Neill-Concelman (BNC)
connector, seen in Figure 5.9. Different types of adapters are available for BNC
connectors, including a T-connector, barrel connector and terminator. Connectors on
the cable are the weakest points in any network. Ethernet standards use thin coaxial
cable network nodes attached to the cable via T-type BNC connectors in the adapter
188 Modern Distributed Control Systems
cards, as shown in Figure 5.10.The 10Base 2 is also called "thin Ethernet,"
"ThinWire," "ThinNet" and "Cheapernet." The 10Base2 had a distance limit of
about 185m.
5.2.4 Fiber Optic Cables
Fiber-optic (FO) cabling will eventually replace the above media because of its
greater bandwidth, noise immunity, small size and flexibility. Point-to-point links are
relatively simple, but other connections to the fiber-optic cable cannot be made
without regenerating the signal. Fiber-optic cable consists of three parts, as shown in
Figure 5.11.
Figure 5.11 Structure of a FO cable.
The core transmits the light and has a high refractive index. The cladding
contains the light within the core because its lower refractive index causes all of the
light rays, or modes, to reflect back into the core. The third component is the
coating, usually an acrylate polymer, which protects the core and cladding assembly.
Optical fiber is typically made from high purity silica glass. Plastic fiber is also
available, but the attenuation of light energy can be substantially higher than it is for
the glass fiber. An FO cable is identified by its core and cladding size. For example,
a designation of 8/125 means a core diameter of 8μm (microns), and a cladding
diameter (125μm).
Bandwidth is affected by the length and integrity of the transmission path and
the core and cladding arrangement. Fiber bandwidth is expressed in megahertz-
kilometers (MHz-km). Bandwidth is limited by the change in velocity of the
transmitted light over the wavelength range of the transmitted light. This so-called
chromatic dispersion is an inherent property of the core material and increases with
distance.
Attenuation in FO cables is mainly due to scattering and absorption within the
189
core material, and is expressed in decibels per kilometer (dB/km). Any connection,
regardless of quality, will introduce a loss or so-called "insertion loss."
Three core and cladding arrangements are in common use. Each exhibits
characteristics that affect the bandwidth and, therefore, the application. Basically,
the refractive indices and diameters of the core and cladding are manipulated relative
to each other, producing fibers that are optimized for specific applications. The three
arrangements are illustrated in Figure 5.12.
Figure 5.12 Core and cladding arrangement.
The single-mode, step-index fiber-optic cable has the highest bandwidth and the
lowest loss. A typical fiber of this type is designated 8/125. The single-mode fiber
core allows one mode of transmission. This means that only one ray of light is
transmitted. The term “step index” means there is a sharp change in refractive index
from the core to the cladding. This type of fiber has enormous bandwidth, exceeding
25 Giga Hertz-kilometers (GHz-km). Single-mode cables are difficult to connect or
splice because the small core diameter makes the alignment of the fibers critical.
Attaching connectors or splicing requires specialized equipment and trained
personnel. Single-mode fibers find the most use in long-distance communications.
In multimode, graded-index fiber-optic cables the difference in core and
cladding refractive indices is gradual, not stepped. The core has a high index, which
becomes gradually lower as it approaches the outer diameter of the cladding. The
gradation of refractive indices produces a focusing effect in the core. Consequently,
multimode, graded-index fibers are not greatly affected by modal dispersion. A
common fiber of this type is designated 62.5/125 and has a bandwidth between 100
and 800 MHz-km. This type of fiber finds wide use in commercial and industrial
190 Modern Distributed Control Systems
data communication systems.
At the other end of the bandwidth scale is the multimode, step-index fiber. A
typical designation is 200/230. The core diameter is large relative to the light rays
transmitted; therefore, more than one ray, or mode, can be transmitted.
This type of fiber has a much lower bandwidth than the single-mode fiber,
usually topping out at about 20 MHz-km. The usable bandwidth is even lower, in the
vicinity of 5 MHz-km. The sharp difference in refractive indices (i.e., step index)
causes some of the transmitted light rays to be reflected many times as they travel the
length of the fiber. This results in the transmitted light rays arriving at the receiving
end at different times. A sharp pulse at the transmitted side, for example, would
arrive at the receiving end in a "spread." This so-called “modal dispersion” limits this
type of fiber to low-end process and specialized medical applications. Table 5.3
summaries the properties of the common FO cables.
Table 5.3 Properties of common FO Cables.
Light
wavelength
Standard 850 nm (nanometers) 1300 nm
core size 50 micron 62.5 microns 100 microns 9 single mode
Sensitivity -32 dBm -32 dBm -32 dBm -33 dBm
Input power -22 dBm -18 dBm -14 dBm -18 dBm
Attenuation 3.0 dB/km 3.5 dB/km 4.0 dB/km 0.7 dB/km
splice loss 0.4 dB 0.4 dB 0.4 dB 0.4 dB
conn. loss 0.8 dB 0.8 dB 0.5 dB 1.0 dB
Max. dist. 2.3 km 3.1 km 3.7 km 16.5 km
The standard cable type for 100Base-FX is multimode fiber with a 62.5-micron
core and 125-micron cladding. Only one pair of fibers is required,one for
transmission and one for reception. 1000Base-SX uses 50/125 -micron Multi-Mode
FO cable, up to 550m, and 62.5/125-micronMulti-Mode FO cable, up to
220m1000Base-LX use 9/125 -micronsingle-mode FO cable. The 10GBase Ethernet
uses FO glass with 50/125-micron.
There are several common connectors for FO cables(see Figure 5.13):
SC (Single mode): SC connectors are used primarily with single-mode fiber-
optic cables. SC stands for Subscriber Connector, a general purpose push/pull style
connector developed by NTT. It offers low cost, simplicity and durability. It provides
for accurate alignment via its ceramic ferrule. It is a push on-pull off connector with a
191
locking tab.
ST (Multimode): ST is a keyed bayonet type similar to a BNC connector. ST
stands for Straight Tip- a quick release bayonet style connector developed by AT&T.
It is used for both multi-mode and single-mode fiber-optic cables. Its use is wide
spread. It has the ability both to be inserted into and removed from a fiber-optic cable
both quickly and easily.
FC/PC (Single mode): TC/PC is used for single-mode fiber optic cable. It
offers extremely precise positioning of the single-mode fiber optic cable with respect
to the Transmitter's optical source emitter and the Receiver's optical detector. Once
installed the position is maintained with absolute accuracy. FC stands for Fixed
Connection. It is fixed by way of threaded barrel housing.
SMA: SMA is the predecessor of the ST connector. It features a threaded cap
and housing. The use of this connector has decreased markedly in recent years, being
replaced by ST and SC connectors. The SMA-905 is a non-contact connector
typically used in medical, industrial and military applications. The SMA905
connector holds a single fiber and has a threaded coupling nut. The ferrule is
traditionally made of steel, although ceramic versions are available.
(a) (b)
(c) (d)
Figure 5.13 Fiber optic cabling is connected using (a) SC, (b) ST, (c) FC, and (d)
SMA905/906.
The advantages of FO cables are summarized below:
Immunity to electromagnetic interference and cross talk.
No electrical ground loop or short circuit problems.
Small size and light-weight.
Large bandwidth for size and weight.
192 Modern Distributed Control Systems
Safe in combustible areas (no arcing).
Immunity to lightning and electrical discharges.
Longer cable runs between repeaters.
Flexibility and high strength.
Potential high temperature operation.
Resistant to nuclear radiation.
Secure against signal leakage and interference.
No electrical hazard when cut or damaged.
For process control engineers, there are apparent advantages in using fiber-
based systems in place of electrical methods in large plants and factories. Factory
environments threaten data reliability and security. Noise is the most common
problem. High voltage and motor feeders, motors and motor drives, and even
fluorescent lighting can generate sufficient electromagnetic interference to corrupt
wire or radio-based systems.
In a DCS or SCADA installation, this problem will at least render the system
unreliable. An unstable factory network can result in uncontrolled operation of
equipment and possible personnel injury or facility damage. If such an environment
is unavoidable, fiber optics will effectively eliminate this problem.
Table 5.4 Ethernet Cable Summary.
Specification Cable Type Maximum length
10BaseT
Unshielded
Twisted Pair 100 meters
10Base2 Thin Coaxial 185 meters
10Base5 Thick Coaxial 500 meters
10BaseF Fiber Optic 2000 meters
100BaseT
Unshielded
Twisted Pair 100 meters
100BaseTX
Unshielded
Twisted Pair 220 meters
5.3 Network Types
This section covers some of the common ways of classifying data networks.
193
Networks can be classified according to the way they are arranged physically or
logically—called network topology. They may also be classified as circuit switching,
as in telephone networks, or as packet switching, as in the Internet. Another way of
classifying networks could be based on whether they require synchronization of the
nodes and their actions or not, and how the bit stream is encoded on the transmission
media. Since all nodes share the transmission media, another important way of
classifying networks is based on how the different nodes get access to the network to
transmit their data. That is called the Media Access Protocol. In the following
subsections, each one of these network types will be covered.
5.3.1 Network Topologies
HUB
B
: Star
topology
C
: Ring
topology
Server
Server
A
: Bus
topology
Remote
node
(typical)
Server
D: Mesh
network
Figure 5.14 Local Area Network topologies.
Networks enable computer stations (nodes) to access any network resource,
such as printers, modems, mass storage devices, memory and other computers. The
topology of a network is the physical arrangement of the stations and their inter-
connections. There are four main patterns in use, as shown in Figure5.14: a bus
topology consisting of a central cable with all stations connected to it by spurs; a star
topology with stations clustered around a single, central device that acts as a hub or
switch; and a ring topology consisting of stations connected together in a complete
circle or loop. The fourth type of network is known a Mesh network. A mesh
network is a local area network (LAN) in which each node (workstation or device) is
194 Modern Distributed Control Systems
connected directly to some or all of the other nodes. An example of a mesh network
is wireless ad hoc sensor networks, where each device can communicate directly with
the devices in its wireless range.
Many large networks consist of a hierarchy of several topologies. As a simple
example, a bus or ring network may have hubs or switches connected as nodes; then
each one of theses hubs or switches is connected to a number of stations or possibly
other hubs in a star topology.
5.3.2 Circuit Switching and Packet Switching
In circuit switching a continuous connection is made across the network
between two users, like the wired telephone connection. This is a temporary
connection, which continue in place as long as both parties wish to communicate,
that is, until the connection is terminated. All the network resources are available for
the exclusive use of these two users whether they are sending data or not. When the
connection is terminated the network resources are released for other users. A
telephone call is an example of a circuit switched connection. The advantage of
circuit switching is that the users have an exclusive channel available for the transfer
of their data at any time while the connection is made. The obvious disadvantage is
the cost of maintaining the connection when there is little or no data being
transferred. Such connections can be very inefficient for the bursts of data that are
typical of many computer applications.
In Packet switching systems, efficiency of transfer of bursts of data is improved
by sharing one communication channel with other similar users. Efficiency is more
important than speed, and some delay is normal within acceptable limits. Messages
are divided into a series of packets of certain maximum size,each containing the
destination and source addresses and a packet sequence number. The packets are sent
over a common communications channel, possibly interleaved with those of other
users. All the receivers on the channel check the destination addresses of all packets
and accept only those carrying their address. Messages sent in multiple packets are
reassembled in the correct order by the destination node.
All packets do not necessarily follow the same path. As they travel through the
network they may get separated and handled independently from each other, but
eventually arrive at their correct destination. For this reason, packets often arrive at
the destination node out of their transmitted sequence. Some packets may even be
held up or stored temporarily at a node, due to unavailable lines or technical
problems that might arise on the network. When the time is right, the node then
allows the packet to pass or be forwarded. This packet processing is called store and
forward transmission.
There are two main packet switched services: Data grams and Virtual circuits.
195
In Data gram service each packet is independently routed. The destination address
incorporated in the data header will allow the routing to be performed. There is no
guarantee when any packet will arrive at its destination, and they may well be out of
sequence. There is no way for the sender to determine if the packets have, in fact,
been delivered. Such a service is also called connectionless since a connection is not
made for each packet.
The second approach is to setup a connection between transmitter and receiver,
and to send all packets of data along one connection or Virtual Circuit. This does not
imply a permanent circuit being dedicated to the one packet stream of data. Rather,
the circuit shares its capacity with other traffic. The important point to note is that the
route for the data packets to follow is taken once all the routing decisions are taken.
The data packets just follow that pre-established route. This service is known as
reliable and is also referred to as a connection oriented service.
5.3.3 Asynchronous and Synchronous Transmission
In asynchronous transmission, the transmitter sends a stream of data and
periodically inserts a certain signal element/symbol into the stream which can be
"seen" and distinguished by the receiver as a sync signal. That sync signal might be a
single pulse (a "start bit" in asynchronous start/stop communication), or it may be a
more complicated synchronization word,a self-synchronizing code, or a bit encoding
scheme. The main advantages of the asynchronous transmission are that it is simple
and that it doesn't require a synchronization procedure for both sides of the
communication. The timing is not as critical as it is for synchronous
transmission;thus,hardware can be made cheaper. Set-up is fast; thus, it is well suited
for applications where messages are generated at irregular intervals, for example,
data entry from the keyboard. But the main disadvantage is that a high portion of the
transmitted bits are allocated for control purposes and thus carry no useful
information.
In synchronous systems, separate lines or channels are used to transmit data and
timing information. The timing channel transmits clock pulses to the receiver. Upon
receipt of a clock pulse, the receiver reads the data channel and latches the bit value
found on the channel at that moment. The data channel is not read again until the
next clock pulse arrives. Because the transmitter originates both the data and the
timing pulses, the receiver will read the data channel only when told to do so by the
transmitter (via the clock pulse), and synchronization is guaranteed. Techniques exist
to merge the timing signal with the data so that only a single channel is required. This
is especially useful when synchronous transmissions are to be sent through a modem.
Two methods in which a data signal is self-timed are non-return-to-zero(NRZ), and
biphase Manchester coding. These both refer to methods for encoding a data stream
into an electrical waveform for transmission.
196 Modern Distributed Control Systems
For frame synchronization, the data bit stream is assembled in packets. Each
packet consists of a number of fields (e.g., source address, destination address,
control) and frame checking sequence. The packet starts and ends by a special bit
sequence called delimiters. The packet control field determines whether the packet
carries user data or device or network related command/response and supervisory
functions. Control packets are needed to establish connections, and to determine the
type of connection, to request disconnection, to inform the source if the receiver is
ready or not ready, to acknowledge or reject data packets, etc. The control field also
carries packet sequence counters, which help in reassembling and sequencing the
information from the received packets at the destination. Communication errors can
be detected by recalculating the error check sequence at the receiver and comparing it
with the received error check sequence in the packet. If an error occurs the receiver
rejects the packet and sends a control packet to the destination with the packet
sequence number. The source can then send the rejected packet again. Figure5.15
shows a typical packet structure, known as High-Level Data Link Control (HDLC).
The format is intended for bit-oriented synchronous data link layer protocol. It was
standardized by ISO 3309 and revised in ISO 13239. HDLC provides both
connection-oriented and connectionless service, and can be used for point to multi-
point connections.
01111110
Address
field
Control
field
Frame
check
sequency
01111110
8 8 8 16 8
Variable
Information
field
Frame Format
Figure 5.15 HDLC Frame format.
5.3.4 Signal Encoding Methods
Digital signal encoding is used to represent binary values in the form of digital
signals. The purpose of the encoding is to help the receiver determine the start and
the end of each bit and to achieve efficient utilization of the bandwidth of the
communication media.
Manchester
Manchester is a bi-phase signal-encoding scheme used in Ethernet LANs. The
direction of the transition in mid-interval (negative to positive or positive to negative)
197
indicates the value (1 or 0) and provides the clocking. The Manchester codes have
the advantage that they are self-clocking. Even a sequence of one thousand ‘0s’ will
have a transition in every bit; hence, the receiver will not lose synchronization. The
price paid for this is a bandwidth requirement double that which is required by the
RZ-type methods. The Manchester scheme follows these rules:
+V and –V voltage levels are used
There is a transition from one to the other voltage level halfway througheach
bit interval
There may or may not be a transition at that start of each bit
interval,depending on whether the bit value is a 0 or 1.
For a 1 bit, the transition is always from a –V to +V; for a 0 bit, thetransition
is always from a +V to a –V
In Manchester encoding, the beginning of a bit interval is used merely to set the
stage. The activity in the middle of each bit interval determines the bit value: upward
transition for a 1 bit, downward for a 0 bit.
Differential Manchester is a bi-phase signal-encoding scheme used in token
ring LANs. The presence or absence of a transition at the beginning of a bit interval
indicates the value; the transition in mid-interval just provides the clocking. For
electrical signals, bit values will generally be represented by one of three possible
voltage levels: positive (+V), zero (0 V), or negative (–V). Any two of these levels
are needed. There is a transition in the middle of each bit interval. This makes the
encoding method self-clocking, and helps avoid signal distortion due to DC signal
components. For one of the possible bit values but not the other, there will be a
transition at the start of any given bit interval. For example, in a particular
implementation, there may be a signal transition for a 1 bit. In differential
Manchester encoding, the presence or absence of a transition at the beginning of the
bit interval determines the bit value. In effect, 1 bit produces vertical signal patterns
and 0 bits produce horizontal patterns. The transition in the middle of the interval is
just for timing.
The RZ-type codes consume only half the bandwidth taken up by the
Manchester codes. But they are not self-clocking, since a sequence of a thousand ‘0s’
will result in no movement on the transmission medium at all. RZ is a bipolar signal-
encoding scheme that uses transition coding to return the signal to a zero voltage
during part of each bit interval.
NRZ is a bipolar encoding scheme. In the non-differential version it associates,
for example, +5 V with 1 and –5 V with 0. In the differential version, it changes
voltages between bit intervals for 1 values, but not for 0 values. This means that the
198 Modern Distributed Control Systems
encoding changes during a transmission. For example, 0 may be a positive voltage
during one part, and a negative voltage during another part, depending on the last
occurrence of a 1. The presence or absence of a transition indicates a bit value, not
the voltage level.
The bit encoding techniques are illustrated in Figure 5.16.
MLT-3 is a three-level encoding scheme that can also scramble data. This
scheme is one proposed for use in FDDI networks. The MLT-3 signal-encoding
scheme uses the voltage levels (including a zero level) and changes levels only when
a 1 occurs. It follows these rules:
+V, 0 V, and –V voltage levels are used
The voltage remains the same during an entire bit interval; that is, there areno
transitions in the middle of a bit interval
The voltage level changes in succession; from +V to 0 V to –V to 0 V to
+V,and so on
The voltage level changes only for a 1 bit.
MLT-3 is not self-clocking, so that a synchronization sequence is needed to assure
that the sender and receiver are using the same timing.
The 4B/5B technique codes each group of four bits into a five-bit code. For
example,the binary pattern 0110 is coded into the five-bit pattern 01110. This code
table has been designed in such a way that no combination of data can ever be
encoded with more than 3zeros on a row. This allows the carriage of 100 Mbps data
by transmitting at 125 MHz, as opposed to the 200 Mbps required by Manchester
encoding.
The 8B/10B is a line code that maps 8-bit symbols to 10-bit symbols to achieve
DC-balance (see DC coefficient) and bounded disparity, and yet provide enough state
changes to allow reasonable clock recovery. This means that the difference between
the count of 1s and 0s in a string of at least 20 bits is no more than 2, and that there
are not more than five 1s or 0s in a row. 8B/10B encoding supports continuous
transmission with a balanced number of ones and zeros in the code stream and
detects single bit transmission errors.
199
Figure 5.16 Encoding methods of binary bits.
5.3.5 Media access methods
With several stations on a network, there must be a mechanism for deciding
which station gains 'access' to the common channel to transmit or receive
information. Under heavy traffic conditions, there could be more than one station
trying to access the network at one time, causing destruction or scrambling of the
transmission signals. This will lead to deterioration of traffic throughput,
transmission delay and reduction in the transmission efficiency. It is therefore
important that the traffic is controlled, to allow a smooth, efficient operation and to
reduce the chance of data corruption caused by collision of data streams on the
network.
200 Modern Distributed Control Systems
Channel access schemes:
These are five basic forms of channel access schemes:
1- The Frequency division multiple access (FDMA) channel-access scheme is
based on the Frequency-division multiplex (FDM) scheme, which provides different
frequency bands to different data-streams - in the FDMA case to different users or
nodes. An example of FDMA systems were the first-generation (1G) cell-phone
systems. A related technique is wavelength division multiple access (WDMA), based
on Wavelength division multiplex (WDM), where different users get different colors
in fiber-optical communication.
2- The Time division multiple access (TDMA) channel access scheme is
based on the Time division multiplex (TDM) scheme, which provides different time-
slots to different data-streams (in the TDMA case to different transmitters) in a
cyclically repetitive frame structure. For example, user 1 may use time slot 1, user 2
time slot 2, etc until the last user. Then it starts all over again.
3- The code division multiple access (CDMA) scheme is based on spread
spectrum. An example is the 3G cell phone system.
4- Space division multiple access (SDMA) is a technique for medium access
control with bounded delay for all users. It makes efficient use of the bandwidth by
minimizing the MAC and address resolution protocols.
5- Packet mode multiple-access is typically based on time-domain
multiplexing, but not in a cyclically repetitive frame structure, and therefore it is not
considered as TDM or TDMA. Due to its random character it can be categorized as
statistical multiplexing methods, making it possible to provide dynamic bandwidth
allocation.
The Packet mode is typically used for wired LANs and other industrial
communication.
Statistical time division multiplexing multiple access protocols:
Contention-based media access:
Contention-based media access describes a way of getting data on to the
network whereby systems ‘contend for’ or share the media. On a contention-based
network, systems can only transmit when the media is free and clear of signals. In a
carrier sense, multiple access/collisions detection (CSMA/CD) system, stations gain
access to the network on a 'first come, first served' basis. The carrier sense feature
means that a station 'listens' on the network to check for other traffic. If no carrier
signal is present (no traffic) the station accesses the network. If a carrier is detected,
201
the station defers transmission, waiting for a certain time before trying again. This
'looking before crossing the road' strategy reduces, but does not eliminate, the risk of
data collisions.
Multiple access means that any station may transmit data as soon as it senses the
channel is free. Collision detection indicates that a station can listen in on the
network, as it transmits data, allowing it to detect additional, contending data on the
channel. The station then breaks off transmission, waiting for a short, random
interval before trying to retransmit. The ‘random back-off’ reduces the possibility of
further collisions.
CSMA/CD techniques offer fast response at low traffic but as the load
increases, so does the waiting time. There are various ramifications of the CSMA
techniques, e.g.,carrier sense multiple access with collision avoidance (CSMA/CA) -
suitable for wireless networks, and Carrier Sense Multiple Access/Bitwise
Arbitration (CSMA/BA) Based on constructive interference (CAN-bus).
Token passing:
This type of protocol uses a special token or data packet that passes control from
one station to another. Any station wishing to transmit information must wait until it
has received the token. Having completed transmission, it passes the token to the
next node. Token passing is used in both ring and bus topologies, providing a
relatively slow response at low traffic rates compared with CSMA/CD, but with little
deterioration of response time as the load increases. Examples of technologies that
use token-passing media access include Token Ring and Fiber Distributed Data
Interface (FDDI), both of which will be described in detail later in this chapter. With
a limit on the packet length, the transmission delay from any source to a destination
can be determined. While in case of CSMA/CD, the collision which is also followed
by a random back-off delay is random in nature and a deterministic time limit on the
transmission delay cannot be guaranteed.
Polling:
Polling refers to a process of checking elements, such as computers or queues,
in some defined order, to see whether the polled element needs attention (wants to
transmit, contains jobs and so on). In roll call polling, the polling sequence is based
on a list of elements available to the controller. In contrast, in hub polling, each
element simply polls the next element in the sequence. In LANs, polling provides a
deterministic media access method in which the server polls each node in succession
to determine whether that node wants to access the network.
202 Modern Distributed Control Systems
5.4 ISO - Open Systems Interconnection
In an effort to standardize network architectures and protocols, the ISO has
developed a reference model for use in comparing different data communication
architectures and in constructing new networks. This model is called the reference
model of Open Systems Interconnection (OSI).
As shown in Figure 5.17, the ISO reference model has seven layers. The
functions of each of these layers and the services provided are discussed in the next
subsection. All seven layers may or may not be used at any given network node for
any given user-user interaction. Normally, all seven layers are used at the originating
and terminating nodes of a connection, whereas only three layers are used at any
intermediate nodes that serve only to transport packets to their destination nodes.
For example, if hosts A and B are interconnected through nodes 1 and 2, as
shown in Figure 5.8, a message from A to Bis handled in nodes 1 and 2 by only three
layers: the physical, data-link and network layers. The protocols associated with the
layers used at source and destination hosts are called end-to-end protocols; those
used to connect each host to the first network node in a communication path are
called network access protocols; and those used for communication between
contiguous nodes on the path through the network are termed internal network
protocols.
The physical layer
The physical layers concerned with the transmission of each bit in a bit stream
over a direct physical connection. The focused here is on all electrical, mechanical,
and functional characteristics needed to transmit the bit stream properly. Note that
the bits in the bit stream are not grouped by this layer, and some may be in error.
Data-link layer
The layer above the physical layer is the data-link layer, which provides for
character and message (frame) synchronization, and ensures the reliable transmission
of data blocks or frames between physically connected nodes. It is the function of
this layer to detect and if necessary correct errors that occur in the raw bit stream
maintained by the physical layer. To accomplish this, the data-link layer must create
and recognize the boundaries of frames and use redundant bits in these frames to
detect errors. At the transmitting end, this layer takes the data from the above layer,
assembles it into frames or packets, and appends redundant bits, which are sent to the
lower layer. On the receiving end, the data-link layer strips back the redundant bits
and checks the integrity of the data before handing it off to the above layer, as shown
in Figure5.19. The data-link layer, supported by the physical layer below it, provides
an error-free link between physically connected nodes for use by the next highest
203
layer, the network layer
Node
A
Node
B
Function
User
program
Level 7
Application
Level 6
Presentation
Level 5
Session
Level 4
Transport
Level 3
Network
Level 2
Data-link
Level 1
Physical meduim
User
program
Level 7
Application
Level 6
Presentation
Level 5
Session
Level 4
Transport
Level 3
Network
Level 2
Data-link
Level 1
Physical meduim
Application programs
(not part of the OSI
model)
Provides all services
directly comprehensible
to application programs
Restructures data to/from
standardized format used
within the network
Synchronizes and
manages data
Provides transparent
reliable data transfer
from end node to end
node
Preforms Packet routeing
for data transfer between
nodes
Improves error rate for
frames moved between
adjacent nodes
Encodes and physically
transfers bits between
adjacent nodes
Physical transmission m eduim
Node - to - Node, peer - to - pe er communic ation path
Node - to - Node, peer - to - pe er communic ation path
Figure 5.17 The OSI 7-layer network reference model.
The network layer
Network layers software provides the services required to set up and maintain
the flow of messages between users coupled to the network. The data unit for this
layer is the packet, and one function of software at the network level is to ensure that
such packets are directed toward their proper destinations.
As one progresses through higher and higher layers in the ISO hierarchy, the
emphasis shifts from functions implemented by hardware and software at the
204 Modern Distributed Control Systems
network nodes, which provide for proper bit and packet flow, to services associated
with application processes running in host or user devices. In Internet, this layer is
responsible for execution of the Internet Protocol IP for proper routing of Internet
packets between hosts.
Physical
Data-Link
Network
Transport
Session
Presentatio
n
Application
Node 1 Node 2
Host A Host B
Connecting
medium
Connecting
medium
Connecting
medium
Path
through
the layers
Figure 5.18 Flow of messages in ISO Network layers.
The transport layer
The transport layer is the next in order above the network layer. From the point
of view of this layer, all services (such as routing, switching, and possibly congestion
control) that are necessary for end-to-end users to exchange packets are provided by
lower layers. The transport layer provides transparent transfer of data between hosts.
It is usually responsible for end-to-end connection, error recovery, flow control and
ensuring complete data transfer. In the Internet protocol suite, this function is
commonly achieved by the connection oriented Transmission Control Protocol
(TCP). The datagram-type transport, User Datagram Protocol (UDP), provides
neither error recovery nor flow control, leaving these to the application. The purpose
of the transport layer is to provide transparent transfer of data between end users,
205
thus relieving the upper layers of providing reliable and cost-effective data transfer.
The session layer
The session layer, also known as X.225 or ISO 8327, establishes, manages and
terminates connections (sessions) among cooperating applications. Within the service
layering semantics of the OSI network architecture, the session layer responds to
service requests from the presentation layer and issues service requests to the
transport layer. It also adds traffic flow information (e.g., establishes synchronization
of video and audio in live-TV and in video conferencing).In case of a connection
loss, this protocol may try to recover the connection. If a connection is not used for a
long period of time, the session layer protocol may close it and re-open it. It provides
for either full duplex or half-duplex operation and provides synchronization points in
the stream of exchanged messages.
Examples of Session layer services and protocols: H.245, Call Control Protocol for Multimedia
Communication; NetBIOS, Network Basic Input Output System; PAP, Password Authentication
Protocol; and SSH, Secure Shell protocol.
The presentation layer
The presentation layer is responsible for formatting and delivering information
to the application layer for further processing or display (e.g., it provides the ability
to identify character encoding for proper conversion, which is then done in the
application layer). The session layer’s functions cover data code/format conversion,
compression and encryption. It is the responsibility of the presentation layer to make
sure data and characters are displayed in the correct or common format between the
client and the server. Data compression or expansion, and data encryption or
decryption, are also carried out at this layer.
The presentation layer provides services for the application layer above it, and
uses the session layer below it. In practice, the presentation layer rarely appears in
pure form, and it is the least well defined of the OSI layers. Application or session
layer programs will often encompass some or the entire presentation layer’s
functions. The OSI presentation layer service is defined in the ISO 8822 standard and
in the ITU-T X.216 recommendation. The OSI presentation protocol is defined in the
ISO 8823 standard and in the ITU-T X.226 recommendation.
Examples of common presentation layer formats include: ASCII, American Standard Code for
Information Interchange; EBCDIC, Extended Binary Coded Decimal Interchange Code;, UNICODE;
MPEG, AVI, QuickTime: JPEG, PNG, TIFF: Graphics formats; MIDI: Sound format, and RDP,
Remote Desktop Protocol.
206 Modern Distributed Control Systems
DATA
DATAH3 H1H2
DATAH2
H2
H1
H1
H1 DATA
DATA
H2 DATA
H1
DATAH1H3
DATAH2
H2
H1
H1 DATA
H2 DATA
H1
DATAH1H3
H1 DATA
H2 DATA
H3 H1
Transmitting Site Receiving Site
Layers
Transmission Channel
N + 1
N
N - 1
H
: Header
Figure 5.19 Attachment and striping of layer’s headers.
The application layer
The application layer is the seventh level of the seven-layer OSI model. It
interfaces directly with and performs common application services for the application
processes. It also issues requests to the presentation layer. These include TCP-based
services such as HTTP, UDP services like DNS, and applications that use a
combination of TCP and UDP, such as the Real Time Streaming Protocol (RTSP).
207
The HyperText Transfer Protocol, or HTTP, is perhaps the most widely used
application layer protocol in the world today. Its purpose is to provide a lightweight
protocol for the retrieval of HyperText Mark-up Language (HTML) and other
documents from Web sites throughout the Internet. The commonly used version is
the HTTP/1.1: Defined in RFC 2068 by the IETF.
Examples of Application layer services and protocols include:
APPC, Advanced Program-to-Program Communication; DeviceNet; DHCP, Dynamic Host
Configuration Protocol; DNS, Domain Name System (Service) Protocol; FTP, File Transfer Protocol;
H.323, Packet-Based Multimedia Communications System; HTTP, HyperText Transfer Protocol;
IMAP, IMAP4, Internet Message Access Protocol (version 4); LDAP, Lightweight Directory Access
Protocol; MIME (S-MIME), Multipurpose Internet Mail Extensions and Secure MIME; MODBUS;
MSN Messenger [Instant Messaging Service]; System; NTP, Network Time Protocol; POP, POP3,
Post Office Protocol (version 3); SMTP, Simple Mail Transfer Protocol; SNMP Simple Network
Management Protocol; SNTP, Simple Network Time Protocol; SSH, Secure Shell; TSP, Time Stamp
Protocol.
In essence, layers 1-3 are common, providing the transmissions media and
lower-level interfaces necessary for data exchange between compatible components
(e.g., similar PLCs). The higher levels (4-7) are necessary to allow intelligent
communication between dissimilar devices using individual software applications.
Without these layers, the LAN would allow messages to be exchanged between
dissimilar devices, but the message would not be understood and could not be
accessed by the user.
5.5 Network Standards
Several standardizing organizations have contributed to establishing the
standards for LAN, in particular, IEEE, ISO and ANSI. The IEEE, Institute of
Electrical and Electronic Engineers, www.ieee.org, develops standards for LANs in
the IEEE 802.n series of standards. The relationship between the IEEE standards and
the ISO reference model is illustrated in Figure 5.20.
1- IEEE 802.1 The IEEE 802.1 describes the relationship between the various
parts of the standard and their relationship with ISO reference model and with higher
layers. It also discusses the functions of inter-networking connectivity devices and
management issues.
2- The IEEE 802.2 divides the data link layer into two sub-layers:
Logical-link control (LLC) sub-layer on top
Media-access control (MAC) sub-layer at the bottom
The LLC sub-layer provides unified interface for the network layer protocols,
208 Modern Distributed Control Systems
and controls the logical communication with its peer at the receiving side. The MAC
sub-layer provides access to a particular physical encoding and transport scheme. The
IEEE 802.3, 802.4, 802.5, 802.6, 802.11, 802.15, and 802.16 standards include the
MAC sub-layer protocols. These protocols format frames and place them on the
physical media in the specific format required. The MAC layer also provides the
necessary services for the LLC layer as requested.
Figure 5.20 IEEE Network protocol Standards.
3- The IEEE 802.3 is a CSMA/CD bus/star topology with possibly of star
branches. This standard is also known as “Ethernet.” It can use coax cable, twisted
pair copper and fiber optic media. Ethernet protocol was developed by DEC, INTEL,
and XEROX during the 1970's and early 1980's. The first version of IEEE 802.3 was
approved in 1982 and has grown to be the predominant LAN protocol. It differed
only slightly from Ethernet v. 2.0.The IEEE 802.3 has been evolving over the years
to accommodate the latest technological advances in data communication and
networking, See Appendix 5.B for a synopsis of the important developments of
802.3.
4- IEEE 802.4 Token Bus. IEEE 802.5 Token Ring is a 4 Mbps or 16Mbps
protocol. It can use several types of twisted pair cables. It operates on a bus backbone
but uses a “token” to grant permission to transmit. It was adapted by General Motor
in its Manufacture Automation Protocol (MAP).
5- IEEE 802.5 Token Ring network protocol that uses a “token” as a means of
802.3 802.4 802.5 802.6 802.11
802.1
802.2
Upper
layers
Physical
layer
802.16802.15
IEEE Standards
OSI
Reference
Model
L
L
C
M
A
C
Data
-Link
layer
209
granting workstations and servers permission to transmit on the media. It uses
primarily unshielded twisted pair wire as its media. The network topology is a ring. It
was originally developed by IBM, and it is still known as IBM token ring local area
network. The cable characteristic impedance is 100 Ohms. Lobes typically less than
100m, and the maximum number of stations on a ring are 72. Transmission rates are
4 Mbps or 16 Mbps (short distances due to the high attenuation).
6- IEEE 802.6 is a standard for Metropolitan Area Networks (MAN). It is an
improvement of an older standard (also created by ANSI) which used the fiber
distributed data interface (FDDI) network structure. The FDDI-based standard for
MAN applications failed due to its expensive implementation and lack of
compatibility with current LAN standards. The IEEE 802.6 standard uses the
Distributed Queue Dual Bus (DQDB) network form. This form supports 150 Mbit/s
transfer rates. It consists of two unconnected unidirectional buses. DQDB is rated for
a maximum of 160km before significant signal degradation over fiber optic cable
with an optical wavelength of 1310nm. DQDB is designed for data as well as voice
and video transmission based on cell switching technology (similar to Asynchronous
Transfer Mode, or,ATM). This standard is also uncommon in MAN applications
compared to Synchronous Optical Network (SONET) or ATM network designs.
7- IEEE 802.11 refers to a family of specifications developed by the IEEE for
wireless LAN technology. The 802.11 standard specifies an over-the-air interface
between a wireless client and a base station or between two wireless clients. The
IEEE accepted the specification in 1997.
There are several specifications in the 802.11 family. The original IEEE
802.11standard places specifications on the parameters of both the physical (PHY)
and medium access control (MAC) layers for wireless networks. The PHY layer,
which actually handles the transmission of data between nodes, can use either direct
sequence spread spectrum DSSS, frequency-hopping spread spectrum FHSS, or
infrared (IR) pulse position modulation. IEEE 802.11 makes provisions for data rates
of either 1 Mbps or 2 Mbps, and calls for operation in the 2.4 - 2.4835 GHz
frequency band (in the case of spread-spectrum transmission).The later amendments
focused only of the wireless RF networks.
For radio networks, the 802.11 standard specifies a carrier sense multiple access
with collision avoidance (CSMA/CA) protocol. In this protocol, when a node
receives a packet to be transmitted, it first listens to ensure no other node is
transmitting. If the channel is clear, it then transmits the packet. Otherwise, it
chooses a random "back-off factor" which determines the amount of time the node
must wait until it is allowed to transmit its packet. During periods in which the
channel is clear, the transmitting node decrements its back-off counter (when the
channel is busy it does not decrement its back-off counter.) When the back-off
counter reaches zero, the node transmits the packet. Since the probability that two
210 Modern Distributed Control Systems
nodes will choose the same back-off factor is small, collisions between packets are
minimized. Collision detection, as is employed in Ethernet, cannot be used for the
radio frequency transmissions of IEEE 802.11. The reason for this is that when a
node is transmitting it cannot hear any other node in the system which may be
transmitting, since its own transmitted signal will drown out any others arriving at
the node. Whenever a packet is to be transmitted, the transmitting node first sends
out a short ready-to-send (RTS) packet containing information on the length of the
packet. If the receiving node hears the RTS, it responds with a short clear-to-send
(CTS) packet. After this exchange, the transmitting node sends its packet. When the
packet is received successfully, as determined by a cyclic redundancy check (CRC),
the receiving node transmits an acknowledgment (ACK) packet.
802.11a is an extension of802.11 that applies to wireless LANs and provides up
to 54 Mbps in the 5GHz band. The 802.11a extension uses an orthogonal frequency
division multiplexing OFDM encoding scheme rather than FHSS or DSSS.
802.11b (also known as Wi-Fi) is an extension to 802.11 that applies to wireless
LANs and provides 11 Mbps transmission (with a fallback to 5.5, 2 and 1 Mbps) in
the 2.4 GHz band. The 802.11b standard uses only DSSS, and it was a 1999
ratification to the original 802.11 standard, allowing wireless functionality
comparable to Ethernet. The topology used in wireless networks is known as
cellular. It is a wireless structure where stations send signals to each other via
wireless media hubs. The access method for 802.11b is CSMA/CA. Clients connect
via wireless access points with data transfer rates up to 11 Mbps. The 802.11b
standard operates in the 2.4 GHz range.
802.11g is an improved version of Wi-Fi, providing typical throughput of 22
Mbps in the 2.4 GHz band. It uses the same OFDM based transmission scheme as
802.11a. It operates at a maximum physical layer bit rate of 54 Mbit/s exclusive of
forward error correction codes.
802.11n is a recent amendment which improves upon the previous 802.11
standards by adding multiple-input, multiple-output (MIMO) and many other new
features. The 802.11n standard delivers typical throughput of 144 Mbps, and a
maximum net bit rate of 600 Mbps. The maximum indoor range is expected to be
91m, while the maximum outdoor range is expected to be 182m. Chapter 8 contains
a detailed coverage of wireless networks, including 802.11x.
8- IEEE 802.12, 100VG-ANYLan is a 100MBPS protocol, voice grade
operating with both IEEE 802.3 and IEEE 802.5 packets traversing the LAN.
9- IEEE 802.15 addresses the standardization of Wireless Personal Area
Networks (WPAN) in the 10m range. IEEE 802.15.1-2002 has derived a Wireless
Personal Area Network standard based on the Bluetooth v1.1 specifications. It
211
includes a media access control and physical layer specification. An updated version
of this standard, based upon the additions incorporated into Bluetooth v1.2, was
published as IEEE 802.15.1-2005. But the later versions of Bluetooth diverge from
the IEEE standards.
IEEE 802.15.2-2003 addressed the issue of coexistence of WPAN with other
wireless devices operating in unlicensed frequency bands such as WLAN.
IEEE 802.15.3-2003 is a MAC and PHY standard for high-rate (11 to 55
Mbit/s) WPANs.
IEEE 802.15.4-2003 (Low Rate WPAN) deals with low data rate but very long
battery life (months or even years) and very low complexity. IEEE 802.15.4-2006 is
a standard which specifies the physical layer and media access control for low-rate
wireless personal area networks (LR-WPANs). It is the basis for the ZigBee,
Wireless HART, and MiWi specification, each of which further attempts to offer a
complete networking solution by developing the upper layers that are not covered by
the standard. Wireless networks will be covered in more details in a later chapter.
10- IEEE 802.16 Wireless MAN (WiMax) group develops a series of fixed
broadband wireless access standards for wireless MANs. IEEE 802.16 is a
specification for fixed broadband wireless MANs that use a point-to-multipoint
architecture. Published in 2002, the standard defines the use of bandwidth between
the licensed 10GHz and 66GHz and between the 2GHZ and 11GHz (licensed and
unlicensed) frequency ranges and defines a MAC layer that supports multiple
physical layer specifications customized for the frequency band of use and their
associated regulations. The 802.16 standard supports very high bit rates in both
uploading to and downloading from a base station up to a distance of 30 miles to
handle such services as VoIP, IP connectivity and TDM voice and data.
11- IEEE 802.20 (Mobile-Fi): Mobile Broadband Wireless Access (MBWA) is
an IEEE Standard that enables worldwide deployment of multi-vendor interoperable
mobile broadband wireless access networks.
12- IEEE 802.22 is a standard for Wireless Regional Area Networks (WRANs)
using white spaces in the TV frequency spectrum. The development of the IEEE
802.22 WRAN standard aims to use cognitive radio techniques to allow sharing
geographically unused spectrum allocated to the Television Broadcast Service, on a
non-interfering basis, to bring broadband access to low population density areas,
which has the potential for a wide applicability worldwide. WRANs are designed to
operate in the TV broadcast bands while assuring that no harmful interference is
caused to the incumbent operation, i.e., digital TV and analogue TV broadcasting,
and low power licensed devices such as wireless microphones. The standard was
expected to be finalized in 2010.
212 Modern Distributed Control Systems
5.6 Industrial Ethernet
Driven by the idea of using office standards to achieve simple interconnection
between control equipment, Ethernet became eventually a popular solution for the
factory floor automation applications. Many of the arguments brought forward to
promote Industrial Ethernet were actually economic and marketing-based; for
example:
Continuous development driven and supported by the global IT sector.
Large number of suppliers on the market.
Future-proof technology.
Low Total Cost of Ownership (TCO).
Remote diagnostics via Internet/Intranet.
Predictive diagnostics using management software; for example, SNMP or
OPC.
But there are certain inherent limitations in the Ethernet that make plain
Ethernet inappropriate in control applications demanding real-time behavior. To cope
with these limitations, many proprietary solutions introduced quality of service,
modifying packet processing in switches, or by synchronization between devices.
The following discussion starts with a brief background on Ethernet; it then
highlights some of the differences between office and industrial environments.
Finally, a short summary of some of the proposed Industrial Ethernet solutions is
offered.
5.6.1 Ethernet Background
The standardized versions of Ethernet are IEEE 802.3 and ISO/IEC 8802-3. The
evolution of the IEEE 802.3 standard is covered in Appendix 5.C.
Ethernet Transmission Media:
Ethernet offers a wide range of transmission media, such as copper, glass fiber,
and wireless. The standard specifies three physical media: coaxial cables, UTP/STP
cables and FO cables. Data transmission rates range from 10 Mbit/s, 100 Mbit/s
through 1 Gbit/s to 10 Gbit/s. Rates of 100Mbps and higher use twisted pair cables
and FO cables. A summary of Ethernet cables is given in Table 5.5.
213
Table 5.5 Ethernet Cables.
Ethernet Classes & Cable Types
Ethernet Class Maximum Data
Rate Cable Type
10Base - 2 10 Mbps Coaxial
10Base - 5 10 Mbps Coaxial
10Base - T 10 Mbps UTP Cat-3 or Cat-5
100Base - T 100 Mbps UTP Cat-5, Cat-5e, Cat-6 or Fiber
1000Base - T 1 Gbps UTP Cat-5, Cat-5e, Cat-6 or Fiber
10 GbE 10 Gbps UTP Cat-5e, Cat-6, Cat-7 or Fiber
40 GbE 40 Gbps Fiber
Ethernet Signal Encoding
The 10 Mbps Ethernet signals are encoded using the Manchester encoding
scheme. This method allows a clock to be extracted at the receiver end, and for the
transmission/reception process to be synchronized. The encoding is performed by an
exclusive or between a 2x clock signal and the data stream. In the resulting signal, a 0
is represented by a high to low change at the center of the bit duration, while a 1 is
represented by a low to high change at the center of the bit duration. The encoding is
depicted in Figure 5.21
101100101001
Clock
Data
Encoded
Encoded data as XOR of clock and data
Figure 5.21 Manchester signal encoding.
In 100 Mbps Ethernet, the physical layer specifies the 4B/5B coding of the data,
data scrambling and the non-return to zero-inverted (NRZI) data coding together with
214 Modern Distributed Control Systems
the clocking, data and clock extraction processes. The 4B/5B technique selectively
codes each group of four bits into a five-bit cell symbol. For example, the binary
pattern 0110 is coded into the five-bit pattern 01110. In turn, this symbol is encoded
using non-return to zero- inverted (NRZ-I) where a ‘1’ is represented by a transition
at the beginning of the cell, and a ‘0’ by no transition at the beginning. With a five-
bit pattern, there are 32 possible combinations. Obviously, there are only 16 of these
that need to be used for the four bits of data, and of these, each is chosen so that there
are no more than three consecutive zeros in each symbol to maintain clock
synchronization, and at least two transitions in every 5-bit word. The transitions in
every cell allow the clock to be extracted, and synchronized with the transmitter. Bit
coding uses three voltage levels: +1 volts, 0 volts and –1 volts. The level remains the
same for consecutive sequences of the same bit, i.e. continuous ‘1’ s. When a bit
changes, the voltage level changes to the next state in the circular sequence 0 V, +1
V, 0 V, –1 V, 0 V, etc. This results in a coded signal, which resembles a smooth sine
wave of much lower frequency than the incoming bit stream.
Hence for a 31.25 MHz baseband signal this allows for a 125 Mbps signaling bit
stream providing a 100 Mbps throughput (4 B/5B encoder). The MAC outputs a
NRZ code. The code words are selectively chosen so the mean line signal is zero; in
other words, the line is DC balanced.
The 100Base-T4 system uses four pairs of Category 3 UTP. It uses data encoded
in an eight binary, six ternary (8B/6T) coding scheme. The data is encoded using
three voltage levels per bit time of +V, 0 volts and –V, which are usually written as
+, 0 and –. This coding scheme allows the eight bits of binary data to be coded into
six ternary symbols, and reduces the required bandwidth to 25MHz. The 256code
words are chosen so the line has a mean line signal of zero.
The 1000Mbps Ethernet uses the 8B/10B technique, which selectively codes
each group of eight bits into a ten-bit symbol. Each symbol is chosen so that there are
at least two transitions from ‘1’ to ‘0’ in each symbol. This ensures there will be
sufficient signal transitions to allow the decoding device to maintain clock
synchronization from the incoming data stream. The coding scheme allows unique
symbols to be defined for control purposes, such as denoting the start and end of
packets and frames as well as instructions to devices.
The coding also balances the number of ‘1’s and ‘0’s in each symbol, called DC
balancing. This is done so that the voltage swings in the data stream would always
average to zero, and not develop any residual DC charge.
Ethernet Media Access control:
Each node can be in any one of three states at any time. These states are:
215
Idle, or listen
Transmit
Contention
In the idle state, the node merely listens to the bus, monitoring all traffic that
passes. If a node then wishes to transmit information, it will wait until there is no
activity on the bus, since this is the ‘carrier sense’ component of the architecture.
When it senses no activity, it can then start its transmission, and listen to its
transmission on the media. If it detects a collision (scrambled signal), the node goes
into the third state of contention. The node will continue to transmit for a short time –
the jam signal – to ensure the other transmitting node detects the contention, and then
it waits for a random period called a back-off, before it re-attempts transmission.
The basic frame format for an 802.3 network is shown below. There are eight
fields in each frame, and they will be described in detail.
Frame Format
710101010
Preamble
SFD
Destination
Address
Source Address
Frame Length
Data
Pad
10101011
FCS
1
2 or 6
2 or 6
2
0-1500
0-46
4
Number of Octets Field
Minimum length is 64 octets (512 bits),
excluding Preamble and SFD.
Maximum frame is 1518 octets
Figure 5.22 802.3 MAC frame format.
Preamble: This field consists of seven octets of the data pattern 10101010. The
preamble is used by the receiver to synchronize its clock to the transmitter.
216 Modern Distributed Control Systems
Start frame delimiter: This single octet field consists of the data 10101011. It
enables the receiver to recognize the commencement of the address fields.
Source and destination address: These are the physical addresses of the
source and the destination nodes. The fields can be two or six octets long, although
the six-octet standard is the most common. The six-octet field is split into two, three
octet blocks. The first three octets describe the block number to which all NICs of
this type belong. This number is the license number, and all cards made by this
company have the same number. The second block refers to the device identifier, and
each card will have a unique address under the terms of the license to manufacture.
This means there are 248 unique addresses for Ethernet cards.
There are three addressing modes that are available, including:
Broadcast. Destination address is set to all 1s or FFFFFFFFFFFF
Multicast. First bit of the destination address is set to a 1. It provides group
restricted communications
Individual or point-to-point. First bit of the address set to 0, and the rest set
according to the target destination node
Length: a two-octet field that contains the length of the data field.
Data: the information that has been handed down from the LLC sub-layer.
Pad: since there is a minimum length of frame of 64 octets (512 bits or 576 bits
if the preamble is included) that must be transmitted to ensure that the collision
mechanism works, the pad field will pad out any frame that does not meet this
minimum specification.
FCS: Frame Check Sequence is a 32-bit CRC value that is computed in
hardware at the transmitter and appended to the frame.
The minimum inter frame gap is 12 octets. Maximum payload is 1500 bytes.
For 1Gbps and beyond the payload size limit increases to 9000.
5.6.2 Industrial Ethernet Requirements
Industrial Ethernet (IE) components used in plant process areas must be
designed to work in harsh environments. In the office environment, by contrast, there
are no strict requirements about network availability and only moderate requirements
for temperature (0-50°C). There is no moisture to cope with, virtually no vibrations
and EMC burden. For automation technology, the environment changes depending
on the location of the installation: inside a cabinet, watch tower or electronic room,
or outside directly in the plant. The degree of pollution may vary from IEC 625-1
217
grade 2 to grade 3 and the protection level from IP 20 up to IP 65 or even IP 67. The
requirements for shock are up to 20g/11ms and vibrations of 5g. The typical
temperature range is 20C-70C.
Table 5.6 highlights some of the differences between offices and industry
environments.
Table 5.6 caparison between office and industry needs.
Office Industry
Installation Fixed basic installation in the
building
Variable device connections
to standard workstations
Cabling predominantly in
star topology
a) Plant dependent cabling and
cable ducting
b) Field attachable connectors
up to IP67
c) Redundant cabling, often
ring structures
Data Large data packets
Medium network availability
Predominantly acyclic
transmission
Real-time behavior not
necessary
a) Small data packets
b) Very high network
availability
c) Predominantly cyclic
transmission
d) Real-time behavior necessary
Environment Normal temperature range
Little dust, moisture and
vibration
Hardly any mechanical loads
or problems with chemicals
Low EMC Requirements
a) Extended temperature range
b) Dust, moisture and vibration
possible
c) Risk of mechanical damage
or problems with chemicals
d) High EMC requirements
Real-Time Ethernet is expected to provide the following features:
Real-time: the ability of a system to provide a required result in a bounded
time.
Synchronized actions between field devices like drives, require time and/or
clock synchronization.
Efficient, frequent exchange of very small data records, typically performed
by cyclic data exchange with specific quality of services.
Redundant networking.
In industrial automation applications the real-time requirements are usually
218 Modern Distributed Control Systems
classified as follows:
Class 1: Reaction time around 100ms. This timing requirement is typical when
humans are involved in the system observation for engineering and for process
monitoring. Most processes in process automation and building control fall into this
class. This requirement may be fulfilled in a standard system with a TCP/IP
communication channel.
Class 2: Reaction time around 10 msec. This is the requirement for most tooling
machine control system like PLCs or PC-based controls. To reach this timing
behavior, special care has to be taken in the Real Time Ethernet (RTE) equipment.
Powerful and expensive computer resources are needed to handle the TCP/IP
protocol in real-time or the protocol stack must be simplified and reduced to get these
reaction times on simple, cheap resources.
Class 3: Reaction time around 1 msec. This is the typical requirement for
motion control that synchronizes several axes over a network. These requirements are
difficult for Ethernet to meet unless 100Mbps is used with modifications toboth
medium access and hardware structures of the controllers.
The National Institute of Standards & Technology(NIST) realized the need
for standardized network performance metrics and tests to aid users in characterizing
the performance of their software and hardware. NIST is working on developing an
open source tool called Industrial Ethernet Network Performance (IENetP). The tool
is intended for two types of traffic:
Publisher/subscriber or peer-to-peer.
Command/Response or Master/Slave.
Currently, the tool has been tested on EtherNet/IP. Future versions will include
Foundation Field bus HSE, ProfiNet, Modbus/TCP, ISA-100.11a and other wireless
networks.
5.6.3 Approaches for Industrial Ethernet
Industrial Ethernet is the Ethernet network protocol in an industrial environment
for automation and process control. A number of techniques are used to adapt the
Ethernet protocol to real time behavior in industrial processes. By using non-
proprietary protocols, automation systems from different manufacturers can be
interconnected throughout a process plant. Industrial Ethernet takes advantage of the
relatively large marketplace for computer interconnections to reduce cost and
improve performance of communications between industrial controllers.
The industrial Ethernet solutions originally contained in the IEC 61158 are
High Speed Ethernet (HSE) of Foundation Fieldbus
219
Ethernet/IP (the Ethernet pendant of ControlNet and DeviceNet)
PROFINET.
These three systems use fieldbus application layer protocols on top of the
standard Internet transport protocols TCP and UDP. On the lower layer, they build on
Ethernet in its original form, i.e., the physical and data link layer of ISO/IEC 8802-3
without any modifications. The real-time capabilities of these approaches are limited
and must rely on application-level mechanisms controlling the data throughput. In
industrial Ethernets, the real-time control is performed mainly by the fieldbus control
layer, while HSE is used at the supervisory layer and operator display layer (DCS
layer).
For advanced requirements, like distributed drive controls, this is not sufficient.
Moreover, with the trend toward distributed intelligence, there is a need for a high-
speed flat fieldbus approach for distributed devices and sensors. These known
limitations of conventional Ethernet and the rapid advancement in sensor technology
stimulated the development of several alternative solutions that were not simple
adaptations of ordinary fieldbus systems. These entirely new approaches were
originally outside the IEC standardization process, but are now candidates for
inclusion in the RTE standard. There is a multitude of new concepts collected in IEC
61784-2.
For Foundation Field Bus HSE (high-speed Ethernet) there is no formal fix for
the real-time Ethernet, except the use of switches for real-time applications, where
the nodes connected to a switch form a star topology, eliminating the collision
possibility, and hence producing deterministic performance. Nonetheless,cabling
beats the wisdom of using a fieldbus to reduce the cabling problem.
