(Click here to view article in digital edition)
Functional Safety over EtherCAT
FSoE (sometimes called ‘Failsafe over EtherCAT’) is a communication protocol that was developed by the ETG (EtherCAT Technology Group) and is starting to be introduced by more drives and controls suppliers. The goal was to design an industrial communication bus that would be suited for use in safety applications – up to an IEC 61508 SIL3 level. In simple terms, this means the communication bus would need to operate in excess of 100,000 years without an undetected error.
An overview is that each FSoE node receives a unique address (16-bit) and the safe data with checksum are encapsulated in the EtherCAT telegram. The FSoE protocol has a number of different features that help detect an error in the communication, as seen in the table below.
Each FSoE slave is handled with a state machine. Upon start-up the slave must go through the state machine in order to set any of the safe bits. In the event of an error, the state machine is reset and the master must revalidate the connection before changing any of the safe bits.
There is much more technical information available at https://www.ethercat.org where members of the EtherCAT Technology Group can download a full copy of the specification.
So why should machine builders care?
1. FSoE is certified to an IEC 61508 SIL3 level
The protocol was designed with a number of different features (watchdog timers, checksums, etc.) that enhance security and allow the detection of errors. Very importantly, the FSoE protocol was independently certified by TÜV SÜD Rail GmbH to the IEC 61508 SIL3 level.
This is relevant because it has been evaluated by a 3rd-party safety agency and carries the appropriate certification. When coupled with similarly certified safety hardware, the machine builder will have a much easier time having their overall machine certified for functional safety.
2. FSoE is an open protocol published by the Ethernet Technology Group (ETG)
ETG has made the technology open and accessible, it encourages many vendors to develop EtherCAT products. The machine builders benefit from this as they have access to many different vendors and products. The end user benefits from high-performance technology and lower costs due to the competitive offerings – so a win-win for everyone.
Increasingly, more automation companies will develop FSoE-based products and the ecosystem will continue to grow. Both machine builders and end users will benefit with a wide selection of products and vendors.
This is not always the case with competing safety protocols on the market today. Some protocols out there are closed and proprietary. Any control solutions that are developed will tie a machine builder into that one vendor’s hardware and programming tools. This introduces risk as you are tied to one vendor. In short, because Failsafe over EtherCAT is open, it gives machine builders an increasing number of product options from a number of different vendors.
3. FSoE can be implemented with other networks
FSoE works with standard Ethernet hardware and network cables so it can be used with other PLC vendors and with other industrial protocols. For example, it would be possible to have a machine controlled with a non-KEB PLC but the safety functionality and safety IO is handled by an FSoE system. The FSoE safety network could even be used with a mix of different control types.
This gives machine builders flexibility e.g. customers in one geography specify a PLC type from Vendor A, and another geography specifies Vendor B. Two machine variants can be offered but the FSoE safety control can be used across both designs. This is a big advantage considering the huge time and cost required to certify the functional safety of the machine.
4. Failsafe over EtherCAT saves wiring costs and time
Another significant advantage of FSoE is that much of the discrete safety wiring can be replaced with a network cable. The design of the safety system is largely done in the software and by using certified FSoE hardware.
There are a number advantages to replacing the discrete wiring:
• Reduction in wiring time
• Reduction in wiring errors
• Cleaner panel layout
• Better noise immunity
5. FSoE allows for Functional Safety in the Drive (Safety Drive Profile)
KEB has a deep EtherCAT drive portfolio. Its new Generation 6 drives have been designed for FSoE as the control word allows for advanced Safe Motion functions (according to IEC 61800-5-2). This means it is possible that an FSoE slave, like an inverter, can handle advanced safety functionality such as Safe Limited Speed or Safe Limited Positioning.
By default, the below functions are configured in the drive’s safety control word. Additional Safe Functions are possible with manufacturer-specific bits. With the Safety module KEB’s drives they offer the following integrated functions (full details can be found at www.keb.co.uk/drives); STO, SS1, SS2, SOS, SLS, SLP, SLI, SDI, SSM, SAR, SEL, SLA, SMS & SSR.
The New range of drives and the whole Safety Portfolio with Functional Safety over EtherCAT FSoE will be on KEB’s stand G70 at Drives and Controls exhibition or contact KEB now for further information.
For more information and to read the original article, please visit https://kebblog.com/what-is-failsafe-over-ethercat-fsoe/
Print this page | E-mail this page
Discover the future of engineering today
Download a copy of our digital magazine