Ethernet/IP defined by Rockwell and supported by ODVA and ControlNet
International makes use of the Common Interface Protocol (CIP) which is common
tothe networks Ethernet/IP, ControlNet and DeviceNet. CIP defines objects and their
relations in different profiles. It fulfills the requirements of class 1 on Ethernet/IP.
With the CIPsync extensions, it is possible get isochronous communication that
satisfies class 2 applications. These extensions use 100 MBit/s networks with the
help of IEEE 1588 time synchronization.
PROFINET is defined mainly by Siemens and supported by PROFIBUS
International. The first version was based on automation components connected over
the TCP/UDP/IP connection. A second step was the definition of a Real Time (RT)
solution for PROFINET I/O. In this version, class 2 performance is achieved for
small and cheap systems by eliminating the TCP/IP stack for process data. Input and
output (I/O) data are directly packed into the Ethernet frame with a specialized
protocol.
220 Modern Distributed Control Systems
VNET/IP has been developed by Yokogawa. The real time extension of this
protocol is called RTP (Real-time& Reliable Data gram Protocol). Like many others,
it uses UDP as the transport layer. Unique to this approach is an optimized IP stack
(with respect to processing times) and a concept for redundant network connections.
Other real time Ethernet extensions have also been demonstrated:TCnet, which
is a proposal by Toshiba, EtherCAT defined by Beckhoff and supported by the
Ethercat Technology Group (ETG), Powerlink was defined by B&R and is now
supported by the Ethernet Powerlink Standardization Group (EPSG), and SERCOS
which is well known for its CNC control optical ring interface.
5.6.4 Switched Ethernet
One of the major drawbacks of Ethernet in control applications is that Ethernet
is non-deterministic. Determinism enables users to accurately predict the worst-case
data transmission. Industrial networks also require the arrival of the packets to have
high repeatability (or low jitter); that is, a guarantee of its arrival at the same time
every time.
The use of intelligent switches in star topologies has improved determinism,
repeatability and performance of Ethernet to a great extent. Switches break up
collision domains into single devices or small groups of devices, effectively reducing
the number of collisions to almost zero. Switched Ethernet improves network
performance by giving a dedicated 10/100 Mbps connection to each device on the
network. For example, with a Standard 10 Mbps Ethernet LAN with 20 users, 10
Mbps is shared with all 20 users. With a switched Ethernet network, those same 20
users would have 10 Mbps each, for a total potential throughput of 200 Mbps (10
Mbps x 20 users). Furthermore, each port on a switch can usually be configured to
run at half duplex (traditional Ethernet) or at full duplex operation. Full duplex
provides an effective 10/100 Mbit/sec connection in each direction (20/200 Mbits/sec
total), between an attached device and the switch.
Another advantage of switched Ethernet is that data flows only from sender to
receiver. Switched Ethernet sends the data directly to the device that is supposed to
get it. By sending data point-to-point, switched Ethernet generates less traffic on the
network.
With a fully switched, duplex, non-blocking network architecture, real-time
Ethernet is now possible. The network has to be planned in a way that traffic with
real time requirements does not interfere with latency tolerance.
221
Analog and
Digital
Sensors
and
Actuators
Control
Station
L3-Switch
L2-Switch
L2-Switch
Figure 5.23 Switched Industrial Ethernet.
An Ethernet switch stores the frame before it is resent. It learns the Ethernet
MAC addresses of each device’s port and delivers frame to them. Additionally, they
can switch traffic between segments of different data rates and offer full duplex and
collision free communication. Switches are better in noisy environments, since noise
does not pass through switches.
VLAN:
Advanced switches support a virtual LAN (VLAN) feature that allows users to
configure the switch so that ports are subdivided into groups, such that all packets
received on one port of a group will only be transmitted to another port within the
group. The receiving port and the group of transmitting ports constitute a VLAN.
VLANs may typically be overlapped within a switch, such that any one port may
appear on multiple VLANs. This feature allows the user a great deal of flexibility
222 Modern Distributed Control Systems
over partitioning the ports on a switch into multiple overlapping collision domains.
Auto-Negotiation:
This protocol allows a switch to negotiate network parameters with a connected
computer or another switch. These parameters include transmission speed
10/100/1000 Mbps, half or full duplex, flow control and auto-crossover of wire pairs.
Managed Switches:
A managed switch is basically a switch that supports SNMP (Simple Network
Management Protocol). Managed switches allow the network administrator to set up
communication parameters as the data rate at each port, and to monitor the network
and collect traffic statistics.
Quality of Service (QoS):
QoS is the ability of the switch to apply higher priority to certain frames (e.g.,
control related critical packets), while giving low priority to other non-critical traffic.
The switch can use the port on which the frame arrived to determine the frame
priority or it can use a tag within the frame to determine its priority (IEEE 802.1p and
IEEE 802.1Q). These features are important in improving the determinism of the
network.
Redundancy:
Ethernet network redundancy is the ability of the network to survive a single
cable failure in its switch-to-switch links. The network survives by providing
alternative data paths when a cable fault occurs. There are two popular IEEE
redundancy standards:
STP Spanning Tree Protocol (IEEE 802.1D)
RSTP Rapid Spanning Tree Protocol (IEEE 802.1w)
STP works in almost any network topology, but it can be slow, providing
network recovery times from 30 to 60 seconds. STP falls under the OSI layer-2.
Spanning tree allows a network design to include spare (redundant) links to provide
automatic backup paths if an active link fails, without the danger of bridge loops, or
the need for manual enabling/disabling of these backup links. Bridge loops must be
avoided because they result in flooding the network. RSTP is the next generation
after STP, which provides for faster spanning tree convergence after a topology
change. Standard IEEE 802.1D-2004 now incorporates RSTP and renders STP
obsolete. RSTP can recover in 1 to 2 seconds.
Some vendors use a proprietary ring or trunk scheme to provide network
recovery in case of failure of a network link. In the ring topology switches are
arranged in a bus with an extra link to close a ring. If a link between two switches
fails, the extra link is activated and the connectivity of all switches is preserved. In
223
the trunk configuration switches are connected by multiple parallel links. Parallel
links are normally used to increase the throughput between the switches. In the case
of failure of one of these parallel links, communication is adjusted to utilize the
remaining links without interruption of the traffic.
SwitchSwitchSwitch
Switch
Switch
Switch
Switch
Backup
link
Active links
(a)
(b)
Figure 5.24 (a) Ring redundancy, (b) Trunk redundancy.
5.7 Network Components
Repeater
When a signal travels along a cable, it tends to degenerate or lose strength. A
repeater is a device that boosts a networks signal as it passes through. The repeater
does this by electrically regenerating the signal it receives and then rebroadcasting it.
Repeaters can be separate devices or they can be incorporated into a concentrator.
They are used when the total length of your network cable exceeds the standards set
for the type of cable being used.
A good example of the use of repeaters would be in a local area network using a
star topology with unshielded twisted-pair cabling. The length limit for unshielded
twisted-pair cable is 100m. The most common configuration is for each workstation
to be connected by a twisted-pair cable to a multi-port active concentrator. The
concentrator regenerates all the signals that pass through it allowing for the total
length of cable on the network to exceed the 100m limit.
224 Modern Distributed Control Systems
Concentrator
A concentrator is a device that provides a central connection point for cables
from workstations, servers and peripherals. In a star topology, twisted-pair wire is
run from each workstation to a central concentrator. Hubs are modular devices into
which can be plugged a number of multi-port concentrators. Some concentrators are
passive; that is, they allow the signal to pass from one computer to another without
any change. Most concentrators are active, which means they electrically regenerate
the signal as it moves from one device to another. Active concentrators are used like
repeaters to extend the length of a network.
Hubs
Hubs are the simplest network devices. Computers connect to a hub via a length
of twisted-pair cabling. On a hub, data is forwarded to all ports, regardless of whether
the data is intended for the system connected to the port. In addition to ports for
connecting computers, even a very inexpensive hub generally has a port designated
as an uplink port that enables the hub to be connected to another hub to create larger
networks.
Switches
Switches are layer 2, multi-port devices. Switches function like hubs or
bridges,except they have more advanced features that can temporarily connect any
two ports together. Switches contain a switch matrix or a switch fabric that can
rapidly connect and disconnect ports. Unlike hubs, switches only forward frame from
one port to the other port where the destination node is connected without broadcast
to all other ports.
Bridge
A bridge is a device that allows segmenting a large network into two smaller,
more efficient networks. A bridge connects multiple network segments at the data
link layer (layer 2) of the OSI model. If one is adding to an older wiring scheme and
one wants the new network to be up-to-date, a bridge can connect the two.
A bridge monitors the information traffic on both sides of the network so that it
can pass packets of information to the correct location. Most bridges can "listen" to
the network and automatically Figure out the address of each computer on both sides
of the bridge. The bridge can inspect each message and, if necessary, broadcast it on
the other side of the network.
The bridge manages the traffic to maintain optimum performance on both sides
of the network. One might say that the bridge is like a traffic cop at a busy
intersection during rush hour: it keeps information flowing on both sides of the
225
network, while blocking unnecessary traffic. Bridges can be used to connect different
types of cabling, or different types of topologies, but must be used between networks
with the same protocol.
Router
A router is used to translate information from one network to another -- it is
similar to a super intelligent bridge. It selects the best path to route a message, based
on the destination address and origin. The router can direct traffic to prevent head-on
collisions, and it is smart enough to know when to direct traffic along back roads and
shortcuts.
While bridges know the addresses of all the computers on each side of the
network, routers know the address of the computers plus the address of all the
bridges and other routers on the network. One of the most useful things routers can
do is to "listen" to the entire network to determine what sections are busiest; they can
then redirect data around those sections until they clear up. Unlike bridges and
switches, which use the hardware-configured MAC address to determine the
destination of the data, routers use the logic network address such as IP address to
make decisions.
Gateway
A gateway is any device, system or software application that can translate data
from one format to another. Gateways will not change the data itself but work as
protocol converter. For example, a router that can route data from an IPX network to
an IP network is a gateway. The same can be said of a translation switch that
converts from an Ethernet network to a token ring network and back again.
Modems
Modems are access devices that translate digital signals from a computer into
analogue signals that can travel across conventional phone lines. The modem
modulates the signal at the sending end and demodulates it at the receiving end.
Modems are required for many access methods such as 56k data modern, ISDN,
DSL, etc. They can be internal devices that plug into expansion slots in a system,
external devices that plug into serial or USB ports, PCMCIA cards designed for use
in laptops or specialized devices designed for use in systems such as handheld
computers. In addition, many laptops now come with integrated modems. For large-
scale modem implementations, such as at an ISP, rack-mounted modems are also
available.
226 Modern Distributed Control Systems
SUMMARY
1. LANs provide data transmission systems linking computers and associated
devices within a restricted geographical area (about 1 km).
2. The most common wired transmission media for LANS are twisted pair
cables, coaxial cable and fiber- optic cables.
3. Transmission media performance parameters include characteristic
impedance, attenuation, bandwidth and crosstalk.
4. There are several standard categories of twisted-pair cables for LANs
operating at 10/100/1G/ and 10G bps.
5. There are three main types of FO cables: single-mode, multi-mode graded
index and multi-mode step index.
6. There are four main network topologies: star, bus, ring and mesh.
7. Data transmission can be asynchronous or synchronous; and it can be
based on circuit switching or packet switching.
8. There are several signal encoding techniques used in LANs: RZ, NRZ,
Machester, Differential Manchester, 4B/5B and 8B/10B.
9. The OSI reference model for network layers consists of seven layers:
physical, data link, network, transport, session, presentation and
application.
10. The IEEE 802 series of standards define a unified framework for the
physical and data link layers to ensure unified behavior and interface with
the network layer.
11. The IEEE series of standards include, 802.3 (CSMA/CD), 802.4 (token
bus), 802.5 (token ring), 802.6 (MAN), 802.11 (WiFi), 802.15 (WPAN)
and 802.16 (WiMax).
12. Industrial networks need to be deterministic, efficient at handling real-
time short packets, able to deliver synchronized actions, and able to work
in redundant arrangements, in addition to other requirements to meet harsh
environments.
13. There are several solutions for industrial Ethernet: switched Ethernet, FFB
227
HSE, EtherNet/IP, ProfiNet, VNET/IP, and Modbus/TCP (among others).
14. Repeaters are used to extend the physical media, hubs/switches provide
central connection in a star topology, bridges link different network
segments/domains; routers translate/direct packets from one network to
another.
References
[1] William Stallings, Data and Computer Communications, 8/E, Prentice Hall, 2007.
[2] James Trulove, LAN Wiring, McGraw-Hill/TAB Electronics; 3 edition, 2005.
[3] John Cowley ,Communications and Networking; An Introduction, 2ed, Springer, London
Heidelberg New York Dordrecht, 2012.
[4] Richard Zurawskiedtr.,The Industrial Communication Technology Handbook, CRC Press, 2005.
[5] Perry S. Marshall and John S. Rinaldi, Industrial Ethernet, 2nd Edition, ISA, 2005.
[6] M. Felser and T. Sauter, “Standardization of Industrial Ethernet – the next battlefield?”, IEEE
International Workshop on Factory Communication Systems (WFCS), Wien, 22-24 Sep. 2004,
pp. 413-421.
[7] Richard Zurawski, Embedded Systems Handbook, Second Edition: Networked Embedded
Systems, CRC, 2009.
[8] Deon Reynders, Steve Mackay, and Edwin Wright, Practical Industrial Data Communications,
Elsevier, 2005.
[9] Rockwell Automation,EtherNet/IP Performance, http://literature.rockwellautomation.com/
idc/groups/literature/documents/ap/enet-ap001_-en-p.pdf.
[10] L. M. Thompson, Industrial Data Communications, 4th Edition, ISA, 2007.
[11] Dick Caro, Automation Network Selection: A Reference Manual, Second Edition, ISA, 2009.
[12] Zurawski Richard, The Industrial Communication Technology Handbook (The Industrial
Information Technology Series), CRC Press Inc., 2005.
EXERCISES
(Straight forward applications of the concepts of the chapter)
E5.1] CSMA of CSMA/CD stands for:
a) Copper System Media Access
b) Collision Sense Media Access
c) Collision Sense Multiple Access
E5.2] Which media access network tries to detect collisions instead of avoiding collisions?
a) Token Ring
b) CSMA/CD
c) AppleTalk
d) ArcNet
e) CSMA/CA
228 Modern Distributed Control Systems
E5.3] Token Ring networks use CSMA/CA network arbitration.
a) True
b) False
E5.4] Star topologies require a hub, which means they:
a) Use more wire than bus topologies
b) Are easier to troubleshoot than ring topologies
c) Can bring the entire network down if the hub fails
d) Make it easy to add new computers
e) All of the above
E5.5] FDDI is a fiber-optic network based on which topology?
a) Star
b) Ring
c) Bus
E5.6] Which type of cable will operate at 100 Mbs?
a) Category 3 cable
b) Category 5 cable
c) Category 2 cable
d) 10BASE2
E5.7] UTP is:
a) Universal Transaction Protocol
b) TCP/IP protocol
c) A type of wiring
d) A signaling method over Ethernet
E5.8] Token Ring networks determine who gets the token based on:
a) Who is ready to transmit data
b) Synchronized network timers
c) NIC address
E5.9] WANs are typically slower than LANs because:
a) WANs do more than LANs, thus the network signal must be processed by each hop.
b) WANs typically use public switching networks to cover great distances.
c) WAN hardware technology is years behind LAN technology.
E5.10] Which topology is easiest to troubleshoot?
a) Star topology
b) Ring topology
c) Bus topology
229
E5.11] A star network is more expensive to set up than a bus network because:
a) Star hubs are very expensive.
b) Star networks require expensive connectors at the end of each cable.
c) Star-based NICs are more expensive than bus-based NICs.
d) Star networks require much more cable than bus networks.
E5.12] When several hubs/switches are interconnected in the star network, it is referred to as:
a) Star bus topology
b) An Intranet
c) Switched network
E5.13] A device that regenerates signals, allowing for greater distances between devices in a LAN
without regard to packet information is a:
a) Bridge
b) Router
c) Switching hub
d) Repeater
E5.14] The OSI Presentation Layer is so named because:
a) It presents data to the user.
b) It presents data to the application.
c) It presents a uniform data format to the application layer.
d) It does all of the above.
E5.15] Which OSI layer includes cable and connectors?
a) The Data Link Layer
b) The Physical Link Layer
c) The Connection Layer
d) The Physical Layer
E5.16] Which layer defines network topology?
a) The Network Layer
b) The Physical Layer
c) The Data Link Layer
d) The Physical Link Layer
E5.17] Which layer is concerned with bits instead of frames?
a) The Network Layer
b) The Session Layer
c) The Physical Layer
d) The Data Link Layer
e) None of the above
230 Modern Distributed Control Systems
E5.18] Which layer builds frames from received raw bits?
a) The Data Link Layer
b) The Physical Layer
c) The Session Layer
d) The Network Layer
PROBLEMS
(Problems extend the concepts of this chapter to new situations)
P5.1] Which networking topology would be easiest to configure for a 10-workstation Windows
peer-to-peer network?
a) NetBEUI
b) IPX/SPX
c) TCP/IP
P5.2] Name and describe two application layer services.
P5.3] Explain why Ethernet is a “probabilistic” network, while Token Bus is a “deterministic”
network?
P5.4] Name and describe two transport layer protocols.
DESIGN PROBLEMS
(Design Problems emphasize the design task)
D5.1] A class 1 (response time of 1-3 seconds is acceptable) SCADA system consists of ten remote
PLCs, and the distance to the control room varies between 100 m and 500 m. All PLCs
should be Ethernet compatible with built in TCP/IP and SNMP to enable management via the
network using commercially available network management software. The control room
should contain at least three work stations, a history server with redundant storage and a web
server. The operators and managers should be able to monitor and control the plant through a
standard Web browser, and view both factory data and corporate information through a
common interface and from any desktop or mobile computer. The web server provides
security by allowing user access according to IP address or via selected web pages only. The
system should be open system based on off-the-shelf components and software. Suggest two
alternative solutions and discuss the advantages and disadvantages of each.
231
TERMS AND CONCEPTS
8b/10b encoding
A scheme for encoding signals with an embedded clock. The encoding serves two purposes. First, it
ensures that there are enough transitions in the data stream for clock recovery and, second, that the
number of 0s and 1s is matched, maintaining DC balance in AC-coupled systems.
Asynchronous Transfer Mode (ATM)
A very high speed network using SONET optical transmission methods through the public
telecommunications system.
AWG (American Wire Gauge)
The AWG size is one of the essential specifications that are printed on data cables. For instance, an
AWG of 24 is common for network cables such as a Category 5 UTP, and an AWG of 26 is the norm
for Serial ATA cables.
Baseband Transmission
A transmission method where direct current signals are placed directly onto the transmission medium
(cable). Ethernet is a baseband network type, hence, the “Base” in 10Base-T, etc.
Bridge
A networking component that links two or more network segments. Bridges are used to split busy
networks into separate, less congested segments.
Broadband Transmission
A transmission method where multiple channels are modulated onto separate carrier frequencies. The
result is multiple communications channels that occupy specific frequency ranges.
Client Server
A network architecture where multiple user workstations (clients) communicate with backend servers
through a network. Clients are fully operating systems that are capable of processing data.
Cyclic redundancy check (CRC)
A method for detecting and correcting bit errors in a packet of information by adding a calculated set
of values to the packet. The values are derived from an original packet of data.
Ethernet
The most common of the network standards established in the early 1980s by the IEEE committee
under standard 802.3.
232 Modern Distributed Control Systems
Fiber Distributed Data Interface (FDDI)
A 100Mbps fiber optic cabling standard developed by ANSI. FDDI utilizes a dual counter rotating
ring topology for network redundancy.
Hub
A network device that receives a signal from one station and retransmits to all other connected
stations.
IP Address (Internet Protocol Address)
This protocol addresses how transmissions are broken down into data packets (or datagrams), their
formats and their addressing.
Local Area Network (LAN)
A network that remains within one facility (e.g., department, office, building, campus).
MAC Address(Media Access Control Address)
This is a unique identifier that is permanently assigned to each network adapter card (layer 2 in the
OSI network model) in the network. For networks that comply with the OSI reference model but do
not conform to the IEEE 802 standards, this node address is referred to as a Data Link Control (DLC)
address.
MODEM
An acronym for MOdulate/DEModulate. Modems are data communications devices that convert
digital signals to analog signals for transmission over analog public telephone networks.
NetBEUI
NetBEUI is short for NetBios Extended User Interface. It is an enhanced version of the NetBIOS
protocol used by network operating systems such as LAN Manager, LAN Server, Windows for
Workgroups, Windows 95 and Windows NT. It is the transport part of the original networking
protocol for DOS and Windows PCs. NetBEUI is a non-routable protocol that was designed for a
single LAN segment. It does not contain a network address for routing to different networks.
Windows XP dropped formal support for NetBEUI.
Network Interface Card (NIC)
Network devices that are installed in computers so that they can be connected to a network. Ethernet
NICs come in different speeds as well as with connections to different media types.
Node
A device or station connected to a network.
233
Peer to Peer (P2P)
A network architecture where computers connect directly with other computers without the need for
servers.
Repeater
A network device that regenerates the signal to increase a cabling run.
Router
A network device that interconnects networks. Routers provide traffic control and filtering functions,
they are commonly used to connect a LAN to the Internet.
Server
A computing device that provides a service to users on a network (clients). An example is a file server
that stores and maintains documents for retrieval.
Star
The most common network topology, where each node is connected to a central point. It is
advantageous because if one part of the star is lost the network remains intact.
Switch
A switch is a multiport bridge that segregates different portions of a network for faster network access.
SONET (Synchronous Optical Network)
A Bellcore and ANSI standard that defines transmission of synchronous and time sensitive (e.g., real
time video) information. SONET provides a way for worldwide carriers to connect equipment.
Token Ring
A networking standard that utilizes a ring topology. Information is put onto the ring which is then
passed (token passing) to the different stations. The amount of time that a station possesses the token
is variable which gives some users priority on the network. Token ring was standardized in IEEE
802.5.
Transceiver
A device used to change one media type to another. Transceivers usually get their power from the
NIC.
UDP(User Datagram Protocol)
Network protocol for transferring data packets - uses IP like TCP, but doesn't error check) IP.
234 Modern Distributed Control Systems
Appendix 5.A
5.A Twisted Pair Categories, Classes, and AWG
Table 5.6 Representative American Wire Gauge (AWG) Characteristics.
AWG Diameter
(inches)
Diameter
(millimeters) Ohms/Gauge Number km
10 0.101 2.588 3.3
12 0.080 2.053 5.2
14 0.064 1.628 8.3
16 0.050 1.291 13.2
18 0.040 1.024 20.9
20 0.031 0.811 33.3
22 0.025 0.643 53.0
24 0.022 0.573 84.2
26 0.016 0.404 133.9
Table 5.7 Twisted Pair Categories and Classes.
CAT 1 CAT 2 CAT 3 CAT 4 CAT 5 CAT 5E CAT 6
Class E
CAT 7
Class F
Bandwidth
MHz
< 1 4 16 20 100 155 200 600
Cable Type UTP UTP UTP UTP UTP/FT
P
UTP/FT
P
UTP,
FTP,
ScTP,
S/FTP
S/FTP
Link Cost
(Cat 5 =1)
- - 0.7 0.85 1 1.2 1.5 2.2
235
Appendix 5.B
5.B Brief history of important developments in the IEEE 802.3x
standards
Table 5.8 Evolution of the IEEE 802.3 standards.
IEEE
802.3x Date Description
IEEE
802.3 1983 10BASE5 10 Mbit/s over thick Coxial cable wit maximum Length of 500
meters/segment.
802.3a 1985
10BASE2 10 Mbit/s over thin Coax. It provides distance (180 meters), allows
daisy chaining, and offers higher noise immunity, and up to 30 nodes per
segment.
802.3u 1995
100BASE-TX (uses two pairs of category 5 UTP or STP), 100BASE-T4 (uses
four pairs of wires of category 3, 4 or 5 UTP), 100BASE-FX(uses multimode or
single-mode fiber optic cable).This version of Ethernet (802.3u) is commonly
known as "Fast Ethernet".
802.3z 1998 1000BASE-XGbit/s (Gigabit Ethernet) usesFiber-Optic at 1 Gbit/s.
802.3ab 1999 1000BASE-TGbit/s Ethernet operation over four pairs of category 5 UTP
cabling at 1 Gbit/s
802.3ae 2003
10 Gbit/s Ethernet over fiber; The 10 Gigabit Ethernet operates in full-duplex
mode with transfer rates of 10 gigabits per second for distances up to 300
meters on multimode fiber optic cables and up to 40 kilometres on single mode
fiber optic cables.
802.3af 2003 Power over Ethernet
802.3an 2006 10GBASE-T 10 Gbit/s (1,250 MB/s) Ethernet over unshielded twisted
pair(UTP).
802.3at 2009 Power over Ethernet enhancements
802.3az 2010 Energy Efficient Ethernet
802.3bd 2011 Priority-based Flow Control.
236 Modern Distributed Control Systems
CHAPTER 6
6INTERNET
6.1 Introduction
6.2 Internet Architecture
6.3 IP Addresses and Domain Names
6.3.1 IP Address Classes
6.3.2 Domain Name System
6.3.3 Mapping Domain Names to IP Addresses
6.4 Internet IP Layer
6.4.1 ARP: Address Resolution Protocol.
6.4.2 RARP: Reverse Address Resolution Protocol.
6.4.3 ICM: Internet Control Message Protocol
6.4.4 IP Routing
6.4.5 IPv6: Internet Protocol Version 6
6.4.6 Private and Link-local IP Addresses
6.5 TCP Transmission Control Protocol
6.5.1 Ports
6.5.2 Sockets
6.6 UDP User Datagram Protocol
6.7 RTP Real-Time Transport Protocol
6.8 Application Layer Protocols
6.8.1 HTTP: Hyper Text Transfer Protocol
6.8.2 FTP: File Transfer Protocol
6.8.3 SNMP: Simple Network Management Protocol
6.8.4 BOOTP: The Bootstrap Protocol
6.8.5 SMTP: Simple Mail Transfer Protocol
6.8.6 NTP: Network Time Protocol
6.9 Internet-Based SCADA Systems
OVERVIEW
This chapter examines Internet communication layers and services. After briefly
introducing the Internet and its benefits to business and industrial automation, the
chapter then looks at Internet architecture, its IP and transport layers, and its
application layer services with reference to the OSI model. Section 6.3 is dedicated to
its IP addressing and domain name hierarchy. Section 6.4 covers in more detail the
IP network layer and its services, including the IP header, ARP, RARP, ICM, and IP
routing protocols. The section closes with an introduction to IPv6 with a comparison
to the IPv4, and the expected benefits to the automation industry from IPv6
deployment.
237
The Internet TCP transport protocol is covered in Section 6.5. It also introduces
the concepts of Internet Ports and Sockets. Similarly, the UDP protocol is covered in
Section 6.6. An Introduction to the real-time transfer protocol (RTP) and its
companion control protocol RTCP are covered in Section 6.7. Some of the common
Application Layer services are elaborated in Section 6.8, in particular those relevant
to the Automation/SCADA applications. The section covers HTTP, FTP, SNMP,
BOOTP, SMTP and NTP. Finally, Section 6.9 discusses some of the issues related to
the use of Internet in Process Automation and provides examples of Internet SCADA
applications.
LEARNING OBJECTIVES
After reading this chapter, you should
Understand the overall structure of the TCP/IP stack of protocols.
Understand the various components of the internet and the ICP/IP Protocols.
Understand the basic operation of all Internet layer protocols including IP,
ARP, RARP, and ICMP.
Understand the purpose and application of the different fields in the IPv4
header.
Understand the differences between address classes, and the relationship
between class numbers, network ID and host ID.
Understand the concept of subnet masks and prefixes
Recognize the main features and differences between IPv4 and IPv6.
Understand the basic functions of the Internet Transport layer.
Understand the basic operation of TCP and UDP.
Understand the fundamental differences between TCP and UDP.
Recognize which protocol (TCP or UDP) to use for a particular application.
Understand the meaning of each field in the TCP and UDP headers.
Understand the services provided by HTTP, FTP, BOOTP, DHCP, SMTP,
SNMP, and NTP.
Recognize the risks and issues of using Internet in Control Applications.
Appreciate the growing use of Internet in SCADA applications.
Recognize the necessary components for Internet-enabled SCADA.
238 Modern Distributed Control Systems
6.1 Introduction
The Internet is a network of computer networks, computers, and
communications infrastructures, all interconnected and working together because
they adhere to standard protocols. The term Intranet is widely used to describe the
application of Internet technologies in internal corporate networks. Businesses use
Intranets to share information more efficiently, taking advantage of the Internet
browser paradigm. Intranets are based on technology that already exists in many
enterprises. Rather than using these tools to connect to the outside world via the
Internet, an Intranet uses them for intra-company communications.
The Internet has changed the way companies do business. The benefits include:
1. Ability to adjust prices quickly to respond to market demand or competitive
move.
2. Adjust production schedule daily.
3. Provide instant access to a vast database of information resources to the
marketing, purchasing, technical and managerial staff.
4. Provide instant access to product information and prices to the customers.
5. Help customers diagnose problems with products.
Use of Internet in Automation
The Internet brings many new features to the process control and automation
field, which were previously difficult or costly to implement in traditional control
systems. One of the most obvious advantages of the Internet is the remote
accessibility of plant systems and the sharing of this information among various
people in the organization. Another advantage is the distributed open-system
architecture that the Internet provides, allowing heterogeneous systems to
communicate with each other. A third advantage is the use of the standard web
browser, which provides a uniform human-machine interface (HMI), minimizing
maintenance and training costs. All these advantages led many control system
vendors to offer web-enabled versions of their traditional control systems, or in some
cases, to provide complete web-based solutions for certain applications.
The Internet, however, has its limitations when compared to a traditional control
system. For example, the Internet as it operates today has variable (random) delays
and can suffer packet loss that can be as high as 10% or more during severe
congestion. Accordingly, handling real time dynamic data and deterministic response
that are essential for control applications cannot be delivered by the current internet
architecture. These functionality and performance constraints, in addition to concerns
inherent to the Internet such as security and reliability, limit the widespread use of
web-based control systems. Nevertheless, recent emerging web technologies are
239
promising to overcome many of these limitations, and are helping the Internet (and
the World Wide Web) to evolve into a highly graphical, interactive and collaborative
environment.
Most of the implementations so far utilize the Internet (or intranet) as a medium
for communication and plant management information only. There is a steady
increase in the number of implementations of what can be called an Internet-based
SCADA system. In control applications, however, a typical web enabled plant
monitoring application may be limited to converting DCS displays into web pages
then publishing them through a web server. The user accesses the web server to view
the displays remotely using a normal web browser from any general-purpose PC. The
user may have additional features such as trending, reporting and interfacing with
other desktop tools. Connection to the Internet opens the door to a variety of
available services, e.g., automatically sending reports and status messages to selected
users, or sending Alarm notification messages as SMS to mobile phones.
The Internet enabled large organizations to establish centralized
expertise/consulting knowledge centers, where experts have access to the data from
remote plants, and provided immediate advises to the local personnel in the remote
plants. In another application, large simulation or optimization programs can be run
from a centralized location on a powerful computing facility. The results can then be
downloaded to the supervisory computers in the various DCS sites. Every day the
Internet empowers new innovative solutions for more efficient operation and
management of businesses and organizations.
6.2 Internet Architecture
Communication over the Internet is governed by the so called TCP/IP protocol.
The TCP/IP protocol suite is named for two of its most important protocols:
Transmission Control Protocol (TCP) and Internet Protocol (IP). Another name for it
is the Internet Protocol Suite, and this is the phrase used in official Internet standards
documents. The more common term, TCP/IP, is used here to refer to the entire
protocol. The early design goal of TCP/IP was to build an interconnection of
networks that provided universal communication services: an internetwork or
internet. Each physical network has its own technology-dependent communication
interface. Communication services are provided by software that runs between the
physical network and the user applications, which provides a common interface for
these applications, independent of the underlying physical network. The architecture
of the physical networks is hidden from the user. The second aim is to interconnect
different physical networks to form what appears to the user to be one large network.
Like most networking software, TCP/IP is modeled in layers. This layered
representation leads to the term protocol stack which is synonymous with protocol
240 Modern Distributed Control Systems
suite. It can be used for comparing the functions of the TCP/IP protocol suite against
the Open System Interconnection (OSI) model. A simplified TCP/IP interpretation of
the stack is shown in Figure 6.1. The Internet IP layer and its networking related
protocols correspond to the OSI Network layer. That means the IP layer resides over
the data link layer and its preceding physical layer. These two lower layers are very
much technology dependent; however, their underlying technologies are transparent
to the IP and TCP layers. The TCP/UDP layer services correspond to the OSI
transport layer. Commonly, the top three layers of the OSI model (Application,
Presentation and Session) are considered as a single application layer in the TCP/IP
suite. Because the TCP/IP suite has no unified session layer on which higher layers
are built, these functions are typically carried out (or ignored) by individual
applications. The Internet application layer provides a standard set of services to the
end user, e.g., HTTP, FTP and SMTP.
Physical
Data-Link
Network
Transport
Application
IP
ICMP
ARP/
RARP
Physical
Data-Link
Session
Presentation
1
2
3
4
7
OSI Internet
Applications
TCP/UDP
Figure 6.1 Relationship between Internet Protocol stack and the OSI network model.
A summary of the Internet layers and their approximate analogy with the OSI
network model is also given in Table 6.1.
241
Table 6.1 Internet Network layers
5Application
layer
e.g. HTTP, FTP, SMTP
4 Transport e.g. TCP, UDP
3 Network Internet Protocol (IP), ARP, RARP
2 *Data Link e.g. Ethernet, Token ring, etc.
1 *Physical e.g. physical media, and encoding techniques, T1, E1,
* Layers 1 & 2 are not part of the Internet protocols.
IP = Internet Protocol
ARP = Address Resolution Protocol
RARP = Reverse Address Resolution Protocol
TCP = Transmission Control Protocol
UDP = User Datagram Protocol
SMTP = Simple Mail Transfer Protocol
HTTP = Hyper Text Transfer Protocol
FTP = File Transfer Protocol
The functions of the network layers involved in Internet can be summarized as
follows:
Network Layer: Determines the best path and packet switching to direct (i.e.,
send) packets from a source to a destination. The protocol that governs this layer is
called Internet Protocol (IP).
Transport Layer: Transport layer provides the end-to-end data transfer.
Example protocols are TCP (connection-oriented) and UDP (connectionless).
Application Layer: This is a user process cooperating with another process on
the same or a different host. Examples are HTTP (Hyper Text Transfer Protocol),
TELNET (a protocol for remote terminal connections), FTP (File Transfer Protocol)
and SMTP (Simple Mail Transfer Protocol).
Now, suppose that a computer A wants to retrieve a web page from a web server
B on a different LAN, as shown in Figure 6.2. To be able to interconnect the two
LANs, a computer must be attached to both networks that can forward packets from
one LAN to the other; such a machine is called a router. The term IP router is also
used because the routing function is part of the IP layer of the TCP/IP protocol suite.
242 Modern Distributed Control Systems
Higher-Layer
Protocols & D ata
TCP
IP
Data Link
Physical
IP Network
Higher-Layer
Protocols & Data
TCP
IP
Data Link
Physical
Router Router
Ethernet Ethernet
Layer
4
3
2
1
AB
Figure 6.2 Computer-to-computer Internet communication.
Routers are also used to interconnect various networks in the World Wide Web.
Figure 6.3 shows two Internet examples. In Figure 6.3(a) two interconnected sets of
networks are seen as one logical network. The internet protocol enables the switching
of packets from source to destination interfaces through routers. Routers read the
packets’ destination address and send it out the appropriate interface toward
destination. Each router has a routing table whose entries indicate the best output
interface for destination addresses.
From the network standpoint, a router is basically a normal host. But from the
user standpoint, routers are invisible. The user sees only one large internetwork.
Similarly, Figure 6.3(b) shows routers used to interconnect multiple networks, which
is ultimately the basis of the world wide web of networks, but all still seen as one
logical network.
243
Network 1
Network 1
Network 2 R
R
R
Router
Router Router
Two networks interconnected by a route
Multiple networks interconnected by routers
(also seen as one virtual network, an internet)
Network 2 One Virtual
Network
=
equals Internet A
Network 3 One Virtual
Network
=
equals Internet A
Router
(a)
(b)
Network 4
RR
Router
Router
Figure 6.3 Connection of multiple networks.
The following sections contain more details and discussions on the operation of
the Internet.
6.3 IP Addresses and Domain Names
Each host on the Internet is identified by an assigned address, known as an IP
address. When a host has multiple network adapters, each adapter has a separate IP
address. The 48 bits MAC address (the physical address, see Chapter 5) is used at the
Data Link Layer, while IP address functions at the network layer (layer 3). In other
words, IP is the logical address supporting the software implementation, and MAC
address supports the hardware implementation of the network stack. The MAC
address generally remains fixed for the network device, but the IP address in IPv4
changes as the network device moves from one network to another.
The IP address consists of two parts:
IP address = < network number > < host number >
The network number part of the IP address is assigned by a central authority and
is unique across the Internet. The authority for assigning the host number part of the
IP address resides with the organization which controls the network identified by the
network number. Internet addresses can be symbolic or numeric. The numeric form
is a 32-bit unsigned binary value, which is usually expressed in a dotted decimal
format (as the decimal representation of four 8-bit values concatenated with dots).
For example, 128.2.7.9 is an IP address with 128.2 being the network number and 7.9
being the host number. The numeric form is used by the IP software. The mapping
244 Modern Distributed Control Systems
between the two is done by the Domain Name System (DNS).
ICANN (Internet Corporation for Assigned Names and Numbers,
www.icann.org) is the global, non-profit, private-sector coordinating body acting in
the public interest. ICANN ensures that the DNS continues to function effectively –
by overseeing the distribution of unique numeric IP addresses and domain names
across the Internet. Among its other responsibilities, ICANN oversees the processes
and systems that ensure that each domain name maps to the correct IP address. The
organization originally responsible for this task was the Internet Assigned Numbers
Authority (IANA). IANA still operates under the auspices of ICANN and is still
responsible for IP address assignment and parameter coordination.
ICANN is regionally represented by Regional Internet Registries (RIRs).
Current Regional Registries include ARIN (the Americas, Caribbean, and Africa),
RIPE (Europe, Africa, and the Middle East), and APNIC (the Pacific Rim and Asia).
6.3.1 IP Address Classes
Historically, IP addresses were assigned within classes: Class A (8 bits of
network address, 24 bits of host address), Class B (16 bits of network address, 16 bits
of host address), or Class C (24 bits of network address, 8 bits of host address). But
to conserve address space, it is now allocated and assigned on bit boundaries; that is,
the network is able to assign addresses corresponding with the number of hosts on
the network.
For example, a network with prefix /24 uses 24 bits for network address, while
the remaining 8 bits define IP address space of 256. Similarly, a network with prefix /
23 uses 23 bits for network address, while the remaining 9 bits define IP address
space of 512.
A subnet mask is used to determine which is the network part and which the
host part.
Default subnet masks:
Table 6.2 Examples of Network Masks (Ref. RFC2901).
Network Prefix Network Class Mask
/25 255.255.255.128
/24 1C 255.255.255.0
/23 2C 255.255.254.0
245
IANA reserved 4 address ranges: RFC 1918, to be used in private networks, which
do not appear on the Internet to avoid IP address conflicts:
- 10.0.0.0 through 10.255.255.255
- 172.16.0.0 through 172.31.255.255
- 192.168.0.0 through 192.168.255.255
- 169.254.0.1 through 169.254.255.254 (reserved for Automatic Private IP
Addressing, also known as link-local address range).
In order to use private address space, an enterprise needs to determine which
hosts do not need to have network layer connectivity outside the enterprise, and thus
could be classified as private. Such hosts can use the private address space defined
above. Private hosts can communicate with all other hosts inside the enterprise.
However, private hosts can have external Internet access service via mediating
gateways which replace their private IP address by the organization public IP address
in the outgoing packets, see Section 6.4.6 for more details.
6.3.2 Domain Name System (DNS)
Early Internet configurations required the use of numeric IP addresses, which
quickly evolved to the use of symbolic host names. For example, instead of typing
64.233.167.103 one could type www.google.com, and “google” is then translated in
some way to the IP address 64.233.167.103. This introduces the problem of
maintaining the mappings between IP addresses and high-level machine names in a
coordinated and centralized way. The Domain Name System allows a program
running on a host to perform the mapping of a high-level symbolic name to an IP
address for any other host without the need for every host to have a complete
database of host names.
At the heart of the DNS are 13 special computers, called root servers. They are
coordinated by ICANN and are distributed around the world. All the 13 servers
contain the same top-level domain (TLD) name tables to spread the workload and for
backup.
The root servers contain the IP addresses of all the top level domain (TLD)
registries – both the global registries such as .com, .org, etc., and the country-specific
registries such as .ca (Canada), .eg (Egypt), etc, as shown in Figure 6.4.
246 Modern Distributed Control Systems
Figure 6.4 Domain name hierarchy.
The Hierarchical Name space
A symbolic domain name address is an alias for the actual numeric IP address.
For example:
Domain Name IP address
www.google.com 74.125.67.100
www.hotmail.com 64.4.32.7
www.yahoo.com 209.131.36.159
Root DNS
Servers
google
Top Level
Domains (TLD)
Countryies
Domain
Names
.com, .org, .net, .mil, .edu, etc .uk, .ca, .sa, it, .eg, etc
msnyahoo mit ac orgco gov
me
ece
Sub-domains
Host “dsplab 1”
DNS servers
DNS Client
DNS resolver
247
The DNS consists of a hierarchical namespace notation, a database containing
names and associated numbers, a hierarchical set of DNS server computers and
distributed databases for scalability.
An Authoritative Nameserver is a name server (DNS Server) that holds the
domain names and their corresponding IPs for a particular organization or domain.
For example a DN server which hold the records for MIT is an Authoritative
Nameserver for MIT. A host in berkley.edu who wants to communicate with a web
site at ece.mit.edu would need then to query the MIT DN server to get the IP number
for ece.mit.edu.
Domain names are formed to reflect the hierarchical delegation of authority
used to assign them. For example, consider the name
ece.mit.edu
Here, ece.mit.edu is the lowest-level domain name, a sub-domain of mit.edu,
which in turn is a sub-domain of .edu (education), which is called a top-level domain
in the hierarchy. The three-character top-level names are called the generic domains
or the organizational domains. For example:
.edu Educational institutions
.gov Government institutions
.com Commercial organizations
.mil Military groups
.net Networks
.org Organizations
Since the Internet began in the United States, the organization of the
hierarchical namespace initially had only US organizations at the top of the
hierarchy, and it is still largely true that the generic part of the namespace contains
US organizations.
As of June 2011 there were 22 generic top level domains (gTLD) as well as
about 250 country-level domain names. However, in June 2011 the Internet
Corporation for Assigned Names and Numbers (ICANN) voted to dramatically
increase the number of domain endings from the traditional 22 gTLDs. The generic
top-level domain names can now end with almost any word and be in any language.
As of November 2015, the number of gTLD exceeded 700 domain names.
Country Domains:
There are also top-level domains named for each of the ISO 3166 international
2-character country codes (from .ae for the United Arab Emirates to .zw for
248 Modern Distributed Control Systems
Zimbabwe). These are called the country domains or the geographical domains.
Many countries have their own second-level domains underneath, which parallel the
generic top-level domains. In the UK, for example, the domains equivalent to the
generic domains .com and .edu are .co.uk and .ac.uk (“ac” is an abbreviation for
academic).
6.3.3 Mapping Domain Names to IP Addresses
There are thousands of computers called “Domain Name Servers” or DNS
servers scattered all over the internet. These servers are used to respond to a user's
request (client queries) to resolve a domain name (i.e., to find the corresponding IP
address). They also have a cache to save previously resolved cases to respond to the
next similar queries without having to seek help from other DNS servers. "Resolving
a domain name" refers to the translation of a domain name into an IP Address. The
client-side of the DNS is called a DNS resolver, a part of the operating system
library. It is responsible for initiating and sequencing the queries that ultimately lead
to a full resolution (translation) of a domain name to an IP address.
When applications, like browsers or email programs, make a request that
requires a domain name lookup, such programs send a resolution request to the DNS
resolver in the local operating system, which in turn handles the communications
required.
The DNS resolver has also its own cache containing recent lookups. If the cache
can provide the answer to the request, the resolver will return the value in the cache
to the program that made the request. If the cache does not contain the answer, the
resolver will send the request to one or more designated DNS servers. The DNS
server, in turn, may obtain the answer from its name cache, its own database or
another DNS server. The designated DNS server is usually supplied by the Internet
service provider to which the machine connects. The user will either have to enter
that server's address manually in his machine’s internet configuration or allow DHCP
to set it. In organizations, the system administrator can configure the DNS clients to
point to the DNS servers of the organization.
There are two methods by which the interaction between the client DNS
resolver and the DNS server can take place. With recursive resolution, the DNS
client makes the initial request. The burden of the processing is then borne by the
server, which may have to contact other servers before returning the result to the
client. This is typical for smaller hosts such as PCs and laptops.
With iterative recursion, the resolver contacts a server that either provides the
answer, or refers the resolver to another name server. This process is repeated until
the resolution process is completed. The computational burden is shared between
resolver and name servers. This is typical for larger computers and mainframes.
249
6.4 Internet IP Layer
This is also called the internet layer or the network layer. The IP layer shields
the higher levels from the network architecture below it. IP is the most important
protocol in this layer. It is a connectionless protocol, which does not require the
reliability of the lower layers. IP does not provide reliability, flow control or error
recovery. These functions must be provided at a higher level, either at the transport
layer by using TCP as the transport protocol, or at the application layer, if UDP is
used as the transport protocol. A message unit in an IP network is called an IP
datagram.
Internet Protocol version 4 (IPv4) is the fourth iteration of the IP and it is the
first version of the protocol to be widely deployed, and it is the dominant network
layer protocol on the Internet.
Higher layers protocol and user data
Source Address
Header ChecksumProtocolTime to Live
Identification Fragment OffsetFlags
Total LengthVersion IHL Type of Service
0 4 8 12 16 20 24 28 31
Bit
Position
Destination Address
Options & Padding (rarely present)
Figure 6.5 IPv4 Header.
IPv4 uses 32-bit addresses, and with the growth of the Internet, these have
become a scarce and valuable commodity. IPv6 was then introduced in 1999 to
overcome the IP address limitation by extending the address space to 128 bits. IPv6
will be discussed in Section 6.4.5.
The IP header, Figure 6.5, is appended to the data that IP accepts from higher-
level protocols, before routing it around the network. The IP header consists of six
32-bit ‘long words’ and is made up as follows:
Ver, 4 bits: this indicates the version of the IP protocol in use. In this case it is
4.
IHL, 4 bits: the Internet header length is the length of the IP header in 32 bit.
250 Modern Distributed Control Systems
The minimum value is 5, representing 5 × 4 =20 bytes.
Type of Service (ToS), 8 bits: this provides an indication of the parameters of
the quality of service desired. These parameters are used to guide the selection of the
actual service parameters when transmitting a datagram through a particular network.
The choice involved is a three-way trade-off between low delay, high reliability, and
high throughput.
Total Length, 16 bits: this is the length of the datagram, measured in bytes,
including the header and data.
Identification, 16 bits: this field uniquely identifies each datagram sent by a
host. It is normally incremented by one for each datagram sent.
Flags, 3 bits: this field contains two flags to indicate whether the IP is allowed
to fragment the datagram or not, and whether it is the last fragment or not.
Fragment Offset, 13 bits: this field indicates where in the original datagram
this fragment belongs. The fragment offset is measured in units of 8 bytes.
Time to Live (TTL), 8 bits: the purpose of this field is to cause undeliverable
datagrams to be discarded. Every router that processes a datagram must decrease the
TTL by one, and if this field contains the value zero, then the datagram must be
destroyed.
Protocol, 8 bits: the protocol field indicates the higher level protocol above IP
in the protocol stack, which has passed the datagram on to IP.
Header Checksum, 16 bits: this is a standard checksum on the IP header only.
Source and Destination Address, 32 bits each: these are the 32-bit IP
addresses of both the origin and the destination of the datagram.
The network layer, as depicted in Figure 6.1, includes other protocols as ARP,
RARP and ICMP.
6.4.1 Address Resolution Protocol (ARP)
For two machines on the same network to communicate, they must know the
other machine's physical MAC addresses (required to compose level 2 frames). By
broadcasting ARPs, a host can dynamically discover the MAC-layer address
corresponding to a particular IP network-layer address. This case happens when a
server on the same network is known by its IP address. However, a client needs also
the server physical address to be able to communicate with it on the same network.
After receiving a MAC-layer address, IP devices create an ARP cache to store
251
the recently acquired IP-to-MAC address mapping, thus avoiding having to broadcast
ARPS when they want to reconnect a device. If the device does not respond within a
specified time frame, the cache entry is flushed. ARP is described in RFC 826.
6.4.2 Reverse Address Resolution Protocol (RARP)
RARP is used to map MAC-layer addresses to IP addresses. RARP, which is the
logical inverse of ARP, might be used by workstations that do not know their IP
addresses when they boot. RARP relies on the presence of an RARP server with table
entries of MAC-layer-to-IP address mappings. RARP is described in RFC 903.
RARP is important to secure automation networks, where only authorized work
stations and devices, listed in the RARP server are allowed to use the network. When
an authorized workstation is turned on, it sends an RARP request. The RARP server
will then assign an IP to it only if its MAC number is in the authorized list.
6.4.3 Internet Control Message Protocol (ICMP)
The ICMP is a network-layer Internet protocol that provides message packets to
report errors and other information regarding IP packet processing back to the source.
Although ICMP is an Internet-layer protocol, its messages travel across the network
encapsulated in IP datagrams in the same way as higher layer protocol (such as TCP
or UDP) datagrams. The ICMP message, consisting of an ICMP header and ICMP
data, is encapsulated as ‘data’ within an IP datagram. ICMP is documented in RFC
792.
6.4.4 IP Routing
The entire purpose of IP is to provide unique global computer addressing to
ensure that two computers communicating over the Internet can uniquely identify one
another. IPv4 is a data-oriented protocol to be used on a packet switched
internetwork (e.g., Ethernet). It is a best effort protocol in that it does not guarantee
delivery. It does not make any guarantees on the correctness of the data; it may result
in duplicated packets and/or packets out-of-order. These aspects are addressed by an
upper layer protocol (e.g., TCP, and partly by UDP). IP routing protocols are
dynamic, which means routes are calculated automatically at regular intervals by
software in routing devices.
An IP routing table, which consists of destination address/next hop pairs, is used
to enable dynamic routing. In IP routing, datagrams travel through internetworks one
hop at a time. The entire route is not known when a datagram leaves the source host.
But at each stop the next destination is calculated by matching the destination address
within the datagram with an entry in the current node's routing table.
Each node's involvement in the routing process is limited to forwarding packets
based on internal information. The nodes do not monitor whether the packets get to
252 Modern Distributed Control Systems
their final destination, nor does IP provide for error reporting back to the source
when routing errors occur.
6.4.5 Internet Protocol Version 6 (IPv6)
In IPv6 the address field grows from 32-bits to 128-bits. IPv6 overcomes other
limitations of the IPv4, including support for packet priority, QoS, multicasting, and
virtual private networks. The IPv6 header format is shown in Figure 6.6.
Destination Address
Source Address
Version Traffic Cla ss Flow Label Payload Length Next Header Hop Limit
0 4 8 12 16 20 24 28 32 36 40 44 48 52 56 60 63Bit Position
Figure 6.6 The IPv6 headers.
IPv6 is an Internet-layer protocol developed in the 1990s, approved by IANA in
1999 (and described in RFC2460). The changes from IPv4 to IPv6 follow:
Version, 4 bits: now always contains 6 rather than 4.
The Internet Header Length (IHL) field that indicates the length of the IPv4
header is no longer needed because the IPv6 header is always 40 bytes long.
Traffic Class, 8 bits: replaces Type of Service. The original semantics of the
IPv4 Type of Service field have been superseded by the diffserv semantics per RFC
2474.
Flow Label, 20 bits: is new in IPv6. The idea is that packets belonging to the
same stream, session or flow share a common flow label value, making the session
easily recognizable without having to look “deep” into the packet. Recognizing a
stream or session is often useful in Quality of Service mechanisms. Although few
implementations actually look at the flow label, most systems do set different flow
labels for packets belonging to different TCP sessions. A zero value in this field
means that setting a flow label per session is either not supported or not desired.
The Total Length is the length of the IPv4 packet including the header. In IPv6,
the Payload Length (16 bits) does not include the 40-byte IPv6 header, thereby
saving the host or router receiving a packet from having to check whether the packet
is large enough to hold the IP header in the first place—making for a small efficiency
gain. Despite the name, the Payload Length field includes the length of any
additional headers, not just the length of the user data.
253
The Identification, Flags and Fragment Offset fields are used when IPv4
packets must be fragmented. Fragmentation in IPv6 is performed in a different way.
Accordingly, these fields are present in the IPv6 header.
Hop Limit (8 bits): replaces Time to Live (TTL). This field is initialized with a
suitable value at the origin of a packet and decremented by each router along the
way. When the field reaches zero, the packet is destroyed. This way, packets cannot
circle the network forever when there are loops.
The Protocol field in IPv4 is replaced by Next Header (8 bits) in IPv6. In both
cases, the field indicates the type of header that follows the IPv4 or IPv6 header. In
most cases, the value of this field would be 6 for TCP or 17 for the User Datagram
Protocol (UDP).
The IPv4 Header Checksum was removed in IPv6.
The Source Address and Destination Address serve the same function in IPv6
as in IPv4, except that they are now four times as long at 128 bits.
Table 6.3 provides a summary of the key enhancements and differences between
IPv4 and IPv6.
Table 6.3 Summary of enhancements by Ipv6.
Feature Change
Address Space Increase from 32-bit to 128-bit address space
Management Stateless auto-configuration means no more
need to configure IP addresses for end systems,
even via DHCP
Performance Predictable header sizes and 64-bit header
alignment mean better performance from routers
and bridges/switches
Multicast/Multimedia Built-in features for multicast groups,
management, and new "anycast" groups
Mobile IP Simplify deployment of mobile IP-based
systems
Virtual Private
Networks
Built-in support for ESP/AH
encrypted/authenticated virtual private network
protocols;
built-in support for QoS tagging
IPv6 is expected to solve many problems that face the implementation of the
254 Modern Distributed Control Systems
Internet in SCADA and control networks. The increased security and encryption in
IPv6 is very critical feature for many industrial and business applications. The
integrated QoS is very important feature to reduce packet latency in SCADA and
control applications. The data multicasting feature can be very useful in certain alarm
notification applications. The auto-configuration feature would simplify connections
of TCP/IP enabled PLCs and RTUs to an organization’s Intranet. Finally, the huge
IPv6 address space would eventually lead to a new generation of smart sensors,
actuators and controllers with an embedded, unique IP address, TCP/IP stack and
web server, ready to work from anywhere and with any RTU or DCS from any
vendor.
6.4.6 Private and Link-local addresses
Private IPv4 address spaces:
Because of the explosion of the number of computers using Internet, it was
realized that the 32 bit address space of IPv4 is not enough to have a public IP
number for every computer. IPv4 reserves certain address ranges for private
networks. Table 6.4 shows these address spaces.
Table 6.4 Private Ipv4 address spaces.
Block size IP address range
24-bit block 10.0.0.0 - 10.255.255.255
20-bit block 172.16.0.0 - 172.31.255.255
16-bit block 192.168.0.0 - 192.168.255.255
Private addresses are allocated administratively by a local network
administrator, either statically, or automatically by a suitably DHCP server.
The private address space is mapped to a single public IP internet address by the
router. When a computer in the private network sends a packet, the router replaces
the private IP address of the computer by the organization public IP address in the
source address field of the IP header of the packet. The router also places the private
source address and the destination address in a table. When a packet is received, the
router checks the Source address in the IP header of the received packet, and
compare it with the destination address in the table to determine the private IP
address of the initiator of the packet. Finally it replaces the destination IP address in
the received packet by the private IP address of the concerned computer and sends
the packet to it. This process is known as Network Address Translation (NAT).
Link-local addresses:
Another type of private networking uses addresses from 169.254.1.0 to
169.254.254.255.
255
This block is known as Link-local address. In IPv4, link-local addresses are self-
assigned by a self-autoconfiguration utility, part of the operating system when a
computer has not been configured with a static IP-address and cannot find a DHCP
server. Link-local addresses are mandatory and required for the internal functioning
of various protocol components. The autoconfiguration utility selects a random
candidate address within the reserved range and uses the Address Resolution
Protocol (ARP) to check that the address is not in use on the network.
The concept of private networks and special address reservation for such
networks has been also extended to IPv6. The address block fc00::/7 has been
reserved for private networks. In IPv6, link-local use is also mandatory. The block
fe80::/10 was assigned for IP address auto-configuration.
6.5 TCP Transmission Control Protocol
TCP provides a reliable, connection oriented, byte stream service. The term
connection-oriented means the two applications using TCP must establish a TCP
connection with each other before they can exchange data. It is a full duplex protocol,
meaning that each TCP connection supports a pair of byte streams, one flowing in
each direction. TCP includes a flow-control mechanism for each of these byte
streams, which allows the receiver to limit how much data the sender can transmit.
TCP also implements a congestion-control mechanism. TCP data is encapsulated in
an IP datagram. Figure 6.7 shows the format of the TCP header. Its normal size is 20
bytes unless options are present.
The header includes two 16 bit fields for port addresses. While IP numbers
identify host computers on the internet, ports identify the initiating/target applications
on the source and destination respectively. The port numbers will be discussed in
more details in the next section.
Sequence Number:
TCP is responsible for ensuring that all IP packets sent are correctly received.
When a file is fragmented into IP packets, TCP will assign a sequence number for
each IP packet. When the packets arrive at the destination computer, TCP uses the
sequence number to ensure that all of the packets actually arrived and are in the
correct sequence.
Acknowledgment Number:
This field is used by the receiving computer to acknowledge successful
receptions of the arrived packets. The last packet from the receiving end will have the
sequence number of the next packet the receiver is ready to receive.
256 Modern Distributed Control Systems
TCP Header Options
Acknowledgment Number
Sequence Number
Source Port Destination Port
Window
Urgent PointerChecksum
Data
Offset
U
R
G
RES
0 4 8 12 16 20 24 28 31
A
C
K
P
S
H
R
S
T
S
Y
N
F
I
N
Bit Position
ACK = Acknowledgment
Data Offset = Length of TCP Header
FIN = Finish
PSH = Push
RES = Reserved
RST = Reset
SYN = Synchronize
URG = Urgent
Higher layers protocol and user data
Figure 6.7 TCP Header.
Header Length or Offset:
This field indicates the length of the TCP header.
Description of the other fields in the TCP header, and the TCP protocol can be
found in [Ref 2].
6.5.1 Ports
IP can route the message to a particular machine on the basis of its IP address.
But TCP must know which process (i.e., software program) the message is destined
for on that particular machine. This is done by means of port numbers ranging from 1
to 65,535.
Port numbers are controlled by IANA and can be divided into three groups: well
known ports, ranging from 1 to 1,023, have been assigned by IANA and are globally
known to all TCP users. For example, HTTP uses port 80; registered ports are
257
registered by IANA in cases where the port number cannot be classified as well
known, yet it is used by a significant number of users. Examples are port numbers
registered for Microsoft Windows or for specific types of PLCs. These numbers
range from 1024 to 49,151, the latter being 75% of 65,536.
A third class of port numbers is known as Ephemeral ports. These range from
49,152 to 65,535 and can be used by anyone on an ad-hoc basis. Table 6.5 provides
some examples of these 3 classes of port numbers.
Table 6.5 Ports assignment by IANA, http://www.iana.org/assignments/port-numbers.
Port (protocol) assignment Comments
0-1023 “Well-known”
1024-49151 “Registered”
49151-65535 “Ephemeral” Is common usage: officially
“Dynamic and/or private ports”.
Examples of Well-known ports
20 (TCP ) FTP – data Sending/receiving data using File
Transfer Protocol
21 (TCP) FTP—control (command)
22 (TCP,UDP) Secure Shell (SSH) Used for secure logins, file transfers
(scp, sftp) and port forwarding.
23 (TCP) Telnet protocol unencrypted text communications
25 (TCP,UDP) Simple Mail Transfer
Protocol (SMTP)
used for e-mail routing between mail
servers
43 (TCP) WHOIS protocol
80 (TCP,UDP) Hypertext Transfer
Protocol (HTTP)
Web server applications
110 (TCP) Post Office Protocol 3
(POP3)
Used for receiving email
161 SNMP Simple Network Management
Protocol
546 DHCP Client Dynamic Host Control Protocol
547 DHCP Server Dynamic Host Control Protocol
443 HTTPS Secure HTTP
53 Domain Name System (DNS)
Examples of Registered (private) ports
1089 (TCP,UDP) FF Annunciation Fieldbus Foundation (FF)
1090 (TCP,UDP) FF Fieldbus Message
Specification
2404 (TCP,UDP) IEC 60870-5-104
process control over IP
47808 (TCP,UDP) BacNet Building Automation and Control
Networks
258 Modern Distributed Control Systems
1628,1629 (TCP,UDP) LonWorks LonWorks Remote Network
Interface (RNI). Open network for
building automation and HVAC. An
ANSI/EIA standard
4840
4843
(TCP,UDP) OPC UA OPC UA TCP Protocol for OPC
Unified Architecture from OPC
Foundation
6.5.2 Sockets
In order to identify both the location and the application to which a particular
packet is to be sent, the IP address (location) and port number (process) are combined
into a functional address called a socket. The IP address is contained in the IP header
and the port number is contained in the TCP or UDP header. A socket must exist
both at the source and at the destination for any data to be transferred under TCP.
Internet
IP Address + TCP Port = Socket
128.10.2.3:53000 18.26.0.36:80
128.10.2.3:53001 222.9.0.32:80
128.10.2.3:53002 206.0.210.2:80
Virtual
Connection
Virtual Connection
Virtual
Connection
Virtual
Connection
WWW Server
WWW Server
WWW Server
18.26.0.36
222.9.0.32
206.0.210.2
Port 80 is used for HTTP
connections
HTTP = Hypertext Transfer
Protocol
·
A socket is the combination of IP address
and Layer 4 port number
·
Two sockets define a unique
communication
128.10.2.3
A
B
C
Figure 6.8 Establishing sockets between a user and three web servers.
With two processes communicating via TCP sockets, each side of a TCP
connection has a socket which can be identified by the pair < IP_address,
port_number >. Two processes communicating over TCP form a logical connection
that is uniquely identifiable by the two sockets involved, that is by the combination <
local_IP_address, local _port, remote_IP_address, remote_port>.
In Figure 6.8, a host with IP number 128.10.2.3 is browsing web pages from
259
three different web servers, A, B, and C, using the HTTP protocol. The host then
creates three sockets: the host socket <128.10.2.3:53000> associated with the socket
18.28.0.36:80 in the server A, and the host socket <128.10.2.3:53001> associated
with the socket 222.9.0.32:80 in the server B, the host socket <128.10.2.3:53002>
associated with the socket 206.0.210.2:80 in the server C.
6.6 UDP User Datagram Protocol
In general, UDP implements a fairly "lightweight" layer above the IP. UDP's
main purpose is to abstract network traffic in the form of datagrams. A datagram
comprises a single "unit" of binary data; the first eight (8) bytes of a datagram
contain the header information and the remaining bytes contain the data itself.
Destination Port
0 4 8 12 16 20 24 28 31
Bit
Position
Source Port
ChecksumLength
Higher-Layer
Protocols and Data
Octet
Position
1
5
Figure 6.9 UDP Header.
The UDP header, Figure 6.9, consists of four fields of two bytes each:
source port number
destination port number
datagram size
checksum
UDP port numbers allow different applications to maintain their own "channels"
or sockets for data; both UDP and TCP use this mechanism to support multiple
applications sending and receiving data concurrently. The sending application (that
could be a client or a server) sends UDP datagrams through the source port, and the
recipient of the packet accepts this datagram through the destination port. Some
applications use static port numbers that are reserved for or registered to the
260 Modern Distributed Control Systems
application. Other applications use dynamic (unregistered) port numbers. Because the
UDP port headers are two bytes long, valid port numbers range from 0 to 65535; by
convention, values above 49,151 represent dynamic ports.
The UDP datagram size is a simple count of the number of bytes contained in
the header and data sections. Because the header length is a fixed size, this field
essentially refers to the length of the variable-sized data portion (sometimes called
the payload).
6.7 Real-time Transport Protocol (RTP)
According to RFC1889 & RFC 13550 (2003), RTP is a transport protocol (OSI
Layer 4), although it lies on top of UDP (also an OSI Layer 4 protocol). But some
engineers classify it as a session layer protocol (OSI layer 5), or Application Layer
protocol (OSI layer 7).
RTP provides end-to-end delivery services for data with real-time
characteristics. It is specifically designed to deliver interactive streaming audio and
video content. RTP ensures that packets reach the end node's application both in a
timely manner and in the intended order. Those services include payload type
identification, sequence numbering, times-tamping and delivery monitoring.
Applications typically run RTP on top of UDP to make use of its multiplexing and
checksum services. Both protocols contribute parts to the transport protocol
functionality.
RTP itself does not provide any mechanism to ensure timely delivery or provide
other quality-of-service guarantees; it relies on lower-layer services to do so. RTP
services include:
1. Sequence numbering to detect lost, out-of-order or duplicate packets.
2. Time stamp to identify relative timing between packets and to assist in
determination of network jitters.
3. Source identifier to identify timing source for the session.
Nonetheless, it does not guarantee delivery or prevent out-of-order delivery, nor
does it assume that the underlying network is reliable and delivers packets in
sequence. The sequence numbers included in RTP allow the receiver to reconstruct
the sender's packet sequence, but sequence numbers might also be used to determine
the proper location of a packet (e.g., in video decoding), without necessarily
decoding packets in sequence.
The RTP Control Protocol (RTCP) defines a mechanism for hosts involved in
261
RTP sessions to exchange information regarding monitor and control of the session.
RTCP components include QoS feedback information such as the numbers of lost
packets, round-trip time and jitters, so that the sources can adjust their data rates
accordingly. Other information is also exchanged about the participants in an on-
going session. The RTCP utilizes an (RTP port number +1).
6.8 Application Layer Protocols
This section provides a brief description of some of the protocols and services
of the application layer of the TCP/IP model. This layer acts as intermediary
between user applications and the Internet lower-level protocols such as TCP or
UDP. Examples of these services include HTTP, FTP, TELNET, SNMP, SMTP,
POP3, etc. The number of these application layer services grows every year. But the
present focus is on those services which are frequently used in SCADA systems and
other automation applications.
6.8.1 HTTP: Hyper Text Transfer Protocol
HTTP is the protocol that enables the connection between a web server and a
client. By using a browser one could request and receive documents from servers on
the World Wide Web. The browsers use the HTTP protocol to access the web site.
The server responds with a mail message document formatted in either plain ASCII
or HTML. HTML documents describe web pages using tags and plain text. Tags are
special directives used to specify how the text or files are supposed to appear when
viewed with a web browser. The browser reads HTML documents and displays them
as web pages. The browser does not display the HTML tags, but uses the tags to
interpret the content of the page.
The first web page displayed would be the home page or top level web page.
From here on one would navigate to other associated pages by clicking on
hyperlinks. Port 80 is used since web servers, by default, listen out for connection on
port 80. At its most basic level, the HTTP protocol consists of a single connection
and a single command line delivered to a web server residing at a specific IP address.
A problem with the real-life situation is that a single web server could hold
several hundred websites, each one theoretically needing its own IP address. In
addition to this, each web site could have several dozens of web pages, each page
requiring a separate connection with the client. To overcome this problem the HTTP
1.1 specification (and upwards) allows the administrator to assign a virtual host,
which allows the website to appear to the outside world as a single entity with only
one IP address.
262 Modern Distributed Control Systems
Web Server technology has enabled low cost web browser technology to be
used as the MMI for PLC and SCADA systems. Newer PLC's and RTU's frequently
incorporate web servers that allow diagnostics and monitoring function via user web
browsers. Web-enabled SCADA hosts enable users to monitor remote sites via a web
browser.
6.8.2 File Transfer Protocol (FTP)
Since file transfer requires a reliable transport mechanism, TCP connections are
used. The process involved in requesting a file is as follows:
a) The FTP client opens a control connection to port 21 of the server.
b) The FTP client forwards user name and password to the FTP server for
authentication.
c) The server indicates whether authentication was successful.
d) The FTP client sends commands indicating file name, data type, file type,
transmission mode and direction of data flow (i.e., to or from the server) to
the server.
e) The server indicates whether the transfer options are acceptable.
f) The server establishes another connection for data flow, using port 20 on the
server.
g) Data packages are now transferred using the standard TCP flow control, error
checking and retransmission procedures.
h) When the file has been transferred, the sending FTP process closes the data
connection, but retains the control connection. The control connection can
now be used for another data transfer, or it can be closed.
Internet-enabled smart PLCs and controllers usually include the FTP service.
The controller can act as a server, client or both. FTP can be very useful for updating
application programs or configuration files and transferring data log or alarm log
files.
6.8.3 Simple Network Management Protocol (SNMP)
SNMP is an application-layer protocol that facilitates the exchange of
management information between network devices. It enables network administrators
to manage network performance, find and solve network problems, and plan for
network growth. There are three versions of SNMP. SNMP Version 1 (SNMPv1)
and SNMP Version 2 (SNMPv2) have a number of features in common, but
SNMPv2 offers enhancements, such as additional protocol operations. SNMPv3
protocol is a security model, defining new concepts as user, group, security levels
and policies.
263
SNMP basic components:
Managers (software) are responsible for communicating with (and managing)
network devices that implement SNMP Agents (also software).
Agents are software modules reside in managed-devices such as workstations,
switches, routers, microwave radios, printers and provide information to managers. It
has local knowledge of management information and translates that information into
a form compatible with SNMP.
MIBs (Management Information Base) describe data objects to be managed by
an agent within a device. MIBs are actually just text files, and values of MIB data
objects are the topic of conversation between managers and agents.
NMS (Network-Managed System) executes applications that monitor and
control managed devices. NMSs provide the bulk of the processing and memory
resources required for network management.
The MIB/MIS consists of a collection of individual objects or elements such as
point status of instrumentation signals that can be monitored or controlled using the
SNMP protocol. The individual objects, also called managed objects, are organized
within a MIB in a hierarchical structure that when laid out looks like a tree. Each
managed object has a unique Object Identifier (OID) consisting of numbers separated
by decimal points (e.g., 1.5.6.3.4.3981.2). The OID is used to distinguish each object
in a SNMP message. When managers and agents communicate, they refer to MIB
data objects using OID’s. An OID sent with a corresponding value {OID,Value} is
referred to as “binding.”
SNMP Messages: the SNMP protocol uses five basic messages for protocol
communications between an SNMP manager and an SNMP agent. These basic
messages are as follows:
GET and GET-NEXT: these two messages are used by the manager to obtain
information from an agent like the status of I/O.
GET-RESPONSE: this is a message initiated by the agent to the manager
upon receiving a GET or GET-NEXT message.
SET: this is a message used by the manager to set the value of a managed
object within a MIB.
TRAP: these messages are generated asynchronously by agents containing
alarm of status change information. TRAP messages (like alarm notification
messages) are always sent from an agent to a manager.
Although SNMP was designed originally for the management of devices such as
routers and switches, its usage has grown rapidly to encompass the monitoring of
264 Modern Distributed Control Systems
nearly any electronic device. SNMP is now used to monitor and manage television
broadcast studios, automated fare collection systems, airborne military platforms,
energy distribution systems, emergency radio networks and many SCADA
applications.
The number of IP-based devices that are used for industrial control and
monitoring has skyrocketed. Most of these devices support their own proprietary
protocol and such protocols are rigid to implement in a remote telemetry system and
even harder to manage from a SCADA perspective. SNMP has emerged as a very
efficient way to monitor SCADA assets while minimizing engineering and impact on
the network throughput. SNMP could be used as a unified framework to remotely
monitor and diagnose the SCADA and remote industrial control devices.
6.8.4 Bootstrap Protocol (BOOTP) (RFC 951)
BOOTP, a UDP/IP-based protocol, is an alternative to RARP. When a diskless
workstation (e.g., a PLC) is powered up, it broadcasts a BOOTP request with its
MAC number on the network. The BOOTP server contains a database matching each
IP address (and other required supporting data) with the MAC address of the
networked devices. A BOOTP server hears the request, looks up the requesting
client’s MAC address in its BOOTP file, and responds by telling the requesting client
machine:
The IP address which should be utilized by the disk-less workstation
The IP address of a server which will provide an operating system image for
the disk-less workstation.
The file name of an operating system image which the disk-less workstation
should boot.
The BOOTP server uses port 67 and the BOOTP client uses port 68. The
following is a brief explanation of what happens when a remote client boots:
a) BOOTP request. The client sends a BOOTP request from 0.0.0.0.68 to
255.255.255.255.67 with its Ethernet address (MAC address).
b) BOOTP reply. The server responds with the client's IP address, the server's IP
address (its own) and the IP address of a default gateway.
c) BOOTP request. The client waits 0.5 seconds and sends another BOOTP
request with its own IP address in the IP header.
d) BOOTP reply. The server sends the same BOOTP reply it sent the last time.
Although BOOTP is an alternative to RARP, it operates in an entirely different
way. RARP operates at the data link layer and the RARP packets are contained
within the local network (e.g., an Ethernet) frames; hence, it cannot cross any routers.
265
With BOOTP, the information is carried by UDP via IP; hence, it can operate on an
internetwork across routers and the server can be several hops away from the client
and facilitate address resolution across routers. Although BOOTP uses IP and UDP,
it is still small enough to fit within a bootstrap ROM on a client workstation.
6.8.5 Dynamic Host Configuration Protocol (DHCP)
DHCP is a more recent and advanced protocol for the same purpose, and has
superseded the use of BOOTP. Most DHCP servers also offer BOOTP support.
DHCP is defined by RFCs 1533, 1534, 1541 and 1542. When TCP/IP starts up on a
DHCP-enabled host, a special message is sent out requesting an IP address and a
subnet mask from a DHCP server. The contacted server checks its internal database,
then replies with an offer message comprising the information the client requested.
DHCP’s purpose is to centrally control IP-related information and eliminate the
need to manually keep track of where individual IP addresses are allocated. DHCP
was designed to solve the problem of assigning temporary addresses to devices such
as user laptop computers which frequently ‘appear’ and ‘disappear’ on a network.
Instead of maintaining a rigid database where the MAC address must be pre-
registered, as with BOOTP, a DHCP server instead keeps a ‘pool’ of addresses, each
of which may be ‘leased’ or ‘free’ at any time.
When a DHCP server receives a request for an address, it checks the table to see
if an address is already allocated for that device (based on the MAC address and IP
subnet), and returns it if it is. If not, it assigns an IP address from a pool of free
addresses. This method is very convenient for devices such as laptop computers
which only run ‘client’ software such as web browsers, and do not care which IP
address they are allocated, so long as it works.
Nonetheless, this dynamic assignment method is not useful for most PLC and
I/O devices, or network switches and web servers, which require the allocation of a
well-defined IP address. Most PLC’s expect to transmit configuration changes
directly to an IP address, and must know in advance what IP addresses to use for
each target. Also, it is very cumbersome to arrange for redundancy of a DHCP
service, so that addresses can be allocated by a standby server if the primary server is
unavailable. So although the technique works reasonably well in an office
environment, its value is limited in industrial control. Most industrial control vendors
have avoided use of DHCP protocol in favour of BOOTP, except for devices such as
operator interfaces.
6.8.6 Simple Mail Transfer Protocol (SMTP)
The SMTP standard is one of the most widely used upper layer protocols in the
266 Modern Distributed Control Systems
Internet protocol stack. As its name implies, it is a protocol that defines how to
transmit messages (e-mail) between two users. SMTP is found in two RFCs. RFC
822 describes the structure for the message, which includes the envelope as well.
RFC 821 specifies the protocol that controls the exchange of e-mail between two
machines. But there are many other RFCs for various extensions and amendments of
the basic SMTP.
SMTP is used by e-mail programs or any application programs to send e-mail
messages and files from a user on a local network to a user on a remote network.
SMTP defines the interchange between two SMTP processes. The SMTP process
with mail to send is called the SMTP client, while the receiving SMTP process is
called the SMTP server.
SMTP uses the concept of spooling. The idea of spooling is to allow e-mail to
be sent from a local application to the SMTP application, which stores the e-mail in
some device or memory. Once the e-mail has arrived at the spool, it is queued. A
server checks to see if any messages are available and then attempts to deliver them.
If the user is not available for delivery, the server may try later. Eventually, if the e-
mail cannot be delivered, it will be discarded or perhaps returned to the sender. This
is known as an end-to-end delivery system, because the server is attempting to
contact the delivery destination, and it will keep the e-mail in the spool for a period
of time until it has been delivered. The transmission of the message is executed in the
following steps:
The client sends the IP address or the domain name of the server (e.g.,
smtp.kfupm.edu.sa), the relevant port number (25) to create the necessary
TCP socket.
The SMTP server now sends a reply code indicating its ability to receive
mail.
The client then sends the SMTP ‘Hello’ command containing the host name
or domain name of the sending user.
Mail transfer begins with a ‘Mail From’ command containing the name of the
sender, followed by a ‘Receipt’ command indicating the recipient.
A ‘Data’ command is followed by the actual message.
When the message transfer is complete another message can be sent, the
direction of transfer changed, or the connection closed. Closing the
connection involves the SMTP client issuing a ‘Quit’ command. Both sides
then execute a TCP close operation in order to release the connection.
While SMTP enables applications to send e-mails, other services, such as Post
Office Protocol (POP3) or Internet Message Access Protocol (IMAP) are also
required to enable retrieving mail from an e-mail server. Application programs can
send e-mails using SMTP APIs like JavaMail.
267
One of the growing applications of SMTP in automation is e-mail alarm
notification and automated distribution of status reports to selected personnel. SMTP
provides flexibility, allowing specific alarm notifications to be sent to selected group
of users, who can receive it anywhere and at any time at their smart phones.
6.8.7 Network Time Protocol (NTP)
NTP version 3, specified in RFC-1305, is widely used to synchronize computer
clocks in the global Internet. NTP uses UDP on port 123 as its transport layer. It
provides comprehensive mechanisms to access national time, and frequency
dissemination services organize the time- synchronization subnet and adjust the local
clock in each participating subnet peer. In most places, NTP provides accuracies of
1-50 ms, depending on the characteristics of the synchronization source and network
paths. RFC-1305 specifies the NTP Version 3 protocol machine in terms of events,
states, transition functions and actions and, in addition, engineered algorithms to
improve the timekeeping quality and mitigate among several synchronization
sources, some of which may be faulty. To achieve accuracies in the low milliseconds
over paths spanning major portions of the Internet of today, these intricate algorithms
(or their functional equivalents) are necessary. NTP is designed for use by clients and
servers with a wide range of capabilities and over a wide range of network delays and
jitter characteristics.
NTP uses a hierarchical, layered system of levels of clock sources, each level of
this hierarchy is termed a stratum and assigned a layer number starting with zero at
the top. The stratum level defines its distance from the reference clock and exists to
prevent cyclical dependencies in the hierarchy. The NTP server’s hierarchy is meant
to prevent large numbers of clients from accessing the same primary time sources.
A less complex form of NTP that does not require storing information about
previous communications is known as the Simple Network Time Protocol or SNTP.
It is used in some embedded devices and in applications where high accuracy timing
is not required (RFC 1361, RFC 1769, RFC 2030, and RFC 4330).
In SCADA systems, where the resources could be distributed over a large
geographical area, proper synchronization of remote systems and time stamping is
essential. Some SCADA systems depend on the public system to locally synchronize
their clocks. But that may be inadequate for critical applications, such as power
distribution networks. For critical and/or secure SCADA applications and DCS
systems, a dedicated secure NTP server is usually used to ensure synchronization of
RTUs and controllers to the specified time accuracy. The NTP reference servers in
turn may now synchronize their master clock using the low cost satellite GPS signal
or the traditional UTC (Coordinated Universal Time) drawn from DCF77. DCF77 is
268 Modern Distributed Control Systems
a long-wave radio transmitter at 77.5 kHz for precise time information. It is located
near Frankfurt and available across most of Europe. It serves as an exact time source
for many applications, starting from simple radio clocks and numerous public clocks
up to demanding scientific experiments. UTC time is available from dialup networks,
a number of servers on the internet and from other external satellite receivers, as
Galileo, Egnos, Glonass and Waas.
For SCADA and Control networks, LAN-based NTP secure servers are
available from many vendors, which support NTP and SNTP for synchronization of
PLCs, RTUs and other embedded applications.
6.9 Internet-Based SCADA Systems
The Internet brings many new features to the process control and automation
field, which were previously difficult or costly to implement in traditional control
systems. Many companies are considering using the Internet for supervisory control
and data acquisition (SCADA) to provide access to real-time data display, alarming,
trending and reporting from remote equipment. Among the advantages of using
Internet in these applications:
Remote accessibility of plant systems and the sharing of this information
among various people in the organization.
Distributed open-system architecture allowing heterogeneous systems to
communicate with each other.
It enables access to vendors and contractors to remotely test and diagnose
their installed equipment.
The use of the standard web browser provides a uniform human-machine
interface (HMI), minimizing maintenance and training costs.
These advantages led many control system vendors to offer web-enabled
versions of their traditional control systems, or in some cases, provide complete web-
based solutions for certain applications.
Ethernet and TCP/IP are becoming the network standard because of their cost-
effectiveness, cross-industry pervasiveness, and natural compatibility with web-based
user interfaces. Also, object-oriented software, as OPC, are promising easy
integration between various systems without the need for custom drivers or code.
New developments in e-commerce are providing more alternatives for process
automation through the web. The web services concept offers new tools for
enterprise integration. Microsoft's .NET framework and Sun Microsystems' Java2
Enterprise Edition (J2EE) are both based on XML, which allows applications to
269
communicate and share data over the Internet, regardless of the operating system or
programming language.
Many companies are considering using the Internet for supervisory control and
data acquisition. But there are several significant problems to overcome when
implementing an Internet-based SCADA system. The first is that most devices used
to control remote equipment and processes, such as oil/gas production wells and
power transformers, do not have Internet-communications capability already
incorporated in their operating systems. In fact, many do not even have an electronic
controller, let alone an operating system.
The second is that the device still has to be physically connected to the Internet,
even when equipped through retrofit or in the factory with the necessary
communications protocols. These problems must be solved at low cost and high
reliability before Internet-based SCADA can be implemented in industrial
applications. As a low cost solution, vendors have started to offer industrial Web-
Server modules to connect PLCs to the Internet via Ethernet or modem. The Web-
Server modules include Ethernet 10/100 Base-T connectivity, PPP Protocol, e-mail,
HTML web pages and FTP. It works as an interface between an Ethernet LAN or
WAN network and a PLC (using regular RS232/422).
Moreover, the Internet has its limitations when compared to a traditional control
system. Internet applications are typically based on textual web pages and
transactional databases, whereas control systems require interactive graphical
displays with real-time dynamic data. These functionality and performance
constraints, in addition to concerns inherent to the Internet, such as security and
reliability, limit the widespread use of web-based control systems. Nevertheless,
recent emerging web technologies, such as IPv6, are promising to overcome many of
these limitations.
Most of the implementations so far use the Internet (or intranet) as a medium for
communication and plant management information only. A few have tried to control
a process remotely or to implement what can be called an Internet-based SCADA
system. A typical web-enabled plant monitoring application may be limited to
converting DCS displays into web pages then publishing them through a web server,
as shown in Figure 6.10. As a first level solution, a PC hosting a web server is
connected to the device network on one side, and connected to the Internet by a DSL
modem via an ISP. This PC acts as an Internet gateway. On one side, it
communicates with the legacy equipment using their native protocol, and converts
data to HTML or XML format. The web server collects the real-time data from the
Master Terminal Unit (MTU) or from a historian.
The user accesses the web server using a normal web browser from any general-
purpose PC. The user may have additional features such as trending, reporting and
270 Modern Distributed Control Systems
interfacing with other desktop tools. The Web server includes a firewall for
increased security. Secure HTTP (SHTTP) is usually used to protect plant
information.
Analog and
Digital
Sensors
and
Actuators
Data High Way
MTU
RTU
RTU RTU
Local
operator
Web
Server
Internet
User
Access
SCADA
web site
via
standard
browser
Figure 6.10 Web-enabled SCADA.
In more sophisticated SCADA systems, real-time information can be defined
and captured efficiently. It can also be easily distributed (mirrored) to all the various
points on the network where it is needed for analysis, processing or interaction. Web-
based, real-time data streaming from field units can be visualized in real-time in
customized user interfaces. For applications that do not require constant real-time
data streaming, data can be viewed on demand.
Many of the new generation of smart PLCs and controllers are TCP/IP-ready
and come with their own embedded web page or with tools to customize a web page.
More sophisticated systems also support a number of standard services, such as FTP,
SNMP, and NTP.
A typical modern SCADA system is shown in Figure 6.11. The open nature of
the Internet requires data security measures when implementing Internet-based
SCADA systems. Processes, procedures and tools must address availability, integrity,
confidentiality and protection against unauthorized users. Firewall protection must
be provided in the gateway and servers along with automated monitoring to detect
DNS attacks. For higher security, the system could employ encrypted data
signatures, authentication to restrict access and multi-layered password protection.
271
The Remote site consists of a number of RTUs or PLCs connected by Ethernet
switch. The site includes one or more RTUs connected by a wireless network or a
wireless link. The connection to the Internet consists of a Router/Switch with a
Firewall and an Internet connection.
The main SCADA site consists of two levels of networks. The SCADA servers
level and the plant/application level. The SCADA servers level uses an industrial
internet LAN, a Real Time Data Base Server as PI-OsiSoft, and possibly a
communication server linking RTUs by MODBUS over RS422 lines. The
application and the web server retrieve all the real time information and the trends
from the RTDB server via a firewall and a gateway to the application LANs. Alarm
notification by SMS and pagers to selected personnel can also be implemented by
subscription to a number of servers on the Internet. Production reports and status
reports can be generated automatically and sent to selected emails periodically or
triggered by certain events.
272 Modern Distributed Control Systems
Web Server
Console
PC
Workstation
Analog and
Digital
Sensors
and
Actuators
Industrial Ethernet
Alarm
notification
Data High Way
Historian
RTDB
RTU
Operator Operator
Internet
User
Access
SCADA
web site
via
standard
browser
Router
FireWall
FireWall
RTUs
Remote
RTU
Remote site
Internet
Gateway
SCADA
Control Center
Serial
Links
Figure 6.11 Web-based Secure SCADA.
273
SUMMARY
1. The Internet hierarchy is built over the data link Layer. It sets standards
for the IP layer (corresponding to the OSI Network layer), the TCP/UDP
transport layer (corresponding to layer 4 of the OSI model), and a group of
standard services corresponding to the OSI Application layer.
2. The functions of the session layer and the presentation layers are
implicitly included in either the network layer related protocols or the
application layer services, or they do not exist.
3. The IPv4 address is 32 bits, consisting of a network number and a host
number.
4. Domain names are resolved to IP addresses using a hierarchy of domain
name servers. At the top of the hierarchy is a 13 root server coordinated by
ICANN. The root servers contain the IP addresses of all the top level
registries as .com, .org, etc., and the country-specific registries.
5. The IPv4 header contains a minimum of 20 bytes, including two 32 bit
fields for the sources address and the destination address.
6. The IP layers include 3 basic protocols, the ARP, RARP, and the ICM
protocol.
7. IPv6 extends the IP address space to 128 bits, and includes enhanced
security, support for QoS, and Multicast and simple IP management.
8. TCP is a transport layer protocol with a normal header of 20 bytes. TCP is
a connection-oriented reliable byte stream service with flow control
mechanism.
9. Each side of a TCP connection has a socket which can be identified by the
pair <IP address: transport layer port number>.
10. UDP is a connectionless transport layer protocol with only 8-byte header
for fast packet delivery with minimum overhead on the network layer, but
with no guarantee for packet delivery.
11. The port numbers are assigned by IANA, as follows: 0-123 “well known,”
1024-49151 “Registered,” and the rest are “Ephemeral,” for common
usage.
12. RTP is an end-to-end delivery services for data with real-time
274 Modern Distributed Control Systems
characteristics as interactive audio or video streaming.
13. HTTP is a protocol for connection between a web server and a client web
browser. The web pages are documents formatted in either ASCII or
HTML with tags and plain text describing the layout of the web page. The
browser can then build and display the web page in its intended layout.
14. FTP (File Transfer Protocol) is on the top of the TCP protocol for file
download or upload between two hosts.
15. SNMP (Simple Network Management Protocol) enables network
administrators to monitor network performance, and to find and solve
network problems.
16. BOOTP is a UDP/IP-based protocol, similar to RARP, but for diskless
devices (e.g., a PLC). When the device is powered up, it broadcasts a
BOOTP request with its MAC number on the network. The BOOTP
server then sends the IP number assigned for the device.
17. DHCP protocol allows a DHCP server to dynamically assign an IP
address for a requesting computer from a pool of available IP numbers on
a lease basis.
18. SMTP protocol is used for sending e-mails from an application program
(client) to an e-mail server. The email-server stores the e-mail and
attempts to deliver it to the end user across the Internet.
19. NTP protocol is a system and mechanism to synchronize computer clocks.
NTP is important for time critical SCADA and DCS applications.
20. Advantages of using Internet in SCADA applications include remote
accessibility, sharing of information, simple connectivity of heterogeneous
systems and standard tools for HMI.
21. Several issues should be considered carefully when deploying Internet in
industrial applications, such as security, reliability, and smooth integration
of the legacy equipment.
275
References
[1] Mario Freire and Manuela Pereira, Encyclopaedia of Internet Technologies and Applications,
Information Science Publishing, 2007.
[2] Uyless Black, TCP/IP and Related protocols, McGraw-Hill Publishing, ISBN 0-07-005553-X
[3] D. Reynders and E.Wright, Practical TCP/IP and Ethernet Networking, Elsevier, 2003.
http://www.cisco.com/en/US/docs/internetworking/technology/handbook/Internet-
Protocols.html#wp1351
[4] The Internet Corporation for Assigned Names and Numbers (ICANN), http://www.icann.org/
[5] Internet RFC publications: http://www.rfc-editor.org/
[6] RFC 2030 - Simple Network Time Protocol (SNTP) Version 4 for IPv4, IPv6 and OSI
http://www.faqs.org/rfcs/rfc2030.html
[7] William Shaw , Cybersecurity for SCADA Systems, PennWell Corp., 2006.
[8] UK Centre for protection of National Infrastructure, http://www.cpni.gov.uk/
[9] BOOTP protocol: http://www.protocolbase.net/protocols/protocol_BOOTP.php
[10] M. Goncalves and K. Niles, IPv6 Networks, McGraw-Hill, 1998.
EXERCISES
(Straight forward applications of the concepts of the chapter)
E6.1] Which is not a protocol?
a) TCP/IP
b) AppleTalk
c) ARP
d) NTP
e) Ethernet
E6.2] Which protocol do web browsers use to communicate with web servers?
a) HTML
b) FTP
c) HDLC
d) HTTP
E6.3] SMTP is used for:
a) Communication with e-mail servers
b) Performing fast searches on websites
c) Retrieving mail from a mail server
d) Programming mainframes
E6.4] UDP is:
a) Universal Transaction Protocol
b) Internet network layer protocol
276 Modern Distributed Control Systems
c) Internet transport layer protocol
d) A TCP protocol
E6.5] NTP is:
a) Used for Podcasting the IP address
b) Network Triggering Protocol
c) Synchronized network timers
d) Used to resolve a MAC address
E6.6] Which is true?
a) Ethernet is part of the TCP/UDP protocols.
b) MAC address is part of the IP header.
c) MAC address is required by the ARP protocol.
d) MAC address is NOT required by BOOT.
E6.7] Which is true about SNMP?
a) SNMP is used for monitoring and troubleshooting Ethernet.
b) Is part of RTCP.
c) Is a network layer protocol.
d) Is an application layer protocol.
E6.8] What type of device is commonly used to connect heterogeneous networks to create one virtual
network?
a) Bridge
b) Router
c) Gateway
d) Modem
E6.9] Which is NOT true about ICMP?
a) It is a network layer protocol
b) It reports errors in the TCP/UDP protocol
c) ICMP uses IP datagram to transfer messages
d) It reports network errors to the source.
E6.10] Which is NOT part of the UDP header?
a) Source port address
b) Destination port address
c) Type of services
d) Check sum
E6.11] What is the size of the UDP header?
a) Depends on the TCP or HTTP used
b) 20 bytes
c) 8 bytes
d) Vary depending on the standard frame options.
277
E6.12] In TCP, the socket address space is:
a) 48 bits
b) Depends on the port number
c) Depends on the destination MAC number
d) 8 bytes.
E6.13] The purpose of the ARP protocol is to:
a) Enable a host to obtain an IP number.
b) Enable a host to discover its own MAC number.
c) Obtain the IP number of another host.
d) To obtain the MAC address of from a given IP address.
E6.14] In IPv6 the header identification field is:
a) 16 bits
b) Depends on the port number
c) Depends on the options and padding
d) None of the above.
E6.15] Which is NOT correct about the FTP protocol?
a) Uses TCP services
b) Built on the UDP protocol
c) A client can retrieve or upload files to a server
d) A server may require user authentication.
PROBLEMS
(Problems extend the concepts of this chapter to new situations)
P6.1] Use the PC command window utility “Ipconfig” to discover your MAC number, IP address,
network mask, your gateway IP address and your domain name server.
P6.2] Use the “ping” utility in the PC command window to do the following:
a) What is the IP address of your SMTP server?
b) Get the IP address of www.google.com or www.yahoo.com.
P6.3] Use the command window utility “netstat” to identify the ports used by the different
processes running on your PC. Identify the sockets with your ip:socket number.
P6.4] Use Internet and search for TCP/IP- enabled PLCs from three different vendors. Compare
between them from the following capabilities:
a) Built-in web server.
b) Support for TCP /IP, UDP/IP, SMTP, PPP, NTP, FTP, TELNET, DHCP, and HTTP.
278 Modern Distributed Control Systems
TERMS AND CONCEPTS
AppleTalk
AppleTalk 412pas developed by Apple Computers in the early 1980s to allow file and printer sharing
and mail functionality between Macintosh computers.
Broadcast/Multicasting
In networking, Broadcasting sends a message to everyone on the network, whereas Multicasting
sends a message to a select list of recipients.
DSL (Digital Subscriber Line)
A telecommunications line that provides a fast, permanent connection to the Internet, utilizing the
regular telephone copper wire.
IANA
Internet Assigned Number Authority
IETF (Internet Engineering Task Force)
IETF is an open community of networkers who manage and shape the Internet by developing
standards within the industry.
IMAP (Internet Message Access Protocol)
A method of accessing e-mail or bulletin board messages that are kept on a mail server. E-mail stored
on an IMAP server can be manipulated from a desktop computer at home, a workstation at the office
or a laptop computer on the road.
IPX/SPX
IPX is a connectionless Layer 3 (network layer) protocol used to transfer datagrams between hosts and
networks, similar to the Internet protocol. SPX is the Transport protocol used to provide reliable
transport for IPX datagrams, similar to the TCP.
ISP- Internet Service Provider
A company that provides users access to the Internet for a monthly fee.
J2EE (Java 2 Enterprise Edition)
Developed by Sun Microsystems, J2EE offers a programming environment for business applications
running across distributed computer systems.
NetBEUI/NETBIOS (or NetBEUI/NETBios)
279
Extended User Interface is a non-routable transport layer protocol. NETBEUI is a broadcast protocol,
meaning a computer running NETBEUI discovers the MAC address from the intended
communication partner by sending out a broadcast with the NETBIOS name.
PING (Packet Internet Groper)
PING is an Internet utility (PC program) to determine whether a specific IP address is accessible or
online. It is used primarily to troubleshoot Internet connections. In addition, PING reports how many
hops are required to connect two Internet hosts.
POP3 (Post Office Protocol)
POP3 is a protocol used by mail clients to retrieve messages from a mail server.
Proxy Server
Proxy server is a computer system or an application program that acts as an intermediary for requests
from clients seeking resources from other servers. A proxy server could be used to apply access
policies, log /audit usage, scan content for malware or for data leak protection.
QoS (Quality of Service)
QoS refers to properties, methods and procedures to measure, improve, and to some degree, guarantee
services of certain levels of data transmission rates, error rates and other characteristics.
RFC (Request For Comments)
The name of the process for creating a new standard on the Internet.New standards are proposed and
published online as a "Request For Comments." Internet standards are in the form RFC number. For
example, the e-mail standard is RFC 822.
TELNET
Protocol uses the concept of a network virtual terminal to define each end of a connection.
URL (Uniform Resource Locator)
An abbreviation that describes the location and access method of a resource on the Internet; for
example, the URL "http://www.netlingo.com" describes the type of access method being used (the
http protocol) and the server location that hosts the Web site.
280 Modern Distributed Control Systems
CHAPTER 7
7INDUSTRIAL FIELDBUSES
7.1 Introduction
7.2 HART Communication Protocol
7.2.1 The HART Physical Layer
7.2.2 The HART Data Link Layer
7.2.3 The HART Application Layer
7.3 Integration Technologies
7.3.1 Device Description Language (DDL)
7.3.2 Field Device Tool (FDT)
7.3.3 Recent Development, the FDI
7.4 Foundation Fieldbus (FFB)
7.4.1 FFB Communication Stack
7.4.2 The FFB Physical Layer
7.4.3 The FFB Data Link Layer
7.4.4 The FFB Layers 3-6
7.4.5 The FFB Application Layer
7.4.6 The FFB User Layer
7.5 The Controller Area Network (CAN)
7.5.1 CAN Physical Layer
7.5.2 CAN Data Link Layer
7.5.3 CAN Higher Layers Protocols
7.6 PROFIBUS
7.6.1 PROFIBUS Protocol Architecture
7.6.2 PROFIBUS-PA
7.6.3 PROFIBUS-DP
7.6.4 PROFIBUS-FMS
7.6.5 PROFIBUS Application Layer
7.6.6 PROFIBUS User Layer Applications
7.6.7 PROFINET
7.6.8 PROFIsafe
7.7 More Fieldbus Solutions
Appendix 7.A CANopen Fieldbus
281
OVERVIEW
This chapter reviews some of the important instrumentation networks, called
fieldbuses. Section 7.2 introduces the HART protocol for several reasons. First, it
was one of the first methods to provide digital connectivity to smart field devices in
the process industry. Second, it provided smooth migration from the analogue 4-20
mA to the digital communication technology. Third, during its evolution from mid-
80s until now, many of the concepts used in its higher level communication layers
became international standards. One of these concepts is device description, which
provides a unified method for the description of devices to simplify device
integration at the host applications. Section 7.3 introduces two approaches for device
integration, Electronic Device Description Language (EDDL), and Field Device
Tools (FDT). The Foundation Fieldbus H1 and HSE solutions and their OSI
structures are detailed in Section 7.4. The user layer concepts of function blocks and
Device Object Directory are also introduced in Section 7.4. Section 7.5 introduces
the main features of the CAN (Controller Area Network). A popular CAN higher
level protocol known as CANopen is included in Appendix 7.A. Section 7.6 presents
PROFIBUS with its three compatible connectivity solutions, DP, PA and FMS. The
new Ethernet-based member of the PROFIBUS family, ProfiNet, and the new
extension, PROFIsafe, are also briefly covered in Section 7.6. Although there are
many other industrial fieldbus solutions, it was not possible to include all of them.
Nonetheless, Section 7.7 lists in brief a few additional industrial instrumentation
networks.
LEARNING OBJECTIVES
After reading this chapter, you should be able to
Describe the FSK concept used in HART physical layer, and the message
structure of its DLL.
List the types of the messages of HART protocol.
Identify the strengths and weaknesses of the FDT and EDD approaches to
device integration.
Understand the main features of the H1 bus physical layer.
Understand the role of LAS of the FOUNDATION fieldbus data link layer.
Understand the device model in terms of Functions blocks, object directory,
and VFD.
List examples of function blocks.
Recognize the network components to build a network of H1 segments and
HSEfor connecting field devices, servers and operator stations.
Describe the services provided by the Foundationfieldbus application layer.
Illustrate how to use H1 in Intrinsic Safety applications and HSE in redundant
configuration.
List the main features of the CAN physical layer.
282 Modern Distributed Control Systems
Describe the CAN concept of non-destructive CSMA/CD with bit-wise
arbitration.
Contrast the domain of applications of the PROFIBUS variants, PA and DP
Understand the adaption introduced in ProfiNnet to become Ethernet-based
real-time network.
Describe the concept of the PROFIsafe protocol extension.
Identify the role and functions of each layer in a fieldbus communication
stack.
Assess the capability and suitability of a fieldbus technology to a specific
application.
Determine the domain of application of the different buses.
Give examples of how a given bus can be implemented in an industrial
application.
Associate the technologies used at the various layers of fieldbuses with the
international standards.
Determine the main components of the device model in CANopen.
7.1 Introduction
A fieldbus is a control network used in process control and industrial
automation. Fieldbuses are bi-directional, digital serial networks that offer services at
layers 1 and 2 of the OSI model (physical and data link). Some fieldbuses offer
services at layer 7 as well. Examples of fieldbus networks are FOUNDATION
fieldbus, DeviceNet, and PROFIBUS. In the 1990s, fieldbuses began to replace the
parallel wiring used in 4-20 mA and +/-10 volt analogue interfaces.
There are many available industrial networks designed to meet differing
application requirements. For example, a simple on/off switch on a conveyor belt has
different communication requirements than a complex control valve in a petroleum
refinery. It is important to understand the target application of a network in order to
choose the right network for a given application.
Fieldbus is an industrial network system for real-time distributed control. It is a
way to connect instruments and intelligent devices in a manufacturing plant. As the
electronic and microprocessor technology becomes more powerful and less
expensive, the sensors and actuators become smarter with functionalities beyond
their primary measurement or actuation function. Such smart devices require digital
communication means to benefit from these additional functionalities as self-test,
alarms, configuration, local control loops, diagnostics and calibration capabilities.
Fieldbuses enable us to benefit from these device capabilities.
The 4-20 mA and RS422 are point-to-point communication schemes, which
283
require that each device has its own communication link to the control room, while
the fieldbus is the equivalent of the current LAN-type connections, which allow
multiple of analogue and digital points to be connected at the same time. Some
Fieldbuses work on network structures which allow daisy-chain, star, ring, branch
and tree network topologies. This flexibility reduces both the length and number of
cables for any given automation application. Furthermore, since devices that
communicate through fieldbus have embedded microprocessors, multiple
measurement points and functionalities are typically provided by the same device.
The following sections introduce some of these industrial networks.
7.2 HART Communication Protocol
HART is an acronym for "Highway Addressable Remote Transducer." HART
was developed by Rosemount Inc. in the mid-80s, but has been made completely
open, and all rights now belong to the independent HART Communication
Foundation, www.hartcomm.org. It is widely accepted in the industry as the defacto
standard for digitally enhanced 4-20mA communications with smart field
instruments. The HART protocol was designed specifically for use with intelligent
measurement and control instruments, which traditionally communicate using 4-
20mA analogue signals. HART preserves the 4-20 mA signals and enables two-way
digital communications to occur without disturbing the integrity of the 4-20mA
signals. The HART protocol permits the process variable to continue to be
transmitted by the 4-20 mA analogue signal, and additional information pertaining to
other variables, parameters, device configuration, calibration, and device diagnostics
to be transmitted digitally at the same time.
The HART Protocol uses the Open Systems Interconnection (OSI) reference
model as a guide. Traditionally, it implements only layers 1,2 and 7, i.e., the
physical, data link and application layers; however, the recent versions, including
wireless HART, allow forthe implementation of layers 3 and 4of the OSI reference
model.
7.2.1 The HART Physical Layer
The physical layer makes use of the Bell 202 Frequency Shift Keying (FSK)
standard to superimpose digital communication signals at a low level on top of the 4-
20 mA, as shown in Figure7.1. The HART protocol communicates at 1200 bps
without interrupting the 4-20 mA signal, and allows a host application (master) to get
two or more digital updates per second from a field device. As the digital FSK signal
is phase continuous, there is no interference with the 4-20 mA signal.
284 Modern Distributed Control Systems
+0.5 m A
-0.5 mA
4-20 mA
Analog level
1200 Hz
“1”
0
2200 Hz
“0”
Figure 7.1 HART FSK signal.
The bit stream is encoded into two sinusoidal tones. A “1” bit is represented by
a 1200 Hz tone, and a “0” bit is transmitted by a 2200 Hz tone. Cable length can be
up to 1500 m with a 24AWG multiple twisted pair with common shield, and up to
about 3,000 meters using 20AWG single twisted pair with shield. In conventional
point-to-point mode, the 4-20 mA signal continues to be used for analogue
transmission, while other data can be transferred digitally. HART provides for up to
two masters (primary and secondary), as shown in Figure 7.2. This allows secondary
masters such as handheld communicators to be used without interfering with the
master operation.
The HART protocol permits all digital communication with field devices in
multidrop network configurations, as shown in Figure 7.3. In the multi-drop mode,
up to 15 devices can be connected on a single pair of wires, and device addresses can
be from 1-15, each device setting its current output at a fixed value of 4.0 mA. Table
7.1 gives the allowable cable length for various numbers of devices. The recent
versions of the HART protocol support communications at 9600 bps using Phase
Shift Keyed modulation; eight times faster than “traditional” HART FSK signaling,
while ensuring backward-compatibility with FSK HART.
Among the recent development in the HART protocol is the introduction of the
wireless HART. The wireless HART protocol will be covered in the next chapter of
this book.
285
Controller or
multiplexer
Control room
applications
Hand-held
Terminal
(secondary master)
Field
device
Hart
Protocol
4-20 mA.
Figure 7.2 Point-to-point mode of operation with two masters.
Controller
Control room
applications
Hand-held
Terminal
(secondary master)
Field
devices
Figure 7.3 Multi-drop all digital HART protocol.
286 Modern Distributed Control Systems
Table 7.1 Allowable cable lengths for STP cables (18 AWG*).
http://www.hartcomm.org/protocol/using/usinghart_wirelength.html
No. of devices Cable capacitance in pF/meter
65 pF/m 95 pF/m 160 pF/m
1 2,769 m 2000 m 1,292 m
5 2,462 1,815 1,138
10 2,154 1,600 1,015
15 1,846 m 1,415 m 892 m
* AWG: American Wire Gauge.
7.2.2 HART Data Link Layer (DLL)
The DLL is responsible for the reliable transmission of data packets across the
network. HART is a master/slave, character oriented, protocol which means that a
field (slave) device can only speak when spoken to by a master. In normal use, a
field device only replies when it is spoken to. There can be two masters; for example,
a control system as a primary master and a handheld HART communicator as a
secondary master. Timing rules define when each master may initiate a
communication transaction.
A HART message consists of 8-bit data bytes organized into frames. The
message structure,shown in Figure 7.4, consists of the following fields:
The Preamble, 5-20 bytes of hex FF (all 1s), helps the receiver detect the carrier
and synchronize with the character stream.
The Start (ST) is one character field. It may have one of several values,
indicating the type of message: master to slave, slave to master, or burst message
from slave, and the address format as short frame or long frame.
The Address (AD) field, 1-5 bytes, includes both the master address (a single
bit: 1 for a primary master, 0 for a secondary master) and the slave address. In the
short frame format, the slave address is 4 bits containing the "polling address" (0 to
15). In the long frame format, it is 38bits containing a "unique identifier" for that
particular device. (One bit is also used to indicate if a slave is in burst mode.)Burst
mode enables faster communication (3-4 data updates per second). In burst mode, the
master instructs the slave device to continuously broadcast a standard HART reply
message (e.g., the value of the process variable). The master receives the message at
the higher rate until it instructs the slave to stop bursting.
287
Preamble ST AD
CM
BC Status Data CKSM
Figure 7.4 HART Message structure.
The Command (CM) byte contains the HART command for this message.
Universal commands are in the range 0 to 30; common practice commands are in the
range 32 to 126; device-specific commands are in the range 128 to 253.
The Byte Count (BC) byte contains the number of bytes to follow in the status
and data bytes. The receiver uses this to know when the message is complete.
The Status field (also known as the "response code") is two bytes, only present
in the response message from a slave. It contains information about communication
errors in the outgoing message, the status of the received command, and the status of
the device itself.
The Data field may or may not be present, depending on the particular
command. A maximum length of 25 bytes is recommended, to keep the overall
message duration reasonable. But some devices have device-specific commands
using longer data fields of up to 253 bytes.
Finally, the Checksum (CKSM) byte contains an "XOR" or "longitudinal
parity" of all previous bytes from the start character onwards. CKSM is used to detect
communication errors.
Transactions usually consist of a master command and a slave response pair.
The integrity of HART communication is established by including status information
with every reply message and by extensive error checking on every transaction. Up
to four process variables can be communicated in one HART message and each
device may have up to 256 variables.
7.2.3 The HART Application Layer
The HART application layer (OSI layer 7) consists of three classes of
commands or messages: Universal Commands, Common Practice Commands, and
Device Specific Commands. The application layer defines the semantics of these
messages and commands. The application layer services and interoperability of
HART technology are established in IEC Standards(IEC 61158 Application Layer &
Services).
The HART command set provides read/write access to the wealth of additional
information available in smart field instruments employing this technology:
288 Modern Distributed Control Systems
Universal Commands must be implemented by all HART devices and provide
interoperability across the large base of products and manufactures. Universal
commands provide access to information that is useful in normal plant operation,
such as the instrument manufacture, model, tag, serial number, descriptor, range,
limits and process variables.
Common Practice Commands access functions which can be carried out by
many devices, though not all, and device specific commands provide access to
functions which can be carried out by many devices.
Device Specific Commands provide access to functions which may be unique to
a particular device.
Table 7.2 gives examples of these three types of commands.
Device Family Commands, recently introduced in HART Rev. 6, provide a set
of standardized functions for instruments with particular measurement types,
allowing full generic access without using device-specific commands.
Table 7.2 HART Commands.
Universal Commands Common Practice
Commands
Device –Specific
Commands
Read primary variable (PV)
and units
Read manufacturer and
device type
Read current output and
percent of range
Read up to four predefined
dynamic variables
Read or write eight-
character tag, 16-character
descriptor, date
Read or write 32-character
message
Read device range values,
units, and damping time
constant
Read or write final assembly
number
Write polling address
Write sensor serial
number
Write device range values
Read selection of up to
four dynamic variables
Write damping time
constant
Calibrate (set Zero, set
span)
Set fixed output current
Perform master reset
Trim PV zero
Write PV unit
Perform self-test
Trim DAC and gain
Write transfer function
(square root/linear)
Read or write dynamic
variable assignments
PID enable
Write PID setpoint
Choose PV (mass,
flow, or density)
Read or write low-
flow cut-off
Start, stop, or clear
totalizer
Read or write density
calibration factor
Read or write materials
or construction
information
Trim sensor calibration
Valve characterization
Valve setpoint
Travel limits
User units
Local display
information
289
7.2.4 HART User Layer
Like most of the field buses, HART defines a layer above the OSI layer 7,
called the user layer. User layer defines a set of classes for the automation devices
and predefined functions. Examples of these predefined functions are known as
function blocks, and device classes are known as profiles. Function blocks are
specified in the IEC 61804 series and 61499, while profiles are described in the “IEC
61784-1 Communication Profile.”
With the introduction of intelligent HART field devices, there arose a need for
telling the user how to set up such devices remotely. In 1992 the HART
Communication Foundation was the first organization to issue a specification for a
Device Description Language (DDL). DDL allows formal description of a field
device model. The device description file is usually provided by the device
manufacturer and is parsed and interpreted by a host software application.
Later on, this approach was adopted by other field devices and standardized by
IEC. A similar technology, known as FDT (Field Device Tools) emerged in the
discrete manufacturing. DDL and FDT are discussed in the following section.
7.3 Integration Technologies
With the advent of smart sensors and digital field buses, the end users needed a
unified method for the description of device parameters and any additional device
information from various manufacturers and various device types and models.
Commissioning, maintenance, engineering and parameterization of these devices
require an exact and complete description of device data and functions, such as the
type of application function, configuration parameters, range of values, units of
measurement, limit values, identification, etc.
Two techniques of device integration became popular in industry, FDT and
EDDL. FDT is traditionally associated with users and vendors of the discrete factory-
automation technology. The second technology, EDDL, is associated more with
process industry. The following is a brief introduction to each technology.
7.3.1 Device Description Language (DDL)
With the introduction of intelligent HART field devices and the digital field bus
technology, there arose a need for telling the user how to set up such devices
remotely. In 1992 the HART Communication Foundation issued a specification for a
290 Modern Distributed Control Systems
DDL, which was an important enhancement to the HART technology. It extend edits
interoperability to a higher level than what is provided through HART’s Universal
and Common Practice Commands. This concept evolved and adopted in the
Foundation Fieldbus Device Description Language (FF-DDL), which was released
by the Fieldbus Foundation in 1996 and the EDDL, which became a standard of the
PROFIBUS Nutzer Organization (PNO) in 2000.
DDL allows the formal description of a field device model consisting of
metadata, e.g., device name or firmware revision, the entities and properties of the
firmware parameters and their communication access, as well as the basic user
guidance through menus and formats. The DD is created as a text file, independent of
an operating system, to be then translated by the user application into a standard
binary file, similar to the presentation of HTML that can be read by any browser. The
user application uses an interpreter called Device Description Services (DDS) to read
the DD. DDs allow the device to operate under any host or by universal hand-held
communicators, as shown in Figure 7.5. The DDs are developed by the device
manufacturer or a service partner. DDs are distributed by the HART Communication
Foundation on a disk and via the internet and by the other field buses groups.
DDL supports many data types:floating point and fix point numbers,
enumerations, byte and bit arrays, date, time, text, etc. The DD elements
COLLECTION, BLOCK, ARRAY, ITEM_ARRAY and RECORD are used to
represent the device model and data structures. It also supports Export / Import of
device data, online/offline configuring, and it is a very useful tool for maintenance,
repair and fault removal and asset management.
DD
DD
Device from
Supplier X
Device from
Supplier Y
Figure 7.5 DD Implementation.
An enhancement of the DDL is called Electronic Device Description Language
(EDDL). It is an international IEC standard (IEC 61804-3, IEC61804-4). ISA 104
has also adopted IEC 61804-3 and IEC 61804-4 as ISA/ANSI standards.
EDDL extends the inter-operability in the following way:
291
User Interface and Device Diagnostics
Charting – Enables graphical display of real-time (continuous) data from
device
Graphing – Device graphical representation
Improved Data Storage- Enables DD developer to securely store data on the
host
Enhanced MENU construct with screen layout attributes (e.g., dialog boxes)
Consistent common look and feel across applications, which reduces the
learning curve
Device simulation capability
EDDL is used to create Electronic Device Description (EDD). EDD is used with
appropriate tools to support parameter handling, operation and monitoring of
automation systems. EDDL is endorsed by four major foundations and their
members:
a) FOUNDATION Fieldbus
b) HART Communication Foundation
c) Profibus Nutzer Organization (PNO), now Profibus International (PI).
d) The OPC Foundation
7.3.2 Field Device Tool (FDT)
The objective of the FDT is to have one single concept, which allows the
automation device manufacturer to provide only one configuration component. This
component should be able to run within any engineering or control environment,
which implements the FDT standard, regardless of the vendor of the host software.
The FDT component is called Device Type Manager (DTM), and is used for device
commissioning and configuration, and by the control software.
A DTM component manages and configures all devices of a certain class.The
boundaries of the class are defined by the manufacturer. The tool can cover just one
device type, but may be also suitable for a whole device range. A DTM typically
provides no user interface. In order to allow access to the parameters, the
manufacturer can provide a set of user interfaces (ActiveX), which are managed by
the DTM.
The FDT/DTM technology divides automation architecture into three
categories:
1. Software applications like Asset Management Tools and DSC, often referred to
as FDT frame applications.
2. Device drivers representing field devices, referred to as Device DTMs.
292 Modern Distributed Control Systems
3. Communication Drivers that represent the communication hardware needed for
connecting the field device to the automation software, referred to as
Communication or Gateway DTMs.
A device DTM is comparable to a printer driver that can be installed on a
Windows-PC, which is then available for all Windows applications. Accordingly, the
main part of the FDT specification is the definition of software interfaces between
instances of these components as well as the responsibilities of each component type.
The FDT provides access to underlying host resources such as display,
keyboard, database (if there is one), and other generic host features. It also provides
access to any digital communication interfaces the host system might have. The FDT
specification requires implementation to be accomplished with a Microsoft Windows
OS and is built on Microsoft's Component Object Model (COM) and Distributed
Component Object Model (DCOM) technology. Since COM/DCOM does not
support real-time data exchange, these technologies have been extended to
accommodate this requirement.
Table 7.3 gives a summary of the main features of the two technologies.
Table 7.3 Differences between the FDT and EDD.
Item FDT/DTM EDD/DD
Structure/type Program Text, data
Functionality of field device
determined by
Field device and component
manufacturers
Host system
manufacturers
Flexibility for adding new
functionality
High for device manufacturers,
non for host system
manufacturers
High for host
system
manufacturers, low
for device
manufacturers
Presentation of device
functionality
Is determined by DTM. Therefore
full functionality for all device
types
Dependent on host
system. Must be
supported by DCS
vendor. Possibly
restricted
functionality for
more complex
device types
Installation procedures Yes, installation of software, in
general no restart is required. No
registry changes
Yes, file copy
Dependency on operating
system
Yes, FDT frame and DTM must
be verified against operating
system.
Currently based on MS Windows
No, but host
application (EDDL
interpreter) may be
dependent on host
293
OS. operating system
User interface DTM style guide Proprietary,
determined by host
system
Support of open systems Good Better
Supported protocols All HART, Foundation
Fieldbus, Profibus
International standard IEC 62453 IEC 61804
Current interoperability
experience
No problems Problems may arise
when loading non
DCS vendor related
DD’s
7.3.3 Recent Development, the FDI
EDDL and FDT have traditionally served in different markets with respect to
device configuration, diagnostics and run time operation. EDDL was mainly targeted
at the process industry and FDT was targeted at discrete manufacturing. Both
technologies aimed at providing easy plug-and-play access to information in smart
field devices. Yet they are fundamentally different. EDDL is a text-based language
used to describe the communication attributes of a smart field device. It is governed
by the International Electrotechnical Commission’s IEC 61804-3 Standard.
FDT is a Windows COM-based technology. It is a universal field device
communication interface that allows access to data for higher-level applications, and
can be used in many industries including process control.
In a move to integrate the two technologies, the EDDL Co-operation Team
(ECT) and the FDT Group announced they would be combining their efforts toward
the creation of a unified approach to device integration compatible with both of their
technologies. The two groups are working together using a subset of the OPC
Unified Architecture technology to develop a new system that "incorporates the best
aspects of each technology and eliminates redundancies where they may exist." A
joint working team was set up to deliver draft specifications for the proposed "Field
Device Integration (FDI)" architecture by the end of 2010.
In September 2011, a new joint company, FDI Cooperation, http://www.fdi-
cooperation.com, was formed, headed by a board that includes representatives from
the Fieldbus Foundation, FDT Group, HART Communications Foundation, OPC
Foundation and PROFIBUS and PROFINET International. Most of the major process
automation suppliers are also lending their support including ABB, Emerson Process
Management, Endress+Hauser, Honeywell, Invensys, Siemens, and Yokogawa to
ensure broad base of support in the process automation market.
At the core of the proposed FDI architecture is “the Device Package”. The
294 Modern Distributed Control Systems
Device Package is the organizational structure of all the elements that make up a field
device at its software level. Each FDI Device Package contains a mandatory device
description that provides parameter definitions, structure for the parameters for
context-specific views, and automated work processes for device procedures such as
calibration. FDI device packages may also include user interface plug-ins, software
components that support advanced device setup, and diagnostic functions. Product
manuals, documentation, images, electronic certifications, and other attachments may
also be delivered in the FDI Device Package.
Securirty
EDD UIP
(optional)
Attachments
(optional)
ED D: E lectronic Dev ice De sc ription
UIP: U ser Int erface Pligin
Figure 7.6 FDI Device Package.
A conceptual view of the device package is shown in Figure 7.6. The main
components of the device package are the following:
EDD: (mandatory)
Device description parameters
User Interface structure
UIP: (optional)
User Interface Plugin
Device Applications
Attachments: (optional)
User Manual
Images
Certificates
Protocol Specific files
295
Security
Authenticity
Integrity
FDI device packages make it easier for automation suppliers to develop and
integrate intelligent devices, because suppliers only need to create a single, unified
package for each intelligent device that can work with all host systems and tools.
This reduces overall development costs, while preserving and expanding existing
functionality.
7.4 Foundation Fieldbus
Point-to-Poi nt Bus with spurs Tree
H1 H1
H1
Control Station
Data Server
Junction
Box
HSE
Bridge/
Linking
Device
PLC
HSE
Switch
Daisy-c hain
Figure 7.7 Foundation Fieldbus H1 and HSE hierarchy.
Foundation Field Bus(FFB), www.fieldbus.org, is an industrial network
designed specifically for distributed process control applications. This network was
created by the Fieldbus Foundation, an organization of more than 100 companies that
make up more than 80 percent of the world’s supply of automation systems, devices
and services. Foundation Fieldbus is based on the work of ISA ISP50.02-1992 and
the IEC standard, IEC1158-2-1993.
Specifications of the FFB were released in 1996 for the low speed field bus (H1)
31.25 kbit/s. The DLL and application layer of the current standard conform to the
296 Modern Distributed Control Systems
International IEC 61158 fieldbus standard. The Foundation also specifies a 100 Mbps
High Speed Ethernet (HSE), based on the open, commercial, high-speed Ethernet
technology. The standard includes additional elements to provide redundant Ethernet
physical media and multiple linking devices in order to meet the robust requirements
of mission-critical applications. The H1 bus and HSE enable building varieties of
network configurations as shown in Figure 7.7.
The Foundation requires that vendors register their field and host devices with
them. The Fieldbus Foundation's product registration is granted through extensive
testing procedures to ensure that a Foundation-registered host or field device will
communicate and fully interoperate with any other registered device.
7.4.1 FFB Communication Stack
The field bus model consists of three OSI layers:
a) The physical layer corresponding to the ISO layer 1.
b) The communication “stack,” corresponding to layers 2 and 7 in the ISO
model.
c) The user layer.
The H1 and the HSE communication stacks are illustrated in Figure 7.8with
reference to the OSI 7-layer communication model. FFB H1 does not implement
layers 3,4,5 and 6 of the OSI model because the services of these layers are not
required in a process control application; however, a very important part of
Foundation Fieldbus is the user layer, which is not part of the OSI model. On the
other hand, HSE implements layers 1,2,3,4, and 7, in addition to the user’s layer. An
HSE stack contains the Distributed Host Control Protocol (DHCP), Simple Network
Time Protocol (SNTP), and Simple Network Management Protocol (SNMP), which
in turn use the Transport Control Protocol (TCP) and User Data Protocol (UDP)
services.
7.4.2 The FFB Physical Layer
FOUNDATION fieldbus is an all-digital, serial, two-way communication
system. H1 (31.25 kbit/s) interconnects “field” equipment such as sensors, actuators
and I/O. HSE (100 Mbit/s) (High Speed Ethernet) provides integration of high speed
controllers (such as PLCs), H1 subsystems via linking devices, data servers and
workstations. The H1 physical layer is an approved IEC 61158 Standard, and the
HSE technology is described in part by the 100Mbit/s Fast Ethernet protocol
specified by IEEE 802.3u and ISO/IEC 8802-3.
The H1 fieldbus retains and optimizes the desirable features of the 4-20 mA
297
analog system such as:
Single loop integrity
A standardized physical interface to the wire
Bus-powered devices on a single wire pair
Intrinsic safety option
Application Layer
Fieldbus Message Speci fication
FMS
Fieldbus Acce ss Sublayer FAS
FDA
Session Layer
Presentation
Layer
Network Layer
Transport Layer
Physical Layer
Data Link Layer
H1 PHY @ 31.25 Kb/s
IEC 61158
Ethernet IEEE 802.3
@ 100 Mb/s
H1 DLL
IEC 61158
Ethernet/IEEE 802.3
IP
TCP/UDP
1 11
2 22
3 33
4 44
5 55
6 6 6
7 77
HSE H1
ISO Model
FOUNDAT ION Fieldbus Architecture
(IEC61158)
User Layer
Automatic Address Assignment, Time synchronization,
Function Blocks, Device De scription
(IEC 61804-2)
Applications Maintenance
Information
System
Valve Level
Transmitter Pump
Multivariable
Transmitter
Data servers
PLCs
Links to
H1 subsystems
Work
Stations
Figure 7.8 Comparison of the H1 and HSE communication stacks with OSI reference 7
layer model.
H1 runs at 31.25 kbit/s and is optimized for field device integration in process
control and hybrid applications. The Fieldbus signals are encoded using the
Manchester techniques.H1 uses a single, twisted pair wire that can be run up to 1,900
m without a repeater. Up to four repeaters per segment can be used to extend the
distance. Transmission is half-duplex, which allows the same media to be shared by
several devices. The topology can be a tree, bus or a combination.
298 Modern Distributed Control Systems
Foundation fieldbus H1 uses the physical layer (electrical, wiring, and so on)
standardized by ISA/IEC (ISA SP50.02-1992, IEC 1158-2 (1993) and FF-816. Table
7.4 summarizes the main characteristics of this standardized physical layer.
Table 7.4 Summary of IEC-1158 Physical Layer Characteristics.
H1
Topology Bus/Tree
Devices 2-32
Bus-powered devices 2-13
Bus powered IS devices 2-6
Max distance using shielded
twisted-pair cable STP.
1900 m.
Maximum number of repeaters 4
Max Spur* length. 120 m.
*A Spur is a length of fieldbus network between a junction box and a device.
H1 supports Intrinsic Safety (IS) applications with bus powered devices. To
accomplish this, an IS barrier is placed between the power supply in the safe area and
the device in the hazardous area, as shown in Figure 7.9. H1 supports the Fieldbus
Intrinsically Safe Concept (FISCO) model.
Fiber optic cable is an alternate media for H1 devices. Devices connect to the
fieldbus through a star coupler. Distances from the device to the star coupler range up
to 1,660 m depending on fiber size, wavelength and optical power budget.
Figure 7.9 Use of H1 with intrinsic safety barrier.
HSE (High Speed Ethernet) runs at 100 Mbit/s and is designed as a high
performance control backbone for integration of H1 and other subsystems, high
299
density data generators such as PLCs and analyzers and plant data servers. HSE uses
standard industrial Ethernet networking equipment. HSE was developed and tested at
100 Mbit/s, but use of 1 Gbit/s speeds and higher can be added when needed. HSE
uses a star topology. Standard twisted-pair Ethernet cables can run up to 100 m
between an Ethernet switch and the device. HSE full-duplex fiber optic cable can run
up to 2000 m between a switch and device. Switches are often interconnected with
fiber optic cables to take advantage of the greater distances.
HSE provides peer-to-peer communication capability. Devices communicate
with each other directly without having to go through a central computer. This makes
it possible to realize powerful, advanced control strategies involving variables
throughout theplant without the risk of a central computer failure. HSE can also
bridge information between devices on different H1 networks at different ends of the
plant. Thus, control can span between process cells and a plant area. Figure 7.10
illustrates the use of the HSE in redundant configurations, where each device is
provided with a second backup communication channel.
Linking
Device A
Linking
Device B
Switch A
Switch B
PLC
Redundant
Device
Redundant
Media
H1 Fieldbus Devices
Figure 7.10 Redundant HSE configuration.
7.4.3 The FFB Data Link Layer
Access to the physical media is defined by the data link layer (DLL). The DLL
is described in IEC 61158, parts 3 and 4. In H1, the DLL contains Link Master (LM)
protocol that allows only one device at a time to access the media. On the other hand,
HSE does not use a LM, it uses standard Ethernet/IEEE 802 multiple access DLL
protocol. In HSE networks, the switch internally detects and resolves any collisions.
The active LM is called the Link Active Scheduler (LAS). H1 allows for
redundancy of the LAS. If the LAS fails, one of the other LMs will become the LAS.
The LAS is a device that acts as the centralized arbitrator of the bus. The LAS
300 Modern Distributed Control Systems
organizes the communication on the fieldbus in periodic cycles. The scanning of
inputs, execution of algorithms and transmission of output values to devices are
performed in each cycle. The LAS has a list of transmit times, within a cycle, for all
data buffers in all devices that need to be cyclically transmitted.
During each cycle, the LAS issues a Compel Data (CD) message to each
device in the scheduled list. Upon receipt of the CD, the device broadcasts
(publishes) the data in its buffer on the bus. Any device that is configured to
receive the data is called a “subscriber.”
The LAS periodically broadcasts a Time Distribution (TD) message on the
fieldbus, so that all devices have exactly the same time. This is important
because scheduled communications on the fieldbus and scheduled function
block executions in the user application are based on information obtained
from these messages.
During the remaining part of a cycle, the LAS sends a Pass Token (PT)
message to all devices in the Live List. The device is allowed to transmit
unscheduled messages when it receives the PT.
Figure 7.11 presents the schedule for a system with two sensors and two control
valves. The schedule determines when the devices process their function blocks (AI,
A0, PID) and when it is time to transmit data. Each activity to be executed is
scheduled for a certain time defined by an offset value from the start of the cycle.
The offsets of the two sensors and the control valve are listed in Table 7.5.
Table 7.5 Example of publisher/subscriber schedule.
Device Type Action Offset
1 Sensor Execution AI (1)
Transmission AI (1) of data
0
20
2 Sensor Execution AI (2)
Transmission AI (2) of data
0
30
3 Control
Valve
Execution PID (3)
Execution AO (3)
40
60
4 Control
Valve
Execution PID (4)
Execution AO (4)
50
70
The steps can be described as follows:
301
1. At zero time, sensors (1) and (2) start their measurements;
2. At time 20, the LAS prompts the sensor (1) to send its measuring data, sothat it
can be read by the PID controller of the associated control valve (3);
3. At time 30, the LAS prompts the sensor (2) to send its measuring data, sothat it
can be read by the PID controller of the associated control valve (4);
4. At time 40, the first control valve starts processing its PID (3) function block;
5. At time 50, the second control valve starts processing its PID (4) function
block;
6. At time 60, the first control valve receives from its PID function block the
control command AO(3), and starts its travel process;
7. At time 70, the second control valve receives from its PID function block the
control command AO(4), and starts its travel process;
8. At 140 time increments, the same actions are repeated.
In reality, the AO(3) and AO(4) are also scheduled for transmission to the LC
for monitoring and archiving purpose.
20 40 600 80 100 120 140 20 40 60 80 100 120 140
Cycle # n Cycle # n+1
Slots for unscheduled communication
Scheduled communication
AI (1)
AI (2)
Device 1
Device 2
LAS:
PID (3) AO(3)
PID (4) AO(4)
Figure 7.11 Scheduled transmission and unscheduled communication on H1 Bus.
302 Modern Distributed Control Systems
7.4.4 The FFB Layers 3-6
H1 does not use OSI layers 3-6, because H1 does not need packet routing or
packet splitting. HSE does need packet routing and splitting and uses standard IP for
the network layer, and TCP and UDP for the transport layer.
7.4.5 The FFB Application Layer
The application layer provides protocols/services within and between devices on
a fieldbus. For H1, the Application layer is described in two parts, the Fieldbus
Message Specification Layer (FMS) and the Fieldbus Access Sublayer (FAS). FAS
is the lower sub-layer of the application layer. It maps the Fieldbus Message
Specification (FMS) onto the DLL.The FAS uses the scheduled and unscheduled
features of the DLL to provide a service for the FMS.
In HSE the services are defined by the Field Device Access (FDA)
Specification. The FMS for H1 and the FDA for HSE application layers are included
in the IEC 61158 fieldbus standard. FMS and FDA provide the same Client/Server,
Publisher/Subscriber, and Event Notification communication services.
The types of FAS services are described by the Virtual Communication
Relationships (VCR). There are three different types of VCRs as illustrated in Figure
7.12.
Client/Server is typically used for request/response communication between
hosts and field devices. The Client/Server VCR types include queued, unscheduled,
user initiated and one-to-one. It is used mainly for operator initiated requests such as
setpoint changes, tuning parameter, alarm acknowledgment and device upload and
download.
Publisher/Subscriber services are used for transfer of cyclical data between
function blocks and for data acquisition by a host. It is used for buffered (only the
latest value), one to many, cycled and scheduled communication services. It is used
for publishing process variables and outputs on the fieldbus.
Event Notification (also called report distribution) services are typically used
by the devices for sending alarm and trend information to the hosts.
303
Client/Server
VCR Type
Used for Operation
Messages
Setpoint changes
Mode changes
Tuning changes
Upload/Download
Alarm Management
Access display views
Remote diagnostics
Report Distribution
VCR Type
Used for Event
Notifications and
Trend Reports
Send Process Alarms
to operator consoles.
Send trend reports to
data historians.
Publisher/Subscriber
VCR Type
Used for Publishing
Data
Send Transmitter PV
to PID control block
and operator console .
Fieldbus Access Sublayer Services
Data Link Layer Services
Figure 7.12 Application layer FAS Communication Services.
Virtual Field Device (VFD) is a model of the device for communications
purposes. It is used to remotely view local device data described in the device object
directory. Each physical device on the fieldbus can have one or more virtual field
devices. A network configuration application can assign each VFD device a tag that
is unique within the device. A typical device will contain two or more VFD. Figure
7.13 shows a VFD for Network Management Information Base (NMIB), for System
Management Information Base SMIB and a third for process control, called Function
Block Application Process (FBAP).
The Fieldbus Messaging Specification (FMS) contains definitions of
application layer services in FOUNDATION fieldbus. The primary purpose of FMS
is to allow user applications to send messages to each other across the fieldbus using
a standard set of message formats. FMS describes the communication services,
message formats, and protocol behavior needed to build messages for the user
application.
The FMS specifies services and message formats for accessing function block
(FB) parameters as well as OD parameters defined in the VFD. The following is a
brief summary of the FMS services:
1- Context Management Services:
These messages are used to establish and release the VCR and determine the
status of a VFD.
2- Object Dictionary Services:
304 Modern Distributed Control Systems
The purpose of these FMS services is to allow the user application to access and
change the ODs in a VFD.
3- Variable Access Services:
These messages allow the user application to access and change variables
associated with anobject description.
4- Event Services:
These are FMS services to allow the user application to report events and
manage event processing.
5- Upload/Download Services:
It is often necessary to remotely upload or download data and programs over the
fieldbus, especially for more complex devices such as programmable logic
controllers.
6-Program Invocation Services:
The program invocation service allows remote control of the execution of a
program in a device.
NMIB Object
Descriptions
NMIB Object
Data
Network and System
Management
Application
Function Block
Application
SMIB Object
Descriptions
SMIB Object
Data
EBAP Object
Descriptions
EBAP Object
Data
FMS
FAS
DLL
PHY
Network & System
Management VFD
User Application
VFD
FIELDBUS
FIELDBUS Device
Figure 7.13 FFB Application layer FMS services.
305
7.4.6 The FFB User Layer
FFB defines a unique communication layer called the user layer. The user layer
does not exist in the ISO communication stack model. The Fieldbus Foundation has
defined a standard user application layer based on blocks. The user layer defines an
interface by which users of Foundation Fieldbus can communicate with devices
through a set of blocks rather than as a collection of simple data points. The FFB
function block application process is consistent with IEC 61804 Process Industry
Function Block. Blocks are representations of different types of application
functions, such as AI, AO, PID, etc. There are three types of blocks used in a user
application(as shown in Figure 7.14): the function blocks, the transducers blocks and
the resource blocks. Devices are configured using resource and transducer blocks.
The control strategy is built using function blocks.
Resource Block:
The resource block describes characteristics of the fieldbus device such as the
device name, manufacturer and serial number. There is only one resource block in a
device. Resource blocks are described in the Foundation documents:
FF-902 Transducer Block Application Process –Part 1
FF-903 Transducer Block Application Process –Part 2
Transducer Block:
Like the resource block, the transducer blocks are used to configure devices.
Transducer blocks decouple function blocks from the functions required to read/write
local inputs/ outputs. They contain information such as calibration date and sensor
type.
Function Blocks:
Function blocks provide the control and I/O behavior of a device. Foundation
fieldbus defines standard sets of function blocks, of which there is a set of ten for the
most basic of control and I/O functions (see Table 7.6). Other function blocks are
being defined both by the Foundation and by individual manufacturers.
306 Modern Distributed Control Systems
Figure 7.14 Building user applications using Function Blocks.
Users create applications on the fieldbus by connecting together the inputs and
outputs of function blocks. In addition to specifying how these blocks “talk” to one
another over the bus, Foundation Fieldbus also specifies how one can schedule the
time at which these blocks execute. The function blocks themselves reside in
individual devices, but the overall scheduling of execution is specified and executed
across the network. Figure 7.15 shows a PID control loop for flow control. To
achieve distributed control, functions such as an Analog Input (AI) in a flow
transmitter or an Analog Output (AO) in a valve are encapsulated in function blocks.
Functions such as PID control can also be built into function blocks and run in a field
device. In the example below, the PID and AO blocks are running in the valve.
307
AI 110
PID 110
AO 110
H1 Fieldbus
HSE Fieldbus
Device 1 Device 2
Host
Linking
Device
Figure 7.15 Example of a control loop using Function Blocks.
For basic control blocks, the number and type of inputs and outputs are pre-
defined by the FOUNDATION Fieldbus™ specification. Because of the ability to
interconnect different functions, even control algorithms that reside with the field
devices themselves, Foundation Fieldbus actually provides architecture for
distributing control into the field rather than concentrating the control in centralized
controllers.
Flexible Function Blocks:
In addition to standard function blocks, vendors are able to define their own
blocks for vendor-specific purposes. These blocks are called flexible function blocks.
For more complex functions such as batch control, coordinated drive control, I/O
gateways and PLC sequencing, a special flexible function block can be used. A
flexible function block, defined in FF-894 FBAP part 5, is an application-specific
function block, whose input, output and contained parameters depend on its
algorithm. Flexible FBs are based on standards such as IEC 61131-3.
308 Modern Distributed Control Systems
Table 7.6 Summary of Function Blocks.
Function Blocks
H1 + HSE
Basic Process
Control
FF-891
Advanced Process Control
FF-892
Batch/Discrete/Hybrid Control
FF-893 and FF-894
Basic Function
Blocks
Analogue input AI
Analogue output AO
Bias & Gain B
Control Selector CS
Discrete Input DI
Discrete Output DO
Manual Loader ML
PD Control PD
PID Control PID
Ratio Control RA
Advanced Function Blocks
Analogue Alarm AAL
Arithmetic AR
Deadtime DT
Device Control DC
Input Selector IS
Integrator IT
Lead/Lag LL
Setpoint Ramp Generator
SPG
Signal Characterizer SC
Output Splitter OS
Timer TMR
Multiple Input/Output Blocks
Multiple Analog Input MAI
Multiple Analog Output MAO
Multiple Discrete Input MDI
Multiple Discrete Output MDO
Basic I/O Interfacing
Flexible Function Blocks
Application Specific
(IEC 61131-3)
Supervisory Data Acquisition
Batch Control
PLC Sequencing
Burner Management
Coordinated Driver
Advanced I/O Interfacing
Object Directory:
Foundation Fieldbus devices have an internal database, called Object Directory,
with data accessible via Parameter Numbers, Parameter Names or Device
Description-Items. The object dictionary is a structure or a lookup table in a fieldbus
device that describes data that can be communicated on the fieldbus. The device
functions are then made visible to the fieldbus communication system through the
user application VFD. VFD is a host application model for remotely viewing data
described in the object dictionary. The services provided by fieldbus messaging
enable the user to read and write information about the object dictionary, read and
write the data variables described in the object dictionary, and perform other
activities such as uploading/downloading data and invoking programs inside a
device. The VFD object descriptions and their associated data are accessed remotely
over the fieldbus network using VCRs.
Device Description (DD):
A second important feature of the Foundation Fieldbus user layer is device
descriptions. DD is a standardized description of the functions available in a device.
EDD is defined by the IEC 61804-2 International Standard. Because it actually
describes a device’s functions, the DD is a standard way that any host system can
learn about the capabilities of the device. Even if the device contains a brand new
309
capability never before seen in such a device, as long as the capability is included in
the DD, the host can access it. Thus, systems and devices, even those containing
completely unique functionality can interoperate by means of the DD. The DD is a
clear unambiguous structured text description that precisely describes the field device
data and operations to host systems. This text file is then passed to a tokenizer tool
that generates the binary DD used by the host. Figure 7.16 illustrates how the DD is
used to tell the host applications about the device capabilities.
Object description
of data
Pointer device
description of data
Extended Descriptions Associated with
the Data
Label of the parameter
Engineering units
How many decimal points to display
Help text
Parameter relationships
Calibration and diagnostic menus
DD
Data
Virtual Field Device
Measured_Value
75.70 m
3
/Hr
Host
Application
Standard DDs plus optional
incremental DDs
Device description
service library
Data are read from
the device over the
fieldbus
Descriptions are read
from the DD
Number of digits of
precision.
Engineering Unit.
Label
DD
DD
Figure 7.16 Role of DDs for extending object description.
7.5 Controller Area Network (CAN)
CAN was developed in the late 80s by Robert Bosch, [Ref 7], as a solution for
automotive engine control communication, but it later become a popular networking
solution in many distributed real-time systems. Nowadays CAN has gained
widespread use. It is currently used in industrial automation as well as in automotive
and mobile machines, and it is becoming more and more popular in other fields like
textiles, medical equipment and elevator controls. CAN is also inexpensive and easy
to operate and maintain. CAN controllers are available off-the-shelf at very low cost
from many semiconductor manufacturers. The following are examples of
applications of CAN in various industries:
Cars and truck engine control
310 Modern Distributed Control Systems
Non-passenger cars vehicles
Marine applications
Avionics systems network
Factory and building automation and other industrial control
Elevators and automatic doors
Medical equipment and operating rooms
7.5.1 CAN Physical Layer
The function of the physical layeristo transfer the bits from one destination to
another.
The CAN bus becomes an ISO standard for serial data communication, ISO
11898 for high speed up to 1Mbps and true plug and play, and ISO 11519 for low
speed up to 125 kbps. The main Features of ISO 11898 can be summarized as
follows:
Topology: Bus terminated on both sides.
Bus medium: twisted-pair cable.The CAN bus is a balanced (differential) 2-
wire interface running over either a Shielded Twisted Pair (STP), Unshielded
Twisted Pair (UTP) or Ribbon cable.
Transfer mode: serial asynchronous data transfer, multimaster capability,
baseband transfer, NRZ coding with bit-stuffing.
•Transmitter output level: differential similar to RS-485.
•Maximum number of nodes: up to 64 (practical limit).
Transmission Rates:
Cable length
in meters
40 100 200 500 6000
Bus speed in
kbps
1000 500 250 125 10
Current ISO implementations are based on twisted-pair cable. The two cable
lines are termed CAN-H and CAN-L,as shown in Figure 7.17. A dominant (logical
0) bit has CAN-H higher than CAN-L and a recessive (logical 1)bit, which has CAN-
H lower than CAN-L. This mechanism yields to a reliable data transfer, even in an
extremely harsh electrical environment.
311
CPU CPU
CAN
Controller
CAN
Controller
Node
1
Node
2
CAN_H
CAN_L Bus
termination
Bus
termination
Figure 7.17 CAN uses bus topology using terminated twisted pair cable.
The pin-out for the 9-pin D connector is shown in Table 7.7 below. Many of the
additional connector pin outs are used with CANopen and include: 10-pin header [5 x
2 multipole], RJ10 [Modular Connector Jack], RJ45 [Modular Connector Jack], 5-pin
mini [circular], 5-pin micro [circular], Open Style and others.
Table 7.7 9 Pin (male) D-Sub CANbus PinOut.
Pin # Signal
Names
Signal
Description
1Reserved Upgrade Path
2CAN_L Dominant Low
3CAN_GND Ground
4Reserved Upgrade Path
5CAN_SHLD Shield, Optional
6GND Ground, Optional
7CAN_H Dominant High
8Reserved Upgrade Path
9CAN_V+ Power, Optional
312 Modern Distributed Control Systems
7.5.2 CAN Data Link Layer
CAN handles the lower two layers of the ISO reference model in a similar
structure to IEEE802.3 format. It defines a physical, MAC and LLC layers. The
CAN Standard defines a few different message types, arbitration rules for bus access
and methods for fault detection and fault confinement. The following are the main
features of the data link layer:
Bus Access Procedure: non-destructive CSMA/CD, bit-wise arbitration.
A non-destructive bitwise arbitration is used to control access to the bus.
Message length: 0-8 data bytes.
Message addressing: there is no explicit address in the messages; instead,
each message carries a numeric identification code value, which controls its
priority on the bus.
Error handling: an elaborate error handling scheme that results in
retransmitted messages when they are not properly received. There are
effective means for isolating faults and removing faulty nodes from the bus.
The Medium Access Control sub-layer of the DLL controls frames, checking
and signaling for errors, performing the needed operations for accessing the bus,
discovering faults and signaling for them. The Logical Link Control sub-layer of the
DLL has to filter incoming messages, provide services for data transfer and data
requests and provide a means for recovery management and overloading notification.
The MAC sub-layer uses CSMA/CD as Ethernet, but they differ in the way the
collision is handled. If a collision is detected in the Ethernet, all transmissions are
aborted, each transmitting station performing Backoff, and then trying to transmit
again after a random period of time. There is no guarantee for any computer that the
bus will be free the next time and that there will be no collision. Theoretically, there
is no an upper bound for the latency of the bus access.
CAN uses CSAM/CD with a Non-Destructive Bitwise Arbitration mechanism,
which ensures a low latency in a bus allocation for "important" messages, and also
maximal bus utilization. In contrast with the Ethernet, the CAN communication is
data-oriented (or content-oriented), and not destination-oriented. This means that
frames are not sent to a specific destination, but they are identified according to the
data they carry. The frame identifier defines also the data priority. When two nodes
start transmission at the same time, they cannot discover the problem until one of
them tries to transmit 0 (dominant bit) and the second, 1 (recessive bit). In this case,
what actually goes on the line is 0, and the node that tried to transmit 1 monitors 0
and recognizes a collision. In response, it stops the transmission immediately. The
node that tried to transmit 0, monitored 0, and thus did not sense any problem and
313
continued transmitting. It is important to mention that the identifiers of the data are
unique and that it is impossible for two nodes to transmit data with the same
identifier. This mechanism is illustrated in Figure 7.18, where nodes 1,2 and 3 start
transmission at the same time. But when node 2 sends a 1 at bit number 5 of the
identifier, the bus level was 0 (the dominant bit); accordingly, node 2 aborts
transmission and begins listening to the bus waiting for it to be free. Similarly, node
1 detects a collision at bit 2 of the message identifier and had to abort its transmission
as well. The node 3 transmission was not affected by the simultaneous transmissions
from node 1 and node 2 and so it continued to transmit its message.
10 9 8 7 6 5 4 3 2 1 0
S
O
F
R
T
R
Control
Field
Data
Field
Node 1
Bus-level
Node 2
Node 3
Listening only
Listening only
Identifier
recessive
dominant
Figure 7.18 CSMA/CD with non-destructive bitwise Arbitration.
The frame format is different from the Ethernet structure. There are two frame
formats in the CAN 2.0 Standard frame format, CAN 2.0A(compatible with CAN
1.0), and extensible to frame format CAN 2.0B. The first one uses an 11 bit identifier
field, while the later uses an additional 18 bits identifier field. For the 11 bit
identifier, up to 2,048 different messages per system can be defined. This number is
more than sufficient in most applications. Each frame starts by a single SOF bit, and
ends with 7 recessive bits. The data field can be from 0-8 bytes. The frame also
contains a 15-bit error checking field using Cyclic-Redundancy Check (CRC) and
other predefined bits and fields, as shown in Figure 7.19.
314 Modern Distributed Control Systems
11 bit
identifier
R
T
R
DLC 0- 8 bytes
Data
15 bit
CRC
Arbitration field Control Data field CRC field ACK EOF
Bus
idle Bus idle
I
N
T
EOF
I
D
E
r
b
0
S
O
F
(a)
11 bit
Identifie
r
16 bit
Identifier
R
T
R
DLC 0- 8 bytes
Data
16 bit
CRC
CRC
Delimiter
ACK
Delimiter
ACK
Slot
CRC
Delimiter
ACK
Delimiter
ACK
Slot
Message Frame
Arbitration field Control Data field CRC field ACK EOF
Bus
idle Bus idle
EOF
I
N
T
r
b
0
S
O
F
S
R
R
I
D
E
r
b
1
(b)
Data Frame Formats: (a) Standard Frame Format ; (b) Extended Frame
Format
Figure 7.19 Frame structure in (a)CAN 2.0A, and (b) CAN 2.0B.
SOF: start of frame; RTR: remote transmission request; DLC: data length code;rb0:
reserved bits ;IDE: identifier extension bit; EOF: end of frame
One of the most important features of the CAN technology is the guaranteed
maximal latency for bus access that makes it the choice for real-time systems.
Another powerful feature of CAN is its overall error checking mechanism, which
includes a number of fixed bits to validate the frame structure: the CRC, node to
node protocol, error monitoring and confinement mechanisms. CAN provides a high
level safety, even when working in a harsh environment.
7.5.3 CAN Higher Layers Protocols
The CAN protocol only specifies the first two layers of the OSI network model,
which is concerned with the process of transporting small packets of data from point
A to point B using a shared communications medium. The CAN protocol contains
315
nothing on topics such as flow control, transportation of data larger than can fit in an
8-byte message, node addresses, establishment of communication, etc. These topics
are covered by a HLP (higher layer protocol). Since 1994, several higher-level
protocols have been standardized on CAN, such as CANopen in Europe and
DeviceNet in North America.
A brief introduction to DeviceNet bus is given in Section 7.7.5, and a summary
of CANopen is given in Appendix 7.A.
7.6 PROFIBUS
PROFIBUS (Process Field Bus) is one of the leading open fieldbus systems in
Europe, and is widely used worldwide in manufacturing, process industry and
building automation. The PROFIBUS architecture is traditionally divided into three
compatible variants, as depicted in Figure 7.20:
1. PROFIBUS DP (DP = Decentralized Periphery, for rapid cyclic data traffic for
discrete automation )
2. PROFIBUS FMS (FMS = Fieldbus Message Specification, for asynchronous
data traffic with large amounts of data)
3. PROFIBUS PA (PA = Process Automation requiring fieldbus power and
Intrinsic safety)
These three variants were designed to meet a variety of application
requirements. PROFIBUS can be used for both high-speed, time-critical data
transmission between controllers and I/O, and for complex communications between
programmable controllers.
PROFIBUS was defined during 1991-1993 in DIN 19245, and was included in
EN 50170 and IEC 1158-2 in 1996. Since 1999, it has become IEC 61158/IEC
61784.PROFIBBUS technology is developed and administered by the PROFIBUS
User Organization (http://www.profibus.com/home/), with a membership of more
than 600 manufacturers, users and research institutions.
PROFIBUS currently features five different transmission technologies, all of
which are based on international standards:RS485/RS485-IS, MBP/MBP-IS(“IS”
stands for intrinsic safety protection) and fiber optics.
316 Modern Distributed Control Systems
PC
CNC
Field
Bus
Bus cycle
time
<10 msec
Cell
Level
Bus cycle
time
<100 msec
Factory
Level
Bus cycle
time
<1000 msec
PROFIBUS - FMS
Area
Contro ller
MMS, TCP/IP Backbone
Drives I/O Valves Field
devices
Field
devices
Trans
mitters
PC
PROFIBUS - PAPROFIBUS - DP
-
DCS
PLC
HOST
Figure 7.20 Hierarchy of the PROFIBUS PA, DP, and FMS.
7.6.1 PROFIBUS Protocol Architecture
The PROFIBUS PA and DP communication stack consists of only 3 OSI layers:
the physical layer, the data link layer, and the application layer, in addition to a user
layer, as shown in Figure 7.21. The data link layer is known as Fieldbus Data Link
(FDL). The FDL layer and the application layer are the same for PROFIBUS PA and
DA.
317
PA Devices
SEMI
PROFIdrive
Ident
Weighin g &
Dosage
Common application profiles (optional):
I&M functions , P ROFIsafe, Time stamp, Redundan cy, etc.
IEC 61158/61784
FDL
RS 485 NRZ
RS 485-IS Intrinsic Safety
MBP: Manchester bus
powered
MBP-LP: low power
MBP-IS: intrinsic safety
Fiber glass multi mode
Optics: glass single mode
PCF/Plastic Fiber
Descriptions (GSD, EDD)
Tools (DTM, Configurators)
Master Conformance Classes
Interfaces (Comm-FB, FDT, etc.)
Constraints
Application
Profiles II
Application
Profiles I
Transmission
technologies
Integration
technologies
System
Profiles 1...X
User
Layer
Application
Layer
Data Link
Layer
PROFIBUS DP
Communication
protocols
DP-V0... V2
SRD, SDN, etc
Lower Layers
Interface
Profibus Message
specific ations
Encoder
Figure 7.21 Protocol architecture of PROFIBUS.
The FDL services combine two common schemes, master-slave methodology
and token passing. In a master-slave network, masters (usually the controllers) send
requests to slaves, sensors and actuators. The slaves respond accordingly.
PROFIBUS also includes token passing for multi-master configurations. In the token
passing communication scheme a “token” signal is passed between masters. Only the
master with the token can communicate with other masters or access its assigned
slaves. Communication occurs on a peer-to-peer basis for data communication or on
a multi-cast basis for control commands. Cyclic polling may also be used for data
communication between the master and its designated slaves. DP also offers acyclic
communication services for the parameterization, operation, monitoring and alarm
handling.
On the application layer, there are multiple versions of PROFIBUS that handle
different types of messaging. Some of the types of messaging that PROFIBUS
supports include cyclic and acyclic data exchange, diagnosis, alarm-handling and
isochronous messaging.
Isochronous transmission is used for periodic, continuous communication
between the host and the device, usually involving time-relevant information such as
318 Modern Distributed Control Systems
audio or video data streams. Isochronous transfers do not support error detection or
retry. With isochronous transfers, the bus guarantees bandwidth with time-based
delivery of data packets. Isochronous transport guarantees that a transmission is
completed within a given amount of time, but it does not guarantee that the
transmission is received error-free.
On the user layer, the devices and applications are modeled using application
profiles. The term profile ranges from just a few specifications for a specific device
class to comprehensive specifications for applications in a specific industry. A
distinction is then drawn between general application profiles with implementation
options for different applications. This includes, for example, the identification and
maintenance (I&M) functions, PROFI safe, redundancy, and time stamp.
Moreover,it includes specific application profiles, which are developed fora specific
application, such as PROFI drive and Process Automation (PA). PROFIBUS offers a
wide range of such application profiles, which allow application-oriented
implementation.
In PROFIBUS-FMS, layers 1, 2 and 7 are defined as well. The application layer
consists of FMS (Fieldbus Message Specification) and LLI (Lower Layer Interface).
FMS contains the application protocol and provides the user with a wide selection of
communication services. LLI implements communication relationships and provides
FMS with device-independent access to layer 2.
7.6.2 PROFIBUS-PA
PROFIBUS-PA (Process Automation) is designed specifically for process
automation, using the international standard for the fieldbus’ physical layer (IEC
1158-2, IEC61158-2) for bus-powered sensors and actuators to be operated in
intrinsically safe areas. PROFIBUS-PA uses the extended PROFIBUS-DP protocol
for data transmission. Using the IEC 1158-2 physical layer, field devices can be
powered over the bus in an intrinsically safe circuit so that explosive sparks are not
created, even if a malfunction occurs. The main features of the PA bus aregiven in
Table 7.8. The disadvantage of this variant is the slower data transmission rate of
31.25 kbit/s.
Manchester-Coding and Bus Powered Technology (MBP):
The MBP media was designed specifically for use in PROFIBUS PA. It permits
transmission of both data and power. MBP is a synchronous, Manchester-coded
transmission with a defined transmission rate of 31.25 Kbit/s.
The MBP-IS version is frequently used in process automation as it satisfies the
key demands of the chemical and petrochemical industries for intrinsic safety and for
powering buses using two-wire technology. MBP transmission technology is usually
limited to a specific segment (field devices in hazardous areas). MBP transmission
319
supports up to 32 stations per segment and a maximum of 126 per network.
Table 7.8 Characteristic features of IEC 1158-2 transmission technology
Data transmission Digital, bit-synchronous, Manchester coding
Transmission speed 31,25 kbit/s, Voltage Mode
Data security Preamble, error-proof start and end delimiter
Cable Two wire shielded twisted pair cable
Remote powering Optional, via data lines
Explosion protection
classes
Intrinsically safe (EEx ia/ib) and encapsulation (EEx
d/m/p/q)
Topology Line and tree topologies, or a combination
Number of stations Up to 32 stations per line segment, maximum total of
126
Repeater Can be expanded with up to 4 repeaters
Cable length 1,900 m
Since PROFIBUS-PA uses the same communications protocol as PROFIBUS-
DP, devices on both networks can communicate safety data without having to worry
about bridges or gateways. PROFIBUS-PA devices can be integrated in PROFIBUS-
DP networks by the use of segment couplers. Segment couplers are signal converters
that modulate the DP RS485 signals to the MBP signal level and vice versa. They are
transparent from a bus protocol’s point of view. In contrast, links, like bridges,
provide more intelligent functionalities. They virtually map the entire field devices
connected to the MBP segment into the RS485 segment as a single slave.
For applications requiring high availability, PROFIBUS-PA can be configured
in a ring architecture that ensures communication, even if part of the network cable is
disabled due to a short circuit or physical damage. Figure 7.22 illustrates a ring
architecture,which uses Active Field Distributors (AFD) to integrate field devices via
short-circuit-proof spur line connections in a PROFIBUS-PA ring with automatic bus
termination. This ensures that, in the case of a break in the ring, the end of the
remaining segment is terminating so that network communication can continue.
320 Modern Distributed Control Systems
Short-circuit or
Wire break on trunk line
PROFIBUS PA
DP/PA Red undant Link
PROFIBUS DP
Automatic Bus Termination
AFD AFD AFD
Figure 7.22 Ring Redundancy on PROFIBUS PA with Active Field Distributers.
7.6.3 PROFIBUS-DP
PROFIBUS-DP (Decentralized Peripherals) is designed for high speed, cost-
effective communication between industrial controllers and distributed I/O for fast,
cyclic data exchange with field devices. On a PROFIBUS-DP network, central
controllers, such as PLCs or PCs, communicate with distributed field devices (such
as I/O devices, drives, and valves) via a high-speed serial link. Most of the data
communication with these distributed devices is done in a cyclic manner.
RS485/RS485-IS is the physical layer most frequently used in PROFIBUS
applications. Baud rates of 9.6 kb/s to 12 Mb/s can be used, and one transmission
speed is selected for all devices on the bus when the system is commissioned. Up to
32 stations can be attached to each segment without repeaters, and up to 127 stations
can be attached with repeaters. The operating distance ranges from 100 m at 12Mbps
to 1200 m at 9.6 kbps. With electrical transmission pursuant to EIA-485, twisted pair
cables with impedances of 150 ohms are used in a bus topology. The cable length
between two repeaters is limited to 100 to 1,200 m, depending on the bit rate used.
RS485-IS transmission technology enables the use ofRS485 with its fast
transmission rates within intrinsically safe areas. A PROFIBUS guideline is available
for the configuration of intrinsically safe RS485 solutions with simple device
interchangeability. The interface specification details the levels for current and
voltage that must be adhered to by all stations in order to ensure safe operation
during interconnection. When connecting active sources, the sum of the currents of
all stations must not exceed the maximum permissible current.
321
PROFIBUS-DP uses layers 1, 2, and 7 of the OSI model, plus the user layer
(Figure 7.20). Layers 3 to 6 of the OSI model are not defined. The application layer
gives access between the user interface and layer 2. The user interface specifies both
application functions that are available to the user and system and device behavior of
the PROFIBUS-DP device types.
Fiber optic is available physical media for PROFIBUS-DP. Star-, bus- and ring-
topologies are used with optical transmission via fiber optics. The distance between
the repeaters varies depending on the FO mode. For 62.5/125 μm multimode FO
cables, it is about 2600m. The ring topology can also be executed redundantly.
A summary the differences and similarities between the PROFIBUS PA and DP
is given in Table 7.9.
Table 7.9 Summary of the Main features of PROFIBUS PA and DP.
Features PROFIBUS- DP PROFIBUS- PA
Typical Applications Process, Factory Process, Smart
Data Rate bits/s To 1.5M and 12M 31.25K
Communication Technique Master/Slave, Peer
to Peer
Master/Slave, Peer to
Peer
Media Access Method Token Passing Token Passing
Media Supported Twisted Pair Twisted Pair
Max. No. of Addressable
Nodes 127 per network 127 per network
Intrinsically Safe No Yes
Bus Powered? No Yes
Physical Layer Standard RS485/ RS485-IS MBP/MBP-IS
7.6.4 PROFIBUS-FMS
PROFIBUS-FMS was designed for general purpose communication primarily
between programmable controllers, such as PLCs and PCs. FMS contained an
application layer with communication service available to the user. These services
made it possible to access variables, transmit programs,transmit events and control
program execution. PROFIBUS-FMS defines a communication model in which
distributed application processes can be unified into a common process by using
322 Modern Distributed Control Systems
communication relationships.
Layer 2 (the FDL) implements bus access control and data security. RS-485 and
the fiber-optic physical layers are available for PROFIBUS-FMS. Unfortunately,
being the initial effort of PROFIBUS designers, the FMS technology was not as
flexible as needed. This protocol was not appropriate for less complex messages or
communication on a wider, more complicated network. New types of PROFIBUS
would satisfy those needs. PROFIBUS FMS is still in use today, though the vast
majority of users find the newer solution, ProfiNet, to be more appropriate.
7.6.5 PROFIBUS Application Layer
PROFIBUS supports four data transmission services: 1) send data with no
acknowledge (SDN); 2) send data with acknowledge (SDA); 3) send and request data
with reply (SRD); and 4) cyclic send and request data with reply (CSRD).
PROFIBUS–DP, however, supports only SDN and SRD services.
With the confirmed service SRD, a source station can send a maximum of 246
bytes to a selected destination. The latter in its response message (necessary to
confirm the arrival of the data) can include up to 246 bytes. In this way, SRD realizes
a confirmed bilateral data exchange between the two stations. SDN is an
unconfirmed service by means of which a source station can send a maximum of 246
bytes. The destination in this case can be one or more of the stations present on the
fieldbus. This service is mainly used either for broadcast or multicast transmissions,
since it does not generate confirmation messages.
The application layer provides a set of predefined messages to meet the various
data exchange requirements by the user applications. Data exchange with the
distributed devices is primarily cyclic. The communication functions required for this
are specified through the DP basic functions (version DP-V0). Geared towards the
special demands of the various areas of application, these basic DP functions have
been expanded step-by-step with special functions, so that DP is now available in
three versions, DP-V0, DP-V1 and DPV2, each with its own special key features. All
versions of DP are specified in detail in IEC 61158 and 61784.
The key contents of the three versions are as follows:
1. DP-V0 provides the basic functionality of DP, including cyclic data exchange
and station diagnosis, module diagnosis and channel specific diagnosis.
2. DP-V1 contains enhancements geared towards process automation, in
particular acyclic data communication for parameter assignment, operation,
visualization and alarm handling of intelligent field devices, parallel to cyclic
user data communication. This permits online access to stations using
engineering tools. In addition, DP-V1 defines alarms. Examples for different
323
types of alarms are status alarm, update alarm and a manufacturer - specific
alarm.
3. DP-V2 contains further enhancements and is geared primarily towards the
demands of drive technology. Due to additional functionalities, such as
isochronous slave mode and slave-to-slave communication, the DP-V2 can also
be implemented as a drive bus for controlling fast movement sequences in
drive axes.
7.6.6 PROFIBUS User Layer Applications
Profiles are used in automation technology to define specific properties and
behaviors for devices, device families or entire systems. The term profile ranges from
just a few specifications for a specific device class to comprehensive specifications
for applications in a specific industry. The generic term for all profiles is application
profiles.
Only devices and systems using a vendor-independent profile provide
interoperability. Some application profiles are widely used in industry. For example,
PROFI drive was created for motion control applications. Software added to the
PROFIBUS-DP specification allows the network to achieve precise control of servo
motors and other equipment. Thus, PROFIdrive can achieve synchronization across
the network.
There are two types of profiles, general application profiles with
implementation options for different applications (e.g.,Identification and
Maintenance (I&M)and PROFIsafe); and specific application profiles, which are
developed fora specific application, such as PROFIdrive, SEMI (Semiconductor
Equipment and Materials International)or Process Automation (PA) devices, etc.
PROFIBUS offers a wide range of such application profiles, which allow
application-oriented implementation. The profile for PA devices defines all functions
and parameters for different classes of devices for process automation with local
intelligence. They can execute part of the information processing or even take over
the overall functionality in automation systems. The profile includes all steps of a
typical signal flow from process sensor signals to the preprocessed process value that
is communicated to the control system. The PA profile follows the IEC61804
standard device model using function blocks. A device model according to
IEC61804-2 includes physical block, transducer block, and function blocks. The
following are some examples of popular device/application profiles:
PROFIdrive: the profile specifies the behavior of devices and the access
procedure to parameters for variable-speed electrical drives on PROFIBUS-DP.
PA devices: the profile specifies the data formats for cyclic data exchange and
324 Modern Distributed Control Systems
the characteristics for process engineering of devices for process automation. The
specification for PA devices uses a function block model in accordance with IEC
61804 to represent functional sequences, as shown in Figure 7.14.The blocks are
implemented by the manufacturers as software in the field devices and, taken as a
whole,represent the functionality of the device.
Robots/NC: the profile describes how handling and assembly robots are
controlled via PROFIBUS.
Panel devices: the profile describes the interfacing of simple human machine
interface devices (HMIs) to control components.
Encoders: this profile describes the interfacing of rotary, angle, and linear
encoders with single-turnor multi-turn resolution.
Fluid power: the profile describes the control of hydraulic drives via
PROFIBUS.
SEMI: the profile defines models of devices for semiconductor production such
that they comply with the PA model and the SEMI model.
Low-voltage switchgear: the profile describes data exchange for low-voltage
switchgear like circuit breakers, switches and starters.
GSD :
GSD is an abbreviation for the German term Gerätestammdaten. A GSD is the
device database file (also called ‘device datasheet ’) for PROFIBUS devices. The
GSD file, which is provided by the device manufacturer, contains a description of the
device. GSD files provide a way for an open configuration tool while reading the
device information and recognizing the device characteristics. The format of the GSD
file is clearly defined by the PROFIBUS standard. The configuration tool the GSD
files into its internal data base and takes all characteristics of the individual devices
into account. The advantage is that the configuration is very simple and can be done
by a vendor-independent configuration tool. The GSD files are more limited than
DDLs in the descriptions they provide.
7.6.7 PROFINET
ProfiNet is an Ethernet-based open standard networking solution for
automation using the PROFIBUS model. PROFINET has a much broader reach than
PROFIBUS and can enable better networking plant-wide. It integrates readily with
IT infrastructures and with the Internet. It embraces PROFIBUS and competing field
buses so that existing investments in skills and equipment can be retained during any
migration to an Ethernet-based future.
325
Strategic links with PROFIBUS include common infrastructure, common
engineering platforms, common quality assurance and common application profiles.
It also utilizes similar or near identical engineering, operations and maintenance
techniques and it can support similar applications-specific profiles such as functional
safety and motion control.
PROFINET fully supports TCP/IP communications while delivering a scalable
real time solution. This ability to fully support all required applications areas - the
ability to 'talk' across networks and upwards into IT, plus the real time functionality
needed for factory floor automation and motion control ensures that PROFINET can
meet all the needs of a wide range of manufacturing applications.
PROFINET is an open standard for industrial networks based on the Profibus
model. It supports both cyclic and acyclic data transfer within a modular, component
based architectural concept. The standardization of application functions (based on
software modules) plays a particularly important role. PROFINET uses the following
standards:
a) Standard IEEE 802.1
b) Ethernet TCP/IP and UDP Protocols
c) Specialized real time protocols
d) COM component model
e) DCOM application level
f) XML based Device Description (GSD General Station Description)
g) Network management
h) Strong integration of PROFIBUSin the object model via proxy
One of the important features of ProfiNet is its adaptation of the Ethernet based
communication to meet the real-time requirements for automation application.
PROFINET offers the following three performance levels:
TCP/UDP and IP for data that are not time critical, such as parameter
assignment and configuration data.
SRT (Soft Real Time) for time-critical process data in factory automation.
IRT (Isochronous Real Time) communication for particularly challenging
application requirements, such as those for motion control.
The first one supports the communication protocols for the IT applications as
explained in detail in the previous chapter. The SRT is suitable for real-time
applications in manufacturing automation requiring update, or response times, in the
range of 5 to 10 msec. This was achieved by using an optimized real-time
communication channel based on Ethernet (layer 2) by eliminating several protocol
326 Modern Distributed Control Systems
layers and reducing the message frame length. In addition, packet traffic in this
channel is assigned higher priority according to IEEE 802.1Q.
The IRT is intended for those applications requiring update rates in the range of
1 msec along with a jitter for consecutive update cycles of less than 1 µsec. To satisfy
these stringent requirements, PROFINET defines the IRT time slot-controlled
transmission process on layer 2. This means every device knows exactly in which
time slot it is allowed to send data over the bus. The communication cycle is split
into a deterministic part and an open part. The critical cyclic real-time message
frames are dispatched in the deterministic channel, while the TCP/IP message frames
are transported in the open channel. Isochronous data transmission is realized based
on hardware using dedicated IC chips.
The implantation of the real-time and the IP TCP/UDP protocols is illustrated in
Figure 7.23.
Figure 7.23 PROFINet communication stack.
PROFINet offers two alternatives for integrating fieldbus systems:
Integration of fieldbus devices by means of proxies: The proxy is the
representative for the lower level field devices on the Ethernet. Through the
327
proxy principle, PROFINET offers a completely transparent transition from
existing to newly installed plant units.
Integration of whole fieldbus applications: a fieldbus segment represents a
self-contained component. The representative for this component is the
PROFINET device that operates a fieldbus such as PROFIBUS-DP at a lower
level. The entire functionality of a lower-level fieldbus is thereby
implemented in the form of a component in the proxy, which is available on
the Ethernet.
7.6.8 PROFIsafe
For safety applications, PROFIBUS International developed PROFIsafe to
handle the transmission of safety-related information on PROFIBUS and
PROFIBUS. PROFIsafe is a comprehensive, open fieldbus solution for safety-
relevant applications without the use of a second relay-based layer or proprietary
safety buses. It follows the IEC 61784-3-3 recommendations for Functional safety
fieldbuses. PROFIsafe defines how fail-safe devices (emergency stop push buttons,
light curtains, level switches, etc.) can communicate over PROFIBUS with failsafe
controllers in such a manner that they can be used for safety-relevant automation
tasks up to category 4 compliance with EN 954 (ISO 13849) or SIL3 (Safety
Integrity Level) according to IEC 61508. It implements safe communications over a
profile, i.e., over a special PROFIsafe data frame and a special protocol. PROFIsafe
is a single-channel software solution that is implemented in the device as an
additional layer above layer 7, as shown in Figure 7.23.
This network extension is useful in situations where high safety is a
requirement. For suppliers and manufacturers to be certified in PROFIsafe, they must
maintain high standards in quality.
PROFIsafe extends the standard Profibus communications protocol to address
special requirements for safety-related information necessary to conform to strict
safety standards. For example, PROFIsafe adds elements, such as message
numbering and data consistency checks, to rule out typical network messaging faults,
enabling networked safety devices to meet the reliability requirements of Safety
Integrity Levels(to SIL3) prescribed by international safety standards. Since
PROFIsafe is built into the communications protocol, it can be used by devices
connected to any Profibus medium, including PROFIBUS-DP and PA, as well as
Profinet. This single-bus approach is especially useful in industries such as food and
beverage and pharmaceuticals, where machine safety plays an important role.
328 Modern Distributed Control Systems
Figure 7.24 PROFI safe layer checks integrity of Fail Safe devices along side the
Profibus or Profinet communication.
Devices with the PROFIsafe profile can be operated in tandem with standard
devices without restriction on the same bus (cable), see Figure 7.24. PROFIsafe takes
advantage of the acyclic communication (DP-V1) for full maintenance support of the
devices and can be used with RS485, fiber-optic or MBP transmission technology.
This ensures both fast response times (important for the manufacturing industry) and
low power consumption with intrinsically safe operation (important for process
automation).
Figure 7.25 F-Devices can be operated in tandem with standard devices.
Safety
Layer
Safety
Layer
Standard
PROFIBUS
Or PROFINET
protocol
Standard
PROFIBUS
Or PROFINET
protocol
Standard
application,
e.g. diagnosis
Safety
application
Safety
application
Standard
application,
e.g. diagnosis
PROFIsafe Layer
329
7.7 More Fieldbus Solutions
There are dozens of other device network solutions for industrial automation. In
the previous sections, the most relevant solutions for process industry and DCSs were
covered. In this section, the main features of additional industrial fieldbus solutions
are presented.
7.7.1 Actuator Sensor Interface (ASi)
ASi is a communication bus targeted at simple remote switched inputs and
outputs under supervision of a single master industrial computer or PLC. The master
polls the network by issuing commands and receiving and processing replies from
the slaves. It is based on a low-cost electromechanical multidrop connection system
designed to operate over a two-wire cable, over a distance of up to 100 m. It is
standardized in (CENELEC EN 50295, IEC 62026-2).
7.7.2 INTERBUS
INTERBUS was developed for distributed inputs and outputs under a PLC
control. It complies with the OSI model and has been standardized by CENELEC
(EN 50254, 1998a).INTERBUS uses a ring topology with a master station (PLC) and
up to 256 slave stations. Twisted pairs are used, but fiber-optic cable may be used
easily. In INTERBUS, most of the traffic is cyclic or periodic, with a single period
for all traffic. INTERBUS is targeted to remote inputs and outputs for time-triggered
applications.
7.7.3 WorldFIP
Field Instrumentation Protocol (FIP) is a European standard (CENELEC,
1996a). Its physical layer conforms to the fieldbus international standard (IEC
61158-2). FIP assumes that most of the traffic is cyclic or periodic. In this case, each
transfer is from a producer to a number of consumers. The network requires a central
medium access controller, the distributor or bus arbiter. For reliability purposes,
redundant bus arbiters can be added. Acyclic traffic can also be scheduled by Arbiter.
FIP supports two transmission media: shielded twisted-pair and fiber optics. Up to 64
stations can be connected without repeaters. The data link layer provides two types of
transmission services, those for variable exchange and those for message transfer
variables are exchanged according to the producer–distributor–consumer model and
identified by a unique 16-bit identifier known from the producer and consumer. The
identifier is not related to any physical address. Each message holds its source and
destination addresses. These addresses are 24 bits long and identify the segment
number and address of the station on the segment.
330 Modern Distributed Control Systems
7.7.4 LonWorks
LonWorks is a networking platform specifically created to address the needs of
building Automation such as lighting and HVAC. The platform is built on a protocol
created by Echelon Corporation for networking devices over media such as twisted-
pair, power-lines, fiber optics and RF. The protocol was ratified as an official
standard by a number of national and international standards setting bodies, including
ANSI, IEEE, CEN and EN. In January 2009, the protocol underlying the LonWorks
platform was ratified as a global standard for building controls. It is now formally
known as ISO/IEC 14908-1.
Two physical layer signaling technologies, twisted-pair "free topology" and
power-line carrier, are typically included in each of the standards created around the
LonWorks technology. The two-wire layer operates at 78 kbit/s using differential
Manchester encoding, while the power-line achieves either 5.4 or 3.6 kbit/s.
In addition, the LonWorks platform uses an affiliated IP tunneling standard
ANSI/CEA-852 in use by a number of manufacturers to connect the devices on
LonWorks-based networks to IP-aware applications or remote network-management
tools. The physical layer specification of the 78 kbps twisted-pair media with a 2000
m range, 64 nodes per network segment, and network isolation characteristics is an
example of a physical layer type of media. LonWorks technology provides many
different communications media options, including 1.25 Mbps twisted-pair, power-
line, fiber optic and RF transceivers. The data link layer services include, Error
Detection (CRC), flexible allocation of bandwidth, priority access mechanisms,
graceful behavior under overload (p-persistent CSMA), message collision avoidance,
optional collision resolution and collision detection. The physical layer and the data
link layer protocols are implemented on a single chip called Neuron Chip, which
facilitates implementation of the LonWorks on low cost devices.
7.7.5 DeviceNet FieldBus
Originally developed by Allen-Bradley, DeviceNet is managed by the Open
DeviceNet Vendors Association (ODVA), www.odva.org, an independent supplier
organization. DeviceNet is a low level network designed to connect industrial devices
(e.g., sensors, actuators) to higher-level devices (e.g., controllers). DeviceNet focuses
on the interchangeability of very low-cost, simple devices often used in
manufacturing applications, such as limit switches, photoelectric sensors, motor
starters, bar code readers, variable frequency drives, etc. DeviceNet is standardized in
IEC 61158. DeviceNet devices are certified for interoperability and conformance to
the DeviceNet standard by ODVA. The physical layer and the access to the
DeviceNet network is based on CAN technology, while the upper layers are based on
the Common Industrial Protocol (CIP), which defines architecture based on objects
and the connection between them.
331
SUMMARY
1. A fieldbus is a serial bus system designed for industrial real-time data
communication. It provides communication between a bus master and
remote slave stations, or distributed controllers and actuators/sensors.
2. Fieldbuses are designed for low latency and small packet sizes in general
in the range of 200-300 bytes.
3. In the HART protocol, the digital signal is coded as a low level FSK
signal, superimposed on the conventional 4-20 mA signal.
4. Bits are assembled in formatted messages. There are fourclasses of HART
messages:device-specific commands, common practice commands,
universal commands, and device family commands.
5. There are two approaches to device integration, EDDL and FDT. Both are
provided by the manufacturers. EDDL is written in text format, andit is
independent ofthe operating system and platform.
6. FDT is an executable device driver providing standard interface for host
application. FDT is based on MS Windows operating systems.
7. FOUNDATION Fieldbus H1 is optimized for process control
applications. It uses twisted-pair cable and operates at 31.25 kbps. The
DLL protocol supports polling and a form of token passing. It requires an
LAS for managing the bus communication activities.
8. FOUNDATION HSE is Ethernet-based automation backbone in tree
structures using intelligent switches.
9. The FOUNDATION user layer defines the device model based onfunction
blocks and object directories. It uses VFD models for remotely accessing
device data and device parameters in the object dictionary.
10. CAN bus describes the physical layer and the DLL of a high speed,
highly reliable device serial bus. It was optimized for automotive and
related applications. It is based on CSMA/CD with non- destructive bit
wise arbitration.
11. CANopen and DeviceNet use the CAN’s first two layers and introduce
two higher level layers; specifically, the application and user layers.
12. The CANopen user layer models devices using standardized device
332 Modern Distributed Control Systems
“profiles” and structured device directories.
13. The CANopen application layer services (PDOs and SDOs) are used by
the host applications to access the real-time data and device parameters
from the device object dictionary.
14. DeviceNet uses the CAN physical layer and CAN DLL (with
enhancements).
15. DeviceNet upper layers are based on the Common Industrial Protocol
(CIP). The CIP device model is based on standard profiles and device
object library. The CIP application layer defines a set of communication
services to the user layer. The services include a number of cyclic services
for real-time data, and explicit messages for non-real-time activities.
16. PROFIBUS provides several communication variants:process automation,
distributed discrete automation, FMS for backbone and large traffic, and
PROFInet, an Ethernet-based network with enhancements for real-time
applications, and support for TCP/UDP IP communication.
17. The PROFIBUS user layer offers a wide range of application profiles,
which allow fast and ready application-oriented implementation.
18. PROFIsafe is a single-channel protocol extension implemented in devices
and above layer 7, which addresses the special requirements for safety-
related communication necessary to conform to strict safety standards.
Although there are many fieldbus solutions, the situation will determine
which one is best. When selecting a network for a given application, there
are a number of parameters to consider: the physical medium, topology,
bit rate, power distribution for remote devices, and support for intrinsic
safety, master/slave vs. peer-to-peer, communication services and device
models.
333
References
[1] ANSI/ISA-61804-3 (104.00.01)-2007, Function Blocks (FB) for Process Control - Part 3:
Electronic Device Description Language (EDDL).
[2] ANSI/ISA-TR61804-4 (104.00.02)-2007, Function Blocks (FB) for Process Control - Part 4:
Electronic Device Description (EDD).
[3] Robert Bosch, CAN Specifications Version 2.0, BOSCH, Stuttgart, 1991.
[4] Jonas Berge, Fieldbuses for Process Control: Engineering, Operation, and Maintenance,
ISA, 2002.
[5] Frank J. Derfler, Guide to Connectivity, 2nd edition, Ziff-Davis Press, ISBN 1-56276-047-5
[6] Uyless Black, TCP/IP and Related protocols, McGraw-Hill Publishing, ISBN 0-07-005553-X
[7] William Stallings, Data and Computer Communications, 8/E, Prentice Hall, 2007.
[8] CANopen, high-level protocol for CAN-bus Version 3.0, H. Boterenbrood , NIKHEF, Amsterdam,
2000, http://www.nikhef.nl/pub/departments/ct/po/doc/CANopen30.pdf.
[9] N.P. Mahalik (Editor), Fieldbus Technology: Industrial Network Standards for Real-Time
Distributed Control, Springer, 2003.
[10] Wilfried Voss , A Comprehensible Guide to Controller Area Network, Copperhill Media
Corporation; 1st edition, 2005
[11] Olaf Pfeiffer, Andrew Ayre, Christian Keydel, Embedded Networking with CAN and CANopen,
Copperhill Media Corporation, 2008.
[12] Richard Zurawski (Editor), Industrial Communication Technology Handbook, CRC Press, 2005.
[13] Josef Weigmann and Gerhard Kilian, Decentralization with PROFIBUS DP/DPV1: Architecture
and Fundamentals, Configuration and Use with SIMATIC S7, Wiley-VCH, 2004.
[14] Fieldbus Comparison Chart, www.er-soft.com/files/ER-Soft--Fieldbus--Comparison--Chart.pdf
IEC Standards:
IEC 60079-11:1999, Electrical apparatus for explosive gas atmospheres – Part 11: Intrinsic safety “i”
IEC 60079-14:2002, Electrical apparatus for explosive gas atmospheres – Part 14: Electrical
installations in hazardous areas (other than mines)
IEC 60079-25, Electrical apparatus for explosive gas atmospheres – Part 25: Intrinsically safe systems
3
IEC 60079-27:2002, Electrical apparatus for explosive gas atmospheres – Part 27: Fieldbus
intrinsically safe concept (FISCO)
IEC 61010 (all parts), Safety requirements for electrical equipment for measurement, control and
laboratory use
IEC 61158:2003 (all parts), Digital data communications for measurement and control –Fieldbus for
use in industrial control systems
IEC 61158-2:2003, Digital data communications for measurement and control – Fieldbus for use in
industrial control systems – Part 2: Physical Layer specification and service definition
IEC 61158-3:2003, Digital data communications for measurement and control – Fieldbus for use in
industrial control systems – Part 3: Data Link Service definition
IEC 61158-4:2003, Digital data communications for measurement and control – Fieldbus for use in
industrial control systems – Part 4: Data Link Protocol specification
334 Modern Distributed Control Systems
IEC 61158-5:2003, Digital data communications for measurement and control – Fieldbus for use in
industrial control systems – Part 5: Application Layer Service definition
IEC 61158-6:2003, Digital data communications for measurement and control – Fieldbus for use in
industrial control systems – Part 6: Application Layer protocol specification
ISO/DIS 15745-3, Industrial automation systems and integration – Open systems application
integration framework – Part 3: Reference description for IEC 61158-based control systems.
ISO/IEC 8802-3:2001, Information technology - Telecommunications and information exchange
between systems - Local and metropolitan area networks - Specific requirements -Part 3: Carrier sense
multiple access with collision detection (CSMA/CD) access method and Physical Layer specifications
IEC/PAS 61499-1:2000, Function blocks for industrial-process measurement and control systems –
Part 1: Architecture
IEC/PAS 61499-2:2001, Function blocks for industrial-process measurement and control systems –
Part 2: Software tools requirements
IEC 61784 series of standards on Industrial communication networks - Profiles
IEC 61784-1 Industrial communication networks – Profiles – Part 1: Fieldbus profiles. This part of
IEC 61784 defines a set of protocol specific communication profiles based primarily on the IEC
61158 series, to be used in the design of devices involved in communications in factory manufacturing
and process control.
IEC 61784-2, Industrial communication networks – Profiles – Part 2: Additional fieldbus profiles for
real-time networks based on ISO/IEC 8802-3.
IEC 61784-3 (CPF18): Industrial communication networks - Profiles - Part 3: Functional safety
fieldbuses
IEC 61784-5, Industrial communication networks - Profiles - Part 5: Installation of fieldbuses
IEC 61804-1:2003, Function blocks (FB) for process control − Part 1: Overview of system aspects
IEC 61804-2: Function blocks (FB) for process control - Part 2: Specification of FB concept
IEC 61804-3: Edition 1.0 (2006-09), Function blocks (FB) for process control -Part 3: Electronic
Device Description Language (EDDL)
IEC 62453: Standardized communication between field devices and systems
IEC 62453-1:2009, Field Device Tool (FDT) interface specification – Part 1: Overview and guidance
IEC 62453-2:2009, Field Device Tool (FDT) interface specification – Part 2: Concepts and detailed
description
IEC/TR 62453-41:2009, Field Device Tool (FDT) interface specification – Part 41: Object model
integration profile – Common object model
IEC 62453-302:2009, Field Device Tool (FDT) interface specification – Part 302:Communication
profile integration.
HART Protocol Specifications:
http://www.hartcomm.org/protocol/about/about protocol_specs.html
Sample of the official documentations:
335
HCF-SPEC-11 HART - Smart Communications Protocol Specification
HCF_SPEC-13HART Communication Protocol Specification
HCF-SPEC-54 FSK Physical Layer Specification
HCF_SPEC-60 C8PSK Physical Layer Specification
HCF-SPEC-81 Data Link Layer Specification
HCF_SPEC-99 Command Summary Specification
HCF_SPEC-160 Device Families Command Specification
Tutorials about HART protocol: http://www.analogservices.com/about_part1.htm#Overview:
%20%20Protocol
CAN and its associated HLP:
Resources: http://www.canopensolutions.com/
Documentations: http://www.canopensolutions.com/english/about_canopen/profiles.shtml
Tutorials: http://www.educypedia.be/computer/datacommunicationbuscan.htm
Tutorials: http://www.nikhef.nl/pub/departments/ct/po/doc/CANopen30.pdf
CANopen, CiA Draft Standard 301, available from CAN in Automation, http://www.can-cia.org/
The CIP Networks Library currently includes the following network specification editions:
http://www.odva.org/default.aspx?tabid=79
Volume One: Common Industrial Protocol (CIP) Specification
Volume Two: EtherNet/IP Adaptation of CIP
Volume Three: DeviceNet Adaptation of CIP
Volume Four: ControlNet Adaptation of CIP
Volume Five: CIP Safety Specification
Volume Six: CompoNet Adaptation of CIP
Volume Seven: Integration of Modbus Devices into the CIP Architecture
Foundation Field Bus Documentations and Resources:
FOUNDATION Fieldbus Technical Overview, http://www.pacontrol.com/download/foundation-
fieldbus-overview.pdf
FF-581 System Architecture*
FF-890 Function Block Application Process -Part 1
FF-891 Function Block Application Process -Part 2
FF-892 Function Block Application Process -Part 3
FF-893 Function Block Application Process -Part 4
FF-894 Function Block Application Process -Part 5
FF-902 Transducer Block Application Process -Part 1
FF-903 Transducer Block Application Process -Part 2
TN-003 Profile & Profile Revision
FF-891Function Block Application Process –Part 2 specification.
IEEE 8023: Carrier Sense Access with Collision Detection.
IEEE-802-5:Token Ring Access Method. (www.ieee.org; IEEE, 445 Hoes Lane, Piscataway, NJ.
Organizations:
1. ISA International Society of Automation, www.isa.org
2. IEC International Electrotechnical Commission, www.iec.ch
3. IEEE Institute of Electrical and Electronic Engineers, www.ieee.org
4. HART Communication Foundation, www.hartcomm.org
5. Fieldbus Foundation http://www.fieldbus.org/index.html
6. NAMUR international user association of automation technology in process industries,
www.namur.de
336 Modern Distributed Control Systems
7. ODVA is international association of automation companies supporting network technologies
based on the Common Industrial Protocol (CIP), www.odva.org
8. PI (PROFIBUS & PROFINET International)global network of vendors, developers, System
Integrators and end users having a common interest in promoting, supporting and using
PROFIBUS and PROFINET. http://www.profibus.com/
9. FDT Group www.fdtgroup.org
10. Electronic Device Description Language (EDDL) technology group www.eddl.org
11. CENELEC: the European Committee for Electrotechnical Standardization,
http://www.cenelec.eu/Cenelec/Homepage.htm.
* CIP™ (Common Industrial Protocol), DeviceNet™ and CompoNet™ are trade names of Open
DeviceNet Vendor Association, Inc (ODVA), ControlNet™ is a trade name of ControlNet
International, Ltd.
EtherNet/IP™ is a trade name of ControlNet International, Ltd. and Open DeviceNet Vendor
Association, Inc.
EXERCISES
(Straight forward applications of the concepts of the chapter)
E7.1] HART is an acronym for _______________.
a) Highway Addressable Remote Transducers
b) High Alarm Rate Triggering system
c) Halfway Asynchronous Remote Transmission
d) Highway Asynchronous Ring Topology
E7.2] HART encodes the digital signal as_______________.
a) Manchester NRZ
b) 2200 Hz signal for 1 and 1200 Hz for 0
c) 2200 Hz for 0 and 1200 Hz for 1
d) Pulse width coded signal with an average of 4-20. mA
E7.3] Which is true about the HART messages?
a) Variable length, variable number of fields
b) Fixed length, variable number of fields
c) Variable length, fixed number of fields
d) Fixed length, fixed number of fields
E7.4] The command carried by a message is coded in _______________.
a) The Data field
b) The BC field
c) The CM field
d) Depends on the class of the command
337
E7.5] Which type of the HART commands can be used to retrieve the device serial number?
a) Device specific commands
b) Common practice commands
c) Universal commands
d) Determined by the manufacture
E7.6] Which is NOT true about the Electronic DD?
a) Written in Text format
b) Operating system and platform independent
c) Provided by the manufacturer
d) Executed by the device at run time.
E7.7] Which is NOT true about FDT?
a) Built on MS Windows
b) Written in a specific device description language
c) Executed by the host application
d) Provides access to the host resources as keyboard and display.
E7.8] Which is NOT true about the EDDL?
a) It is an ANSI/ISA/IEC standard
b) Improves user Interface with graphics and menus
c) Provides consistent look and feel based on device functions not device manufacturer
d) Supports Run time COM/DCOM
E7.9] Which is NOT true about FFB H1 physical layer?
a) Based on IEC61158 recommendations
b) Adjustable speed to accommodate slow and fast devices
c) Can be arranged in tree, bus or daisy chain topologies
d) Supports bus power devices & Intrinsic safety applications
E7.10] Which is NOT true about FFB H1?
a) Supports polling and token passing media access methods
b) Requires one active link master
c) Supports CSMA/CD for unscheduled alarm messages
d) Uses TD protocol to distribute time to the field devices
E7.11] In FFB, a device can send an alarm message over the field bus_____________.
a) At assigned time slots
b) Any time using CSMA media access control scheme
c) When it receive a PT
d) When it receives a CD message
E7.12] To connect three PLCs at distances of 30, 70, and 100 m from the control room_________.
a) Use HSE switch with twisted-pair cables
338 Modern Distributed Control Systems
b) On H1 link in a daisy chain
c) 3 H1 in a star point-to-point configuration
d) Use HSE and H1 in parallel for more reliability
E7.13] To connect a control valve 1800 m away use_______________.
a) HSE with fiber optic (FO) cable
b) HSE with repeaters
c) H1 with FO
d) H1 using STP
E7.14] FFB Application Layer consists of two sub-layers: _______________.
a) VCR and function blocks
b) FMS and DLL
c) FMS and FAS
d) VFD and FMS
E7.15] In FFB, which layer the VCR services belong to?
a) DLL
b) User Layer
c) FAS sub-layer
d) FMS sub-layer
E7.16] Which is NOT an FMS service?
a) Context management service
b) Upload/download
c) Device description (DD) invocation service
d) Event service
E7.17] The publisher/subscriber services are used for_______________.
a) Manufacturer/user information exchange
b) Device upload/download
c) Broadcast of alarm notification messages
d) Scheduled commands
E7.18] Which is NOT one of the user layer defined blocks?
a) Sensor block
b) Transducer block
c) Physical/resource block
d) Function block
E7.19] A PID block is a kind of _______________.
a) Sensor blocks
b) Transducer blocks
c) Physical/resource blocks
d) Function blocks
339
E7.20] In FFB, an AI function block is executed by _______________.
a) The host Asset Management software
b) DCS operator station
c) Field device
d) Link Active scheduler
E7.21] A PID block is a kind of _______________.
a) Sensor blocks
b) Transducer blocks
c) Physical/resource blocks
d) Function blocks
E7.22] Which is NOT a true feature of the CAN bus physical layer?
a) Uses UTP and STP cables
b) Bus transceivers are Differential input/output
c) Supports speeds up to 1 Mbps
d) Can be used for distances up to 6 km using single FO cable
E7.23] Which is a true feature of the CAN bus media access control?
a) Deterministic token passing
b) CSMA/CD with non destructive bit wise arbitration
c) CSMA with collision avoidance
d) CSMA with master arbitration
E7.24] In CAN bus, a station stops its transmission when it _______________.
a) Detects its transmitted dominant bit is not destroyed
b) Detects its transmitted recessive bit is not destroyed
c) Detects its transmitted recessive bit is destroyed
d) Detects its transmitted dominant bit is low
E7.25] In CAN 2.0 A/CAN 2.0B the message consists of _______________.
a) 4 fields
b) 6 fields
c) The number of fields depend on the message type
d) The number of fields depends on the data in the data field
E7.26] Which Profibus variant is recommended for regulatory process control?
a) Profibus-AP
b) Profibus-DP
c) Profibus-FMS
d) ProfiNet
340 Modern Distributed Control Systems
E7.27] Which is NOT true about Profibus-DP?
a) Based on RS485/RS485-IS
b) Supports bit rates up to 12 Mbps
c) Uses twisted par cables or FO cables
d) Provides MBP on the same signal cable
E7.28] To achieve deterministic update rates of order of 1 msec over Ethernet, ProfiNet
uses________.
a) The real-time protocol RTP over UDP
b) The real-time protocol RTP based on TCP
c) IRT time-slot controlled transmission
d) 1 Gbps Ethernet over FO cable.
E7.29] To achieve soft real-time update rates of order of 5 to 10 over Ethernet, ProfiNet
uses________.
a) Efficient implementation of TCP/IP protocols
b) 1 Gbps or higher versions of Ethernet
c) Uses IPv6
d) Eliminating layers 3-6 and using shorter message length
E7.30] Which is NOT true about CANopen?
a) PDO is an Application Layer service
b) PDOs are used to transfer device real-time data
c) PDOs are based on producer/consumer model
d) PDO is a Producer Dictionary Object
E7.31] Which is NOT a CANopen application layer service?
a) Network configuration and initialization
b) Service Data Object
c) Process Data Object
d) Device profiles
E7.32] Which is NOT true about DeviceNet?
a) Based on CAN physical layer
b) Transmits signal and power on the same twisted pair cable
c) Supports speeds up to 500 kbps
d) Network topology is based on a trunk line and drop lines.
E7.33] In DeviceNet, the message service for device configuration is called _______________.
a) Polled messages
b) Change of state methods
c) Cyclic messages
d) Explicit messages
341
E7.34] In DeviceNet, the message service for transmitting the process variables and control actions is
called________.
a) Polled messages
b) Change of state methods
c) Cyclic messages
d) Explicit messages
E7.35] In DeviceNet, the device model at the user layer consists of_______________.
a) Resource blocks and function blocks only
b) Profiles and object dictionaries
c) Client/Server model
d) Producer/Consumer model
PROBLEMS
(Problems extend the concepts of this chapter to new situations)
P7.1] Discuss the common features and differences between H1 Foundation Fieldbus and
PROFIBUS PA.
P7.2] Compare PROFIBUS DP and DeviceNet approaches for factory automation at all relevant
layers and discuss their application domains.
P7.3] Construct a summary table to compare H1, Profibus PA, Profibus DP, CAN, and DeviceNet
from the following aspects: transmission media, network topology, number of nodes, speed
of communication, maximum cable length, arbitration method, error checking, packet size,
bus power capability and the governing standards.
P7.4] Compare HSE and ProfiNet approaches for adapting Ethernet for real-time automation
applications.
DESIGN PROBLEMS
(Design Problems emphasize the design task)
D7.1] Consider a simple flow control system consisting of a flow transmitter, a control valve, and a
PID controller as shown in Figure 7.14. Search the Internet for detailed description of the
AI,AO, and the PID function blocks, and explain how to connect the function blocks inputs
and outputs together in each device to implement a closed loop control system for flow
regulation.
342 Modern Distributed Control Systems
TERMS AND CONCEPTS
Acyclic Period
The acyclic period is that portion of the communication cycle time during which information other
than Publish/Subscribe data is transmitted. Typical information transmitted during this time includes
Alarms/Events, Maintenance/Diagnostic Information, Program Invocations, Permissives/Interlocks,
Display information, Trend Information and Configuration.
Area
A physical, geographical or logical grouping determined by the site. It may contain process
cells,production units and production lines.
CIM
Computer Integrated Manufacturing.
Communications Stack
A communications stack is device communications software which provides encoding and decoding
of user layer messages, deterministic control of message transmission and message transfer.
Device Description (DD)
A DD provides an extended description of each object in the Virtual Field Device (VFD), and includes
information needed for a control system or host to understand the meaning of data in the VFD.
Fieldbus
A fieldbus is a digital, two-way, multi-drop communication link among intelligent measurement and
control devices. It serves as a Local Area Network for advanced process control, remote input/output
and high speed factory automation applications.
Fieldbus Access Sub-layer (FAS)
The FAS maps the Fieldbus Message Specification (FMS) onto the DLL.
Fieldbus Messaging Specification (FMS)
The FMS contains definitions of application layer services in FOUNDATION fieldbus. The FMS
specifies services and message formats for accessing function block (FB) parameters, as well as
Object Dictionary (OD) descriptions for those parameters defined in the Virtual Field Device (VFD).
Flexible Function Block
A flexible function block is similar to a standard FB, except that the function of the block, the order
and definition of the block parameters, and the time required to execute the block are determined by
an application-specific algorithm created by a programming tool. Flexible function blocks are
typically used for controlling discrete processes and for hybrid (batch) processes. A Programmable
Logic Controller (PLC) can be modeled as a flexible function block device.
343
FISCO Fieldbus Intrinsically Safe Concept
FISCO is a set of rules to follow for the application of PROFIBUS PA into hazardous areas using
Intrinsic Safety methods.The guidelines refer to segment lengths - power supply current limits and
device capacitance-inductance and fault parameters. The FISCO method provides an easy to
understand and implement method for intrinsic safety (IS) applications.
H1 Repeater
An H1 repeater is an active, bus-powered or non-bus-powered device used to extend the range over
which signals can be correctly transmitted and received for a given medium. A maximum of four
repeaters and/or active couplers can be used between any two devices on an H1 fieldbus network.
High Speed Ethernet (HSE)
HSE is the Fieldbus Foundation's backbone network running at 100 Mbit/second.
Interchangeability
Interchangeability is the capability to substitute a device from one manufacturer with that of another
manufacturer on a fieldbus network without loss of functionality or degree of integration.
Interoperability
Interoperability is the capability for a device from one manufacturer to interact with that of another
manufacturer on a fieldbus network without loss of functionality.
Intrinsically Safe Circuit
A circuit in which any spark or any thermal effect produced in the conditions specified in IEC 60079-
11, which include normal operation specified fault conditions, is not capable of causing ignition of a
given explosive gas atmosphere (ANSI/ISA-60079-11, 2002).
Link Active Scheduler (LAS)
An LAS is a deterministic, centralized bus scheduler that maintains a list of transmission times for all
data buffers in all devices that need to be cyclically transmitted. Only one Link Master (LM) device on
an H1 fieldbus link can be functioning as that link's LAS.
Non-Incendive Circuit
A concept in which any arc or thermal effect produced under intended operating conditions of the
equipment is not capable, under specified test conditions, of igniting the flammable gas-air mixture
(ANSI/ISA-60079-27, 2006).
Object Dictionary
An OD contains all function block (FB), resource block (RB) and transducer block (TB) parameters
used in a device. Through these parameters, the blocks may be accessed over the fieldbus network.
Publisher/Subscriber
Publisher/Subscriber communication service is used for buffered, one-to-many communications.
Buffered means that only the latest version of the data is maintained within the network. New data
completely overwrites previous data.
344 Modern Distributed Control Systems
Resource Block (RB)
An RB describes characteristics of the fieldbus device such as the device name, manufacturer and
serial number. There is only one resource block in a device.
Segment
A segment is a section of an H1 fieldbus that is terminated in its characteristic impedance. Segments
can be linked by repeaters to form a longer H1 fieldbus. Each segment can include up to 32 H1
devices.
Splice
A splice is an H1 spur measuring less than 1 m (3.28 ft.) in length.
Spur
A spur is an H1 branch line connecting to the trunk that is a final circuit. A spur can vary in length
from 1 m (3.28 ft.) to 120 m (394 ft.).
Standard Function Block (FB)
Standard FBs are built into fieldbus devices as needed to achieve the desired control functionality.
Automation functions provided by standard FBs include Analog Input (AI), Analog Output (AO) and
Proportional/Integral/Derivative (PID) control. The Fieldbus Foundation has released specifications
for 21 types of standard FBs. There can be many types of FBs in a device. The order and definition of
standard FB parameters are fixed and defined by the specifications.
System Management (SM)
SM synchronizes execution of FBs and the communication of FB parameters on the fieldbus, and
handles publication of the time of day to all devices, automatic assignment of device addresses and
searching for parameter names or "tags" on the fieldbus.
Terminator
A terminator is an impedance-matching module used at or near each end of a transmission line. Only
two terminators can be used on a single H1 segment.
Transducer Block (TB)
A TB decouples FBs from the local Input/Output (I/O) functions required to read sensors and
command output hardware. Transducer blocks contain information such as calibration date and sensor
type. There is usually one TB channel for each input or output of a function block (FB).
Virtual Communication Relationship (VCR)
Application layer channels that provide for the transfer of data between applications. FOUNDATION
fieldbus decribes three types of VCRs: Publisher/Subscriber, Client/Server and Source/Sink.
Virtual Field Device (VFD)
A VFD is used to remotely view local device data described in the object dictionary. A typical device
will have at least two VFDs.
345
Appendix 7.A
7.A CANopen Fieldbus
The network layer structure of CANopen is illustrated in Figure 7.A1. The higher layer
protocols are used to standardize startup procedures including arbitration of settings and distributing
addresses among participating nodes or error handling on system level. . The basic CANopen device
and communication profiles are given in the CAN in the Automation (CiA) Standard 301. The
services of the application layer are summarized below.
1- Administrative message:
Network Management (NMT) including initialization, configuration and supervision of the
network.
2- Service Data Object (SDO):
Provides a client access to entries (objects) of a device OD (the device is the server) using the
object's OD index and sub-index. Configuration settings, possibly NODE ID, baud rate, offset, gain,
etc.
3- Process Data Object (PDO):
Is used to transfer real-time data.Data is transferred from one (and only one) producer to one or
more consumers as inputs and outputs. Values of type RPM, V, Hz, mAmps, etc. Data transfer is
limited to 1 to 8 bytes (e.g., one PDO can transfer at maximum 64 digital I/O values or four 16-bit
analog inputs).
4- Predefined messages or Special Function Objects:
It provides necessary services for synchronization, time stamp and boot-up.
The user layer models the devices using device classes called profiles. There is a specific
CANopen profile for each category of slave devices. Examples of standard device profiles:
CiA 401 Generic I/O Modules
CiA 402 Drives and Motion Control
CiA 404 Measuring devices and Closed Loop Controllers
CiA 405 IEC 61131-3 Programmable Devices
CiA 406 Rotating and Linear Encoders
CiA 445 RFID Devices
346 Modern Distributed Control Systems
Device Profile
CiA-40 1
Device Profile
CiA-40 4
Device Profile
CiA-xxx
CANopen application layer and communication profile
(CiA 301)
CAN Data Link Layer
ISO 11898
OSI Layer 7
Application
Layer
OSI Layer 2
Data Link
Layer
OSI Layer 1
Physical
Layer
CAN Physical
Layer
ISO 11898
Cable
Applications
Figure 7.A.1 Overview of CAN and CANopen communication stack.
The specific parameters of a device profile are listed in a lookup table called Device Object
Dictionary (OD), a concept used in other fieldbus systems as well (FFB, Profibus, Interbus-S).
CANopen devices must have an object dictionary, which is used in communication with the device.
The object dictionary exhaustively describes the device. The object dictionary contains the complete
state of a slave device connected to a bus. A slave device can be an I/O, an encoder, a drive, etc. A
simple device profile may contain 48 entries with 19 indexes and needs 1,024 bytes of RAM. For
example, CiA 401 generic I/O modules describe analog and digital input and output interfaces and
their ability to be parameterized. It can specify object dictionary entries for a maximum of 2,040
digital inputs/outputs and up to 255 analog inputs/outputs.
Every CANopen device makes internal data (process data, parameters) available on the bus via a
defined interface, whereby these internal data are organized in its object directory (see Table 7.A.1 for
a typical layout of an OD). Entries in the OD are accessed via a 16-bit index and supplemental 8-bit
sub-index. The index range is subdivided into logical segments to organize the structure, so that it
becomes easier for users to understand. Figure 7.A.2 illustrates the general model of a CANopen
device. The device functionalities are implemented in the device according to the device class profile.
The device parameters are then listed in the device OD. The application layer services, PDOs and
SDOs, are used by the host applications to access the real time data and device parameters from the
device directory by their appropriate indices.
347
Table 7.A.1 Example of CANopen object dictionary.
CANopen Object Dictionary
Index Object
0000 Not used
0001 - 001F Static Data types (standard data types, e.g. Boolean, Integer16)
0020 - 003F Complex data types (predefined structures composed of standard data types,
e.g. PDOCommPar, SDOParameter)
0040 - 005F Manufacturer Specific Complex Data Types
0060 - 007F Device Profile Specific Static Data Types
0080 - 009F Device Profile Specific Complex Data Types
00A0 - 0FFF Reserved
1000 - 1FFF Communication Profile Area
(e.g. Device Type, Error Register, Number of PDOs supported)
2000 - 5FFF Manufacture Specific Profile Area
6000 - 9FFF Standardized Device Profile Area (e.g., DSP-401 Device Profile for I/O
Modules, etc.)
A000 - FFFF Reserved
Co mm unicatio n
Interface :
PD O
SD Os
Special Function
Objects
NM T O bjects
Object D ictio nary :
Data Typ es ,
Com m unication
Objects,
Appli cation
Objects
Appli cations :
Appli cation
Prog ram ,
Devi ce P rofile
Implem entati on
CAN
I/O
Figure 7.A.2 Block diagram of a CANopen device model.
348 Modern Distributed Control Systems
CHAPTER 8
8INDUSTRIAL WIRELESS NETWORKS
8.1 Introduction
8.2 Wireless Communications Basics
8.2.1 Radio Propagation Characteristics
8.2.2 Modulation Techniques
8.2.3 Link Budgeting
8.3 Spread-Spectrum Techniques
8.3.1 Direct Sequence Spread-Spectrum (DSSS)
8.3.2 Frequency-Hopping Spread-Spectrum (FHSS)
8.3.3 Orthogonal Frequency Division Multiplexing (OFDM)
8.4 Wireless Transceiver
8.5 Wireless LAN Standards
8.5.1 Overview
8.5.2 IEEE 802.11x Architecture
8.5.3 IEEE 802.11 Physical Layer (PHY)
8.5.4 IEEE 802.11 MAC Layer
8.6 Low Power Short Range Wireless Networks
8.6.1 Bluetooth
8.6.2 IEEE 802.15.4 & ZigBee Networks
8.7 Wireless HART
8.7.1 WLH Physical Layer
8.7.2 WLH Data Link Layer
8.7.3 WLH Network Layer
8.7.4 WLH Transport Layer
8.7.5 WLH Security Architecture
8.7.6 WLH Application and User Layers
8.8 ISA100.11aWireless Networks for Automation
8.8.1 ISA100.11a Physical Layer
8.8.2 ISA100.11aData Link Layer
8.8.3 ISA100.11a Network Layer
8.8.4 ISA100.11a Transport Layer
8.8.5 ISA100.11a Application Sub-Layer
8.8.6 ISA100.11a System Management & Security
OVERVIEW
This chapter introduces the basic concepts of wireless transmission,
technologies for data communication in general and for sensors and automation
networks in particular. The focus is on small networks within one organization’s
facility, covering distances from several meters to a few hundred meters. The
discussion is limited to those networks operating mainly on the license-free ISM
bands including 915 MHz, 2.450 GHz and the 5.800 GHz bands. The chapter
349
introduces wireless local area networks (WLANs), wireless personal area networks
(WPANs), wireless sensor networks (WSNs), and the emerging WirelessHART and
ISA100.11a wireless automation and process control networks. Section 8.2
introduces some basic concepts in wireless communication, including radio
propagation and modulation techniques. Section 8.3 introduces three fundamental
technologies in all modern wireless LANs: the direct sequence spread-spectrum, the
frequency hopping spread-spectrum and the orthogonal frequency division
multiplexing. Section 8.4 provides a brief description of the components of a typical
direct sequence transceiver. The main features of IEEE 802.11 and its derivatives are
covered in Section 8.5. Section 8.6 focuses on the low power short range networks as
ZigBee and IEEE 803.15.4 wireless sensor networks. The last two sections introduce
two wireless networks specifically designed to meet the needs of automation and
process control networks; namely, the WirelessHART and the ISA100.11a wireless
network.
LEARNING OBJECTIVES
After reading this chapter you should be able to:
Explain the concept of radio link between a radiating source and a receiver,
and to recognize the effect of antenna gain and efficiency, effect of
reflections, attenuation and multipath fading.
Describe the basic modulation techniques, such as FSK, ASK, PSK, and
QAM.
Contrast the bandwidth sharing techniques using TDMA, FDMA, and
CDMA.
Determine the differences between the spread-spectrum techniques, namely
DSSS, FHSS, and OFDM.
Recognize the components of a radio transmitter and the stages of a radio
receiver.
Recognize the IEEE 802.11 family of standards for wireless local area
networks, their key technologies, strengths and explain the differences
between 802.11a/b/g/n/ac.
Describe the IEEE802.15.1 PAN and Bluetooth physical layer, MAC sub-
layer and the Bluetooth upper layers, including modulation techniques,
channel, bit rate and channel access.
IEEE802.15.4 and ZigBee wireless sensor network, main features, operating
frequencies, modulation techniques, data rates, topologies, device
types,channel access methods and security methods.
Identify the WirelessHART target applications, and describe its
communication stack, topologies, network devices and their roles, operating
frequencies, data rate, TDMA slots, superframe, physical layer frame, data
link layer frame, network layer, transport layer, security methods.
350 Modern Distributed Control Systems
Determine the roles of the ISA100 working groups, ISA100.11atarget
applications and application classes, and to explain its communication stack,
topologies, network devices and their roles, operating frequencies, data rate,
TDMA slots, superframe, physical layer frame, data link layer frame, network
layer, transport layer, security methods.
Identify the differences between ZigBee sensor network, WirelessHART, and
ISA100.11a
8.1 Introduction
A wireless network is a data communications system that relies on signal
transmission over the air between two or more locations using electromagnetic
(radio) waves.
The development of wireless technology in reliability, security, and networking
has resulted in its spread to industrial applications. Wireless sensor networks provide
solutions for collecting information through additional monitoring points, which had
previously been impractical or even impossible with conventional wired instruments.
Wired instruments cannot be justified inan installation due to high costs, accessibility
constrains and the difficulty associated with mobility behavior or harsh operating
environments.
Wireless networks enable plants to extract full diagnostic data and predictive
intelligence from the devices, which then automatically notify the appropriate
personnel of the precise problem before a costly asset failure, unit breakdown, or
plant shutdown occurs. Also, it reduces reliance on manual data collection by
operations and inspection personnel, which enhances safety and leads to optimum
man-power utilization. In general, when both can be deployed on certain application,
wireless network solutions are more attractive than wired ones, because they provide
substantial savings in engineering, installation, logistics, operational power
consumption, scalability and flexibility.
8.2 Wireless Communications Basics
Wireless links make use of electromagnetic radiation (radio signals) covering a
band of frequencies made up of channels. The width of a channel is determined by
the amount of information to be transmitted in a given time and the modulation and
filtering design of the radio. Modulation is the method by which the data is carried
on the radio signal.
Wireless networks traditionally operate at dedicated frequencies, licensed by
government agencies. The licensed frequency spectrum covers the range between 9
KHz and 300 GHz (see Table 8.1). Licensed bands allow users to broadcast at higher
351
power ratings to reach longer distances, such as radio bands (AM and FM), television
bands (VHF and UHF) and satellites.
In the U.S., there are three frequency bands allocated for public use without a
license from the Federal Communication Commission (FCC). These are the
Industrial, Scientific, and Medical (ISM) bands: 902MHz to 928MHz, 2.4GHz to
2.4835GHz and 5.15GHz to 5.850GHz. Users of such unlicensed bands (shared
bands) have to limit their radiated power to minimize interference between users.
Table 8.1 ITU Designations of common frequency bands.
Frequency
30-300 Hz
300-3000 Hz
3-30 KHz
30-300 KHz
0.3-3 MHz
3-30 MHz
30-300 MHz
300-3000 MHz
3-30 GHz
30-300 GHZ
Wavelength
10
4
-10
3
km
10
3
-10
2
km
100-10 km
10-1km
1-0.1km
100 -10 m
10-1m
100-10 cm
10-1 cm
10-1 mm
Band
ELF
VF
VLF
LF
MF
HF
VHF
UHF
SHF
EHF
Description
Extremely low frequency
Voice frequency
Very low frequency
Low frequency
Medium frequency
High frequency
Very high frequency
Ultra-high frequency
Super high frequency (microwave)
Extremely high frequency
The ISM bands are used by Wireless Sensor Networks in the 868 MHz, 915
MHz and 2.450 GHz bands, as well as wireless LANs and cordless phones in the 915
MHz, 2.45 GHz, and 5.80 GHz bands. Wireless LAN devices use wavebands as
follows:
Bluetooth 2.45 GHz band
IEEE 802.11/WiFi 2.45 GHz and 5.80GHz bands
IEEE 802.15.4, ZigBee and other personal area networks may use the 915
MHz and 2.45 GHz bands
WirelessHART & ISA 100.11a 2.45 GHz band
8.2.1 Radio Propagation Characteristics
A radio transmitter Tx, at some location,A, induces an electromagnetic field at
another remote locations, such as B. The situation is depicted in Figure 8.1. The
radiation intensity of the transmitting antenna may not be the same in all directions.
In this case the radiation in the direction of the receiver depends on the direction
defined by the vertical and horizontal angles from the antenna at Ato the receiving
antenna at B.
352 Modern Distributed Control Systems
Let us assume that the transmitter’s signal is a sinusoidal
)2cos( ft
,where f is
the frequency in Hertz (number of cycles per second) and t is the time in seconds.
The electric far field at B at time,t, atwhich the electric field is being measured can be
expressed as follows:
r
crtf
tfE
s
))/(2cos(
),(
(8.1)
The constant, c, is the speed of light and
s
is the radiation intensity in the
direction of the receiver.
Effect of Distance:
As the distance, r, increases, the electric field decreases as 1/r and thus the
power per squaremeter in the free space decreases as
2
1
r
. But this
2
1
r
reduction of
power with distance is often not valid when there are obstructions to free space
propagation.
The magnitude of the electromagnetic field at the receiver position may also
contain a scale factor to account for the antenna loss. The phase of the field at B
varies with
*f
,where
is the delay caused by the radiation travelling at the speed
of light from A to B.
TX
RX
r
A
B
Figure 8.1 Radiation intensity depends on the relative position of the receiver with
respect to the transmitter.
Effect of the Receiving Antenna:
If there is a fixed antenna at the location B
),,(
r
, Figure 8.2, the received
waveform in response to the sinusoidal wave of Eq. 8.1 is then given by
353
r
crtf
rtfE ))/(2cos(),(
)),,(,,(
(8.2)
Where
, in this case, is the product of the receiving antenna pattern and the
transmitting antenna pattern in the given direction
),(
.
An antenna which transmits same power in all directions is called isotropic.
Antennas can be constructed to direct the emitted power in specific direction, like
dish. The term Antenna Gain describes how much power is transmitted in the
direction of peak radiation to that of an isotropic source. Gain is more commonly
quoted in a real antenna's specification sheet because it takes into account the actual
losses that occur.
TX
RX
θ
Φ
r
A
B
Figure 8.2 Variation of antenna gain with
( , )
q j
.
The gain of a real antenna can be as high as 40 to 50 dB for very large dish
antennas. However, electrically small antennas (small relative to the wavelength of
the frequency that the antenna operates at) can be very inefficient, with gains lower
than -10 dB.
354 Modern Distributed Control Systems
(q,j)
U
Umax
Isotropic radiation
j
q
Figure 8.3 Directional antenna radiation pattern.
If PT is the radiated power, then the radiation intensity of an equivalent isotropic
antenna is
4/
T
P
(watt/unit solid angle). The radiation intensity (watt/solid angle) in
any direction (determined by the spherical coordinates angles
,
) is
),(
U
, Figure
8.3.
The gain as function of direction:
4/
),(
),(
T
P
U
G
(8.3)
Maxim gain:
4/
max
max
T
P
U
G
(8.4)
Gain of antenna :
10 max
10 log ( )
G G
=
in dBi, where the “i” indicates the gain is
taken as a ratio to the isotropic case.
The efficiency of an antenna relates the power delivered to the antenna and the
power radiated or dissipated within the antenna. The efficiency can be written as the
ratio of the radiated power to the input power of the antenna:
input
radiated
P
P
(8.5)
Effect of Reflections and Attenuation:
Consider the case of a moving receiver antenna, as shown in Figure 8.4. The
received signal is the sum of two signals: one received directly from the transmitter
and the second received after refection from the wall.
355
r
d
Wall
Transmit Antenna
Receive Antenna
Figure 8.4 Effect of Reflections.
The sum of the two signals can be expressed as:
rd
c
rd
tf
r
crtf
tfE
2
))
2
(2cos(
))/(2cos(
),(
(8.6)
The received signal is a two superimposed waves, both of frequency f. The
phase difference between the two waves is:
)(
4
2)
2
(2),,( rd
c
f
c
r
f
c
rd
fdtf
(8.7)
When the phase difference is an integer multiple of
2
, the two waves add up
constructively and the received signal strength is strong. When the phase difference
is an odd number of
, the two waves add destructively, and the received signal is
weak. As a function of r, the superposition of the two waves creates a spatial pattern
of constructive and destructive interference. When the receiving antenna moves with
a velocity v through this pattern, the received signal fluctuates. This phenomenon is
known as multi-path fading. Similar attenuation could happen from ground
reflections. Additional attenuation could also result from the atmospheric conditions
due to humidity, rain, etc.
When installing a wireless sensor device, we should check the signal level at
and around the target location, and place the wireless device at the point with
maximum signal strength.
8.2.2 Modulation Techniques
To transmit data,some aspect of the sinusoidal radio signal must change with
time or, in other words, the carrier signal must be modulated. Modulation can be
treated as a slowly varying function of time (slow being measured relative to the
carrier frequency). This modulation can be in the amplitude, in the frequency or in
the phase of the carrier. At the receiver, these variations can then be detected and the
transmitted information can be recovered. In digital communications the modulation
356 Modern Distributed Control Systems
is performed in discrete levels or “shifts,” each level corresponding to a certain
number of information bits. Accordingly, the basic digital modulation schemes are
known as Amplitude-Shift Keying (ASK), Frequency-Shift Keying (FSK), and
Phase-Shift Keying (PSK).
A simple example of a modulated signal may be obtained by turning the carrier
on and off to denote transmission of 1 and 0: that is,
)2cos()()( tftmtf
c
Where, m(t) = 1 or 0. This approach is known as on–off keying or OOK, Figure 8.5.
On-Off keying
f(t) = m(t)cos(ω
c
t)
m(t) =
+1
0
0 1 2 3 4 5 6 7 8 9 10
1.5
1
-1
-1.5
Amplitude
time
M(t)
Modulated signal
Figure 8.5 On-Off Keying Modulation.
Consider now the case when m(t) is a sinusoidal signal with frequency fm , and
using the trigonometric identities
)sin()sin()cos()cos()cos(
It can be shown that
)])cos(())[cos((
2
1
)cos()cos( tttt
mcmccm
(8.8)
Where
f
2
.
The plot of Eq. 8.8 against frequency shows that signal is equivalent to two line
frequencies, one at (fc–fm), and the other at (fc+fm), as shown in Figure 8.6a. In
frequency space, a modulated carrier at frequency fc is now represented by two side
bands displaced from the carrier by the frequency of the modulation signal fm.
In the case of a general modulating signal,m(t), with Fourier transform M(f), it
can be shown that the effect of modulation is to translate the spectrum of the
357
modulating or baseband signal up to the carrier frequency as shown in Figure 8.6b.
Frequency
Modulated
signal
f
c
Amplitude
f
c
f
c
- f
m
f
c
+ f
m
Baseband
signal
Modulated
signal
f
c
f
c
M(f)
0
Modulation
0
(a)
(b)
Unmodulated
Carrier
Frequency Frequency
Figure 8.6 (a) Spectrum of a Carrier modulated by a single frequency fm, (b) Spectrum
of Carrier modulated by a general signal m(t).
Frequency Shift Keying (FSK):
One technique for digital communication is called frequency shift keying. FSK
refers to a type of frequency modulation that assigns bit values to discrete modulating
frequencies. FSK is divided into non-coherent and coherent forms. In non-coherent
forms of FSK, the instantaneous frequency shifts between two discrete values termed
the "mark" and "space" frequencies. In coherent forms of FSK, there is no phase
discontinuity in the output signal.
Amplitude-Shift Keying (ASK):
ASK is a generalization of On-Off Keying (OOK), which refers to a type of
amplitude modulation that assigns bit values to discrete amplitude levels. Consider
the example shown in Figure 8.7. This example has four allowed amplitudes and is
denoted 4-ASK. Each combination of two bits is assigned a 2-bit amplitude level.
Each level is called a symbol. Suppose we want to transmit the bit stream
(1,0,0,1,1,1,0,0,1,0). The bit stream is then grouped into (10,01,11,00,10) and each 2
bits are transmitted as an amplitude level or symbol.
Each symbol corresponds to a unique 2-bit digital pattern. The symbol rate of
the transmitted signal is the number of symbols per second. This 4-ASK allows us to
transmit 2 bits per symbol and would be expected to provide twice the data rate of
OOK with the same bandwidth (or the same data rate at half the bandwidth).
358 Modern Distributed Control Systems
0
Amplitude
time
Modulated sig nal
00110110 10
Figure 8.7 symbol amplitude shift keying.
The bandwidth depends on the symbol rate. The higher the symbol rate the
larger the transmission bandwidth as illustrated in Figure 8.8.
Figure 8.8 Bandwidth increases with the symbol rate.
More bits can be sent in a single symbol if we use more amplitude levels. If 8
amplitudes were allowed, one could transmit 3 bits in each symbol. Because the
width of the spectrum of the modulating signal is mainly dependent on the rate at
which transitions (symbols) occur, rather than exactly what the transition is, it is clear
that by varying the modulation scheme, one could send higher data rates without
necessarily expanding the bandwidth consumed. However, the more discrete levels to
use, the ability of the receiver to determine the exact transmitted level in the presence
of noise decreases, causing errors in determining what symbol has been received. In
other words the margin for error will decrease in inverse proportion to the number of
amplitude states as more levels are used.
Phase Shift Keying (PSK):
In a digital transmission, PSK refers to a type of angle modulation in which the
359
phase of the carrier is discretely varied to represent data being transmitted, either in
relation to a reference phase or to the phase of the immediately preceding signal
element. When encoding bits, for example, the phase shift could be 0 degrees for
encoding a "0," and 180 degrees for encoding a "1," or the phase shift could be –90
degrees for "0" and +90 degrees for a "1," making the representations for "0" and "1"
a total of 180 degrees apart. In Binary Phase Shift Keying (BPSK), systems
designed so that the carrier can assume only two different phase angles, each change
of phase carries one bit of information, that is, the bit rate equals the modulation rate.
If the number of recognizable phase angles is increased to four, then 2 bits of
information can be encoded into each signal element; likewise, eight phase angles
can encode 3 bits in each signal element.
Quadrature Amplitude Modulation (QAM):
QAM is a combination of both phase-shift keying (PSK) and amplitude-shift
keying (ASK). QAM is generated by mixing two sine waves that are 90 degrees out
of phase with one another, say one is
)2cos()(
1
tftS
c
, and the second is
)2sin()(
2
tftS
c
. Adjusting only the amplitude of either signal can affect the phase
and amplitude of the resulting mixed signal. The two orthogonal signals can convey
two digital bit streams by changing (modulating) the amplitudes of two carrier
waves, using the amplitude-shift keying (ASK) digital modulation scheme, as shown
in Figure 8.9. These two carrier waves represent the In-phase I(t) and Quadrature-
phase Q(t) components of the modulating signals.
When transmitting two signals by modulating them with QAM, the transmitted
signal will be of the form:
)2sin()()2cos()()( tftQtftItS
cc
(8.9)
These two carrier waves represent the In-phase I(t) and Quadrature-phase Q(t)
components of the modulating signals.
360 Modern Distributed Control Systems
H(f)
H(f)
…….0 1 1 0
Serial bitstream
Bit duration =T
X
X
+
cos(ω
c
t)
sin(ω
c
t)
Q
I
Pulse
shaping filter
Serial to
parallel
Mapping to
conestallation
RF
1 00 11 1
011
101
Figure 8.9 QAM modulator.
The modulated waves are summed, and the resulting waveform is a combination
of both phase-shift keying (PSK) and amplitude-shift keying (ASK). In the digital
QAM case, a finite number of at least two phases and at least two amplitudes are
used. PSK modulators are often designed using the QAM principle, but are not
considered as QAM since the amplitude of the modulated carrier signal is constant.
At the receiver, these two modulating signals can be demodulated using a
coherent demodulator. Such a receiver multiplies the received signal separately with
both a cosine and sine signal to produce the received estimates of I(t) and Q(t)
respectively. Because of the orthogonality property of the carrier signals, it is
possible to detect the modulating signals independently. In the ideal case I(t) is
demodulated by multiplying the transmitted signal with a cosine signal:
)]2sin()()2cos()()[2cos()2cos()()( tftQtftItftftStr
ccccI
(8.10)
)]4sin()()4cos()([
2
1
)(
2
1
)( tftQtftItItr
ccI
(8.11)
Low-pass filtering rI(t) removes the high frequency terms (containing
)4( tf
c
),
leaving only the I(t) term. This filtered signal is unaffected by Q(t), showing that the
in-phase component can be received independently of the quadrature component.
Similarly, we may multiply S(t) by a sine wave and then low-pass filter to extract
Q(t).
Suppose, for example that one wants to transmit the bit stream
(1,0,1,1,0,1,01,1,0,0). The bit stream is then grouped into (10,11,01,01,00) and each
2 bits are mapped into a unique symbol. Each symbol corresponds to a unique 2-bit
361
digital pattern. Figure 8.10 shows a 4-QAM consisting of four unique combinations
of phase and amplitude. These combinations are shown as small circles on the
constellation plot in Figure 8.10. The values of I and Q and a possible binary
assignment are also shown in Table 8.2.
π/2
3π/2
Phase=
π
Amplitude=1
00
1011
01
I(t)
Q(t)
Figure 8.10 Constellation diagram of 4QAM (QPSK).
Table 8.2 I and Q and their binary assignments in a QAM.
I &Q / Binary value 00 01 10 11
I
)4/cos(
)4/cos(
)4/cos(
)4/cos(
Q
)4/sin(
)4/sin(
-
)4/sin(
-
)4/sin(
The two amplitudes are then multiplied by pulse shaping filters and used to
modulate the two carriers. The pulse shaping filter is usually a raised cosine to
reduce spread of carrier power beyond the channel bandwidth. It is also possible to
send data at even higher rates by increasing the number of symbols. By convention,
the number of symbols in a symbol map is called the symbol map, “M,” and is
considered the “M-ary” of the modulation scheme. In other words, 4-QAM has an M-
ary of four and 256-QAM has an M-ary of 256. Moreover, the number of bits that
can be represented by a symbol has a logarithmic relationship to the M-ary. The
number of bits per symbol = log2 (M).
For example, each symbol in 256-QAM can be used to represent an 8-bit digital
pattern (log2 (256) = 8).
362 Modern Distributed Control Systems
At the receiver, these two modulating signals, I and Q, can be demodulated
using a coherent demodulator. Such a receiver multiplies the received signal
separately with both a cosine and sine signal to produce the received estimates of I(t)
and Q(t). Because of the orthogonal property of the carrier signals, it is possible to
recover the modulating signals independently.
TDMA, FDMA, and CDMA:
TDMA: Time Division Multiple Access improves spectrum efficiency by
splitting the use of each frequency channel into time slots. TDMA allows each user
to access the entire radio frequency channel for a short period of time. Other users
share this same frequency channel at different time slots. In cellular mobile systems,
the base station continually switches from user to user on the channel. TDMA is the
dominant technology for the second generation mobile cellular networks. TDMA
avoids collisions and ensures deterministic access to the channel. It is used in
wireless sensor networks to provide guaranteed services to time critical
measurements.
FDMA: Frequency Division Multiple Access is the most common analog
system. It is a technique whereby spectrum is shared among users by dividing up the
available bandwidth into smaller frequency bands (sub-channels) and then assigning
them to users. The sub-channel could be available all the time to a user, but the bit
rate is limited due to the small bandwidth of the sub-channels.
CDMA: Code Division Multiple Access is based on direct sequence spread-
spectrum technology. In this case, users transmit on the same center frequency, using
a unique high speed pseudorandom spreading code. The number of users that can be
supported simultaneously in a single cell is not constrained to a rigid maximum as set
by the number of FDMA frequency channels or TDMA time slots. Rather, adding
more users results in an apparent increase in the noise level floor, and the limit is
reached when the received signal to noise ratio drops below some acceptable
threshold. Thus, the maximum capacity of a CDMA system cannot be calculated
deterministically.
8.2.3 Link Budgeting
System Gain (SG) is defined as the difference in dB between the transmitter RF
output power and the receiver threshold. SG figures are very useful for comparing
the relative performance of different radio systems, and it is a major equipment
feature for determining the maximum operating range of a radio. On the other hand,
Link Budget (LB) is the total system gain against the various power losses between
the transmitter output and the receiver input.
Consider, as a simplified example, an IEEE 802.11b radio system, operating at
2.4 GHz with the following parameters:
363
Transmitter power: 100 mW (+20 dBm).
Receiver threshold: 10-11 watts (-80 dBm),
Accordingly; the system gain = 100 dB.
Let us assume now the following path losses:
Transmission line attenuation at the transmitter: 2 dB
Transmission line attenuation at the receiver: 2 dB
Transmitter antenna gain: 8 dB
Receiver antenna gain: 8 dB
Effective system gain = (100 – 2 + 8 +8 – 2) = 112 dB
Desired link margin (signal level above the receiver threshold) = 30 dB (this
margin will account also for potential impairments, including such factors as antenna
misalignment, multi-path fading, equipment aging and interference).
There is now82 dB to cover free space path loss. Since the received signal
strength is generally attenuated in inverse proportion to the square of the distance
between the transmission and reception antennas, 82 dB determines the maximum
link range for which the setup can maintain a minimum of 30 dB link margin. The
link attenuation in free space is given by
)/4(log20
10
DL
(8.12)
where D is the distance between receiver and transmitter, and is the carrier
wavelength.
The user can verify that, for the given system, the maximum outdoor distance,
D, would be about 125 m. The path loss indoor could be substantially higher than
this figure; typically, for the 2.4 GHz transmission, it would be 80 dB at 30 meters,
and increase to 110 dB at about 60 meters.
The quality of the transmission in terms of the bit error rate (BER) is a function
of the received signal to noise power ratio. The theoretical (thermal) noise floor for
an ideal receiver is given by
N = kTB (8.13)
where N is the noise power in watts, k is Boltzman’s constant (1.38x 10-23 J/K),T
is the system temperature in Kelvin, and B is the channel bandwidth. But non-ideal
receivers would have additional noise figure of 9 to 15 dB, in addition to the thermal
noise floor.
From the link budget and noise power estimation, the signal to noise ratio can
364 Modern Distributed Control Systems
be estimated, and depending on the modulation techniques, the link performance in
terms of BER can be predicted using Figure 8.11.
Figure 8.11 Theoretical BER for various modulation methods versus S/N ratio.
Source: https://linuxtv.org/wiki/index.php/File:Est_BER_vs_EbN0.png
8.3 Spread-Spectrum Techniques
In order to effectively share the frequency band, radios operating in unlicensed
bands typically use additional techniques to avoid generating interference and
improve their resistance to interference. In the U.S., there are three frequency bands
allocated for public use without an FCC license. These are the Industrial, Scientific,
and Medical (ISM) bands: 902MHz – 928MHz, 2.4GHz – 2.4835GHz, and 5.15GHz
– 5.850GHz.
Unlicensed bands have to limit radiated power to minimize interference between
users. The commonly used shared spectrum technologies in the ISM bands are:Direct
Sequence Spread-Spectrum (DSSS), Frequency Hoping Spread-Spectrum (FHSS),
Hybrid Spread-Spectrum (HSS) make use of both DSSS and FHSS, Orthogonal
Frequency Division Multiplexing (OFDM), Ultra Wide Band (UWB), and Chirp
Modulation Spread- Spectrum (CMSS). In spread-spectrum, the data signal which
could be transmitted in a narrow bandwidth is intentionally spread over a much wider
bandwidth by injecting higher frequency signals, and then at the receiver the signal is
365
restored back (despread) to its original bandwidth. This allows multiple users to
share the same frequency channel simultaneously and provides high resistance to
noise, interference and interception.
The following briefly covers some of the popular methods of operation within
the ISM bands.
8.3.1 Direct sequence spread-spectrum (DSSS):
Spread-spectrum is defined as an “RF communications system in which the
baseband signal bandwidth is intentionally spread over a larger bandwidth by
injecting a higher frequency signal.” As a direct consequence, energy used in
transmitting the signal is spread over a wider bandwidth and appears as noise. The
ratio (in dB) between the spread baseband and the original signal is called processing
gain. Typical spread-spectrum processing gains run from 10dB to 60dB.
To apply a spread-spectrum technique, the bit stream and a pseudorandom noise
sequence (PN) pass through an exclusive OR gate. The number of bits, or “chips,” in
the PN code word is usually an odd integer of the form (2n – 1), where n is 4, 5, 6, 7
or 8, so the code word may be 15, 31, 63, 127 or 255 bits long. In high quality
systems,PN of length 63, 127, or more bits is used. The PN code is usually aligned
with the data clock, such that one pseudo random code word sequence occupies
precisely one data bit time period. If the information bit is a “1,” the code word is
transmitted, while if it is a “0,” the complement of the code word is sent. The output
of the gate is then used to modulate the carrier. The carrier bandwidth in this case
would be 2*R*PNL, where R is the data bit rate, and PNL is the PN code length. The
effect is to diffuse the information in a larger bandwidth, as shown in Figure 8.12.
A simplified block diagram of a DSSS modulation is shown in Figure 8.13.The
baseband signal is first XORed by the PN codes on a bit by bit basis. The resulting
high rate R*PNL signal is then used to modulate the carrier.
Spread
Bandwidth
Signal Strength
Signal Strength
Frequency
Modulation
Bandwidth
(a) (b)
Figure 8.12 (a) Bandwidth without spreading, (b) Bandwidth after spreading using in
DSSS.
At the receiver, one can remove the spread-spectrum code (called a de-
spreading operation) at a point in the receiving chain before data retrieval. A de-
366 Modern Distributed Control Systems
spreading operation reconstitutes the information into its original bandwidth.
Obviously, the same code must be known in advance at both ends of the transmission
channel.
Multiple users can share the same bandwidth, as in cellular radio systems and
wireless LANs, using the concept of code division multiple access (CDMA). CDMA
is based on direct sequence spread-spectrum technology. In this case, all mobiles in
the cell transmit on the same center frequency, using a unique pseudo random
spreading code for each user, assigned by the base station when the call is initiated.
DSSS is used as well in 802.11b and in wireless sensor networks.
PN code
Data
Transmitter
demodulator
Acquisition
and tracking
PN code
Data
Reciever
IF amp LNA
Modulator
RF oscillator
Mixer
RF amp
PN Spreading
code
Despreading
Local
oscillator
Figure 8.13 Block diagram of DSSS Transmitter (top), and Receiver (bottom).
In the cellular setting, multiple spread-spectrum users would share the large
bandwidth so that the aggregate bit rate can be high even though the rate of each user
is low. The large processing gain of a user serves to mitigate the interference from
other users, which appear as random noise. In addition to providing frequency
diversity against multipath fading and allowing multiple access, spread-spectrum
systems serve other purposes, such as anti-jamming from intentional interferers, and
safeguard message privacy in the presence of other listeners.
367
8.3.2 Frequency-Hopping Spread-Spectrum (FHSS)
The FHSS technique transmits a narrow-band signal with full power giving it
the ability to overcome many sources of noise that may arise. The digital data is first
assembled into packets, and then each packet is transmitted over a one among a
possible set of channels. The channels are selected based on a pseudorandom noise
PN sequence, which must be known to the receiver to track the carrier frequency
hopping sequence and recover the transmitted data. The frequency hopping is
illustrated in Figure 8.14.
Signal Strength
Frequency
Signal Strength
Frequency
Time
(a) (b)
Figure 8.14 (a) RF spectrum without hopping, (b) RF spectrum with FHSS.
There are two distinct types of frequency hoppers: fast hoppers and slow
hoppers. In fast frequency hoppers, commonly used in secure communications
systems, the frequency may be hopped multiple times during the period of a single
data bit. The slow hoppers are more popular among the systems used in the ISM
bands, where the frequency is changed once per bit or once per “n” bits. Typically,
the PN sequence is advanced one step per packet, so one data packet is transmitted
per hop. The receiver’s local oscillator is programmed with the same hop code,
which must be synchronized with the transmitter code to allow reception, as shown
in Figure 8.15.The output of the receiver mixer is a narrow-band signal identical to
that which would have been present if no frequency-hopping had been applied.
ModulatorData
Frequency
synthesizer
PN Code
Demodulator
Frequency
synthesizer PN Code
Data
RF amp Mixer
LNA IF amp
RecieverTransmitter
Figure 8.15 FHSS Transmitter and Receiver.
As an illustration, assume that 8 channels are available. The assignment of these
channels can then follow a pseudorandom sequence such as 1,4, 9, 3, 10, 5, 2, 6,1, 8,
368 Modern Distributed Control Systems
….. The length of this sequence can be any thing, say, 64. Then it will be repeated. If
each channel is occupied for a period of T seconds, then the code period would be
64*T seconds. The frequency synthesizer at the receiver and transmitter must be
synchronized and follow the same code sequence. FHSS technology can effectively
tolerate interference. In addition, it provides higher security through the continuous
and randomhopping across frequencies, which makes it almost impossible for
someone to tap into. FHSS is used in the classic 802.11 FH PHY and the Bluetooth
(802.15.1) PHY.1.
8.3.3 Orthogonal Frequency Division Multiplexing (OFDM)
OFDM is a modulation scheme that divides a single digital signal across a very
large number of separate signal carrier frequencies that are transmitted
simultaneously. OFDM is a wide-band modulation scheme rather than a spread-
spectrum system although some versions of it do use hopping among the carriers.
The first main feature of OFDM is the concept of parallelism: sending one high-
speed signal by splitting it into a number of lower speed signals sent in parallel. The
second feature is that the individual carrier frequencies are “orthogonal,” they are
precisely spaced so that their sidebands overlap and cancel at each carrier’s center
frequency, as shown in Figure 8.16. This prevents the demodulators from seeing
frequencies other than their own, so that carriers on adjacent channels do not interfere
with each other.
Data
Power density
Frequency
1/T 2/T 3/T 4/T 5/T
1 2 3 4 5Channel:
Figure 8.16 Orthogonal Subcarriers use spectrum efficiently.
In the case shown in Figure 8.17, the signal path is split into five parallel paths,
each carrying2 bits/symbol. In this example:
Original serial bit stream rate: 10 Mbps.
Number of subcarriers: 5
Number of bits/subcarrier symbol: 2 bits/subcarrier symbol.
Subcarrier symbol rate: 1 MSps.
369
1 0 1 1 0 0 1 0 1 1
10 11 00 10 11
Bit duration = 0.1
µs
10 bit/
µs
SubChannel
1
2
3
4
5
1 µs
Parallel bitstream
Serial bitstream
Figure 8.17 Split a High speed Serial Signal into multiple slow parallel signals.
The construction of an OFDM symbol can be summarized as depicted in Figure
8.18:
The serial data is grouped as appropriate for the modulation to be used. For
example, if QPSK is to be used on each subcarrier, the input data would be
grouped two bits at a time.
Each data set is converted into a complex number describing the amplitude
and phase of the subcarrier, as for example the QPSK constellation diagram,
and that complex number becomes the complex amplitude of the
corresponding subcarrier. For example,
4/74/54/34/
01,10,11,00
jjjj
eeee
, see Table 8.2.
Then Inverse Fast Fourier Transform IFFT converts the frequency spectrum
into a sequence of time samples. This set of numbers is read out serially and
assigned to successive time slots.
For every block of symbols of length Ns, cyclic prefix of length L is added to
every block of symbols. This acts as a guard period to reduce the effect of
Inter Symbol Interference.
The resulting complex numbers for signal versus time are converted into a
pair of voltages by an analog-to-digital converter (ADC); the real part
determines the inphase or I channel and the imaginary part determines the
quadrature or Q channel of the modulating signal. The figure illustrates
OFDM symbol assembly for N=8 subcarriers.
370 Modern Distributed Control Systems
00 11 0 0 10 11 0 0 00 10
2
n
-point
iFFT
Frequency
Tim e
Paral le
l to
serial
ADC
x
x
+
01234
-1
-0.5
0
0.5
1
01234
-1
-0.5
0
0.5
1
Parallel data
Cycl ic
ext enti on
OFDM symbol
I
Q
cos(ωt)
sin(ωt)
Mod ula tion (QP SK , QA M, etc)
Ba seban d OFM D s ignal
Figure 8.18 Schematic description of OFDM modulation.
The I and Q voltages are multiplied by a cosine and sine of the main carrier
frequency, and the result is added (after filtering) to produce a real voltage
versus time centered around the carrier frequency.
The received signal is demodulated in a similar fashion: after extraction of the
I and Q partsby multiplication by a cosine and sine, a digital-to-analog
converter produces a serial sequenceof complex time samples, which after
removal of the guard interval are converted by an FFTto the original complex
amplitude at each frequency.
A simplified block diagram of an OFDM transmitter and receiver is also
depicted in Figure 8.19, where a Forward Error Control (FEC) stage is
included which introduces additional parity bits to the data stream to allow
the receiver to correct a small number of errors in the message so that it will
not have to request retransmission. Although more parity bits are needed for
error correction than for error detection alone, the throughput is greatly
increased when using FEC on noisy channels.
OFDM provides advantages in immunity to interference and it is robust in a
multipath fading environment. OFDM is used in 802.11a, 802.11g, and
802.11n.OFDM is also the basis of the high-speed ADSL Internet access services
provided by telephone companies over their copper subscriber loop circuits, and
almost all proposals for the fourth generation of mobile broadband wireless services.
OFDM offers several signal processing benefits not available in other modulation
schemes, and allows wireless networks to gain high efficiency from relatively small
371
bandwidths. It is perhaps the most spectrally efficient method discovered so far, and
it mitigates the severe problem of multipath propagation that causes massive data
error and loss of signal in the microwave and UHF spectrum.
FEC
codin g
Bit to symbol
map IFFT A dd guard
interval
Quadrature
modulator
FEC
decoding
Symbol to bit
demap FFT
Remove
guard
interval
Quadrature
demodulator
Serial
data
Data
out
Local
oscillator
LNA
PA
Figure 8.19 Signal Processing in OFDM Radios
8.4 Wireless Transceivers
This section describes briefly the main components of a radio transceiver. A
radio transceiver is itself a building block in all devices in wireless networks. Figure
8.20below shows the block diagram of a DSSS transceiver. The unshaded blocks
shown are typically found in both narrow band and spread-spectrum radios.
Antenna switch
The antenna switch is bidirectional, directing the transmitter power to the
antenna and preventing it from going to the receiver. During reception the antenna
signal is directed to the receiver. Integrated active circulators are also used in the
GHz range instead of antenna switches. An antenna circulator acts as a three-port
device, where power entering any port is transmitted to the next port in rotation only.
Thus, power coming from the antenna can be directed to the receiver, while power
coming from the transmitter goes to the antenna, permitting a fully duplexed
transceiver with transmit and receive operations at the same frequency and
polarization.
372 Modern Distributed Control Systems
Filter
Power
Amplifier
Upconverter
Modulator
Spreader
PN Code
Frequency
Reference
Frequency
Synthesizer
Transmitter
RF Filter
(Band Selection)
LNA
Downconverter
Filter
First
IF Amplifier
Despreader
Demodulator
Frequency
Synthesizer
Frequency
Reference
Local
Oscillator
PN Code
Synchronizer
Receiver
Data in
Data out
Local
Oscillator
Figure 8.20 Block Diagram of a Generic DSSS Radio Link.
Filters
Filters are used in radio communications to pass certain frequencies and reject
or attenuate other frequencies. The RX filter is a band pass filter to reject signals
from the antenna outside the band width of interest to the receiver. This improves the
received signal to noise ratio and avoids overloading the receiver by strong out-of-
band signals. On the other hand, the primary function of the transmit RF filter is to
suppress harmonics of the carrier frequency at the output of the transmitter. The TX
filter ensures the transmitted power is within the designated channel, and ensures that
no transmitted power leaks into neighboring channels causing interference problems
with the neighboring channels. The transmit filter is generally wide enough to pass
the full range of frequencies in the ISM band.
Pseudo random Noise (PN) Code Generator:
This module generates a pseudo random digital sequence used to spread the
bandwidth in DSSS systems. At the receiver side, the PN code generator is used to
de-spread the received signal. The receiver PN code generated should be precisely
synchronized with that used in the calling transmitter.
373
Frequency Synthesizer:
The reference frequency is required to generate carriers with accurate center
frequency that allows the transmitters and receivers find each other. The main source
of clock is an oscillator built around a quartz crystal of specific resonant frequency.
This clock can then be divided using digital counters, or multiplied by frequency
synthesizer consisting of a Voltage Controlled Oscillator, programmable Divide by N
counter and a filter, as shown in Figure 8.21 This structure of frequency synthesis is
based on a Phase Locked Loop (PLL) circuit.
Phase detectror Loop Filter
Voltage
controlled
Oscillator
(VCO)
Programmable
Divide by N counter
Frequency
Reference Frequency
output
F
in
Fout= N x F
in
Desired frequency
Figure 8.21 Block diagram of a PLL frequency synthesizer.
The operation of this circuit is basically a feedback control system that controls
the phase of a voltage controlled oscillator(VCO). The input signal is applied to one
input of a phase detector. The other input is connected to the output of a divide by N
counter. Normally, the frequencies of both signals will be nearly the same. The
output of the phase detector is a voltage proportional to the phase difference between
the two inputs. This signal is applied to the loop filter. It is the loop filter that
determines the dynamic characteristics of the PLL. The filtered signal controls the
VCO. Note that the output of the VCO is at a frequency that is N times the input
supplied to the frequency reference input. The divide by N counter is programmable
or selected from a set of counters;each provides one of the desirable synthesized
frequencies.
Modulation
Modulation is embedding information on the carrier signal by changing its
parameter(s) such as amplitude (amplitude modulation, AM), frequency (frequency
modulation, FM), and phase (phase modulation).
374 Modern Distributed Control Systems
f
C
-4f
R
f
C
-3f
R
f
C
-2f
R
f
C
-f
R
f
C
f
C
+4f
R
f
C
+3f
R
f
C
+2f
R
f
C
+f
R
Power
Frequency
Figure 8.22 Typical Spectrum of Digitally-Modulated Carrier.
The spectrum shape of a modulated carrier wave, shown in Figure 8.22,is
determined by the data rate, the choice of modulation scheme, and the filtration
before or after the modulator. The sidebands should be filtered in order to avoid
interference with other receivers. Most standards mandate applying Spectral Mask to
limit the sideband amplitudes. For example,the IEEE 802.11b Standard requires that
the signal be at least 30 dB down from its peak energy at ±11 MHz from the center
frequency and at least 50 dB down from its peak energy at ±22 MHz from the center
frequency, as shown in Figure 8.23.The transmitters employ pulse shaping filters and
transmit filters in order to comply with the required spectral mask.
F
c
-11 MHzF
c
-22 MHz F
c
+22 MHz
-50 dB
Unfiltered Sinx/xTransmit spectrum mask
f
c
F
c
+11 MHz
-30 dB
0 dB
Figure 8.23 Spectral mask, which defines the maximum permitted energy in the
frequencies surrounding the fc.
Upconverter/Downconverter and Filters
The modulation is usually performed on a fixed frequency or an Intermediate
Frequency IF. On the other hand, the carrier frequency can be switched to any one of
375
the channels available in the ISM band, or even change periodically according to a
hopping sequence. At the transmitter, the up-converter will generate the modulated
RF carrier signal by mixing the IF signal with the synthesized frequency. Conversely,
at the receiver, the fixed IF signal is produced by the down-converter by mixing the
incoming carrier signal with the synthesized frequency. In conventional radio, the
down-converter is known as the mixer stage.
The up-converter generates both the sum and the difference frequencies, so a
filter must be used between the modulator and the power amplifier to pass only the
desired carrier frequency. Similarly, at the receiver, a filter is used after the mixer to
allow only the IF signal to pass to the subsequent receiver stage.
Power Amplifier
The power amplifier could be used to increase the transmitter output power up
to the approved level when the signal power out of the modulator or upconverter is
low.
Transmit Antenna, Antenna Gain and Spreading Loss
The transceiver antenna could be located internally onthe printed circuit board,
mounted on the device housing, or remotely connected by a coaxial cable. In general,
a larger transmit antenna will have a higher gain and will focus the energy into a
narrowerbeam, increasing the power density in the beam. In most cases, a narrower
beam reduces the threat of interference to receivers outside the beam(see Section 8.2
for the concept of antenna gain).
Receiver Front End
The receiver front end typically includes the following:receiver filter, low noise
amplifier(LNA), downconverter (Mixer), and intermediate frequency amplifier. In
this receiver arrangement, known as superheterodyne receiver,the received signal is
filtered, amplified and mixed down to a lower intermediate frequency in a series of
modules. Such design provides high degrees of amplification without overloading
the amplifiers; and it provides rejection capability for all interfering signals outside a
very narrow portion of the radio frequency spectrum (without having to build filters
with high quality factors). Heterodyning means mixing two frequencies together so
as to produce a beat frequency, namely, the difference between the two. The mixing
process produces the sum and differences between two frequencies. For example if
fcis the carrier frequency and the IF frequency is fif, the local synthesizer should
produce a frequency of
ifcs
fff
. The mixer will then produce the sum and
difference between the two frequencies
cs
ff ,
, that is,
)2sin())2(2sin())(2sin())(2sin()( tftfftfftfftS
ififccscs
(8.14)
376 Modern Distributed Control Systems
A band pass filter (or a low pass filter) can then be used to allow only fifto
proceed to the next stage. Although superheterodyne design achieves the highest
receiver sensitivity and noise rejection, in high band width receivers (as in 802.11n),
a direct conversion receiver without an IF stage is preferred to achieve asmall chip
area and the lowest power consumption.
8.5 Wireless LAN Standards:
This section provides an overview of the basic features of selected wireless
standards for local area networks, namely;IEEE 802.11a/b/g/n/ac,, also known as the
Wi-Fi (Wireless Fidelity) standard. It denotes a set of wireless LAN (WLAN)
standards developed by Working Group 11 of the IEEE LAN/MAN Standards
Committee (IEEE 802). The term 802.11x also denotes this set of standards and is
not one of its elements. The 802.11x is intended to be an extension of wired Ethernet,
bringing Ethernet-like principles to wireless communication. It is primarily used for
TCP/IP, but can also handle other forms of networking traffic.
8.5.1 Overview
IEEE 802.11:
IEEE 802.11a/b/g/n/ac actually describes five variants of the wireless Ethernet
standard currently implemented in commercial and (increasingly) industrial
applications. A brief overview of the differences between these standards is given
below.
IEEE 802.11a:
This standard describes operation in the 5 GHz band and uses OFDM, thereby
enabling raw transmission rates up to 54 Mbps. Some countries have other uses (air
traffic control and military) defined for this band, so it is therefore not globally
accepted for use in ISM applications. In some cases, it works inside buildings with
limited power. One advantage of IEEE 802.11a is that it operates with the same data
rates (54 Mbps) as IEEE 802.11g, but avoids the crowded 2.4GHz channels.
IEEE 802.11b:
This standard, adopted in 1999, uses the 2.4GHz band with DSSS modulation.
The raw transmission rate is limited to 11 Mbps.
IEEE 802.11e:
Enhancements (2005), standard for QoS, which defines the specifications of the
QoS mechanisms to support multimedia applications.
377
IEEE 802.11g:
The 802.11g standard adopted the OFDM technology of 802.11a in the globally
accepted 2.4 GHz band. Using the OFDM technique over the air, data rates can be
increased to 54 Mbps. This standard is also backwards compatible with 802.11b.
IEEE 802.11n:
This standard adopted the OFDM technology of 802.11a andg, in addition to
multiple input/multiple output(MIMO) to achieve high throughput and transmission
rates. It can support a maximum transmission rate of ~600 Mbps, and outdoor range
over 250m, using 20 or 40 MHz bandwidth, and up to 4 MIMO spatial channels. The
802.11n was released in 2009.
IEEE 802.11y:
This standard defines enhancements to the IEEE.11 physical layer and medium
access control to support operation in the 3650-3700 MHz band.
802.11ac (2013):
802.11ac is considered the Fifth Generation of Wi-Fi [Ref 31]. This IEEE
standard provides high-throughput wireless local area networks (WLANs) on the 5
GHz band. The specification introduces a multi-station WLAN throughput of at least
1 gigabit per second, and a single link throughput of at least 500 megabits per
second.
Table 8.3 provides a summary of these IEEE 802.11x standards. Nonetheless,
there are other standards under the IEEE.802.11 family such as c, d, f, h, i, j, and p
which denote service amendments and extensions or corrections to previous
specifications.
Table 8.3 IEEE 802.11x working standards.
802.11
Protocol
Release Frequency
(GHz)
Data
(Mb/s)
Signaling Rangeinside
(m)
Rangeout (m)
-1997 2.4 2 ~0 ~100
A1999 5.0 54 OFDM ~35 ~120
B1999 2.4 11 DSSS ~38 ~140
G2003 2.4 54 OFDM ~38 ~140
N2009 2.4, 5.0 ~600 MIMO-
OFDM
~70 ~250
Ac 2013 5.0 ~6.93
Gbps
MIMO-
OFDM
~35
Y2008 3.7 54 ~50 ~5000
Figure 8.24 shows the geographical domains of PAN, LAN, MAN, WAN, and
378 Modern Distributed Control Systems
RAN wireless standards.
PAN
LAN
MAN
WAN
RAN
<150 m
<10 m
<15 km
18-24 km
~100 km
UWB: Ultra wideband.
1G-4G, GSM: Cellular mobile communication standards.
Figure 8.24 IEEE Wireless Standards and protocols.
8.5.2 IEEE 802.11x Architecture
The 802.11 standard allows infrastructure networks connected to a wired
Acronym Title Range Speed Mbps Standards
PAN Personal Area Network <10 m 1-3, 55 802.15.1/3/3a/4(ZB)
LAN Local Area Network <150 m 600 802.11s/b/g/n
MAN Metropolitan Area
Network
< 5km 70 802.16
a/d/e/m
1G-4G
WAN Wide Area Network <15 km <14 802.20
GSM, CDMA,
3G
RAN Regional Area Network <100 km 18-24 802.22
379
network (typically Ethernet) using an Access Point(AP) and independent networks
connecting peer computers wirelessly with no wired network present.
Networks based on distributed APs are called infrastructure mode. The second
mode is known as ad hoc mode. The ad hoc mode simply represents a group of IEEE
802.11 wireless stations that communicate directly between them without having a
connection with an AP or a connection to a fixed network.
In the infrastructure mode, the stations associated with a particular AP constitute
a Basic Service Set (BSS). The AP acts as a base station and it includes the
necessary functionalities to control communications between the stations within its
zone. The collection of BSSs connected to a single wired network forms an Extended
Service Set (ESS), similar to the cellular mobile networks, but within indoor or office
environment. A BSS has a unique identifier, the BSSID, which corresponds to the
MAC address of the AP managing the cell.
An ESS could also have an identifier,the Service Set Identity(SSID) that allows
for the identification of the service network. It is a 32 bytes character string of a
variable size. SSID is used to guarantee authentication and identification between an
AP and a client. SSID is unique to that ESS but shared by all component BSSs.
Privacy and Security:
The 802.11 standard provides the optional Wired Equivalent Privacy (WEP),
which offers frame transmission privacy by generating secret shared encryption keys
for source and destination stations. Many of the wireless LAN vendors now offer
WEP as an option to their product offerings. WEP encrypts only the payload of MAC
layer frames, not the frame headers.
There is also a number of standards for enhancement of the operation of the
802.11x WLANs promoted by Wi-Fi alliance, for example:
a) WPA (Wi-Fi Protected Access®)and WPA2 (Wi-Fi Protected Access 2): Wi-
Fi wireless network security offer government-grade security mechanisms for
personal and enterprise applications.
b) EAP (Extensible Authentication Protocol) - An authentication mechanism
used to validate the identity of network devices (for enterprise devices).
c) Wi-Fi CERTIFIED n: supports the IEEE 802.11n ratified standard.
d) Wi-Fi Protected Setup™: Facilitates easy set-up of security features using a
Personal Identification Number (PIN) or other defined methods within he Wi-
Fi device.
380 Modern Distributed Control Systems
8.5.3 IEEE 802.11 Physical Layer (PHY)
In the U.S., the RF emission of these devices is regulated by FCC Part 15 rules.
These rules govern the power output, equipment and antenna configurations
permitted in the unlicensed bands. The FCC sets strict rules to limit both the device
RF power and Effective Isotropic Radiated Power (EIRP) achieved by the use of a
gain antenna to ensure fair sharing of this limited bandwidth. The 802.11x are
designed to operate in one or two of the frequency bands allocated for public use
without an FCC license. These are the Industrial, Scientific, and Medical (ISM)
bands: 2.4GHz – 2.4835GHz, and 5.15GHz – 5.850GHz.
The initial 802.11 standard defines two forms of spread-spectrum modulation
for the physical layer: frequency hopping (802.11 FHSS) and direct sequence (802.11
DSSS). These two standards specify a 2.4GHz operating frequency with data rates of
1 and 2Mbps. Another initial physical layer utilizes infrared passive reflection
techniques for transmission of data at 1 and 2Mbps was also specified;however, this
standard has not been implemented in products.
802.11 FHSS:
In the original 802.11 FHSS, the carrier frequency hops over the 2.4GHz
frequency band between 2.4GHz and 2.4835 GHz. The signal stops long enough at
each frequency to transmit data for a period of time, based on the dwell-time set as a
configuration parameter.
The following are the main features of 802.11 FHSS:
Gaussian Frequency Shift Keying (GFSK) modulation.
Two data rates of 1 Mbps and 2 Mbps.
The band is divided into 79 sub-bands with 1 MHz bandwidth each.
Data rate is limited to 2 Mbps
Each sub-band is subject to a minimum rate of 2.5 hops/s (400 msec dwell
time).
22 hop patterns.
The minimum hop rate ensures that each packet sent could be transmitted in a
single hop, so that destroyed information could be recovered in another hop. This
allows an effective frequency diversity that provides excellent transmission
characteristics. IEEE 802.11 FHSS provides the following advantages (in comparison
to DSSS). It has greater tolerance of signal interference because it operates over the
wider 83.5MHz bandwidth, however,ot has a smaller range when compared with
DSSS.
IEEE 802.11 Direct Sequence Spread-spectrum (DSSS):
IEEE 802.11 DSSS combines a data signal at the sending station with a higher
381
data rate bit chipping code sequence. DSSS is used in an attempt to combat
interference and selective fading. The following are the main features of IEEE 802.11
DSSS:
a) The IEEE 802.11 set the minimum processing gain requirements at 11, which
means that the chipping code multiplies the data signal by 11. Direct
sequence spread-spectrum sends a specific string of bits for each data bit sent.
b) The chipping code uses 11-bit Barker Code which is XOR’d with each
incoming data bit.
c) IEEE 802.11 DSSS provides greater range (in comparison to FHSS);
however, it has less tolerance to signal interference
d) 20MHz bandwidth.
e) The data rate is also limited to 1 or 2 Mbps.
f) The IEEE standard uses BPSK modulation at a 1 Mbps data rate, or QPSK
modulation at a 2 Mbps data rate.
g) The 2.4 GHz ISM band consists of 14 overlapping channels of 22MHz
separated by 5MHz, as shown in Figure 8.25a.
An example of the possibility of three non-overlapping DSSS bands is also
shown in Figure 8.25b.
Figure 8.25 (a) DSSS channels in the 2.4 GHz ISM band, (b) An example of three Non-
overlapping DSSS channels.
382 Modern Distributed Control Systems
IEEE 802.11a:
In 1999, the IEEE published two supplements to the 802.11 standard: 802.11a
and 802.11b. The 802.11a standard defines operation at up to 54Mbps over shorter
distances using orthogonal frequency division multiplexing (OFDM) modulation in
the 5.8 GHz frequency band. The 802.11a specifies the use of OFDM modulation
only, and supports several data rates from 6 to 54 Mbps of which 6, 12 and 24 Mbps
are mandatory for all products. OFDM operates extremely efficiently, leading to the
higher data rates. OFDM divides the data signal across 48 separate sub-carriers to
provide transmissions. Each of the sub-carriers uses PSK or Quadrature Amplitude
Modulation (QAM) to modulate the digital signal depending on the selected data rate
of transmission. The operating frequencies of 802.11a fall into the U-NII bands:
5.15–5.25 GHz, 5.25–5.35 GHz and 5.725–5.825 GHz. Within this spectrum, there
are twelve 20MHz channels (eight allowable only for indoor use and four usable for
indoor or outdoor use) that do not overlap, allowing for denser installations.
Additionally, each band has different output power limits, which are detailed in the
FCC rules Part 15.407.
IEEE 802.11b:
The IEEE 802.11b version of the standard is a data rate extension of the initial
802.11 DSSS, providing operation in the 2.4GHz band with additional data rates of
5.5 and 11Mbps. The 802.11b products exhibit similar advantages and disadvantages
as 802.11 DSSS;however, the higher data rates of 802.11b lower the effective range
of the radios to typically 150 feet when transmitting at 11Mbps.The 802.11b uses
several types of modulation. Barker Code Direct Sequence,spread-spectrum with
BPSK or QPSK modulation, is used to transmit at 1 and 2 Mbps respectively similar
to 802.11, while complimentary code keying is used to support the new speeds of 5.5
and 11 Mbps.
IEEE 802.11g:
The 802.11g standard applies the 802.11a modulation standards (and therefore
supports54 Mbps just like 802.11a) to the 2.4 GHz band, and offers backward
compatibilityfor802.11b devices. The achievable coverage distances for these
standards depend on the barriers or obstacles in the line of sight. The 802.11g
features three additional encoding options (one mandatory, two optional) that boost
its speed to 54 Mbps, although two 22 Mbps versions are part of the specification as
well. The higher speed connections use the same OFDM-based transmission scheme
as 802.11a. It operates at a maximum physical layer bit rate of 54 Mbit/s exclusive of
forward error correction codes, or at about 22 Mbit/s average throughput.
IEEE 802.11n:
The 802.11n is a recent amendment (2009) that improves upon the previous
383
802.11 standards by adding MIMO and many other newer features. The standard
operates at 2.4 or 5 GHz, with potential data rates of up to 600 Mbps, and an
operating range of about 70 m for indoor, and up to 250 m outdoors. The 802.11n
uses40 MHz channels, which double the channel width from the 20 MHz used in
previous 802.11 PHYs to transmit data. This allows for a doubling of the PHY data
rate over a single 20 MHz channel, provided that it does not interfere with any other
802.11 system using the same frequencies. MIMO technology, which uses multiple
antennas and multiple independent data streams, transfers simultaneously within one
spectral channel of bandwidth. MIMO can significantly increase data throughput as
the number of resolved spatial data streams is increased. MIMO technology requires
a separate radio frequency chain and analog-to-digital converter for each MIMO
antenna, which translates into higher transceiver complexity and higher
implementation costs compared to non-MIMO systems.
802.11ac (2013):
This standard is an extension of 802.11n, with bandwidth up to 160 MHz, and
up to 8 MIMO spatial streams, downlink multi-user MIMO up to four clients, and up
to 256-QAM modulation technique. MU-MIMO allows an Access Points (AP) to
send multiple frames to multiple clients at the same time over the same frequency
spectrum using multiple antennas, an AP can behave like a wireless switch. The
single-link and multi-station enhancements supported by 802.11ac enable several
new potential WLAN applications, such as simultaneous streaming of HD video to
multiple clients, distributed wireless displays, large campus/auditorium deployments,
and manufacturing floor automation.
8.5.4 IEEE 802.11 MAC Layer
The 802.11 Physical Layer uses burst transmissions in the form of packets. Each
packet contains a Preamble, Header and Payload data;
a) The Preamble allows the receiver to obtain time and frequency
synchronization and estimate channel characteristics for equalization. It is a
bit sequence that receivers watch for to lock onto the rest of the transmission.
b) The Header provides information about the packet configuration, such as
format, data rates, etc.
c) The Payload Data contains the user’s payload data being transported.
The 802.11 standards define three types of frames: Management Frames,
Control Frames and Data Frames. Each frame consists of an MAC header, payload
and frame check sequence (FCS). Some frames may not have the payload. The first
two bytes of the MAC header form a frame control field specifying the form and
function of the frame.
In the 802.11 protocol, the fundamental mechanism to access the medium is
384 Modern Distributed Control Systems
called the Distributed Coordination Function (DCF). This is a random access scheme,
based on the Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)
protocol.
CSMA/CA works by a "listen before talk scheme." This means that a station
wishing to transmit must first sense the radio channel to determine if another station
is transmitting. If the medium is not busy, the transmission may proceed. The
CSMA/CA scheme implements a minimum time gap between frames from a given
user. Once a frame has been sent from a given transmitting station, that station must
wait until the time gap is up to transmit again. Once the time has passed, the station
selects a random amount of time (called a back-off interval) to wait before "listening"
again to verify that there is a clear channel on which to transmit. If the channel is still
busy, another back-off interval is selected that is less than the first. This process is
repeated until the waiting time approaches zero and the station is allowed to transmit.
This type of multiple accesses ensures careful channel sharing while avoiding
collisions.
DCF includes a positive acknowledge scheme, which means that if a frame is
successfully received by the destination it is addressed to, the destination needs to
send an ACK frame to notify the source of the successful reception.
As the system gets loaded, it is possible for multiple users to transmit at once,
leading to interference and packet loss. Another effect is the “near-far” issue in which
users closer to the base station get better access to the bandwidth than stations farther
away, because the higher signal strength of the closer user swamps the weaker signal
of the remote user.
DCF also has an optional virtual carrier sense mechanism that exchanges short
Request-to-Send(RTS) and Clear-to-Send (CTS) frames between source and
destination stations during the intervals between the data frame transmissions. With
RTS/CTS enabled, the stations ask permission before transmitting and wait to get an
all clear before they actually start their transmission. Enabling RTS and CTS can
reduce congestion as stations wait for CTS packets from the base station before
starting transmission.
The DCF is suitable for sending information such as short messages and data
files, but it is not very efficient for sending broadband, time-critical information such
as video. The 802.11 standard provides for an optional Point Coordination
Function(PCF) medium access mechanism that is implemented in the access points
(in addition to the mandatory DCF). PCF allows the access point to act as the
network coordinator to manage channel access. PCF provides delivery of time-
bounded data via synchronous communications using station-polling mechanisms.
This mechanism is capable of transporting video effectively as compared to the DCF.
385
In the subsequent 80.2.11x standards some changes in the packet format were
introduced, and several enhancements were also introduced for more efficient MAC
protocols.
8.6 Low Power Short Range Wireless Networks
These family of standards include IEEE 802.15.1 Personal Area network, which
became the widely used Bluetooth standards, and 802.15.4 wireless sensor networks
which became the basis of ZigBee wireless networks,and several industrial wireless
networks. This section provides an overview of Bluetooth and ZigBee networks.
IEEE 802.15.1 (2002): Provides specifications for low power Wireless Personal
Area Networks (WPAN) based on Bluetooth, https://www.bluetooth.com. It
provides network speeds up to 3Mbps at short ranges and operates on the unlicensed
ISM band at 2.4 to 2.485GHz using FHSS with full-duplex signal at nominal rate of
1600 hops per second.
IEEE 802.15.2 discusses the coexistence of WPAN with other wireless devices
operating in unlicensed frequency bands such as wireless Local Area Networks
(WLAN).
The IEEE 802.15.4 (2007): This standard defines the protocol and compatible
interconnection for data communication devices using low data rate, low power, and
low complexity, short range radio frequency transmissions in a wireless personal area
network (WPAN).
ZigBee: is a published specification set of high-level communication protocols
designed to use small, low power digital radios based on the IEEE 802.15.4 standard
for wireless personal area networks.
8.6.1 Bluetooth
The IEEE 802.15.1Standard was initiated to define Wireless Personal Area
Networks (WPANs). IEEE 802.15 is intended for short-range, low power, low cost
small networks and communication of devices within a personal operating space.
The initial version, IEEE 802.15.1, was adopted from the Bluetooth (BT)
specification in 2002, and is fully compatible with Bluetooth 1.1. It includes a media
access control and physical layer specification. BT was originally intended as a cable
replacement technology. An updated version of IEEE 802.5.1, based upon the
additions incorporated into Bluetooth v1.2, was published as IEEE 802.15.1-2005.
But the later versions of Bluetooth have not been considered in IEEE standards. The
Bluetooth wireless technology is based on the concepts of a PAN and ad hoc
connectivity. Through the discovery service, PAN devices are capable of
386 Modern Distributed Control Systems
spontaneously joining into a network as they approach each other. This occurs only
while the devices are in close proximity: the devices leave the network as they are
removed from proximity. Unlike other wireless standards, the Bluetooth Core
Specification provides product developers both link layer and application layer
definitions, which support data and voice applications. BT has become a widely used
industry standard specification for wireless communications among portable digital
devices, and a wide spectrum of consumer electronic devices.
Bluetooth Core Specification:
Version 2.1 Enhanced Data Rate (EDR), adopted July, 2007
Version 3.0 High Speed (HS), adopted April, 2009
Version 4.0/4.1/4.2 Low Energy, adopted December, 2009 -2015
The BT communication layers stack is shown in Figure 8.26.
BT RF
TCS TCP/IP RFCOMM SDP
Applications
IEEE 802.15.1
Bluetooth WPAN
SCOACL
Audio
BT Baseband
Link
Controller
L2CAP
Link
Manager Voice
HCI
Figure 8.26 BT Layer models.
BT RF layer:
The air interface is based on an antenna power range from 0 dBm up to 20 dBm.
Bluetooth operates in the 2.4 GHz band and the link range is anywhere from 10 cm to
100 m. BT defines three classes of services, as shown in Table 8.4
Table 8.4 BT Device power classes.
Power class Maximum output power Maximum range (meters)
Class 1 100 mW 100 m
Class 2 2.5 mW 10 m
Class 3 1 mW 10 cm
387
The most commonly used radio is Class 2, using 2.5 mW of power. Bluetooth
technology is designed to have very low power consumption, operating in the
unlicensed industrial, scientific and medical (ISM) band at 2.4 to 2.485 GHz, and
using FHSS over 79 channels, each with 1 MHz bandwidth. The hop rate is 1600
hops/sec.
Bluetooth’s Adaptive Frequency Hopping (AFH) capability was designed to
reduce interference between wireless technologies sharing the 2.4 GHz spectrum.
AFH works by detecting other devices in the spectrum and avoiding the frequencies
they are using. This adaptive hopping among 79 frequencies at 1 MHz intervals gives
a high degree of interference immunity and also allows for more efficient
transmission within the spectrum. The minimum number of channels to be used in a
hopping sequence is 20. The maximum data rate is 550 kbps at 250 ft.The most
important characteristics on the physical layer are the following:
5.1. Gaussian frequency shift keying (GFSK) modulation at 1 Msps.The 2 and 3
Msps use 4DPSK and 8DPSK respectively.
5.2. Packets consist of access code, header and payload.
5.3. Optional employment of Forward Error Correction (FEC).
5.4. Supports the following maximum data rates:1 Mbps for BT low energy
technology,1 Mbps for Version 1.2, up to 3 Mbps in Version 2.0 EDR
(Extended Data Rate), and up to 24 Mbps in Version 3.0 HS.
Baseband Layer:
The Baseband layer sits on the top of the radio layer (physical layer), as
depicted in Figure 8.26. The baseband layer essentially implements the timing,
sequence and order of transmission of physical bits across the wireless from one
Bluetooth device to another as well as channel coding. A network of devices
connected in an ad hoc fashion using Bluetooth technology is called a piconet.
Bluetooth uses a master–slave concept in which the unit that initiates a
connection is temporarily assigned master status (for as long as the connection is up).
The master organizes the traffic for up to seven other slave members of the piconet.
The identity of each piconet and the frequency-hopping sequence can be derived
from the master’s device address. The header of a packet contains the actual
addressee, the length of the packet, and other control information. Note that the slave
can only communicate with the master within onepiconet(and not directly with the
other slaves).
The baseband layer establishes the physical link between the devices forming a
piconet. The key functions of the baseband include connection creation, frequency-
hopping sequence selection and timing, modes of operation (like power control and
388 Modern Distributed Control Systems
secure operation), and medium access functions like polling, packet types, packet
processing and link types (voice, data, etc.).Each device can also belong to several
piconets simultaneously. This means the ways in which one can connect Bluetooth
devices is almost limitless.
Baseband handles two types of links: Synchronous Connection-Oriented(SCO)
and Asynchronous Connection-Less (ACL) link. The SCO link is a symmetric point-
to-point link between a master and a single slave in the piconet. The master maintains
the SCO link by using reserved slots at regular intervals (circuit switched type). The
SCO link mainly carries voice information. The master can support up to three
simultaneous SCO links, while slaves can support two or three SCO links. SCO
packets are never retransmitted. SCO packets are used for 64 kB/s speech
transmission.
The ACL link is a point-to-multipoint link between the master and all the slaves
participating on the piconet. In the slots not reserved for the SCO links, the master
can establish an ACL link on a per-slot basis to any slave, including the slave already
engaged in an SCO link (packet switched type). Only a single ACL link can exist.
Link Manager:
Link Manager sets up the link between Bluetooth devices. Other functions of
the link manager include security, negotiation of baseband packet sizes, power mode
and duty cycle control of the Bluetooth device, and the connection states of a
Bluetooth device in a piconet. It talks to the other link managers to exchange
information and control messages through the link controller using some predefined
link-level commands.
The upper part of the Link Manager, together with the next layer, called the
Host Controller Interface (HCI), is responsible for the data transport mechanisms,
once the link is established, multiplexing the data as required by the relevant
application. The Link Manager and HCI layers are essentially written as software,
but often embodied as embedded firmware, to secure a lower power and simpler
implementation.
Logical Link Control and Adaptation Protocol (L2CAP):
L2CAP sits above the HCI layer and provides data flow control and
management. Above L2CAP the stack splits, with the link to the applications layer
going via the Service Discovery Protocol (SDP) or the Telephony Control protocol
Specification (TCS) blocks, or via RFCOMM and then via OBEX (Generalized
Multi-Transport Object Exchange Protocol), WAP or simple AT Commands.
L2CAP functions as the multiplexer of packet data between all the other upper
layers. RFCOMM, on the other hand, is known as the "virtual serial port" layer.
RFCOMM works well when one needs to communicate with devices that support
389
data streams as file transfer.
A summary of the main components of the BT stack is given in Table 8.5
Table 8.5 Main components of the BT stack (above the Radio layer).
ACL
ACL is Asynchronous Connection-Less physical link for transmitting data
over the physical channels. ACL link provides a packet switched connection
between the master and all the active slaves.
SCO
SCO is Synchronous Connection-Oriented physical link for voice-like
information. It is a symmetric, point-to-point link between the master and a
specific slave. It behaves like a circuit-switched connection.
Link
Manager
Link Manager essentially handles link set-up, security and control. It
provides services like authentication, encryption control, power control and
provides QoS capabilities. It also manages devices in different modes (park,
hold, sniff and active).
L2CAP
L2CAP is the Logical Link Control and Adaptation Layer protocol. It
resides in the data link layer and provides connection-less and connection-
oriented data services to upper layer protocols with protocol multiplexing
capability, segmentation and reassembly operation and group abstractions.
L2CAP permits higher level protocols and applications to transmit and
receive L2CAP data packets up to 64 Kb in length.
SDP
SDP is Service Discovery Protocol for applications to discover which
services are available and to determine the characteristics of those available
services.
RFCOMM
RFCOMM is a simple transport protocol, with additional provisions for
emulating the 9 circuits of RS-232 (EIATIA-232-E) serial ports over
L2CAP protocol. It supports up to 60 simultaneous connections between
two Bluetooth devices.
Security:
Bluetooth provides several components that ensure secure wireless connections.
BT can provide authentication and encryption, and is used in the most critical
applications.
Bluetooth specifications provide for authentication and flexible encryption at
the baseband level.
The transmitter characteristics of low power and frequency hopping help
deter casual eavesdroppers.
BT Special Interest Group (SIG):
Bluetooth wireless technology is an open standard that is consistent worldwide.
The Bluetooth Special Interest Group (SIG) is comprised of leaders in the
390 Modern Distributed Control Systems
telecommunications, computing, and network industries. It is driving development
of the technology and bringing it to market. The goal of the SIG is to promote the
standard, ensure inter-operability, define the radio characteristics, link protocols and
profiles, and provide free access to the Bluetooth standard.
Application Profiles:
BT standard defines application profiles. The profiles describe in detail the
implementation of the foreseen applications, enabling units from different
manufactures to communicate.
Interference with 802.11 Wireless Networks:
It should be noticed that BT and Wi-Fi operate on the same frequency band, and
could interfere and degrade each other’s performance. The BT 1.2 adaptive
frequency-hopping scheme allows a BT device that has knowledge of the802.11
device that it is co-located with to adjust its frequency-hopping scheme accordingly.
AFH can help in mitigating this problem, but it does not help for roaming BT devices
or in cases where multiple 802.11 channels are in use.
Summary:
a) Communication is also based on a master–slave principle.
b) A piconet comprises a master and a maximum of seven slaves.
c) A slave can be part of several overlapping piconets.
d) The master is responsible for polling nodes and also allocating/blocking new
connections, and it decides the frequency hopping sequence.
e) The HCIis the interface between the Bluetooth device controller and the host
device.
f) The L2CAP layer acts as the data multiplexer for all other layers.
g) A link manager sets up, authenticates and configures the link. It discovers
other devices and communicates with them through the LMP.
h) The RFCOMM protocol emulates RS232 serial COM ports and USB ports
over the L2CAP protocol.
i) SDP, based on the client server model, supports search for services by service
class, by service attributes, or by browsing.
8.6.2 IEEE 802.15.4 & ZigBee Networks
ZigBee (ZB)is a wireless protocol built on the physical layer and medium access
control (MAC) layers from IEEE 802.15.4. The ZB device is a short-range device
with low-cost, long battery life for machine-to-machine applications. It is known as
the Wireless Sensor Network (WSN).
391
Among the potential applications of WSN:
a) Wireless monitoring and control applications
b) Disaster relief and defense applications
c) Environment control and biodiversity mapping
d) Facility management, including monitoring, movement sensors and
automation.
e) Machine surveillance and preventive maintenance
f) Precision agriculture
g) Building automation, lighting, security, HVAC and Fire and Safety systems.
h) Remote control (consumer appliances)
i) Medicine and health care, including patent monitoring, remote diagnosis and
data loggers
j) Automotive inventory tracking and service controls.
The data rates and features available in the initial BT version are:
1. Data rates of 20, 40 orup to 250 Kbps, depending on the operating ISM band
2. Different topologies such as conventional star and mesh operation
3. Addressing based on short 16 bits or normal MAC (64 bits) addresses
4. Support of simple access and slotted allocation with guarantees
5. Support of acknowledged data transfer and an optional beacon structure
6. Energy detection (ED)
7. Low power (battery life multi-month to years)
8. Multiple topologies: star, peer-to-peer, mesh
9. Optional guaranteed time slot for applications requiring low latency
10. Fully hand-shacked protocol for transfer reliability
11. Range: 50m typical (5-500m depending on environment)
12. Link quality indication (LQI)
13. Multilevel security.
ZB’s self-forming and self-healing mesh network architecture permits data and
control messages to pass from one node to other node via multiple paths. This
extends the range of the network and improves data reliability. On the other hand, the
peer-to-peer capability can be used to build large, geographically dispersed networks,
where smaller networks link together to form a cluster-tree network.
Physical Layer:
The IEEE802.15.4 Standard operates in the U.S. on 27 possible ISM channels;
16 channels from the 2.4 GHz band (known as channels 11-26), 10 on the 915 band
392 Modern Distributed Control Systems
MHz (channels 1 to 10), and 1 on the 868 MHz band. But some channels may not be
allowed in Europe or in the other countries in the world. The 2.4GHz band supports
250kbps using offset quadrature phase-shift keying (O-QPSK) modulation technique.
The data is first mapped onto symbols, 4 bits by 4 bits. Then the symbols are mapped
onto 32-bit long chips and modulated.
The 868 band supports 20 Kbps data rates, while the 915 supports 40 Kbps data
rate. For the 20 and 40 kbps rates, 802.15.4 uses DSSS and BPSK in the chip
modulation. Data is first differentially encoded for data symbol coding, mapped onto
DSSS chips (15 bits long), and modulated using BPSK. Table 8.6 gives a summary
of the data rates and modulation techniques.
The physical layer reports two important performance parameters to the upper
layers, the receive energy detection and the link quality indicator.
Receiver Energy Detection:
The physical layer reports Receiver Energy Detection (ED). This measurement
is intended for use by a network layer as part of channel selection algorithm. It is an
estimate of the received signal power within the bandwidth of an IEEE 802.15.4
channel. No attempt is made to identify or decode signals on the channel.
Link Quality Indicator (LQI):
Upon reception of a packet, the physical layer also reports the LQI, which is a
characterization of the strength and/or quality of a received packet. The use of the
LQI result is up to the network or application layers. The LQI is reported as an
integer ranging from 0x00 to 0xff.
Table 8.6 ZB data rates and modulation.
PHY
(MHz)
Frequency
band
(MHz)
Spreading Parameters Data Parameters
Chip rate
(kcps)
Modulatio
n
Bit rate
(kbps)
Symbol
rate
(ksps)
Symbols
868/915 868-868.6 300 BPSK 20 20 Binary
902-928 600 BPSK 40 40 Binary
2450 2400-
2483.5
2000 O_QPSK 250 62.5 16-ary
orthogon
al
The basic network topologies are shown in Figure 8.27. The figure shows three
types of topologies that ZigBee supports: star, peer-to-peerand cluster treetopology.
Star Topology:
In the star topology, the communication is established between devices and a
393
single central controller, called the PAN coordinator. The PAN coordinator may be
battery operated, while the devices will most likely be battery powered. Applications
that benefit from this topology include home automation, personal computer
peripherals, toys and games.
After a FFD is activated for the first time, it may establish its own network and
become the PAN coordinator. Each start network chooses a PAN identifier, which is
not currently used by any other network within the radio sphere of influence. This
allows each star network to operate independently.
P
F
R
PAN coordinator
Full Function Device ( FFD)
Reduced Function Device (RFD)
FF
P
RR
R
P
F
F
F F
F
R
R
P
F
F
F
F
F
R
R
R R
F
F
Cluster Tree
Star
Mesh
Figure 8.27 IEEE802.5.4 most common network topologies.
Peer-to-peer and Mesh Topologies:
In peer-to-peer topology, in contrast to star topology, any device can
communicate with any other device as long as they are in range of one another. When
each node can discover its neighbors, and route their messages to the other nodes on
their behalf they form a mesh network. Wireless mesh topology is useful for non-
line-of-sight network configurations, where wireless signals are intermittently
blocked. If there are tens or hundreds of other nodes around, the mesh network will
adjust to find a clear signal path to the desired destination.
Mesh networks are "self-configuring:" the network automatically incorporates a
new node into the existing structure without needing any adjustments by a network
394 Modern Distributed Control Systems
administrator. Mesh networks are also "self-healing," since the network
automatically finds the fastest and most reliable paths to send data, even if something
blocks the nodes or there is loss of signal. Wireless mesh nodes are easy to install and
uninstall, making the network adaptable to the coverage needs.
Cluster-Tree Topology:
Cluster-tree network is a special case of a peer-to-peer network in which most
devices are FFDs, while RFDs may connect to a cluster-tree network as leaf nodes at
the end of branches. Any of the FFDs can act as a coordinator and provide
synchronization services to other devices. Only one of these coordinators, however,
is the PAN coordinator. The PAN coordinator forms the first cluster by establishing
itself as the Cluster Head (CLH)with a Cluster Identifier (CID) of zero, and
broadcasting beacon frames to neighboring devices. A candidate device receiving a
beacon frame may request to join the network at the CLH. If the PAN coordinator
permits the device to join, it will add this new device as a child device in its neighbor
list. The newly joined device will add the CLH as its parent in its neighbor list and
begin transmitting periodic beacons, such that other candidate devices may then join
the network at that device. Once application or network requirements are met, the
PAN coordinator may instruct a device to become the CLH of a new cluster adjacent
to the first one. The advantage of this clustered structure is the increased coverage
area at the cost of increased message latency.
Data Link Layer:
The standard provides specifications that depend on the device capability.Three
device capabilities are defined:an FFD, an RFD, and aPAN coordinator. The
following is a summary of the functions and capabilities of each device:
–Full function devices (FFDs)
a) Can function in any topology
b) Contain the complete set of MAC services
c) Can function as a network router
d) Capable of being the network PAN coordinator
e) Can talk to any other device
f) Can discover other FFDs and RFDs
g) Can be line-powered.
–Reduced function devices (RFDs)
a) Are limited to star topology
b) Cannot become a network coordinator
395
c) Cannot route messages
d) Usually battery powered
e) Talk only to a network coordinator
f) Very simple implementation, containing a reduced set of MAC services and
can operate only as a network device.
–Personal area network (PAN) coordinator
a) Maintains overall network knowledge
b) Needs most memory and computing power
c) Responsible for starting the formation of the network
d) There is only one PAN Coordinator in any network.
The role of each of these device types is illustrated also in Figure 8.27.
The ZigBee alliance defines the capabilities of devices in terms of a set of roles.
A device may have one or more of these roles.
ZB Coordinator (ZC):
a) One and only one required for each ZB network
b) Initiates network formation
c) Acts as 802.15.4 PAN coordinator
d) May act as a router once network is formed
e) Not necessarily dedicated device; can perform other applications.
ZB Router (ZR):
a) Optional network component
b) Acts as 802.15.4 coordinator (FFD)
c) Can be associated with ZB coordinator or other routers.
d) Participates in multi-hop routing of messages
e) Looks after its own ZB end devices (broadcasting/routing)
f) Local address (destination) allocation/de-allocation
ZB End Device (ZED):
a) Optional network component
b) Does not participate in routing
c) Does not allow other devices to associate with it
396 Modern Distributed Control Systems
d) Low power and can be put to sleep by parent
e) Can be an RFD
A simplified ZB communication stack is shown in Figure 8.28.
Application (APL ) Layer
Application framework
ZigBee device object
(ZDO)
Application support sublayer (APS)
Network (NWK) Layer
Medium access control (MAC) layer
Physical (PHY) Layer
2.4 GHz radio 898/915 MHz
NWK security
management
NWK message
broker
Reading
management
Network
management
NWK security
management
APS message
broker
Reflector
management
Application
Object 1
Figure 8.28 Overview of ZigBee stack architecture.
When a network is coordinated as the star network, the coordinator may
periodically send beacon frames, as shown in Figure 8.29. The period between
beacons is called a super-frame. A super-frame contains up to 16 time slots. The
beacon frame is transmitted in the first slot of each super frame. If a coordinator does
not wish to use a super frame structure, it may turn off the beacon transmissions. The
beacons are used to synchronize the attached devices, to identify the PAN, and to
describe the structure of the super frames. Any device wishing to communicate
during the contention access period (CAP) between two beacons shall compete with
other devices using a slotted CSMA-CA mechanism. If no beacon is used, the MAC
397
layer transmits using the unslotted version of the CSMA-CA algorithm. In both
cases, the back-off uses exponential back-off periods.
For low latency applications or applications requiring a specific data bandwidth,
the PAN coordinator may dedicate portions of the active super-frame to that
application. These portions are called guaranteed time slots (GTSs). The guaranteed
time slots constitute the contention free period (CFP) of the super-frame. The PAN
coordinator may allocate up to seven of these GTSs and a GTS may occupy more
than one slot period.
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
GTS GTS
Beacon
CAP C FP
Active Inactive
Time
Beacon
CAP = Contenti on Access Pe riod
CFP = Conten tion Free Perio d
GTS = Guaranteed Time Slot
Figure 8.29 Super-frame structure.
The MAC layer supports three traffic types:
a) Periodic data with application defined rate (e.g., sensors)
b) Intermittent data application/external stimulus defined rate (e.g., light switch)
c) Repetitive low latency data Allocation of time slots
Each of these traffic types mandates different attributes from the MAC.
TheIEEE802.15.4 MAC is flexible enough to handle each of these types.
a) Periodic data can be handled using the beaconing system whereby the sensor
will wake up for the beacon, check for any messages and then go back to
sleep.ZigBee networks are primarily for low duty cycle sensor networks
(<1%).
b) Intermittent data can be handled either in a beaconless system or in a
disconnected fashion. In a disconnected operation the device will only attach
to the network when it needs to communicate saving significant energy.
c) Low latency applications may choose the guaranteed time slot (GTS) option.
398 Modern Distributed Control Systems
GTS is a method of QoS in that it allows each device a specific duration of
time for each super-frame to do whatever it wishes to do without contention
or latency.
Messages Frame:
The IEEE 802.15.4 MAC defines four frame structures:
A beacon frame, used by a coordinator to transmit beacons
A data frame, used for all transfers of data
An acknowledgment frame, used for confirming successful frame reception
A MAC command frame, used for handling all MAC peer-entity control
transfers.
The MAC frame consists of the following fields:
Frame Control (FRC) 2 Octets
Data Sequence Number (DSN) 1 Octet
Address information 4 – 20 Octets
Data payload variable
Frame Check Sequence (FCS) 2 Octets
The physical layer adds the following 6-octet header, as shown in Figure 8.30.
Preamble sequence 4 Octets
Start of Frame Delimiter (SFD) 1 Octet
Frame length 1 Octet
Preamble SFD Length
FRC DSN Addr FCS
Data Link Layer
Physical Layer
DLL Payload
Figure 8.30 MAC Frames.
Network (NWK) layer:
The responsibilities of the ZigBee NWK layer include:
399
Starting a network: the ability to establish a new network
Joining and leaving a network: the ability to gain membership (join) or
relinquish membership (leave) a network
Configuring a new device: the ability to sufficiently configure the stack for
operation as required
Addressing: the ability of a ZigBee coordinator to assign addresses to devices
joining the network
Synchronization within a network: the ability of a device to achieve
synchronization with another device either through tracking beacons or by
polling
Security: applying security to outgoing frames and removing security to
terminating frames
Routing: routing frames to their intended destinations.
The ZigBee routing algorithm is a hierarchical routing strategy with table-driven
optimizations based on the AODV algorithm and the Cluster-Tree algorithm.
ZigBee Application (APL) layer:
The ZigBee application layer consists of the application support sub-layer, the
application framework, ZigBee device objects (ZDOs), and the manufacturer-defined
application objects. The responsibilities of the application support sub-layer include:
maintaining tables for binding (defined as the ability to match two devices together
based on their services and their needs) and forwarding messages between bound
devices. The responsibilities of the ZigBee device objects include: defining the role
of the device within the network (e.g., PAN coordinator or end device), initiating
and/or responding to binding requests, establishing secure relationships between
network devices, discovering devices in the network, and determining which
application services they provide.
ZigBee released (in 2007) a second stack profile, which became known as ZigBee
Pro. ZigBee Pro offers more features, such as multi-casting, many-to-one routing and
high security with Symmetric-Key Key Exchange (SKKE), while ZigBee (stack
profile 1) offers a smaller footprint in RAM and flash. Both offer full mesh
networking and work with all ZigBee application profiles.
Profiles:
In order to simplify further deployment of the ZigBee WSN in certain
applications, the Alliance developed application profiles that provide developers with
the building blocks for popular target applications, such as:
Building automation
400 Modern Distributed Control Systems
•Light control (light sensors, dimmers)
•Heating control
•Air-Condition control
Smart home control
Remote control for consumer electronic
Smart energy profile
Other profiles are being standardized.
Security:
When secure MAC layer frames are desired, ZigBee uses MAC layer security to
secure MAC command, beacon and acknowledgement frames. ZigBee may secure
messages transmitted over a single hop using secured MAC data frames, but for
multi-hop messaging ZigBee relies upon upper layers (such as the NWK layer) for
security. The MAC layer uses the Advanced Encryption Standard (AES) as its core
cryptographic algorithm and describes a variety of security suites that use the AES
algorithm. These suites can protect the confidentiality, integrity, and authenticity of
MAC frames. The MAC layer does the security processing, but the upper layers set
up the keys and determine the security levels to use and control their processing.
The following table gives a brief comparison of Bluetooth and ZigBee
technologies for Wireless LANs.
Table 8.7 Comparison between Bluetooth and ZigBee WLLANs.
Bluetooth Zigbee
Transmission Scheme FHSS (Frequency Hopping
Spread-spectrum)
DSSS (Direct Sequence
Spread-spectrum)
Modulation GFSK (Gaussian Frequency
Shift Keying)
QPSK (Quadrature
Phase Shift Keying) or
BPSK (Binary Phase
Shift Keying)
Frequency Band 2.4 GHz 2.4 GHz, 915 MHz, 868
Mhz
Raw Data Bit Rate 1 MBPS 250 KBPS, 40 KBPS or
20 KBPS (depends on
frequency band)
Power Output Maximum 100 mW, 2.5 mW,
or 1 mW, depending on class
Minimum capability 0.5
mW; maximum as
allowed by local
regulations
Minimum Sensitivity -70 dBm for 0.1% BER -85 dBm (2.4 GHz) or
-92 dBm (915/868
MHz) for packet error
401
rate < 1%
Network topology Master-Slave 8 active nodes Star or Peer-Peer 255
active nodes
8.7 Wireless HART
The HART technology and standards are established,managed and supported by
the HART Communication Foundation (HCF), http://en.hartcomm.org/. Wireless
HART is not a full industrial sensor protocol, but an add-on to the old but very
popular HART industrial (wired) bus standard for industrial automation. In essence,
Wireless HART provides an alternative to the wired message transmission protocol
of HART. The HART technology for wired networks was covered in Section 7.2.
WirelessHART was officially released in September 2007 (as a part of the HART7
Specification). WirelessHART(WLH) is an open wireless communication standard
specifically designed for process measurement and control applications. Target
application areas include:
Asset management
Environmental and process monitoring
Energy management
Regulatory compliance
Remote or inaccessible equipment
Temporary test installations
In generic wireless sensor networks,like ZigBee, it is assumed that sensors are
deployed randomly and abundantly, while the deployment of WLH network is
deliberate and has only limited redundancy. In a generic sensor network, many
sensors may be deployed in the same area and perform the same function. But in a
WLH network, sensors are usually attached to field devices to collect specific
environmental data, such as flow speeds, fluid levels or temperatures. A reading from
a sensor is not necessarily replaceable by the nearby sensors. More importantly,
generic wireless sensor networks are self-configurable and have no strict
requirements on timing and communication reliability, while industrial applications
require deterministic and reliable behavior.
Although WLH uses the same IEEE802.5.4 physical layer as ZigBee, it
introduces many unique changes in the MAC and upper layers to meet the
requirements of wireless industrial applications. For example:WLH uses a central
network manager to provide routing and communication schedules. Thus,WLH is
402 Modern Distributed Control Systems
essentially a centralized wireless network. WLH introduces channel hopping and
channel blacklisting into the MAC layer, while ZigBee can only utilize Direct
Sequence Spread-Spectrum (DSSS) provided by IEEE 802.15.4. Thus, if a noise is
persistent, which is not unusual in industrial fields, the performance of a ZigBee
network might degrade severely. By changing the communication channel pseudo-
randomly, WLH can minimize the damage. The network stack is summarized in
Figure 8.31.
8.7.1 WLH Physical Layer
The WLH physical layer is based mostly on the IEEE STD 802.15.4-2006
2.4GHz DSSS physical layer. This layer defines radio characteristics, such as the
signaling method, signal strength and device sensitivity. Like IEEE 802.15.4,WLH
operates in the2400-2483.5MHz license-free ISM band with a data rate ofup to 250
kbits/s. Its channels are numbered from 11 to 26, with a 5MHz gap between two
adjacent channels. WLH uses several mechanisms in order to successfully coexist in
the shared 2.4GHz ISM band: Frequency Hopping Spread-Spectrum (FHSS) allows
WLH to hop across the 16 channels defined in the IEEE802.15.4 Standard in order to
avoid interference. Clear Channel Assessment (CCA) is an optional feature that can
be performed before transmitting a message; the transmit power level is configurable,
and a mechanism to disallow the use of certain channels (called blacklisting)is
available.
The topology of a WLH network can be a star, a cluster or a mesh, providing
much better scalability. As shown in Figure 8.32, the basic elements of a typical
WLH network include:
a) Field Devices (FD) are attached to the plant process. All network devices
are full-function, must source and sink packets and support routing on behalf
of other network devices.
b) Handheld Portable Devices(PD) with WLH-enabled computers are used to
configure devices, run diagnostics and perform calibrations.
c) Gateway (GW)connects host applications with field devices. Gateways
enable communication between Host Applications andWFDs in the
WirelessHART Network. Gateways support one or more access points.
d) Network Manager (NM) is responsible for configuring the network,
scheduling and managing communication between WLH devices, configuring
super-frames, management of the routing tables, and monitoring and
reporting the health of the WLH Network.
e) Wireless Adapter (WA)is an intelligent device (two devices in one), which
allows existing HART field devices to be integrated into a WirelessHART
Network. On the wireless side, it appears like a slave device, while on the
403
wired side it appears like a master. The Adapter is responsible for acquiring
the data from the HART field devices, publishing data on behalf of the
connected Field Devices, and working in multi-drop mode.
OSI Layer Function
Application Provides the user with
network capable application
Command oriented, predefined data
types and application procedures
Auto-segmented transfer of large data
sets
WirelessHart
Presentation
Converts application data
between network and local
machine formats
Session
Transport
Network
Data Link
Physical
Connection management
services for applications
Provides network
independ ent, transparent
message transfer
End to end routing of packets .
Resolvi ng network addresses
Establishes data packet
structure, framing, error
detection, bus arbitration
Mechanical/electrical
connection. Transmits rawbit
stream
Secured session between network
devices
Reliable stream transport, negotiated
segment sizes
Power-optimized redundant path, mesh
to the edge network
Secure & reliable, time synced, TD MA/
CSMA, frequency agile with ARQ
2.4 GHz wireless, 802.15.4 based
radios, 10dBm Tx Power
Figure 8.31 WirelessHART network stack.
f) Access Point (AP) is simply a specialized WLH device with a high speed
communication interface to the gateway. It provides an entry and exit point
for system communication to and from WLH devices. A network can have
multiple access points. Besides additional path diversity, multiple access
points provide additional network bandwidth and redundant communication
paths for the gateway and network manager. Another benefit of multiple
access points is that they can provide low latency access for connection to
final control elements. For example, strategically placing an access point near
a control valve enables that valve to communicate directly with the access
point, providing a low latency path from the gateway to the valve.
Unlike ZigBee, all field devices have the same wireless capabilities, with
routing capability (as ZigBee FFD). This enables the WLH network to be a self-
organizing, self-healing interoperable wireless mesh network. In this way, messages
can be routed around interference and obstacles. The path diversity creates redundant
404 Modern Distributed Control Systems
communication paths and more reliability.
Figure 8.32 WirelessHART Network Components.
8.7.2 WLH Data Link Layer
The data-link layer is responsible for the secure, reliable, error free
communication of data between HART devices. WLH supports time slots and all
devices are time synchronized and communicate in pre-scheduled fixed length time-
slots in a Time Division Multiple Access (TDMA) scheme. TDMA reduces the
power consumption of the devices, and provides collision-free deterministic
communications.
WLH defines a strict10ms time slot. WLH uses the concept of periodic super-
frames, each consisting of a sequence of 10 ms time slots. All super-frames in a
WLH network start from the ASN (Absolution Slot Number) 0, the time when the
network is first created. Each super-frame then repeats itself along the time based on
405
its period. In WirelessHART, a transaction in a time slot is described by a vector:
{frame id, index, type, src addr, dst addr, channel offset},
where, frame id identifies the specific superframe; index is the index of the slot in the
superframe; type indicates the type of the slot (transmit/receive/idle); src addr and
dst addr are the addresses of the source device and destination device, respectively;
channel offset provides the logical channel to be used in the transaction.
Link Scheduler:
The function of the link scheduler is to determine thenext slot to be serviced,
based on the communication schedulein the super-frame table and link table.
Packet Frame:
Each Data-Link Packet (DLPDU)consists of the following fields:
a) A single byte set to 0x41;
b) A 1-byte address specifier;
c) The 1-byte sequence number;
d) The 2 byte network ID
e) The destination and source addresses, either of which can be 2 or 8-bytes
long;
f) A 1-byte DLPDU specifier;
g) The DLL payload;
h) A 4-byte keyed Message Integrity Code (MIC), and
i) A 2-byte ITU-T CRC16.
Figure 8.33 illustrates the basic PHPDU Structure
Figure 8.33 PHPDU Structure.
Preamble Delimiter Length
0x41 Address
Specifier
Sequence
Number
Network
ID
Destination
Address MIC CRC
Data Link Layer
Physical Layer
DLL Payload
DLPDU
Specifier
Source
Address
406 Modern Distributed Control Systems
8.7.3 WLH Network Layer
Two different mechanisms are provided for message routing: graph routing and
source routing. Graph routing uses pre-determined paths to route a message from a
source to a destination device. To utilize path redundancy,a graph route consists of
several different paths between the source and destination devices. This is the
preferred way of routing messages both up and down stream in a WLH network.
Source routing uses ad hoc routes for the messages without providing any path
diversity. Source routing is therefore only intended for network diagnostics, not
process related messages.
Network Manager:
Every network is coordinated by a central network manager. The network
manager is responsible for maintaining up-to-date routes and communication
schedules for the network, guaranteeing the network performance. The network
manager
Maintains and updates routes
Establishes links between devices
Allocates bandwidth
Controls automation standards
Communication Tables:
Each network device maintains a collection of tables in the data link layer. The
super-frame table and link table store communication configurations created by the
network manager;the neighbor table is a list of neighbor nodes that the device can
reach directly, and the graph table is used to collaborate with the network layer and
record routing information.
8.7.4 Transport Layer
This ensures end-to-end message delivery and confirmation when required. Like
wired HART, HART commands poll data access, including all maintenance
functions of the WLH network. WLH devices may also be set to transmit data using
a publishing method. WLH devices are provisioned (network setup) through a wired
connection.
8.7.5 Security Architecture
WLH is a secure network system. Both the MAC layer and network layer
provide security services. The MAC layer provides hop-to-hop data integrity by
using MIC. Both the sender and receiver use the CCM (Combined Encryption and
Authentication Block Cipher Mode)together with AES-128 as the underlying block
cipher to generate and compare the MIC.
407
The network layer employs various keys to provide confidentiality and data
integrity for end-to-end connections. Four types of keys are defined in the security
architecture:
a) Public Keys (well known keys) are used to generate MICs on the MAC layer
by the joining devices. It is used when a device attempts to join the network,
i.e. , before it has received a proper network key.
b) Network Keys which are shared by all network device sand used by existing
devices in the network to generate MAC MICs to authenticate messages on a
one-hop basis.
c) Join Keys that are unique to each network device and are used during the
joining process to authenticate the joining device with the network manager.
A new device is provisioned with a join key before it attempts to join the
wireless network. The join key is used to authenticate the device for a specific
Wireless HART network. Once the device has successfully joined the
network, the network manager will provide it with proper session and
network keys for further communication.
d) Session Keys are generated by the network manage rand are unique for each
end-to-end connection between two network devices. They provide end-to-
end confidentiality and data integrity. Different session keys are used for each
pair-wise communication(e.g., field device to gateway, field device to
network manager, etc).
8.7.6 WLH Application and User layers
a) The application and user layers are based on the same wired HART systems.
They preserve the HART user experience – the same tools and practices as
wired HART.
b) HART command structure:compatible with HART-enabled control systems
and EDDL.
Summary of WLH
1. Strict 10 ms time slot
2. Frequency hopping and TDMA
3. Self-healing interoperable wireless mesh network
4. Simple - same wireless capabilities for all field devices
5. Reliable - messages routed around interference and obstacles
6. Secure - AES-128 bit encryption,join keys, session keys, MIC access
7. Built on Standards - IEEE802.15.42.4GHz frequency hopping
8. Same HART tools and practices as wired HART
408 Modern Distributed Control Systems
9. Network diagnostics: all devices build and maintain a list ofneighbors
10. All devices report neighbor list and network health
11. Very flexible, easy to expand
12. One network manager
13. Multiple access points per gateway(for redundancy and throughput)
8.8 ISA 100 Wireless Networks for Automation
ISA aims to develop a family of standards (or guidelines) for deployment of
wireless in automation applications. Various working groups are operating in
parallel, tackling various aspects of potential applications. For example:
a) ISA100.11a Wireless Standard for process applications
b) ISA100.12 WirelessHART and ISA100.12 converged network applications.
c) ISA100.14 Trustworthy Wireless for Secure Applications
d) ISA100.15 Wireless Backbone Network
e) ISA100.21 People and Asset Tracking and Identification
In 2011 ISA y released the ISA100.11a Standard for wireless systems for
industrial automation, process control and related applications. As ISA-100.11a and
wireless HART fundamentally solve the same problems, they have recently
combined efforts to examine whether both standards can be merged into one. A
follow up version, ISA100.12, might define a common language or network elements
to bridge the two networks.
The ISA100.11a is intended for wireless devices serving application classes 1
through 5, shown in Table 8.8, for fixed and for portable and moving devices.
The standard is designed for periodic monitoring and process control, where
latencies on the order of 100 ms can be tolerated with optional behavior for shorter
latency. The ISA100.11a is intended to be a true open standard for anyone to
implement and deploy, which means there is no need to join any group and it will be
easily available via the Internet, with no restrictions on documentations (other than
copyrights). Nonetheless, the ISA established the ISA100.11a Wireless Compliance
Institute to provide interoperability, compliance, tools, technical support, education
and market awareness.
The standard describes six layers out of the seven OSI network layers, as shown
in Figure 8.35.
409
Table 8.8 Target application classes of ISA100.11a.
8.8.1 ISA 100.11a Physical Layer
The physical layer is built upon radios compliant with IEEE Standard 802.15.4
(channels 11-26),operating in the 2.4 GHz ISM band, which is available and license-
exempt in most countries world wide. It also uses channel hopping to support co-
existence and increase reliability. FHSS is a proven technique for providing a level of
immunity against interference from other RF devices operating in the same band, as
well as robustness to mitigate multipath interference effects. In addition, this standard
facilitates coexistence with other RF systems with the use of adaptive channel
hopping to detect and avoid using occupied or poorly performing channels within the
spectrum.
The standard supports star and mesh network topologies. The star
configurations can provide very quick response times that are necessary for some
types of critical applications. On the other hand, mesh networks can offer increased
robustness, enhanced reliability, greater tolerance to interference, etc.A typical
network configuration is shown in Figure 8.32.
410 Modern Distributed Control Systems
OSI Layer
Application
Command oriented, predefined data types and
application procedures, tunneling for non confirming
PDUs
ISA100.11a
Presentation
Session
Transport
Network
Data Link
Physical
Secured session between network devices
Reliable and Secure stream transport
Power-optimized redundant path, mesh and Star
networks
Secure & reliable, time synced, TDMA/CSMA,
Adaptive FHSS
2.4 GHz wireless, 802.15.4 based radi os
Figure 8.34 Simplified ISA100.11a Stack.
System Components:
Devices are described in terms classes of functionalities called roles. A device
may have one or more roles. The defined roles include: system manager, security
manager, gateway, backbone router, system time source, provisioning, router and I/O
device.
Input/output (I/O):
A device with the I/O role is attached to a sensor or actuator, and can provide
data to, or utilize data from other devices,or both, and shall have at least one User
Application Process (UAP) object. An I/O device is a reduced function device and
cannot forward or route packets on behalf of other devices.
411
Field Router (R):
A router device has by definition routing capability;it acts as a proxy and is
capable of clock propagation.
Figure 8.35 Standard compliant network.
Provisioning (PR):
A device with the provisioning role (i.e., a provisioning device) shall be able to
configure new devices to join the network. Devices should be set at the factory to
implement the Device Provisioning Service Object (DPSO). The provisioning device
can then insert the required configuration data into a device to allow a device to join
a specific network.
Backbone Router (B):
A Backbone router provides an entry and exit point for system communication
to and from the wireless network. A network can have multiple backbone routers.
Besides additional path diversity, multiple backbone routers provide additional
412 Modern Distributed Control Systems
network bandwidth and redundant communication paths for the gateway and network
manager. A device with the backbone router is capable of providing routing
capability on the wireless side, as well as to/from the gateway. It acts as a proxy
using the backbone. Backbone routers are connected to the (G,M,S) workstation via a
high speed network.
Gateway (G):
The gateway role provides an interface between the wireless network and the
plant network, or directly to an end application on a plant network. More generally, a
gateway marks the transition between communications compliant to this standard and
other communications and acts as a protocol translator between the application layer
of this standard and other application layers.
System Manager:
The system manager is a specialized function that governs the network, the
devices and communication. The system manager performs policy-based control of
the network runtime configuration, monitors and reports on communication
configuration, performance and operational status, and provides time-related
services.
Security Manager (S):
The system security manager is a specialized function that works in conjunction
with the system manager and optional external security systems to enable secure
system operation.
System Time Source:
A device implementing the system time source role shall implement the master
time source for the system. A sense of time is an important aspect of this standard,
since it is used to manage device operation. The system time source provides a sense
of time for the entire system. The system time source role is usually implement
together with one the I/O, router,backbone router, system manager or gateway roles.
Not all devices are required to implement all the protocol layers shown in
Figure 3.38. But all devices are required to implement the network and transport
layers. Every device is also required to contain a device management function and a
device security management function that cooperate with the system processes to
enable secure management of a device’s resources and its usage of system resources.
8.8.2 ISA100.11a Data Link Layer
The DLL defines the format of data on the network. It consists of the IEEE
802.15.4-2006 MAC sub-layer, an upper DLL sub-layer, and a MAC extension sub-
layer between MAC and upper DLL, as shown in Figure 8.36. The MAC extension
413
sub-layer enhances the IEEE MAC with features that are logically MAC functions,
but that are not currently included in the IEEE MAC.
MAC sub-layer
MAC sub-layer
Upper data link sub-layer
ISA100.11a MAC extension
Data link
layer
IEEE
802.5.4
Upper layers
Figure 8.36 ISA100.11a DLL layer.
Super-frames:
The super-frame of the ISA100.11a has different specifications from the
IEEE802.5.4. A super-frame is a collection of timeslots repeating in time. The
number of timeslots in each super-frame cycle (its length) determines how quickly
each super-frame cycle repeats,setting a communication schedule for devices that use
the super-frame. For example, a super-frame that cycles every 500 ms will allow
each device that uses a single super-frame timeslot to communicate at 500 ms
intervals. When a super-frame is created, it is associated with a super-frame ID for
identification. Every new super-frame instance in time is called a super-frame cycle.
Figure 8.37 shows how devices may communicate in an example of four timeslot
super-frame.
A→B B→C D→CA→B B→C D→CA→B B→C D→C
Figure 8.37 Example of a 4-time slot super-frame
This standard defines Time Division Multiple Access (TDMA) mechanisms that
allows a device to access the RF medium without having to wait for other devices.
Using time synchronized communication through configurable fixed time slot
duration, in the range of 10 ms-12 ms, a device is assigned a times lot and channel
unique to it and the device with which it will communicate. These time slot duration
414 Modern Distributed Control Systems
are configurable on a per super-frame basis. All time slots generally have the same
duration, and they are re-aligned to a 4 Hz cycle at each 250 ms clock interval. Time
slotted operation and scheduled transmissions minimize collisions within the subnet,
avoiding unnecessary use of the channel for retries.
The ISA WLN supports CSMA-CA collision avoidance which, when used, can
detect IEEE 802.11energy and delay its own transmission to reduce interference in
IEEE 802.11networks.The IEEE MAC back-off and retry mechanism is not used by
the DL. Instead, the DL implements its own retries, involving spatial diversity
(retries to multiple devices), frequency diversity (retries on multiple radio channels),
and time diversity (delaying the DPDU). The manner and degree of these elements of
diversity are not fixed, but configured by the system manager. More generally, this
standard’s DL uses CSMA-CA, but the details are different from CSMA-CA, as
defined in the IEEE MAC.
The network can be configured to operate in three channel hopping schemes:
slotted channel hopping, slow channel hopping and hybrid slotted/slow hopping, as
shown in Figure 8.38.
Channels
Slotted hopping
Time
Channels
Time
Slow hopping
Channels
Time
Slotted hopping Slow hopping
(a)
(b)
(c)
Figure 8.38(a) Slotted channel hopping,(b) Slow channel hopping, and (c) Hybrid
channel hopping.
In slotted hopping, channels change every time slot. In slow hopping, one
channel is used during the entire super-frame period; in the hybrid mode, meanwhile,
slotted hopping is used during only a part of the super-frame, and then the channel is
415
fixed during the rest of the super-frame period.
Timing: keeping proper sense of time and the synchronization of the device
clocks are essential for the operation of the network. The DL propagates and uses
International Atomic Time (TAI) for its internal operation, and also provides TAI
time as a service through the Device Management Application Process (DMAP) to
wireless field devices compliant with this standard. In a DL subnet, devices may take
on three functions in the time propagation process:
a) DL clock recipient, a receiver of periodic clock updates through the DL; or
b) DL clock source, a provider of periodic clock updates to DL neighbors; or
c) DL clock repeater, a DL clock recipient that also acts as a DL clock source to
some of its neighbors.
Each DL clock recipient can be configured to periodically report statistics for
any of its preferred DL clock sources; e.g.,time out events, average of clock
corrections and standard deviation of clock corrections.
8.8.3 ISA100.11a Network Layer
The network layer provides inter-network routing. The functions offered by the
network layer are divided into:
a) Addressing
b) Routing
c) Quality of service
d) Management functions
e) Provision of inter-networking routing; i.e., providing mesh to mesh routing
f) Frame format in accordance with IETF RFC 4944 (IP based).
The standard supports graph routing as well as source routing. A directed graph
is a set of directed links that is used for routing DPDUs within a DL subnet. Each
directed graph within the DL subnet is identified by a graph ID. In source routing, the
originating device designates the hop-by-hop route that a DPDU takes through a DL
subnet. Graph routing and source routing may be mixed.
Fully redundant and self-healing routing techniques, such as mesh routing,
support end-to-end network reliability in the face of changing RF and environmental
conditions. Special characteristics that allow the network to adapt to frequencies used
(e.g., adaptive hopping) along with mesh routing, can automatically mitigate
coexistence issues without user intervention
The network layer uses header formats that are compatible with the Internet
416 Modern Distributed Control Systems
Engineering Task Force’s 6LoWPAN Standard to facilitate potential use of
6LoWPAN networks as a backbone. But the networks based on this standard are not
intended to be connected to the Internet.
Routes are configured by the system manager, based on reports from devices
that indicate instantaneous and historical quality of wireless connectivity to their
immediate neighbors. The system manager accumulates these reports of signal
quality to make routing decisions. The signal quality reports are standardized, but the
routing decision process within the system manager is not standardized. Once the
system manager makes its routing decisions, it uses standard DPDUs to configure
routes within each device in the DL subnet.
Field devices are normally configured with path diversity (alternative routes), so
that if one link fails somewhere along the route,the device can immediately send the
DPDU along an alternate path. Unlike IEEE, DL acknowledgments are used to
convey time information for clock correction, in addition to providing
acknowledgment.
8.8.4 ISA100.11a Transport Layer (TL)
The transport layer is responsible for transparent transfer of data between end
systems, or hosts, and is responsible for end-to-end error recovery. The functions
offered by the transport layer are divided into:
a) Reliable/unacknowledged service
b) Enhanced-secure/basic-secure service
c) Flow control
d) Higher level service (segmentation, reassembly, etc.)
e) Management topics.
The main components of the Transport Layer are illustrated in Figure 8.39. The
TL implements secure end-to-end message delivery using Internet-conforming User
Datagram Protocol (UDP) connectionless messages. The TL is responsible for end-
to-end communication and operates in the communication endpoints (as opposed to
the routing devices).It supports UDP over IP version 6 (IPv6) and optional
compressed UDP. TL security is handled in a similar fashion, as in the DL layer, but
end-to-end as opposed to hop-by-hop. The TL conceptually includes the Transport
Management Entity (TME), the Transport Security Entity (TSE), and the Transport
Data Entity (TDE).
417
Figure 8.39 Main components of the transport layer.
Transport data entity:
The TDE provides connectionless services based on the UDP over IPv6 with optional
compression.
Transport security entity:
The TSE within the transport layer reuses many items from the DL security sub-
layer. The TSE is responsible for:
a) Determining which level of security shall be applied to a given flow based on
policies;
b) Filtering out non-conforming received TPDUs;
c) Optionally decrypting protected TPDU payloads; and
d) Implementing the determined cryptographic operation for TPDU payload and
integrity check. Similar to DL security, TL security shall support the default
Advanced Encryption Standard (AES) cryptographic block cipher in a generic
authenticated encryption block cipher mode called the counter with CBC-
418 Modern Distributed Control Systems
MAC (CCM), as defined by IEEE Standard 802.15.4.
Transport ManagementEntity (TME):
The TME configures and monitors the actions of the transport layer.
8.8.5 ISA100.11a Application Sub-Layer
The application layer provides capabilities and services to enable an open,
interoperable ISA100.11a application environment. The single application layer
provides both native and tunneling protocol capability for broad usability:
a) Native protocols allow efficient use of the bandwidth and provide for longer
battery life of nodes.
b) Tunneling protocol allows the ISA100.11a network to carry existing
protocols such as Fieldbus Foundation, HART, Profibus, Modbus, and others,
allowing existing installations to be easily converted to wireless
c) The application layer of ISA100.11a is completely object-oriented, which
means data in field devices can be addressed using IEC 61804 Standard
EDDL protocol. For networks not using this standard, one may encapsulate
and tunnel messages to the requesting host device.
8.8.6 ISA100.11a System Management& Security
This standard includes functions to manage communication resources on each
individual device, as well as system resources that impact end-to-end performance.
System management provides for policy-based control of the runtime configuration
and also monitor sand reports on configuration, performance, fault conditions and
operational status. The system management functions take part in activities such as:
a) Device joining and leaving the network
b) Reporting of faults that occur in the network
c) Communication configuration
d) Configuration of clock distribution and the setting of system time
e) Device monitoring
f) Performance monitoring and optimization.
Security:
ISA 100.11a provides simple, flexible and scalable security addressing major
industrial threats leveraging 802.15.4-2006 security. Security includes total life
cycle, such as configuration, operation, maintenance, etc. Security is considered
throughout the whole system, not just at the physical layer or MAC sub-layer.
Leveraging security aspects of the IEEE 802.15.4-2006 Standard allows for reduced
costs, quicker implementations and a broad consensus of security experts.
419
All compliant networks have a security manager to manage and authenticate
cryptographic keys in transit. Security utilizes security primitives defined by IEEE
Standard 802.15.4 at the DL and transport layers, providing message authentication,
integrity and optional privacy. Device authentication is enabled through symmetric
keys and unique device IDs, with an option for asymmetric keys.
During normal operation, received data authenticity is verifiable through the use
of secret symmetric keys known to both the sender and the receiver. During
provisioning, authenticity of received device credentials from a new device may be
verified by a system manager through the optional use of public keys shared openly
by the new device, and a corresponding asymmetric secret private key kept inside the
new device.
Messages are protected using the default AES-128 block cipher or other locally-
mandated cryptographic primitives. Device-to-device communication is secured
using symmetric keys. The security services in this standard are selected by policy.
The policy is distributed with each cryptographic material, permitting focused policy
application. Since a single key is used at a time at the DL, except for a brief period of
the key handover, the entire sub-network is subject to the same policies at the DL.
The security manager controls the policies for all the cryptographic materials it
generates. The security services are applied at the bottom of the communication
protocol stack, hop-by hop at the DL, and at the top of the communication protocol
stack, end-to-end at the TL.
Summary of ISA100.11a:
a) Provides technology to address Class 1 to Class 5 applications
b) Field devices can be reduced functions or full functions
c) Adaptive FHSS (slotted, slow and hybrid)
d) Manufacturer-independent standard assures multi-vendor device
interoperability
e) Includes only 2.4 GHz 802.15.4-2006 radios
f) Adheres to a comprehensive coexistence strategy
g) Uses channel hopping to support co-existence and increased reliability
h) Uses a single application layer, providing both native and tunneling protocol
capability for broad usability
i) Provides simple, flexible and scalable security, addressing major industrial
threats and leveraging 802.15.4-2006 security
j) Mesh and star topologies
k) Optional radio sleep period, during which device radio will be disabled; can
be extended to the entire subnet
l) Optional radio silence period, during which DL continues to operate its radio
420 Modern Distributed Control Systems
receiver only as per its scheduled receive links
m) TDMA, deterministic behavior and power efficient
n) Slots can be configured 10 or 12 ms
o) Frequency hopping and TDMA
p) Self-healing interoperable wireless mesh network
q) Reliable - Messages routed around interference and obstacles
r) Secure - AES-128 bit encryption, join keys, session keys, MIC access
s) Built on standards - IEEE802.15.4 2.4GHz frequency hopping
t) All devices report neighbor list and network health
u) One network manager
v) Multiple backbone routers per gateway (for redundancy and throughput).
============== ============== ==================
The following table provides a short comparison between the major techniques
for wireless sensor networks.
Table 8.9 Key technologies for wireless networks.
Feature ZigBee ZigBee Pro WirelessHART ISA100.11a
Transceiver Technology IEEE802.5.4 IEEE802.5.4 IEEE802.5.4 IEEE802.5.
4
Support for wireless
mesh routing
Yes Yes Yes Yes
Ability to cope with very
large networks
No Yes Yes Yes
Latency determinism No No Yes Yes
Built in security features Yes Yes Yes Yes
Reliability determinism No No Yes Yes
421
SUMMARY
1. Wireless local area networks focus on providing radio connectivity from a
several centimeters to possibly a few hundred meters, within one location
or organization.
2. ISM license-free bands (list)
3. Radio propagation could be subject to interference, multi-path fading,
atmospheric absorption, eavesdropping or hacking. Any reliable system
must undertake measures to counteract these problems.
4. Information is transmitted by modulating a carrier frequency. The carrier
amplitude, phase, or frequency can be modulated to carry the desired
information.
5. The basic methods of modulation for digital communication are FSK,
ASK and PSK.
6. In QAM, the carrier and its 90 degree phase shift are amplitude modulated
independently. The two channels are known as I & Q channels. The
resulting modulation is a combination of amplitude and phase modulation.
7. In TDMA, each process (or user) is allocated a fixed time slot to
send/receive, avoiding channel contention.
8. In DSSS, during every information bit the carrier is modulated by a high-
speed binary pseudo random PN code, spreading the spectrum of the
modulated carrier over wide bandwidth.
9. In FHSS the carrier hops or jumps between a set of frequencies in a
predetermined sequence. FHSS mitigate the effect of interference and
multipath fading.
10. In OFDM, a given high-bit-rate data stream is divided into several parallel
lower bit-rate streams and modulating each stream on separate carriers,
called subcarriers. A large number of closely-spaced orthogonal sub-
carriers are used to carry data. The subcarriers are selected such that they
are all uniformly separated and orthogonal to one another over the symbol
duration. The primary advantage of OFDM is its ability to cope with
narrow band interference and frequency-selective fading due to multipath.
11. In CDMA, users with different PN codes in DSSS or FHSS can coexist
without being on the same radio bandwidth.
422 Modern Distributed Control Systems
12. A typical wireless receiver consists of an antenna, a receiver filter, a LNA,
a mixer (down converter), IF amplifier, demodulator/ despreader, and a
DSP subsystem.
13. A typical DSSS transmitter consists of spreader, modulator, shaping filter,
up converter, amplifier, transmit filter, and the antenna.
14. IEEE 802.11 is wireless extension of Ethernet. The 802.11a is based on
OFDM and supports a bit rate up to 54 Mbps over the ISM 5 GHz band.
The 802.11b is based on DSSS and supports a bit rate up to 11Mbps over
the ISM 2.4 GHz band. The 802.11g is based on OFDM and supports a bit
rate up to 54 Mbps over the ISM 2.4 GHz band.
15. The 802.11n, based on MIMO modulation, significantly increases the
maximum raw data rate from 54 Mbit/s to a maximum of 600 Mbit/s with
the use of up to four spatial streams at a channel width of 40 MHz on the 5
GHz ISM band. MIMO is an abbreviation for Multiple-Input Multiple-
Output, which refers to the ability of equipment to handle multiple data
input and multiple data output operations. Wi-Fin devices make use of
multiple antennas to send and receive more than one communication
signal simultaneously.
16. Bluetooth is designed for PAN and operates on the 2.4 GHz band over a
distance typically from 10 cm to 10 m. It uses FHSS Gaussian frequency-
shift keying, over 79 channels, with a maximum bit rate of 1Mbps.
17. ZigBee is designed to be a wireless sensor network based on the
IEEE802.15.4 (physical and MAC) layers. Data rates are 20/40 kbps, and
250 kbps DSSS. It supports star and self-healing, self-forming
mesh/cluster tree topologies, supports media access using simple
CSMA/CA or slotted TDMA, and provides several security features.
18. WirelessHART is an extension of wired HART protocol in process
industry. Based on IEEE802.15.4,it uses Adaptive FHSS to mitigate
interference and fading. Strictly uses 10 ms slotted TDMA for
deterministic transmission. It has the same wireless capability of all field
devices. Multiple access points per network for reduced latency and
redundancy. It has several security schemes. It is fully compatible with the
wired HART protocol at the application layer and user layer.
19. ISA100.11.a is intended for class 1 to class 5 applications. It ensures
interoperability and accommodation of non-native systems. Based on
IEEE 802.15.4, it added several extensions to the MAC layer, with super-
frame at 10-12 ms. It supports Adaptive FHSS. Three modes of FHSS:
423
slotted, slow, and hybrid.It supports star and self-healing, self-forming
mesh/cluster tree topologies. Network components include I/O device,
routing device, portable device, backbone routers, system gateway, system
manager and security manager.
References
[1] ISA-TR100.00.01-2006, The Automation Engineer's Guide to Wireless Technology, 2006.
[2] ISA-100.11a-2009, Wireless systems for industrial automation: Process control and related
applications.
[3] ISA-TR100.00.02-2009, The Automation Engineer’s Guide to Wireless Technology: Part 2 – A
Review of Technologies for Industrial Asset Tracking, 2009.
[4] Radio Frequency Chart http://www.ntia.doc.gov/osmhome/allochrt.PDF
[5] Dixon, Robert C., Spread-Spectrum Systems, John Wiley & Sons, New York, 1984.
[6] Jun Zheng and Abbas Jamalipour (edrs), Wireless Sensor Networks, A networking Perspective,
IEEE Press, 2009.
[7] Yang Xiao and Yi Pan (edrs), Emerging Wireless LANs, Wireless PANs, and Wireless MANs,
John Wiley & Sons Inc., 2009.
[8] H. Labiod, H. Afifi, and C. De Santis, Wi-Fi, BlueTooth, and WiMax, Springer, 2007.
[9] Proakis, John G., Digital Communications, 5th ed., New York, McGraw-Hill, 2007.
[10] William Stallings, Data and Computer Communications, 8theds, Prentice Hall, 2006.
[11] Lawrence M. Thompson, Industrial Data Communications: Fundamentals and applications, ISA
[12] Ata Elahi, and Adam Gschwender, ZigBee Wireless Sensor and Control Network, Prentice Hall,
2009
[13] ANSI X9.63-2001, Public key cryptography for the financial services industry - Key
agreementand key transport using elliptic curve cryptography. American Bankers Association,
November20, 2001.
[14] FIPS 197, Advanced encryption standard (AES), Federal Information Processing
StandardsPublication 197, US Department of Commerce/N.I.S.T, Springfield, Virginia,
November 26, 2001.
[15] IEEE 802.11: The WLAN standard was original 1 Mbit/s and 2 Mbit/s, 2.4 GHz RF and infrared
[IR] standard (1997), all the others listed below are Amendments to this standard, except for
Recommended Practices 802.11F and 802.11T.
[16] IEEE 802.11a: 54 Mbit/s, 5 GHz standard (2001) (this the main standard document)
[17] IEEE 802.11b: Enhancements to 802.11 to support 5.5 and 11 Mbit/s (1999)
[18] IEEE 802.11e: Enhancements: QoS, including packet bursting (2005)
[19] IEEE 802.11g: 54 Mbit/s, 2.4 GHz standard (backwards compatible with b) (2003)
[20] IEEE 802.11h: Spectrum Managed 802.11a (5 GHz) for European compatibility (2004)
[21] IEEE 802.11i: Enhanced security (2004)
[22] IEEE 802.11-2007: A new release of the standard that includes amendments a, b, d, e, g, h, i& j.
(July 2007)
[23] IEEE 802.11n: Higher throughput improvements using MIMO (multiple input, multiple output
antennas), September 2009)
[24] IEEE 802.11p: WAVE—Wireless Access for the Vehicular Environment (such as ambulances
and Organizations
[25] Wi-Fi Alliance, http://www.wi-fi.org/
[26] International Organization for Standardization (ISO), http://www.iso.org
[27] IEEE Institute of Electrical and Electronic Engineers, www.ieee.org
[28] HART Communication Foundation, www.hartcomm.org
424 Modern Distributed Control Systems
[29] ZigBee Alliance, www.zigbee.org
[30] BlueTooth Special Interest Group, www.BlueTooth.org
[31] http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-3600-series/white_paper_c11-
713103.html
EXERCISES
(Straight forward applications of the concepts of the chapter)
E8.1] Which is NOT an ISM band?
a) 902-928 MHz
b) 1.20-1.30 GHz
c) 2.40-2.4835 GHz
d) 5.15-5.85 GHz
E8.2] Which is NOT a proper designation of a frequency band?
a) LF 30-300 kHz
b) MF 0.3 – 3.0 MHz
c) EMI 30-300 MHz
d) UHF 300-3.00 GHz
E8.3] How many bits does a 64-QAM transmits per symbol?
a) 64 bits
b) 32 bits in the I channel and 32 bits in the Q channel
c) 6 bits
d) 8 bits in the I channel times 8 bits in the Q channel
E8.4] A 4-level ASK sends
a) 4 bits every symbol
b) 2 bits every symbol
c) One bit each level
d) There is no such ASK
E8.5] The process gain of a 63 chip DSSS is
a) 40 dB
b) 18 dB
c) 36 dB
d) 63 dB
E8.6] Which of the following standards use OFDM?
a) 802.11a
b) 802.11b
c) 802.11c
d) 802.11.15.4
425
E8.7] Which of the following standards use FHSS?
a) 802.11a
b) 802.11.15.1
c) 802.11b
d) 802.11g
E8.8] 802.11b uses
a) OFDM
b) ASK
c) DSSS
d) FHSS
E8.9] Which of the following use Adaptive FHSS?
a) WirelessHart
b) ISA100.11a
c) Bluetooth
d) 802.11a
E8.10] Which is NOT true about Bluetooth?
a) Uses adaptive frequency hopping over 79 channels.
b) Based on peer-two-peer multi-access.
c) Uses synchronous connectionoriented for audio transmission.
d) L2CAP acts as protocol multiplexer, providing connection services to upper layer protocols.
E8.11] Which is NOT true about Bluetooth?
a) ACL provides a packet switched connection service to the devices in a piconet.
b) SCO isa virtual circuit switching service for voice transmission.
c) RFCOMM is the Radio Frequency Communication Manager.
d) The link manager provides direct control and notification of ACL and SCO logical transports.
E8.12] Which is NOT true about Bluetooth?
a) The physical layer operates only on the 2.4GHz band.
b) L2CAP functions as the multiplexer of packet data between all the other upper layers.
c) A piconet comprises a master and a maximum of 15 slaves.
d) HCI, the Host Controller Interface, is the interface between the Bluetooth device controller
and the host device.
E8.13] Which is TRUE about ZigBee?
a) User defined bit rates up to 250 kbps.
b) FHSS with 32 bit long sequence.
c) Master-slave mesh topology.
d) Only FFD can form a mesh network.
426 Modern Distributed Control Systems
E8.14] Which is NOT true about ZigBee networks?
a) Every network must have one PAN.
b) Every ZB router must be a FFD.
c) Networks can be coordinated by multiple PANs for greater reliability.
d) ZED cannot route messages on behalf of another device.
E8.15] Which is NOT true about IEEE 802.15.4?
a) Every super-frame starts with a beacon frame.
b) A super-frame contains up to 16 time slots.
c) GTS slots are used for Greater Transfer Speed than CAP slots.
d) CAP slots are available for devices to access channels using CSMA/CA protocol.
E8.16] Which is NOT true about IEEE 802.15.4?
a) It is not mandatory to use super-frames
b) Beacon frames are transmitted by PAN to synchronize the transmission using super-frame
structures.
c) Low latency applications can transmit in any slot using high priority packets.
d) Low latency applications can be allocated guaranteeing time slots for contentionless
communication.
E8.17] Which is NOT a function of a ZigBee network layer?
a) Routing frames to their destination.
b) Security of multi-hop packets.
c) Starting a network.
d) Defining device roles in the network, and determining which application services they
provide.
E8.19] Which is NOT True about WirelessHART?
a) Built on IEEE802.15.4
b) Same wireless capabilities for all field devices.
c) TDMA on strict 10 msec time slots.
d) Uses Full Hart Simple Security FHSS for Network layer security
E8.20] Which is NOT true about WirelessHART?
a) Self-healing interoperable wireless mesh network
b) Network layer uses two different mechanisms for message routing: graph routing and source
routing.
c) MAC layer uses CRC for combined encryption and authentication block cipher mode.
d) Known public keys are used when a device attempts to join the network, i.e., before it has
received a proper network key.
427
PROBLEMS
(Problems extend the concepts of this chapter to new situations)
P8.1] Make a comparison table between ZigBee, WirelessHART, and ISA100.11a
a) Network components and use of access points
b) Routing methods
c) Network coordination
d) Use of adaptive FHSS
e) Super-frames
f) Support for deterministic subscriber/publisher communication
g) Support for alarm and event communication
h) Adding/removing devices
P8.2] Discuss the mechanism used for time distribution and device synchronization in ZigBee,
WirelessHART, and ISA100.11a.
P8.3] Discuss the similarities and differences between WirelessHART and ISA100.11a regarding
built-in encryption, authentication, verification, key management, anti-jamming and other
security measures.
DESIGN PROBLEMS
(Design Problems emphasize the design task)
D8.1] An RTU, currently a wired connection using Modbus over RS485, is to be relocated at a
position 250 m away from the control room. The RTU sends its monitoring data in an 850
byte report, every 15 minutes. But alarms should be reported within one second. The set-
points, if any, are also sent irregularly as demanded by the operator. Discuss the suitability of
the wireless connectivity solutions using ZigBee, WirelessHART, and ISA100.11a in such
situation and suggest a solution based on specific manufacture devices. Discuss also the
tradeoff options between cost and reliability.
D8.2] A network of gas leak detectors is to be installed in a process plant. At least 30 sensors are to
be installed on the 750,000 m2plant. The sensors are all battery powered. Alarms should be
reported within five seconds of initiation. Sensors also report low-battery alarms every 15
minutes until the battery is replaced. Discuss the suitability of ZigBee, WirelessHART, and
ISA100.11a, for maximum battery life.
428 Modern Distributed Control Systems
TERMS AND CONCEPTS
AES-128
Advanced Encryption Standard (AES) is a symmetric-key encryption standard adopted by the U.S.
government. AES-128 uses a 128-bit block size with key sizes of 128 bits.
Backscattering
Backscattering is radiowave propagation in which the direction of the incident and scattered waves,
resolved along a reference direction (usually horizontal) are oppositely directed. A signal received by
backscattering is often referred to as "backscatter."
Baseband
Baseband is the transmission of a digital or analog signal at its original frequency and in its original
form. It should not be changed by modulation.
Carrier Recovery
Carrier recovery is a technique for extracting the RF carrier from a modulated signal so that it can be
reinserted and used to recover the modulating signal.
CDM
Code Division Multiplexing is a technique in which each channel transmits its bits as a coded channel-
specific sequence of pulses. This coded transmission is typically accomplished by transmitting a
unique time-dependent series of short pulses, which are placed within chip times within the larger bit
time. In DSSS, all channels, each with a different code, can be transmitted on the same bandwidth.
DB
Relative power decibels (3dB/octave, 10 dB/decade)
dBi
dBi is used to express the gain of an antenna in decibels. The terminalletter ‘i’ indicates that the gain is
relative to an isotropic antenna
dBm
dBm is an abbreviation for the power ratio in decibels (dB) of themeasured power, referenced to one
milliwatt.
DSB-ASK Modulation
Double side band Amplitude Shift Keying is the conventional ASK modulation where the carrier is
modulated by a modulating waveform obtained by encoding the data.
429
DSSS
Direct Sequence Spread-Spectrum
EIRP
Equivalent Isotropic Radiated Power (also Effective Isotropic Radiated Power)
ISM Bands
The internationally reserved radio bands for use by Industrial, Scientific and Medical
equipment,which are now available for use by wireless LANs.
LNA: Low Noise Amplifier
LNA is the first stage in radio receivers. The main function of the LNA is to amplify extremely low
signals without adding noise, thus preserving required signal to noise ratio of the system. Additionally,
for large signal levels, the LNA amplifies the received signal without introducing distortions.
MIC
Message Integrity Code is appended to the MAC message. This code ensures integrity of the MAC
header and payload data. It is created by encrypting parts of the IEEE MAC frame using the key of the
network.The encryption algorithm is AES (Advanced Encryption Standard) with a 128b.
O-QPSK
Offset - Quadrature Phase Shift Keying
RSL
Received Signal Level. The signal level (in dBm) at a receiver input terminal
SSB-ASK Modulation
Single Side Band ASK Modulation uses the Hilbert transformation to suppress one of the signal power
spectral density sides.
TDMA
Time Division Multiple Access
430 Modern Distributed Control Systems
CHAPTER 9
9EXAMPLES OF MODERN DCS SYSTEMS
9.1 Introduction
9.2 Yokogawa CENTUM System
9.2.1 System Overview
9.2.2 CENTUM CS 3000 System Key Specifications
9.2.3 CENTUM CS 3000 Components
9.2.4 CENTUM Networking Components
9.2.5 Redundancy and Reliability
9.2.6 Instrument Asset Management System (AMS)
9.2.7 CENTUM VP
9.3 Honeywell Experion System
9.3.1 System Architecture
9.3.2 Basic Control System Topology
9.3.3 Process Communications
9.3.4 Process Control Hardware
9.3.5 Redundancy
9.3.6 Instrument Asset Management System
9.4 Siemens PCS 7 System
9.4.1 SIMATIC PCS 7 AS RTX with Software Controller
9.4.2 SIMATIC PCS 7 Modular Automation Systems
9.4.3 Tools and Software
9.5 ABB Automation Systems
9.5.1 System800xA
9.5.2 Freelance
9.5.3 Compact 800
9.5.4 Safety Systems
OVERVIEW
The objective of this chapter is to give an overview of the DCSs currently
offered by different industrial vendors. There are many competitive solutions
available in the market. Among the key players are Honeywell, Yokogawa, Emerson,
Siemens, ABB, GE, Invensys (Schneider Electric), and Valmet. Each offers
extensive set of automation/DCS solutions. However, because of the lack of space, it
would be difficult to present here a complete coverage of their products and
solutions. As such, we had to limit the subsequent sections to the key features of
Yokogawa’s CENTRUM, Honeywell’s Experion, Siemens’s PCS7, and ABB’s
800xA, which are already installed at the DCS Lab at KFUPM. Almost all the
vendors have different types of automation systems; however, the focus here is on
the large scalable systems for complex process control applications.
431
Yokogawa CENTUM is covered in more details in Section 9.1. Among the
covered topics are the key system specifications, components, networks, redundancy,
and Instrument Asset Management System (IAMS). CENTUM VP, the recent
Yokogawa addition is also covered in Section 9.1.7. Honeywell Experion is
presented in Section 9.2. The section covers Experion architecture, communication
networks, hardware and redundancy, and IAMS as well. The last two sections are
dedicated to Siemens PCS 7 and ABB 800xA systems. These two systems are based
on highly reliable and scalable advanced PLCs. These systems have been applied in a
wide spectrum of automation applications, from batch process control, to assembly
lines, food industry, steel industry, and utilities and power generation.
LEARNING OBJECTIVES
After reading this chapter, you should be able to
Describe the Yokogawa CENTUM networking hierarchy for high availability
DCS systems.
Differentiate between the various Yokogawa Controller models, as well as
between the HIS options.
List the tools and applications suite offered by Yokogawa CENTUM DCS.
Describe the Honeywell Experion system architecture.
Differentiate between the Honeywell C200 & C300 Controller models, as
well as between the HMI options.
Describe the Honeywell Experion networking hierarchy for high availability
DCS systems.
List the tools and applications suite offered by Honeywell Experion system.
Describe the main features of Siemens SIMATIC S7-400 modular automation
system.
List the key features of Siemens PCS AS RTX system.
Describe the scalability SIMATIC PCS 7.
List the automation systems offered by ABB, and their domain of
applications.
Describe the difference between ABB Freelance and 800 compact solutions.
Explain the key features of ABB 800xA system and its suite of tools and
software.
9.1 Introduction
DCS system is intended for applications requiring the highest reliability,
combined with the need for fast and deterministic response to ensure safe and reliable
operation of the plant production system.
432 Modern Distributed Control Systems
It is difficult to compare the different offerings from various DCS vendors in a
systematic way, as the architectures are different and many vendors offer scalable
systems with many possible configurations. However, it is absolutely necessary to
understand the application for which the equipment is to be used. Without knowledge
of the system requirements and intended functions, it is difficult to make any
meaningful distinctions between vendors. A good way to organize this information
and to create a basis for comparing vendor offerings is to write out the technical
requirements or specifications.
The following subsections provide overviews of some of the commercial
systems which are widely used in process industry. The provided information does
not cover all the known vendors, but is merely based on the information available to
the author at the time of writing this book. The provided information may not be up
to date, and reader is advised to consult directly the vendors for updated information.
433
9.2 Yokogawa Distributed Control System (DCS)
Yokogawa CENTUM 3000, and more recently CENTUM VP are widely used
DCSs in the process industry providing outstanding functionality, flexibility,
scalability and reliability.
Figure 9.1(a) Yokogawa CENTUM FCS. Figure 9.1(b) Yokogawa HIS of CENTUM
VP.
(Copyright(c) 2008 Yokogawa Electric Corporation).
HIS: Human Interface Station. FCS: Field Control Station.
9.2.1 System Overview
The CENTUM 3000 or CENTUM VP is a scalable open application DCS
available for Microsoft Windows operating systems that can run several application
packages from Yokogawa as well as from third parties, enabling selection of any
application software to match the process needs. The CENTUM 3000 or CENTUM
VP provides workstations standards-based control and I/O, close coupling to safety
systems, networking application software, and measuring instruments.
Typical features are:
Control bus: Ethernet/TCP/IP
Enterprise information: Ethernet/TCP/IP
Redundant Fieldbus to remote I/O
Instrument bus: Intelligent field device integration (e.g., HART, Foundation
Fieldbus, Profibus, etc.)
Dual/redundant communication at all levels of the system
434 Modern Distributed Control Systems
Reliable engineering software packages.
Yokogawa’s Enterprise Technology Solution integrates both factory and
business, allowing management to improve profits.
The HISplatform can be used in any general purpose PC, Figure 9.1(b).
OPC for interfacing with supervisory computers and other application
servers.
CENTUM, Figure 9.1(a), can also integrate other types of sub system.
9.2.2 CENTUM CS 3000 System Key Specifications:
The number of tags that can be monitored is 100,000 (expandable up to
1,000,000 tags).
The number of stations that can be connected is 256 stations (max.16
domains,64 stations per domain);however, HIS is limited to a maximum of 16
stations/domain.
A domain is a logical V-net bus segment. A bus converter can be used to link
CENTUM CS 3000 domains, or link to previous systems (e.g., CENTUM CS
1000).
The V net real-time control system bus links stations such as FCS, HIS,BCV
and CGW.
Dual redundant V-net support is standard.
Ethernet is used to link HIS, ENG and supervisory systems. It is also used for
transferring data files to supervisory computers.
CENTUM CS 3000 and CENTUM VP support connections to
FOUNDATION Fieldbus. They have easy function configuration;their
engineering functions are designed for efficient engineering and ease to use.
The existing CENTUM CS 1000 can easily be migrated to the CENTUM CS
3000 system.
The Yokogawa system guarantees data updates every second in the HIS, even
with a 1,000,000 tag project.
Vnet/IP offers one millisecond time synchronization among all stations on
Vnet/IP.
9.2.3 CENTUM CS 3000 Components
A typical CENTUM configuration is shown in Figure 9.2. The following is a
short description of the main components:
The Human Interface Station (HIS) is mainly used for operation and
435
monitoring, it displays process variables, control parameters and alarms. It
also incorporates open interfaces so that supervisory computers can access
trend data, messages and process data.
Console type HIS: This is a console type human interface station at which a
general purpose PC is installed. There are two types of console type HISs,
one is enclosed display style and another is open display style. The console
type HIS is composed of a console assembly and a general purpose PC. It is a
new type of HIS that can utilize the latest PC technology, while succeeding
the operability and functionality of the DCS.
Desktop type HIS: This HIS uses a general purpose PC.
The Field Control Station (FCS) controls the plant. There are two models of
FCS; namely, the FCS for Fieldnetwork I/O (FIO) and the FCS for Remote
I/O (RIO). In addition to the above models, there is the compact type FCS.
Corporate
Computer
Corporate
database
Business
information
Corporate Ethernet
Network
Supervisory
computer
CGW
APCS
LFCS LFCS
SFCS
V net
V net
HIS HIS
KFCS KFCS
FFCS
Exaopc
BCV
HIS E ng
station
HIS
HIS: Human Interface Station
KFCS:Standard FCS for FIO
FFCS:Compact FCS for FIO
CGW:Communication Gateway Unit
LFCS:Standard FCS for RIO
SFCS: Compact FCS for RIO
BCV: Bus converter
Figure 9.2 Example of a CENTUM 3000 DCS system.
436 Modern Distributed Control Systems
FCS is high performance controller supporting 1,200 analog signals, and up
to 4,000 digital signals per controller, in addition to Foundation Fieldbus,
PROFIBUS, EtherNet/IP, Modbus, HART, etc.
Compact FCS for Field network I/O (FIO) is a compact FCS with an I/O
module integrated into the field control unit.
Compact FCS for RIO: this controller is usually installed near the equipment
or process it controls and is ideal for communicating with subsystems.
Engineering PC(ENG) is a PC with engineering functions used to perform
CENTUM 3000 system generation and maintenance management. It can be
the same type of general purpose PC at the HIS and can even be the same PC
as the HIS.
Bus Converter (BCV) links the Vnet system bus to another CENTUM CS
3000 domain or to an existing CENTUM.
A Communication Gateway Unit(CGW) links the Vnet control system bus to
an Ethernet bus(to a supervisory computer system or a general purpose PC).
The System Integration OPC Station (SIOS) integrates process control
systems (PCSs) from other vendors into the CENTUM CS 3000 system. It
allows the CENTUM CS 3000 to exchange data with other PCSs and to
receive alarms and events generated at the other PCSs through the OPC
server. SIOS is a general-purpose PC-based station where the basic functions
of SIOS are installed.
Advanced Process Control Station(APCS) is a PC connected to the Vnet and
applied to advanced process control and efficiency improvement.An APCS
advanced process control station implements control functions with a general-
purpose PC connected to a Vnet/IP, aimed at improving advanced control and
plant efficiency.This station is designed to periodically perform advanced
process control and efficiency improving computations when incorporated in
a plant operated by CENTUM FCS.
Generic Subsystem Gateway Package(GSGW) is a PC connected to Vnet. It
uses OPC servers for subsystems, facilitating subsystem data acquisition and
setting without creating specific communication programs.GSGW can collect
and senddata of various types of subsystems through an OPC DA server.
Exaopc provides OPC server functions to enable applications in a supervisory
PC to access CENTUM CS 3000 data. It provides a link between control
layer and business data processing layer.
Long term trend historian (LTTH) acquires process data and alarm messages,
stores them over a long term, and displays them with a specific viewer
function, providing plant analysis features. LTTH consists of an LTTH server
437
and LTTH clients. An Exaopc OPC Interface Package (for HIS) is required to
acquire process data and alarm messages.
9.2.4 CENTUM Networking Components
The ESB bus(extended serial backboard bus) is a communication bus used in
connecting the local nodes, which are installed in the same cabinet for FCU.
This bus can be dual redundant. Maximum transmission distance is 10 meters.
The ER Bus(enhanced remote bus) is a communication bus used in
connecting the remote nodes with the FCU. This bus can be dual redundant.
Its maximum transmission distance is 185 meters using 10BASE-2 coaxial
cable or 500 meters using a 10BASE-5 coaxial cable.
The remote I/O bus (RIObus) connects the FCU to I/O nodes and can be
redundant. I/O nodes do not need to be in the FCU cabinet, they can be
mounted remotely. UTP cable is used for distances up to 750m and bus
repeaters or optical fiber links can be used for longer distance up to 20 Km.
Vnet is a 10 Mbps real-time control bus which links stations such as FCS,
HIS, BCV and CGW. It can be dual redundant.
ENG, HIS, and supervisory systems can be connected by Ethernet LAN.
The Vnet/IP is a real-time process control network used to connect system
components. Vnet/IP is the IEEE802.3 compliant, dual-redundant high-speed
(1Gbps) control network. All the components of the Vnet/IP network are
connected on the Layer 2 switches.
A Layer 2 switch is the COTS (Commercial off-the-shelf) switch equipment.
At least two switches are mandatory for one Vnet/IP system. The
transmission speed for Vnet/IP has to be 1 Gbps.
Layer 3 switch is the COTS switch with the routing function, and can divide
the Vnet/IP network into several domains.
The Vnet/IP supports two types of communications: control-bus
communications and open communications. The Vnet/IP is always dual
redundant. Usually, control bus communications are carried out via bus 1.
Open communications are carried out via bus 2. If a control communications
error occurs at the bus-1 side, control bus communications will be carried out
via bus 2. The Vnet/IP uses general-purpose communications devices for
network connection.
9.2.5 Redundancy and Reliability
The dual redundant models are available for the FCS for FIO and FCS for
RIO. In these dual redundant FCSs, the processor cards are duplexed (dual
438 Modern Distributed Control Systems
redundant) and Vnet couplers, power supply cards, bus interface cards, bus
couplers and node internal buses are all dual redundant. The duplexed
processor cards can switch from active to standby card without any
interruption to control when active card breaking down.
There are two processors on each processor card. Each CPU performs the
same control computations and the results are compared in each calculation.
A watch dog timer is used to detect if the active processor card is abnormal,
which results in a switch from active to standby processor card. The Vnet and
Vnet interface are dual redundant.
V net
interface
CPU1
CPU2
Comparator
Main
memory
(with
ECC)
ESB
bus I/F
ESB
Bus I/F
CPU2
CPU1
Comparator
Main
memory
(with
ECC)
V net
interface
< Left Processor card > < Right Processor card >
V net 1
V net 2
EN bus I/F
ESB Bus
ECC: Error-Correction Code
EN bus I/F
Figure 9.3 Dual-redundant processor card in standard FCS.
9.2.6 Instrument Asset Management System (IAMS)
Yokogawa complies with FDT. IAMS, as part of the CENTUM VP, will
manage the assets in the plant. Plant Resource Manager (PRM) consists of three
components: PRM server, PRM client, and field communications server. PRM
supports the conventional 4 to 20 mA analog devices, Foundation Fieldbus devices
439
(FF devices), and HART devices.
9.2.7 CENTUM VP
CENTUM VP, released in 2008, is the latest Yokogawareal time control system
whichhas a simple and common architecture consisting of human machine interfaces,
field control stations, and a control LAN. These three basic components support
facilities from the tiny to the very large and complex with up to 1,000,000 tags.
Software running on HIS and FCS stations implements operation/monitoring and
control functions respectively. Ethernet may also be used to interconnect HIS
stations.
CENTUM VP consists of components such as HIS (Human Interface Stations)
and FCS (Field Control Stations) interconnected by the Vnet token-bus. Software
running on HIS and FCS stations implements operation/monitoring and control
functions respectively. Ethernet may also be used to interconnect HIS stations.
The CENTUM VP system integrates all windows of different subsystems into
one human-computer interface. An operator can monitor DCS, security system,
equipment system, and all information of other systems at the same time through
only one human-computer interface window. What’s more, by managing the new and
integrated interface, operational miss can also be reduced. This can improve
operator’s efficiency at the same time.
The components connected on the Vnet/IP network can be time-synchronized
using COTS SNTP server on the Vnet/IP network, whose master time can be set
from GPS, etc.
CENTUM VP supports the following:
64 components/domain, 16 domain/system
Components:
•Human Interface Station (HIS)
•Field Control Station (FCS)
•Advanced Process Control Station (APCS)
•Generic Subsystem Gateway (GSGW)
•System Integration OPC Station (SIOS)
•OPC Interface Package (Exaopc) OPC server
•Field Communications Server for Plant Resource Manager (PRM)
On the bus-2 side, up to 124 general use Ethernet devices (including
intelligent network devices) other listed above can be additionally connected.
440 Modern Distributed Control Systems
9.3 Honeywell ExperionSystem
Experion is the Honeywell’s unified system for process, business and asset
management. Experion PKS (Process Knowledge System)is an open control system
that expands the role of distributed control, and provides a robust, open and scalable
DCS system.
C200 C300 Experion HMI
Figure 9.4 Honeywell’s Experion PKS System.
9.3.1 System Architecture
Experion PKS offers state-of-the-art DCS capabilities that include Abnormal
Situation Management (ASM), safety management, and information management
technologies. Experion PKS interfaces with Foundation Fieldbus, Profibus,
DeviceNet, HART, ControlNet and Interbus. Robustness, security, compliance,
control, safety, and reliability are plant-wide. Its distributed control features include
a complete continuous, logic, and sequential control hosted on fully redundant
controllers.
Experion PKS features include:
Elegant human-machine interface.
Integrated databases, engineering tools, and control applications.
Open, deterministic, high-speed control network communications system for
predictable and repeatable control linking servers, controllers, and remote I/O.
A configurable Control Execution Environment (CEE) provides
deterministic, consistent, and reliable control application execution.
Integrated application configuration.
441
Two CEE-based controllers:
The C200/CS300 Process Controllers are compact and cost-effective
solutions located close to the process with direct IO connections for fast
logic, sequential, and batch control applications.
The Application Control Environment (ACE) is ideally suited for
supervisory control solutions and integration with third party control
systems. It is hosted on a server grade computer platform.
The Simulation Control Environment (SCE) supports system simulation on
computers without requiring dedicated controller hardware or process
connections.
Redundancy support for servers, networks, and controllers.
Distributed System Architecture (DSA) that integrates multiple servers into a
single operational system.
Interfaces for wide variety of third-party controllers and protocols.
Open technologies and commonality of hardware, and is scalable from a few
points to several thousand points.
DCS historian: Large amounts of history are retained online, with automatic
archiving, allowing retention of, and access to unlimited quantities of
historical data.
9.3.2 Basic Control System Topology
Experion PKS can be segmented into basic sets of hardware component
platforms:
Supervisory Platform: which includes non-proprietary computing platforms
running Windows operating systems and serving as both server and client
stations. Client stations are able to serve as both engineering and operating
interfaces, depending on the software loaded on each node. Application
Control Environment (ACE) turns a computer using a Microsoft Windows
Server operating system into a supervisory controller that mirrors the basic
operations of a Control Processor Module (CPM). It provides the additional
capability of communicating with OPC Servers through a Fault Tolerant
Ethernet (FTE) or redundant or non-redundant Ethernet network. An ACE
supervisory controller can also be connected directly to a supervisory
ControlNet network to support peer-to-peer communications with a C200
Process Controller.
C200 Controller: using a small hardware form-factor supporting a scalable
and modular architecture. The C200 Process Controller provides integrated
regulatory, fast logic, sequential and batch control applications. Remote as
well as local I/O families with direct connection to the C200 Process
442 Modern Distributed Control Systems
Controller are available to accommodate a variety of connectivity
requirements. The Control Processor can support up to 64 I/O modules,
regardless of the point density of the I/O module.
C300 Controller: The latest C300 process controller is optionally redundant,
requiring no additional hardware other than an identical second hardware
module. The C300 CEE supports an execution period per control strategy,
ranging from 20 milliseconds to 2000 milliseconds. It supports up to 64 I/O
units and control capacity up to 4095 objects. C300is plug and play
replaceable with existing C200s, but with more functionality.
Third-party Controllers: A terminal server allows connecting several
controllers to the network even though they only have serial or parallel ports.
Most terminal servers also provide a range of serial connection options, such
as RS-232, RS-422 and RS-485. The server can interface to a number of
third party controllers including the Allen Bradley PLC5 and SLC range,
Modicon, GE Fanuc and Siemens.
PMD controller for Experion: The PMD Controller is an open controller
used in process, machinery and drives technology to control Fieldbus-based
processes and process equipment. It controls continuous and batch processes,
machines and stand-alone drives and line drives.
Experion LS: Experion LS is a compact solution, which offers the power and
reliability of a distributed control system (DCS) in a small and flexible
solution, ideal for batch and sequence-oriented manufacturers.
9.3.3 Process Communications
The Experion PKS system architecture can be scaled to accommodate small
personal work groups, large plant-wide domains, or a mix of workgroups and
domains.
The most significant network within the Experion PKS architecture is the
open network called ControlNet serving as the network technology for:
•Controller-to-Server communications
•Controller-to-Controller (peer-to-peer) communications
•Controller-to-I/O communications
ControlNet supports redundant media.
Ethernet media can be used for controller-to-server and controller-to-
controller communications that are referred to as the supervisory level
communications. Ethernet is also employed for communication between the
server and stations involved in the Experion PKS application. Honeywell
443
also offers its own version of a robust Ethernet known as Fault Tolerant
Ethernet (FTE).Ethernet or Honeywell's Fault Tolerant Ethernet (FTE) can be
used for linking servers and clients together in the plant information network
(PIN).
ControlNet, Ethernet, or Fault Tolerant Ethernet (FTE) network can be used
to provide the communications link between the C200 Controllers and the
supervisory level, as well as peer-to-peer communications between C200
Controllers.
The ControlNet network provides the communications link between the C200
Controllers and remote I/O.
Redundant media can only be built using FTE or ControlNet.
The Fieldbus Interface Module requires an FTE or ControlNet network.
The Supervisory FTE, ControlNet or Ethernet is used by the Experion PKS
Server to access data from the controller to populate Experion PKS displays,
receive alarms, and gather historical data.
9.3.4 Process Control Hardware
The Experion PKS system uses a common hardware infrastructure for both
controller and chassis I/O configurations. Common chassis, power supplies and
communication cards are employed across the basic system. Typical control
hardware components include:
Control Processor Module (CPM) is the Control module within the C200
Process Controller in which Experion PKS control strategies execute. It
communicates with Input/Output (I/O) Modules and peer devices via the
Integrated Control Protocol (ICP) backplane and the connected ControlNet
network. Together with an ICP backplane and I/O devices, the CPM
constitutes a controller.
I/O Modules (either local to a processor or as remote I/O), which provide the
terminals and processing power to accept input signals and send output
signals. Experion PKS also offers Serial Interface and Pulse Input Modules.
Redundancy Module (RM) with a controller chassis provides automatic
backup for the primary controller. It can also be used in chassis containing
Fieldbus Interface Modules to support redundant fieldbus operation.
Fieldbus Interface Module (FIM) serves as the communication gateway
between the Supervisory ControlNet and/or I/O ControlNet network and the
444 Modern Distributed Control Systems
Foundation Fieldbus H1 communications medium. It includes a Remote
Termination Panel (RTP) for connecting and powering up to two fieldbus H1
links.
OPC Client Interface. OPC client interface allow integration of PLCs,
RTUs, or legacy DCS.
9.3.5 Redundancy
The Experion PKS system has been designed to accommodate the most
complete redundancy protection developed for an industrial automation
system, and fully implement redundancy in terms of servers, networks and
controllers.
The server supports redundant server configurations providing a warm fail
over architecture with online database replication. The server redundancy
scheme supports temporary removal of a server for maintenance. When the
server is brought back online, the databases can be re-synchronized at the
touch of a button.
Server redundancy supports as well on-process migration, which could
involve upgrading one of the servers.
445
Business Network
Advanced control network
Plant A sset
Manag ement
Firew all
Mul tifunction
control &
optim iz atio n Rem ote
Operati on Pl ant S im ulation
Red unda nt
Datab ase &
Hi storian
Operato r
Con sole
PMI
I/O
Hyb rid
Con troll er
Secu re web
server
Pla nt wi de
wareho use D esktop access
to eserver
Bus iness com pu ter
Supervisory Control Network
C200 /C300
Red undant
Rem ote I/O
Foun datio n
Fiel d B us
Figure 9.5 Honeywell DCS Scalable Architecture.
9.3.6 Instrument Asset Management System
Asset management is an embedded solution within the Experion system.
Asset Manager automatically creates a hardware hierarchy asset view based
on the hardware structure within Experion, providing a representation of how
assets are connected within the Experion system.
446 Modern Distributed Control Systems
Asset Manager is integrated with Honeywell’s Field Device Manager to allow
easy access to all HART device configurations, whether they are connected to
Experion, another system such as Honeywell’s Safety Manager, or third-party
PLCs and DCSs.
447
9.4 Siemens PCS 7 system
Siemens’s SIMATIC PCS 7 Process Control System offers a wide range of
automation systems with the right performance for a wide spectrum of industrial
applications. The automation systems are characterized by their high degree of
flexibility. They are scalable and available in various safety and availability stages –
ranging from the relatively inexpensive standard solution for small and medium sized
plants to redundant systems for large production plants.
Figure 9.6 Siemens PCS 7 Automation system.
Several automation systems with tiered price-performance ratio are available to
the user at the control level. However, the focus here will be on the following
systems:
Compact Microbox automation system SIMATIC PCS 7 AS RTX
SIMATIC PCS 7is a Distributed Control System (DCS) using SIMATIC S7
programmable logic controllers for modular automation systems. S7-400
series is a high performance standard system for high availability and safety
related systems.
The scalability of both of them permits the user to adapt the automation
448 Modern Distributed Control Systems
performance optimally to the requirements of the plant or the plant section.
9.4.1 SIMATIC PCS 7 AS RTX with Software Controller
SIMATIC PCS 7 AS RTX belongs to the lower performance range of the scale
of process control system. It is a software based automation system in the form of an
AS runtime system. Even though it leads the lower performance range, the SIMATIC
PCS 7 AS RTX contains many powerful features. The sturdy and compact
automation system based on SIMATIC Microbox is designed for 24-hour continuous
maintenance-free operation in ambient temperature of up to 55°C.
Impressive above all is its fast program processing in the software controller and
the fact that it is both vibration and impact resistant, as it features neither a fan or
rotating storage medium. These features and the compact measurements of the
SIMATIC PCS 7 AS RTX make it the perfect alternative to the standard automation
systems of the S7-400 series. It is ideally suited for distributed installation close to
the plant, for package units and for plants with large distributed infrastructure. The
numerous areas of application of the new controller range from the food, cosmetics
and consumer goods industry to industries such as pharmaceutical and water/waste
water.
Key Features of SIMATIC PCS 7 AS RTX:
SIMATIC PCS 7 AS RTX is space saving, power saving, and maintenance-
free, as it is equipped with no fan or hard disk.
Cost effective alternative for the automation of smaller plants and plant
sections (up to approximately 350 process objects).
Can be easily integrated into the SIMATIC PCS 7 system and its subsystems.
Windows Embedded operating system.
Comes with preinstalled software controller and diagnostics software.
The system is configured using the SIMATIC PCS 7 engineering system.
Distributed I/O using SIMATIC ET 200: ET 200 is a multifunctional, highly
modular I/O system with rugged construction for indoor and outdoor
environment. It includes interface modules with integrated CPU and optional
PROFINET/ PROFIBUS connection, in both standard and safety-oriented
designs. ET 200 series offers a comprehensive module range, comprising
power modules, digital or analog input and output modules, technology
modules, an IO-Link Master as well as motor starters, frequency converters or
a pneumatic interface.
Two Ethernet interfaces 10/100/1000 Mbit/s (RJ45) are integrated in the
SIMATIC PCS 7 AS RTX for plant bus communication with SIMATIC PCS
7.
449
Configurable monitoring functions for program execution /watchdog,
processor and board temperature, as well as advanced diagnoses/messages,
for example operating hours counter, hard disk / system status, can be
detected by SIMATIC PC DiagMonitor and Maintenance Station.
9.4.2 SIMATIC PCS 7 Modular Automation Systems
The S7-400 is the most powerful PLC in the SIMATIC Controller family; the
range that enables successful automation solutions with Totally Integrated
Automation. The S7-400 is an automation platform for system solutions in the
manufacturing and process industries, and is distinguished above all by its
modularity and performance capacity.
SIMATIC PCS 7 automation systems feature modular and fan-less structure,
high expandability, sturdiness, long-term availability, extensive communication
options, integrated system functions and are easily connected to centralized or
distributed I/O devices.
SIMATIC PCS 7 combines a unique scalable architecture with powerful
engineering tools and a wide variety of additional functions such as alarm
management, process safety and asset management, all of which can be integrated
seamlessly into onecontrol environment. The SIMATIC PCS 7 offers high system
availability, investment security and future-safe technology, together with a reduced
total cost of ownership.
Application:
a) Automotive industry (e.g., assembly lines)
b) Power generation and distribution
c) Process engineering (e.g,. water supply, waste water treatment)
d) Machine automation
e) Food and beverages industry
f) Woodworking
g) Chemical industry and petrochemicals
h) Paper and printing industry
i) Steel industry
Key Features of SIMATIC PCS7 automation systems:
The PCS7 automation systems are scalable and available in various safety and
availability versions, ranging from the relatively inexpensive standard
solution for small and medium sized plants to redundant type systems for
450 Modern Distributed Control Systems
large production plants. Depending on the size of the application, the
appropriate controller can be selected from a wide range of controllers
according to performance, quantity structure and communication ports.
High-availability controllers of the type SIMATIC S7-400H are equipped
with two H-CPUs. In the event of a fault in the master system, the system
switches to the stand-by station. It is suited for high-availability process with
hot-standby requirements (processes with switch over times of less than 100
ms). High-availability automation is designed to reduce the risk of production
down times. High-availability SIMATIC PCS 7 automation systems can be
operated in a standalone plant configuration or together with standard and
fail-safe automation systems.
Fail-safe automation systems are used for critical applications in which faults
endanger human life or lead to damage to the plant or to environment. In
interaction with the fail-safe F modules or the distributed I/O systems ET 200
or directly via fail-safe transmitters connected via field bus, the F/FH systems
detect faults in the process or their own internal faults. In the event of a fault
they transfer the plant to a safe state.
451
Figure 9.7 Siemens Scalable Automation Architecture.
Modular and fan-less installation
Extensive communication options
Support of large structures of inputs/outputs.
Fast reactions and deterministic scan cycles.
Isochronous mode for the control of fast-operating machines via PROFIBUS
Totally Integrated Automation and easy reuse of user programs on all
SIMATIC controllers.
Higher system availability through redundant high-availability configurations
and high-performance diagnostic functions.
Compliance with high safety requirements with only one system for standard
and fail-safe applications.
452 Modern Distributed Control Systems
9.4.3 Tools and Software
SIMATIC Manager for administrating all tools and data ofan automation
project.
Hardware configuration for configuring and parameterizing the hardware.
NetPro for setting up a data transfer over MPI or PROFIBUS/PROFINET.
Integrated system diagnostics for obtaining an overview of the automation
system status.
Software test without controller with S7-PLCSIM (component part of STEP 7
Professional)
Creation of programs for fault-tolerant and fail-safe controllers.
Ability to Interface and integrate engineering systems from other
manufacturers.
Alarm Management
Prevent unplanned downtime and maximize operator performance
Process Simulation
Reduce time and cost for commissioning and FAT, operator training systems
enhance performance
Advanced Process Control
APC techniques help you increase throughput and yield optimum
performance
Plant Asset Management
Keep your assets operating at peak performance through preventative and
predictive maintenance.
453
9.5 ABB Automation Control Systems
ABB's control systems portfolio ranges from stand alone products, to
Distributed Control Systems for any size application to TÜV certified Safety
Instrumented Systems and Collaborative Process Automation Systems (CPAS) for an
extended automation scope. ABB offers a complete set of solutions and services to
meet automation needs whether for a new system or for modernizing an existing
system. In particular, System 800xA Extended Automation is an integration platform
with unparalleled connectivity to enterprise and plant systems, applications, and
devices that improves operations, engineering, control and maintenance and provides
a collaborative environment where real-time decision making is required.
800xA System Compact 800 Freelance
Figure 9.8 ABB Control Systems.
ABB offers a number of systems to meet a wide spectrum of automation
requirements. A brief description of these systems is given below.
9.5.1 System 800xA
Scalable extended automation system for process and production control, safety,
and production monitoring. ABB's 800xA provides an automation platform with
incredible connectivity capabilities that creates one flexible, integrated, collaborative
environment. Integration of systems, applications and devices into a powerful
information architecture makes all information available for use in the system and
provides information to plant personnel in actionable context.
System 800xA is the solution for:
Promoting collaboration through integrated plant systems and applications.
Improving operator effectiveness through integrated information.
Generating cost effective solutions through integrated engineering.
Achieving seamless control through integrated, unified fieldbus networks.
454 Modern Distributed Control Systems
Providing flexible evolution paths through seamlessly integrated controller
platforms.
The Industrial IT System 800xA family of controllers, communication
interfaces and I/O modules match the most challenging requirements in industrial
automation. Combined with ABB’s rich experience in general and industry-specific
process and power automation, 800xA Control and I/O products deliver powerful and
versatile solutions that are equally effective for small hybrid systems as well as for
large, integrated, automation and power applications. Thereby, the products
contribute to higher return on assets by improving overall production control,
maximizing process availability, and minimizing maintenance.
The AC 800M High-Integrity Controller offers an IEC 61508 and TÜV-certified
control environment for combining safety and business critical process control in one
controller without sacrificing safety integrity.
Tools and Software:
Asset optimization
Device management FOUNDATION Fieldbus
Device management HART
Device management PROFIBUS
Engineering information management
Operations
Partner enhancements
Production management
Safety products
Services
Simulation
9.5.2 Freelance
Hybrid process control system for small to medium size applications. ABB's
Freelance, the hybrid process control system, combines the best of both worlds, DCS
and PLC. It offers PLC size and price with functionality of a DCS. The integrated
environment facilitates engineering, commissioning, maintenance and fieldbus
management. The intuitive operator interface enables easy operation and diagnostics
of the entire system.
Freelance is proven in more than 14,000 applications in all industries. The
compact control system allows the integration of all common fieldbuses, whether
FOUNDATION Fieldbus, PROFIBUS, or HART.
455
9.5.3 Compact 800
Compact 800 is a flexible process control product family for stand alone
automation solutions. The Compact 800 family can be used as standalone or
combined to create cost effective control solutions to fulfill a wide range of customer
needs. It is built with openness in mind and based on standards to make sure that this
family can be combined with other products on the automation market. Compact
HMI 800, AC 800M controllers with Compact Control Builder, Panel 800, S800L
I/O and S800 I/O can all play key roles in building any customized control solutions.
9.5.4 Safety Systems
ABB provides a complete TUV certified Safety System that complies with IEC
61508 and IEC 61511 standards. ABB installed base of safety systems spans more
than 55 countries. ABB has developed TUV certified products (including sensors,
safety controllers and final control elements), and provides consultancy and services
for the entire safety lifecycle.
ABB's latest generation of safety systems, the SIL3 certified 800xA High
Integrity, constitutes an integral part of ABB's flagship automation offering, System
800xA. 800xA High Integrity is available in both Dual and Quad configurations,
allowing end-users to tailor their safety system solutions to meet the specific
requirements of each installation and optimize cost. For continuous processes 800xA
High Integrity is available in Quad configuration enabling availability figures of
>99.9999% to ensure minimum production upsets or interruptions.
456 Modern Distributed Control Systems
SUMMARY
1. Yokogawa CENTUM system is scalable system with guaranteed one
second scan period for up to 1,000,000 tags.
2. A network can have up to 16 domains, each domain supports up to 64
control stations, and up to 16 HIS stations.
3. There are four types of Field Control Stations (FCS): KFCS, FFCS, LFCS,
and SFCS.
4. Each FCS can support up to 1,200 analog signals, and up to 4,096 digital
signals, in addition to various options of field buses.
5. System redundancy can be implemented at the network level, at the
controller levels, power supplies, and processor levels.
6. Integration of the system with other DCS systems or with the corporate
networks is via standard OPC stations.
7. The CENTUM VP system integrates all windows of different subsystems
into one human-computer interface.
8. Honeywell automation offers two solutions, the C200/C300 based
embedded control solution for distributed control, and the software-based
Application Control Environment (ACE) for SCADA applications.
9. ControlNet is used for low level communication between controllers and
I/O for high reliability. ControlNet or the Fault Tolerant Ethernet (FTE)
supervisory level communication, and Ethernet of FTE for the plant
information network.
10. Redundant systems support hot swap, automatic synchronization, and on-
line configuration.
11. Honeywell Experion provides an integrated asset management systems,
automatically generating hardware hierarchy asset view.
12. Siemens’s SIMATIC PCS 7 process control system offers a wide range of
automation systems, in particular the PCS 7 AS RTS for small systems
and SCADA systems, and S7-400 for high availability scalable systems.
13. High availability and redundant configurations for safety systems and
critical process control applications.
14. The key features of S7-400 includes extensive communication options,
fast scan cycles, and comprehensive suite of tools and packages for
457
engineering, diagnostics, simulation, interfacing with other systems, alarm
management, APC, and asset management.
15. ABB offers a range of automation solutions for a wide spectrum of
industrial applications, such as System 800xA, scalable for process
control, production control, safety, and production monitoring and
connectivity with plant information system, Freelance hybrid system with
support for variety of field buses, Compact 800 for stand alone solutions,
and high integrity certified safety systems.
References
[1] ANSI/ISA-5.06.01-2007, Functional Requirements Documentation for Control Software
Applications.
[2] ANSI/ISA-18.2-2009, Management of Alarm Systems for the Process Industries.
[3] ANSI/ISA-95.00.01-2010 (IEC 62264-1 Mod), Enterprise-Control System Integration - Part 1:
Models and Terminology.
[4] ANSI/ISA-95.00.02-2010 (IEC 62264-2 Mod), Enterprise-Control System Integration - Part 2:
Object Model Attributes.
[5] ANSI/ISA-99.00.01-2007, Security for Industrial Automation and Control Systems Part 1:
Terminology, Concepts, and Models.
[6] IEC 60073 Basic Safety principles for man-machine interface, marking and
identification.
[7] IEC 60529 Degrees of protection provided by enclosures (IP Code)
[8] IEC 61131 PLC programming.
[9] IEC 61346 Industrial systems, installations and equipment and industrial products — Structuring
principles and reference designations
[10] IEC 61508 Functional safety of electrical/electronic/programmable electronic safety-related
systems
[11] IEC 61511 Functional safety - safety instrumented systems for the process industry sector
[12] IEC 62264 Enterprise-control system integration.
[13] IEC 62443 Industrial communication networks - Network and system security.
[14] EC 81346-1:2009 Industrial systems, installations and equipment and industrial products --
Structuring principles and reference designations -- Part 1: Basic rules 60.60 TC 10 42.
[15] ISO 23570-1:2005 Industrial automation systems and integration -- Distributed installation in
industrial applications -- Part 1: Sensors and actuators 90.60 TC 184/SC 1 37.
[16] DobrivojiePopovic, and Vijay P. Bhatkar, Distributed Computer Control Systems in Industrial
Automation, CRC, 1990.
[17] M.S. Ray and M.G. Sneesby (1998). Chemical Engineering Design Project: A Case Study
Approach (2nd ed.). Gordan and Breach Science Publishers. ISBN 9056991361.
[18] M.R. Skrokov, Mini-and Microcomputer Control in Industrial Processes, Van Nostrand Reinhold
Company, 1980.
[19] Nachreiner F, Nickel P, Meyer I (2006) Human factors in process control systems: the design of
human-machine interfaces. Safety Science, Vol. 44, No. 1, pp. :5–26. January, 2006.
[20] Yokogawa CENTUM CS 3000 System
http://www.yokogawa.com/dcs/products/cs3000/overview/dcs-3k-0101en.htm
[21] CENTUM VP
458 Modern Distributed Control Systems
http://www.yokogawa.com/dcs/centumvp/overview/dcs-vp-0801en.htm
[22] Honeywell Experion R400
http://hpsweb.honeywell.com/Cultures/en-US/Products/Systems/ExperionPKS/R400/default.htm
[23] Getting Started With Your DeltaV™ Digital Automation System,
http://www.chem.mtu.edu/chem_eng/current/new_courses/CM4120/2009/Getting
%20Started.pdf
See also: http://www2.emersonprocess.com/en-US/brands/deltav/Pages/index.aspx.
[24] Siemens, New Perspectives with SIMATIC PCS 7 Process Control System,
www.siemens.com/simatic- pcs7
See also; http://automation-drives.ru/as/download/ascat/simatic_pcs7/e20001-a214-p280-v1-
7600.pdf
[25] Siemens, New Perspectives with SIMATIC PCS 7 Process Control System,
www.siemens.com/simatic-pcs7
See also:http://automation-drives.ru/as/download/ascat/simatic_pcs7/e20001-a214-p280-v1-
7600.pdf
http://www.automation.siemens.co.uk/main/extra/literature/files/Low%20Voltage%20Control
%20Brochures/SIRIUS%20LV%20Controlgear/Controlgear/E20001-A750-P305-V1-7600.pdf
[26] ABB Automation system 800xA
http://www.abb.com/product/us/9aac115756.aspx
[27] ABB Products Guide
http://www.abb.com/ProductGuide/
[28] Foxboro Distributed Control System - I/A Series
http://iom.invensys.com/EN/Pages/Foxboro_DCSIASeries.aspx
[29] www.honeywell.com;
Honeywell control and automation solutions,
http://acscorp.honeywell.com/Pages/default.aspx
[30] Schneider Electric
http://www2.schneider-electric.com/sites/corporate/en/products-services/former-
brands/invensys/invensys.page
[31] Yokogawa
www.yokogawa.com
[32] Siemens
www.siemens.com
[33] Rockwell automation
http://www.rockwellautomation.com/
EXERCISES
(Straight forward applications of the concepts of the chapter)
E9.1] Which is NOT true about the automation project technical specifications?
a) It helps in determining which supplier meets the needs of the automation project.
b) Forces vendors to bid on similar systems
c) It explains to the vendors how their systems should work to achieve the desired
functionalities.
d) It forces suppliers to spell out areas where they cannot meet the requirements.
E9.2] Which is NOT part of the automation project technical specifications?
459
a) SCOPE
b) Functional description
c) Testing and Commissioning
d) Allocated project budget
E9.3] Which is a basic requirement of a DCS system?
a) Alarm system
b) Plant Optimization
c) MES Integration
d) Loop Monitoring
E9.4] Which is NOT a requirement of the DCS logging functions?
a) Hourly log, shift log, Daily log, and monthly log.
b) Easy to create customized reports
c) Easy to interface using OPC tools.
d) Provides Loop Monitoring function.
e) Comprehensive IT security tools.
E9.5] Which is NOT a criterion for vendor capability assessment?
a) Corporate viability
b) Market share.
c) Proximity of the head quarter and factories.
d) Track record
E9.6] Which is NOT a criterion for vendor capability assessment?
a) Corporate viability
b) Market share.
c) Proximity of the head quarter and factories.
d) Track record
E9.7] Which is NOT a criterionfor system I/O capabilities?
a) Switching and loop control capabilities
b) Number of I/O points per unit
c) Scanning period.
d) Power supply isolation, backup, and short circuit protection.
e) Inputs and outputs ground isolation.
E9.8] Which is a criterion Control Configuration capability?
a) 64 bit embedded processor
b) Support of IEC 6113-3 programming languages
c) Ability to execute safety and control logic by same controller.
d) Allowable Scanning period.
E9.9] Which is NOT a criterion Control Configuration capability?
460 Modern Distributed Control Systems
a) Ability to change configuration on-line.
b) Logic, sequential, or batch functions be configured by the same tool.
c) Network redundancy and error detection and correction.
d) Availability of debugging tools.
E9.10] Which is NOT a criterion for networking capability?
a) Ability to synchronize time on all controllers.
b) Network capacity in terms of how many nodes/controllers it can support.
c) Availability of spare protocols in the network.
d) Ability to support hardware by other vendors.
E9.11] Which is NOT true about Yokogawa CENTUM 3000?
a) Up to 256 stations can be connected
b) Supports up to 1000,000 tags
c) Vnet is a dual redundant 1Gbps open control network
d) Vnet links stations such as FCS, HIS, BCV and CGW.
E9.12] Which Device can be used to enable applications to access CENTUM 3000 data?
a) GSGW
b) APCS
c) CGW
d) Exaopc
E9.13] Which device can be used to enable CENTUM 3000 to access data from other subsystems?
a) GSGW
b) APCS
c) CGW
d) Exaopc
E9.14] Which device can be used to link Vnet to Ethernet?
a) GSGW
b) Layer 2 switch
c) CGW
d) BCV
E9.15] Which Device can be used to link Vnet to another Vnet domain?
a) GSGW
b) Layer 2 switch
c) CGW
d) BCV
E9.16] Which Device executes the basic control functions?
a) APCS
b) FCS
461
c) HIS
d) FIO
E9.17] In Honeywell Experion system, which is not an option for execution of control functions?
a) ACE station software
b) HMI console
c) C200/C300
d) PMD controller
E9.18] In Honeywell Experion system, which is not an option for execution of control functions?
a) SCE
b) Third party controller
c) FFB device
d) PMD controller
E9.19] In Honeywell Experion system, which is not a function of ControlNet?
a) Controller-to-I/O communications
b) Controller-to-Controller communications
c) Third party controllers to Experion HMI
d) Controller-to-Server communications
E9.20] In Honeywell Experion system, which is not a function of FTE network?
a) Controller-to-I/O communications
b) Controller-to-Controller communications
c) Controllers to displays and HMI
d) Controller-to-Server communications
E9.21] In Honeywell Experion system, which is not a feature of C300 controllers?
a) Ability for fast execution cycle (20 msec.)
b) Support redundant configurations
c) Up to 64 I/O units
d) Can act as an Application Control Environment
e) Interface to Field buses
E9.22] In Honeywell Experion system, which module executes the control strategy?
a) PKS
b) I/O modules
c) CPM
d) FIM
e) C200
E9.23] Which is not a feature of Siemens PCS 7 AS RTX system?
a) Control strategy can run on any PC with Windows operating system.
b) Ideally suited for distributed installation on a factory floor.
462 Modern Distributed Control Systems
c) Scalable for large distributed structures using ET 200 with PROFIBus interfaces
d) Uses Ethernet 10/1000 Mbps.
E9.24] Which is not a feature of Siemens S7-400 based automation systems?
a) S7-400 is a powerful and highly reliable DCS controller.
b) Modular and fan-less structure, high expandability, long-term availability, and extensive
communication options.
c) Support of large structures of inputs/outputs using ET 200.
d) Fast-operating machines via PROFIBUS.
PROBLEMS
(Problems extend the concepts of this chapter to new situations)
P9.1] Compare between Honeywell ACE system and Siemens S7AS RX for large SCADA systems
applications.
P9.2] Compare between Honeywell Ovation, Siemens, and ABB for power generation applications.
P9.3] Compare between Siemens and Honeywell solution for Batch control applications.
463
TERMS AND CONCEPTS
AS-I (Actuator-Sensor Interface)
A low-cost electromechanical connection system designed to operate over a two-wire cable carrying
data and power over a distance of up to 100m, or more if repeaters are used. Visit www.as-
interface.com for more information.
COTS
Commercial off-the-shelf (COTS) are the commercially available products that are purchased and
integrated with little configuration.
Downtime
Periods where computers, equipment, or manufacturing systems are not available to perform work.
ERP
Enterprise Resource Planning (ERP) is an information system that integrates all manufacturing and
related applications for an entire enterprise.
Firmware
A computer program or software stored permanently in PROM or ROM.
Hot Swap
Exchange of hardware components during operation.
Material Handling
The movement, storage, control, and protection of materials and products throughout the process of
their manufacture, distribution, consumption and disposal.
MES
Manufacturing Execution System. A System solution for efficient controlling of manufacturing
processes.
MRP
Material requirements planning.
Product Life Cycle
The time from the delivery of a product, until the product is withdrawn from use or sale. There may be
many projects during the product life cycle.
464 Modern Distributed Control Systems
Project Life Cycle
The full set of activities from the beginning to the end of a project. Generally associated with a set of
phases, which are determined based on the major parts of project performance (e.g., requirements
definition, design, construction, deployment) and the need for control by the Client organization
(checkpoints for Go/No go decision-making).
Relay Ladder Logic
This programming language expresses a program as a series of "coils" and "contacts", simulating the
operation of electromechanical relays. The resultant program is the equivalent of a Boolean equation,
which is executed continuously in a combinatorial manner. The advantage of this language is the
familiarity many electricians have with the simple operation of relays. Disadvantages include the
complexity of large, cross-connected programs, and the difficulty of expressing such non-binary
functions as motion control and analog I/O.
RTU
Remote Terminal Unit (RTU) is an industrial data collection device typically located at a remote
location and communicates data to a host system by using telemetry (such as radio, dial-up telephone,
or leased lines).
Specifications
Detailed statements of project deliverables that result from requirements in the definition and design.
Specifications generally describe the deliverables in terms of appearance, operational constraints and
quality attributes. Specifications are the basis for acceptance criteria used in scope verification and
quality control. In some organizations and industries, specifications may be qualified as requirements
specifications and design specifications. See Requirements.
System Integration
The process of connecting systems, devices, and programs together in a common architecture so as to
share and exchange data.
Turnkey
A type of outsourcing method that turns over to the subcontractor all aspects of manufacturing
including material acquisition, assembly and testing. Its opposite is consignment, where the
outsourcing company provides all materials required for the products and the subcontractor provides
only assembly equipment and labor.
WMS (Warehouse Management System)
Software that integrates activities performed mechanically and by humans with an information system
to effectively manage warehouse business processes and direct warehouse activities.
465
ABOUT THE AUTHOR
Dr. Moustafa Elshafei
Professor of Control and Instrumentation Systems Engineering
Dr. Elshafei received his Ph.D. (with Dean List) from McGill University, Canada, in
Electrical Engineering in 1982. Since then, he has accumulated over 34 years of both
academic and industrial experience. He is sole inventor/co-inventor of over 20 US
and international patents. He published 250 publications in international journals,
conferences, and technical reports, in addition to three books and several book
chapters. He initiated/participated in may funded projects by Saudi ARAMCO,
SABIC, KACST, NSTIP, YOKOGAWA, and KFUPM.
Dr. Elshafei taught DCS systems at KFUPM at the graduate level, as well as senior
undergraduate level regularly during the last 8 years. His effort lead to establishing a
DCS teaching and training Lab. The lab includes Yokogawa Stardom PAC and
CENTUM VP training simulator, Honeywell Experion 400 with 10 workstations and
two servers, ABB AC800M with 10 workstations, and Siemens SIMATIC PCS7
training system for university education. He also helped in establishing a research lab
for Networked Computer Control.
Dr. Elshafei research interest includes intelligent instrumentation, and process
modelling, control, and optimization. Dr. Elshafei is a member of IEEE, SPE, and
ISA.
